Ineffective Response and Perverse Insurance Incentives Compound Ransomware Problems
Cybercriminals are mining a lucrative revenue source – ransomware. These attackers launch malware to encrypt digital files and demand bitcoin payment to unlock them. We know that local governments are often paying ransom and that private industry is also suffering… Continue reading
Direct Memory Access (Again)
My wife’s always “watching the detectives” (per the title of that old Elvis Costello song) and sometimes I join her. But nowadays she’s not “filing her nails as they’re dragging the lake,” instead she’s painting her toenails as the NCIS… Continue reading
The Breach that Spoiled Christmas
Trouble stalks the land of milk and honey. Hackers and identity thieves prowl amid the flocks of shoppers like hyenas this busy Christmas season, picking off their prey. Thus, it seems I “purchased” a $241 Michael Koors handbag from Macy’s… Continue reading
Cyber-Investigations: The Case of the Command-Injection Attack
As a consulting analyst, I focus on security architecture and strategic planning, not day to day operations. But people know that if you meet a security expert at a dinner party you can probably get him to investigate that strange… Continue reading
Trust No One Device (Part 2)
My advice from the first Trust No One (Device) hasn’t sunk in. Levels of end user compromise are far too high, complacency reigns about mobile phone security and the risks of social networks and cloud-based storage are becoming more… Continue reading
Trust No One (Device)
In the age of the advanced persistent threat (APT) – a euphemism for China, the NSA, cybercrime Mafia groups or your bogeyman of choice – security pros are telling enterprise customers to “Assume you’re already compromised.” I’m in… Continue reading