Elie

SEPTEMBER 8, 2017

This blog post shed light on the inner workings of the ransomsphere economics and exposes which cybercriminal groups are the biggest earners. This is the second blog post in my series about ransomware economics. The first post. is dedicated to the methodology and techniques needed to trace ransomware payments end-to-end. As this post builds on that methodology, I encourage you to read through the first post if you haven’t done so.

Ransomware 110

Ransomware Marketing Backups Encryption 110

Lenny Zeltser

SEPTEMBER 7, 2017

This cheat sheet outlines tips for reversing malicious Windows executables via static and dynamic code analysis with the help of a debugger and a disassembler. To print it, use the one-page PDF version; you can also edit the Word version to customize it for you own needs. Overview of the Code Analysis Process. Examine static properties of the Windows executable for initial assessment and triage.

Engineering 111

Engineering Malware Software Information Security 111

Kali Linux

SEPTEMBER 25, 2017

The Advanced Package Tool (APT) is how programs, libraries, documentation, and even the kernel itself are installed and managed on Kali and other Debian-based derivatives. APT often works so well that many users don’t pay any particular attention to it other than to perhaps search for and install programs and (hopefully) update their system regularly.

Software 52

Software Hacking 52

Penetration Testing

SEPTEMBER 16, 2017

FireEye Labs Obfuscated String Solver Rather than heavily protecting backdoors with hardcore packers, many malware authors evade heuristic detections by obfuscating only key portions of an executable. Often, these portions are strings and resources... The post flare-floss v3.0.1 releases: Automatically extract obfuscated strings from malware appeared first on Penetration Testing.

Penetration Testing 52

Penetration Testing Malware 52

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Scary Beasts Security

SEPTEMBER 19, 2017

I’m excited to announce that I’ve joined Dropbox as their new Head of Security. Truth be told, I ’ve been here a little while and I’ve been enjoying on-boarding too much to make the announcement. If you were wondering why my blog has been quiet for a while, now you know why! I exited a fun period of semi-retirement to take up this challenge. What attracted me to Dropbox enough to make the switch?

50

50

Andrew Hay

SEPTEMBER 25, 2017

By Andrew Hay, Co-Founder and CTO, LEO Cyber Security. I speak at a lot of conferences around the world. As a result, people often ask me how I manage the vast number of abstracts and security call for papers (CFPs) submissions. So I thought I’d create a blog post to explain my process. For lack of a better name, let’s call it the Hay CFP Management Method.

40

40

The Falcon's View

SEPTEMBER 22, 2017

Today marks the end of my first week in a new job. As of this past Monday, I am now a Manager, Security Engineering, with Pearson. I'll be handling a variety of responsibilities, initially mixed between security architecture and team management. I view this opportunity as a chance to reset my career after the myriad challenges experienced over the past decade.

Architecture 40

Architecture Engineering 40

Kali Linux

SEPTEMBER 19, 2017

We are happy to announce the release of Kali Linux 2017.2, available now for your downloading pleasure. This release is a roll-up of all updates and fixes since our 2017.1 release in April. In tangible terms, if you were to install Kali from your 2017.1 ISO, after logging in to the desktop and running ‘apt update && apt full-upgrade’, you would be faced with something similiar to this daunting message: 1399 upgraded, 171 newly installed, 16 to remove and 0 not upgraded.

Penetration Testing 52

Penetration Testing Encryption Phishing 52

Privacy and Cybersecurity Law

SEPTEMBER 21, 2017

On September 21st, 2017, Daniel Therrien, Canada’s Federal Privacy Commissioner, tabled his annual report to Canada’s Parliament today. The report […].

52

52

The Falcon's View

SEPTEMBER 6, 2017

I have a pet peeve. Ok, I have several, but nonetheless, we're going to talk about one of them today. That pet peeve is security professionals wasting time and energy pushing a "security culture" agenda. This practice of talking about "security culture" has arisen over the past few years. It's largely coming from security awareness circles, though it's not always the case (looking at you anti-phishing vendors intent on selling products without the means and methodology to make them truly useful!

InfoSec 40

InfoSec Security Awareness Banking Phishing 40

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Privacy and Cybersecurity Law

SEPTEMBER 21, 2017

On September 21 st , 2017, Daniel Therrien, Canada’s Federal Privacy Commissioner, tabled his annual report to Canada’s Parliament today. The report to Parliament includes results and recommendations with respect to the OPC’s study on consent. In addition, the Commissioner requests Parliament overhaul Canada’s federal private sector legislation – the Personal Information Protection and Electronic Documents Act (PIPEDA).

Big data 40

Big data Technology Risk Mobile 40

Privacy and Cybersecurity Law

SEPTEMBER 5, 2017

On September 2, 2017, the Ministry of Innovation, Science and Economic Development Canada (ISED) published draft Breach of Security Safeguards Regulations. The draft Regulations will be open for comment for 30 days. If the Regulations are not further amended by ISED, they may be registered and republished. ISED has stated that there will be a delay between finalizing the Regulations and their coming into force to permit organizations time to implement any necessary organizational changes.

Risk 40

Risk Advertising Data breaches 40