I don't want to bring up politics but this is the first U.S. election where cybersecurity had sustained, serious attention by the press and the candidates. Now that the election is over, will this focus mean we see a change in national cybersecurity policy? What changes might we see?
While I make my living doing security and the benefits are obvious to me, I've come to the realization that most of the time security and privacy don't sell consumer products or services. While good security won’t make the sale, weak security can concern customers and create sales objections.
You’re at a startup- a great idea, smart developers and an attractive website. You’re leveraging modern technology at its best- mobile aware, scalable cloud architecture. You’re offering other businesses a force multiplier to help them compete.
We get used to working around limitations in our tools, because that's what we have to work with. If you’re considering migrating your email, Customer Relationship Management (CRM) or Enterprise Resource Planning (ERP) package to a new platform, it’s like buying a new family car- planning for a new future while minimizing your existing expenses.
It’s nerve-racking to read that a product that your company relies upon has a critical zero day vulnerability. Do you scramble for a new solution, wait for a patch or just panic? Making important application decisions based on social-media rumblings isn't usually the best way to run an IT shop. In some ways, this is like driving down the road when your car starts making an unusual sound. It might not be time to consider buying a new car, but you do need to assess the situation.
Hello from the Lotan team at Leviathan!
We recently looked at a sample set of 80,000 crashdumps from a production environment and decided it was time to look at some data we have in aggregate. Lotan's core focus is detecting stage one attacks (shellcode) in crashed processes. To achieve this goal Lotan has to process the bulk of the data contained within a memory image. One of the most interesting components of these process images is the information about loaded modules from Windows processes.
I’m reminded of the saying ‘The Cobbler’s children have no shoes’. We consider our customer facing products more important than our internal ones.
During the Hacking Team breach which came to light earlier this week, a large quantity of Hacking Team's internal data was posted online. Some of this data pertained to a 0-day (a vulnerability which the vendor is not aware of) in Adobe Flash (versions 9 through to 22.214.171.124) (CVE-2015-5119) which allows an attacker to execute code on a victims computer if they browse to a website with a malicious flash file embedded.