Blog News Security Blog -  

Úvod  APT blog  Attack blog  BigBrother blog  BotNet blog  Bug blog  Cyber blog  Cryptocurrency blog  Exploit blog  Hacking blog  Hardware blog  ICS blog  Incident blog  IoT blog  Malware blog  OS Blog  Phishing blog  Ransomware blog  Safety blog  Security blog  Social blog  Spam blog  Vulnerebility blog


 


Datum

Název

Info

Blog

Companies

12.5.19

Types of backup and five backup mistakes to avoid

What are the main types of backup operations and how can you avoid the sinking feeling that comes with the realization that you may not get your data back?

Security blog

Eset

6.5.19

Regional Threat Perspectives: United States

F5 Labs, in conjunction with our partner Baffin Bay Networks, researched attacks by geographic region to get a better understanding of the threat landscape region to region. We sought to understand if the global attack landscape was consistent or if it differed region to region, and to identify consistencies in attacking networks, IP addresses, and targeted ports. In this research series we looked at attacks over the same 90-day period in Europe, the United States (US), Canada, and Australia.

Security blog

F5 Labs

6.5.19

Regional Threat Perspectives: Australia

F5 Labs, in conjunction with our partner Baffin Bay Networks, researched attacks by geographic region to get a better understanding of the threat landscape region to region. We sought to understand if the global attack landscape was consistent or if it differed region to region, and to identify consistencies in attacking networks, IP addresses, and targeted ports. In this research series we looked at attacks over the same 90-day period in Europe, the United States, Canada, and Australia.

Security blog

F5 Labs

6.5.19

World Password Day: A day to review your defenses

So, do you think you’ve been ‘pwned’? That’s the question to ask yourself today

Security blog

Eset

24.4.19

If I Had to Do It Over Again, Part 3

At the beginning of this year, we invited security leaders to talk about their past failures and the lessons they wanted to pass on. We called it If we had to do it again, and people really liked it. A number of folks approached me wanting to tell their stories as well; so a month later, we did part two. Here are more “If I had to do it again” stories that readers sent us.

Security blog

F5 Labs

23.4.19

Application Protection Report 2019, Episode 2: 2018 Breach Trends

So, what is the foundation of a society? Is it the economy? Personal relationships? Employment? Institutions like a legal system or a free press?

Security blog

F5 Labs

23.4.19

4 Areas Where Infosec Facts and Fiction Clash: Mind the Gap Pt. 2

In this series, we examine how the reality of a security program differs from the perception some security practioners hold. To do this, we’re focusing on four specific gaps that can weaken security defenses and instigate security incidents. For example, consider the rising number of cloud breaches caused by engineers disabling basic access control, either by accident or by intention.

Security blog

F5 Labs

23.4.19

Trust and Reputation in the Digital Era

This year we are releasing our 2019 Application Protection Report as a series of short, tightly focused episodes. This helps ensure we provide timely threat intelligence that our readers can add to their own threat models and use to prepare appropriate defenses and responses. Last episode, we focused on PHP’s continuing run as one of the great weak points on the Internet.

Security blog

F5 Labs

23.4.19

Churning Out Machine Learning Models: Handling Changes in Model Predictions

Machine learning (ML) is playing an increasingly important role in cyber security. Here at FireEye, we employ ML for a variety of tasks such as: antivirusmalicious PowerShell detection, and correlating threat actor behavior

Security blog

FireEye

5.4.19

NIST cybersecurity resources for smaller businesses How can smaller businesses address their cybersecurity risks without the resources of large organizations? Security blog

Eset

31.3.19 Application Protection Report 2019, Episode 1: PHP Reconnaissance F5 Labs published the first edition of our annual Application Protection Report in July 2018. For that report, we collaborated with Whitehat Security, Loryka, the Ponemon Institute, and Whatcom Community College’s Cybersecurity Center to analyze a wide range of data from 2017, and offer a comprehensive breakdown on the threats, tactics, vulnerabilities and impacts facing web applications in 2018. Security blog F5 Labs
31.3.19 Commando VM: The First of Its Kind Windows Offensive Distribution For penetration testers looking for a stable and supported Linux testing platform, the industry agrees that Kali is the go-to platform. However, if you’d prefer to use Windows as an operating system, you may have noticed that a worthy platform didn’t exist. As security researchers, every one of us has probably spent hours customizing a Windows working environment at least once and we all use the same tools, utilities, and techniques during customer engagements. Security blog FireEye
28.3.19 Cisco Talos adds new Content Category Our goal at Cisco Talos is to provide detailed and actionable information in order to let customers decide how best to protect their networks and users based on their needs. Security blog

Cisco Talos

28.3.19 SilkETW: Because Free Telemetry is … Free! Over time people have had an on-again, off-again interest in Event Tracing for Windows (ETW). ETW, first introduced in Windows 2000, is a lightweight Kernel level tracing facility that was originally intended for debugging, diagnostics and performance. Gradually, however, defenders realized that ETW provided metrics and data content that was not otherwise available without custom development efforts. Even so, aside from a number of big players in the industry, people have been slow to adopt ETW as a data source for detection and research. Security blog

FireEye

25.3.19

IPv6 unmasking via UPnP

With tools such as ZMap and Masscan and general higher bandwidth availability, exhaustive internet-wide scans of full IPv4 address space have become the norm after it was once impractical. Projects like Shodanand Scans.io aggregate and publish frequently updated datasets of scan results for public analysis, giving researchers greater insight into the current state of the internet.

Security blog

Cisco Talos

25.3.19

Most second-hand thumb drives contain data from past owners

Our penchant for plugging in random memory sticks isn’t the only trouble with our USB hygiene, a study shows

Security blog

Eset

8.3.19

RSA conference, USA 2019: Keynotes and key words A bright tomorrow of technical delight, or a dismal future of digital dysfunction? Security blog

Eset

8.3.19

RSA 2019: Protecting your privacy in a NIST and GDPR world Protecting your privacy is no longer just an option but a legal requirement in many parts of the world Security blog

Eset

8.3.19

Teen earns US$1 million in bug bounties A ‘white hat’ from Argentina has come a long way since winning his first reward of US$50 in 2016 Security blog

Eset

7.2.19

The Curious Case of Convexity Confusion

Some time ago, I noticed a tweet about an externally reported vulnerability in Skia graphics library (used by Chrome, Firefox and Android, among others). The vulnerability caught my attention for several reasons: Firstly, I looked at Skia before within the context of finding precision issues, and any bugs in the code I already looked at instantly evoke the “What did I miss?” question in my head.

Security blog

Project Zero

30.1.19

Hear me out! Thousands tell UK taxman to wipe their voice IDs Even so, the database has grown to seven million voiceprints amid a controversy that puts the spotlight on the privacy implications of the collection of biometric informationSecurity blog Eset

28.1.19

Dynamic Data Resolver (DDR) - IDA Plugin

Static reverse-engineering in IDA can often be problematic. Certain values are calculated at run time, which makes it difficult to understand what a certain basic block is doing. But, if you try to perform dynamic analysis by debugging a piece of malware, the malware will often detect it and start behaving differently. Cisco Talos is here with Dynamic Data Resolver (DDR) a new plugin for IDA that aims to make the reverse-engineering of malware easier.

Security blog

Cisco Talos

28.1.19

Why we want users' feedback on Snort rule documentation

When Snort alerts the end user, the rule documentation is their first and possibly only avenue to find information on malicious traffic in their network. We know this can be better, and we want your help in determining what we can do to make Snort users more knowledgable and provide them more information.

Security blog

Cisco Talos

28.1.19 Browser push notifications: a feature asking to be abused Whoever invented browser push notifications must have been able to guess they would be abused for advertising. This post explains what they are and how to disable them.Security blog Malwarebytes
28.1.19 Email security does not end with your password A strong password is a great start, but there are more ways to make sure that your email is as secure as possibleSecurity blog Eset

22.1.19

Digging Up the Past: Windows Registry Forensics Revisited

Learn about using Windows registry data when performing forensic analysis of computer networks.

Security blog

FireEye

9.1.19 CES – singularity and securing the car What's in store for automotive security once cars morph into mobile living rooms and working spaces? And how about transportation at large?Security blog Eset
9.1.19 What is threat cumulativity and what does it mean for digital security? A reflection on how acknowledging the cumulative nature of cyber-threats and understanding its implications can benefit our digital securitySecurity blog Eset
1.1.19 What should you do with your old devices Disposal of old tech requires thought and effort and the need to cleanse the device of any personal data is just one of the concernsSecurity blog Eset
21.12.18 SPARE: Five tips for a safer online shopping experience There is still some time left to pick up some last-minute shopping before it’s too late but in the rush to do so don’t forget to do it safely Security blog Eset
21.12.18 Spaceballs Security: The Top Attacked Usernames and Passwords What attackers spend their time and energy on attacking, and how they attack it, is the best indication of what works for them. Outside of targeted attacks for specific espionage, hacktivism, or warfare purposes, cybercrime is a volume game. Security blog F5 Labs
18.12.18

The most popular passwords of 2018 revealed: Are yours on the list?

Besides the usual suspects among the worst of passwords, a handful of notable – but similarly poor – choices make their debuts

Security blog Eset
12.12.18 Data scraping treasure trove found in the wild We bring word of yet more data exposure, in the form of “nonsensitive” data scraping to the tune of 66m records across 3 large databases. The information was apparently scraped from various sources and left to gather dust, for anyone lucky enough to stumble upon it. Security blog Malwarebytes
5.12.18 An introduction to offensive capabilities of Active Directory on UNIX In preparation for our talk at Black Hat Europe, Security Advisory EMEAR would like to share the background on our recent research into some common Active Directory integration solutions. Just as with Windows, these solutions can be utilized to join UNIX infrastructure to enterprises' Active Directory forests. Security blog Cisco Talos
30.11.18 Cyber Security Predictions: 2019 and Beyond As you think about how to deploy in advance of a new year of cyber threats, here are the trends and activities most likely to affect your organization Security blog Symantec
30.11.18 Digital Takeaways From the Supreme Court Fight It’s always interesting to watch how the ongoing digital transformation of our lives is changing the world in ways we never would have anticipated years ago. Financial information, social interactions, even our physical locations may be up for grabs in cyberspace, with real-world ramifications. Security blog F5 Labs
30.11.18 Reviewing Recent API Security Incidents In the 18 Application Protection Report, we mentioned the potential vulnerabilities associated with application programming interfaces (APIs). These APIs specify how various application components and clients should autonomously interact with each other to deliver the application experience. Security blog F5 Labs
30.11.18 Don’t Accept Risk With a Pocket Veto We who live risk management know there are four responses when confronted with a credible risk to our organizations. We can treat the risk to reduce it. We can avoid the risk by altering our organization’s behavior. Security blog F5 Labs
30.11.18 Obfuscated Command Line Detection Using Machine Learning This blog post presents a machine learning approach to detecting obfuscated Windows command line invocations on endpoints. Security blog FireEye
30.10.18 Symantec’s Latest Intelligence Page: Your Weather Report for the Threat Landscape We've revamped the Latest Intelligence page with new metrics and a new look. Security blog Symantec
25.10.18 18 Flare-On Challenge Solutions The fifth annual Flare-On Challenge is over, with 114 finishers out of 4,893 registrants. Security blog FireEye

30.7.18

SiliVaccine: Inside North Korea’s Anti-Virus By: Mark Lechtik and Michael Kajiloti Revealed: In an exclusive piece of research, Check Point Researchers have carried out a revealing investigation into North Korea’s home-grown anti-virus software, SiliVaccine. One of several interesting. Security blog

Checkpoint

30.7.18 Check Point’s 18 Security Report 2017 was a pivotal year that surprised many in the IT security industry. From the resurgence of destructive ransomware, IoT botnets, data breaches and mobile malware to full scale nation state attacks, it is Security blog

Checkpoint

30.7.18

Tribute to Kris Kaspersky Just over a year ago one of the greatest minds in the cyber research world sadly passed away. Born in the small Russian village of Uspenskoye, Kris Kaspersky, originally named Nikolay Likhachev, suffered. Security blog Checkpoint
30.7.18 Check Point Mobile Research Team Looks Back On 2017 The mobile world is extremely dynamic and changes rapidly, so it’s always a little hectic to follow its lead. For this reason, we try to stop every once in a while and take. Security blog Checkpoint