A week in security (July 15 – 21)
A roundup of cybersecurity news from July 15–21, including the Zoom camera vulnerability, Extenbro, Sodinokibi, Magecart, and cybersecurity challenges facing the education sector.
A week in security (June 10 – 16)
A roundup of security news from June 10–16, including MegaCortex, the latest news on privacy, the abuse of Twitter’s Lists feature, and more.
The Advanced Persistent Threat files: Lazarus Group
Lazarus Group, the threat actors likely behind the Sony breach and WannaCry outbreak, are in the news again. Here’s what you need to know about this North Korean organization, and what you should do to protect against such nation-state attacks.
The Advanced Persistent Threat files: APT10
While security companies are getting good at analyzing the tactics of nation-state threat actors, they still struggle with placing these actions in context and making solid risk assessments. So in this series, we’re going to take a look at a few APT groups, and see how they fit into the larger threat landscape—starting with APT10.
A week in security (June 4 – June 10)
A roundup of the security news from June 4 – June 10, including IoT botnets, government attacks, dodgy Wi-Fi, and more.
Perspectives on Russian hacking
Malware research analyst Chris Boyd recently had an in-depth chat with SCMagazine about Russian hacking, malware, and social engineering. Here, he summarizes some of the key findings from his discussion and the other researchers interviewed.
Threat modeling: What are you so afraid of?
There are many, many threat models available on the internet with extensive documentation on how to apply them to your organization. Most are designed to map out data flow, identify soft points in organizational processes, and assign mitigations based on specific type of probable attacker and their identified motivations. These models are great, they are thorough, and nobody ever uses them.
Unpacking the spyware disguised as antivirus
Recently we got access to several elements of the espionage toolkit that has been captured attacking Vietnamese institutions. During the operation, the malware was used to dox 400,000 members of Vietnam Airlines.
Explained: Advanced Persistent Threat (APT)
An Advanced Persistent Threat (APT) is a prolonged, aimed attack on a specific target with the intention to compromise their system and gain information from or about that target. The target can be a person, an organization or a business.
