- Social Engineering How to Send Customer Emails That Don't Look Like Phishing
Many legitimate business emails look indistinguishable from phishing attempts, training customers to accept fraudulent messages. Secure customer messages should avoid deep links, come from validated...
- Cloud How You Can Set up Honeytokens Using Canarytokens to Detect Intrusions
Honeytokens are data or computing resources that exist solely to alert you when someone accesses them, offering intrusion detection with relatively low false positives. The open source Canarytokens...
- Privacy Security of Third-Party Keyboard Apps on Mobile Devices
Third-party mobile keyboards with network access can capture keystrokes and transmit them to developers' servers, creating keylogger-like risks. Keyboard developers vary widely in their security...
- Encryption How the Digital Certificates Ecosystem is Being Strengthened
Several initiatives are strengthening the digital certificate ecosystem: improved certificate revocation checking, EFF's SSL Observatory for cataloging certificates, Google's Certificate Transparency...
- Encryption How Digital Certificates Are Used and Misused
Digital certificates enable HTTPS communications, software signing, VPNs, and Wi-Fi authentication, but the PKI ecosystem shows weaknesses. Attackers misuse stolen code-signing certificates, CAs...
- Malware Attributing Cyberattack Activities to a Group in India
Researchers attributed coordinated cyberattacks against South Asian organizations to a group operating from India based on target profiles, decoy document contents, embedded debug strings,...