- Malware Reflections Upon Deception-Based Security Tactics
Deception tactics for IT defense include network honeypots to detect lateral movement, host-based decoys like fake files and slow service emulators, and endpoint approaches that fool evasive malware...
- Authentication The Use of Pastebin for Sharing Stolen Data
Attackers use Pastebin for sharing stolen data because it's easy, handles large text, doesn't require registration, and doesn't proactively moderate. Trending pastes often include compromised...
- Social Networking When Bots Use Social Media for Command and Control
Malware authors use social media for command and control because HTTP traffic rarely gets blocked and blends into normal browsing. Examples include banking trojans retrieving instructions from...
- Malware A Delusive Sense of Security in Walled Gardens
Walled gardens like Facebook, corporate networks, and smartphone app stores encourage users to lower their guard, creating false security assumptions that scammers exploit. People click more readily...
- Authentication We Still Suck at Protecting Logon Credentials
Recent breaches at Lockheed Martin, Mt. Gox, PBS, and Sony PlayStation show we still fail at protecting credentials. Attackers compromise them via remote password guessing, SQL injection to retrieve...
- Malware 11 Recommendations for Coming Up to Speed on Bitcoin
Bitcoin represents a precursor to future distributed online payment approaches. Security implications include compromised computers being used for mining, trojans designed to steal Bitcoin wallets,...