- Social Engineering Attackers Rely on Social Engineering to Activate Macros in Malicious Documents
Malicious document authors persuade victims to enable macros by claiming the security warning indicates protected content or by providing detailed step-by-step instructions for changing macro...
- Incident Response Speaking at the Forensic Lunch
- Malware Malware: Whom or What Are We Fighting?
Malware is a tool used by people to achieve objectives—security professionals aren't fighting the software itself but the individuals, companies, and nations behind it. Understanding the larger...
- Malware Researching Scams Helps Understand Human Vulnerabilities
Online scammers exploit predictable human vulnerabilities: starting scams in the physical world, customizing messages with victims' locations, appealing to vanity and self-interest, posing as...
- Encryption How Digital Certificates Are Used and Misused
Digital certificates enable HTTPS communications, software signing, VPNs, and Wi-Fi authentication, but the PKI ecosystem shows weaknesses. Attackers misuse stolen code-signing certificates, CAs...
- Incident Response Why Organizations Don't Prepare for Information Security Incidents
Organizations fail to prepare for security incidents not because they're unaware of threats, but because they believe they personally won't be attacked and underestimate the disruptive effects of...