- Incident Response Some Facts and Conjecture About the VeriSign Data Breach
VeriSign's 2011 SEC filing disclosed a 2010 breach where information was exfiltrated from compromised corporate systems. The APT-style attack characteristics and inability to assess future misuse of...
- Malware Assigning Descriptive Names to Malware - Why and How?
Security researchers assign descriptive names to high-profile malware based on file names, registry keys, or embedded strings—whoever coins the name that sticks gets bragging rights. Duqu was named...
- Malware How Antivirus Software Works: 4 Detection Techniques
Antivirus tools use four main detection techniques: signature-based (static fingerprints of known malware), heuristics-based (suspicious characteristics without exact matches), behavioral (observing...
- Malware Capabilities and Limitations of Enterprise Antimalware Suites
Modern enterprise antimalware suites include traditional AV, spyware and rootkit protection, host firewalls, browser security, email filtering, cloud-based analysis, and centralized management....
- Assessments Looking for Infected Systems as Part of a Security Assessment
Security assessments often produce predictable results—missing patches—so consider adding malware detection tasks. Techniques include identifying unmanaged systems, analyzing autorun entries for...
- Incident Response 9 Reasons for Denial-Of-Service (DoS) Attacks: Why Do They Happen?
DoS attacks happen for many reasons: extortion demands, turf wars between criminal groups, anticompetitive sabotage, punishment for refusing demands, political criticism, training grounds for future...