- Risk Management The Risks of Remote Desktop for Access Over the Internet
Exposing RDP to direct Internet connections is risky—beyond credential-guessing opportunities, critical vulnerabilities like CVE-2012-0002 can allow remote code execution without authentication....
- Social Engineering An Example of SMS Text Phishing
SMS phishing ('smishing') messages impersonate carriers like Verizon to direct victims to credential-harvesting websites using spoofed sender numbers and lookalike domains. Mobile users are...
- Malware Who Was the First to Use the Term Exfiltration in Cybersecurity?
The term "exfiltration" in cybersecurity—referring to data leaving a compromised network—appears to originate from military terminology about withdrawing troops from dangerous positions. The earliest...
- Incident Response Some Facts and Conjecture About the VeriSign Data Breach
VeriSign's 2011 SEC filing disclosed a 2010 breach where information was exfiltrated from compromised corporate systems. The APT-style attack characteristics and inability to assess future misuse of...
- Malware Assigning Descriptive Names to Malware - Why and How?
Security researchers assign descriptive names to high-profile malware based on file names, registry keys, or embedded strings—whoever coins the name that sticks gets bragging rights. Duqu was named...
- Malware How Antivirus Software Works: 4 Detection Techniques
Antivirus tools use four main detection techniques: signature-based (static fingerprints of known malware), heuristics-based (suspicious characteristics without exact matches), behavioral (observing...