Risk

Ephemeral In-Memory Malware Common At High Value Targets

Computer security has always been a game of Spy vs. Spy, with the bad guys trying to stay one step ahead of the latest tactics and tools used to catch them. And that’s still true today, in an age of so-called “advanced persistent threats.” So what’s the next big thing in advanced malware? How about ghostly, ephemeral malware that never exists outside of memory and disappears whenever the infected system is rebooted?   The security firm Triumfant issued a warning on Monday about what it calls “advanced volatile threats” or AVT. The malware is already a common component in attacks against high value targets, including government agencies and intelligence services John Prisco, Triumfant’s CEO and President told The Security Ledger. The terminology here is a bit tricky – as Prisco admits. Technically, almost every online attack begins in memory, where attackers seek to overwrite the memory space used by a […]

Continue Reading

Week In Security: NSA Spies on Yahoo & Google, Adobe Hack and Healthcare.gov

There’s nothing like a Sunday morning for looking back over the week’s events and trying to make sense of at all – or at least what sense there is to be had. This Sunday was no different – especially after a week that saw continued revelations stemming from Edward Snowden’s leak of classified intelligence on NSA spying, the massive hack of software maker Adobe. Then there was the botched rollout of the federal Healthcare.gov marketplace – which morphed into an even bigger, uglier problem as the week progressed. To help me sort it all out, I called on Nick Selby, the CEO of StreetCred Software and an authority on cyber security, law enforcement, government procurement, Russia, Germany, aviation, travel journalism and all manner of other topics. I love talking to Nick because his wealth of life and professional experience make him predictably unpredictable when it comes to interpreting current events. […]

Continue Reading

BlueTooth on Your Defibrillator? The Case Against Wi-Fi

As more and more devices become networked, the use cases for wireless communications protocols like Bluetooth and NFC (Near Field Communications) multiply. Hardly a week goes by where some company figures out a way to pair wireless communications with some inanimate object or another. (Bluetooth bike locks, anyone?) But what happens when those wireless devices run critical infrastructure or life-saving technology like implanted medical devices? We learned earlier this week that no less than Dick Cheney was concerned enough about wireless attacks on his implanted defibrillator that he had the wireless management features of the device disabled, for fear they could be used in an assassination attempt. Security experts, like Dr. Kevin Fu at The University of Michigan,  doubtful that such an attack was realistic, also refused to rule it out entirely. Given the many, proven tools and strategies for hacking wireless communications like Bluetooth, you might think that foregoing well […]

Continue Reading

Is A Nest Botnet In Our Future? A Conversation With IoT Researcher Daniel Buentello

Daniel Buentello is one of the top security researchers out there looking into the security of common, consumer products that are part of the growing “Internet of Things.” Most recently, Buentello has been making the rounds of security cons with a presentation he calls “Weaponizing Your Coffee Pot.” The talk, which Bountello presented at the recent DerbyCon hacker conference in Kentucky and at ToorCon in Seattle in July. That talk was something of a call to arms for security folk to start poking around the growing list of IP-enabled consumer products. Buentello notes that most – including products from large firms like Belkin are insecure by design and in deployment. As we noted when we wrote about Buentello presentation early in October, the interesting stuff here is Daniel’s methodology for reverse engineering the software that runs these commercial developments, which offers something of a blueprint for others to follow.  More recently, Buentello turned his gaze to […]

Continue Reading

Gartner: Traditional IT Security Dead By End of Decade?

The analyst firm Gartner Inc. prides itself on its ability to identify emerging technology trends and talking up what’s next before it has even happened. The firm’s Hype Cycle maps the familiar path from promising new technology to ‘hot technology buzz word du jour,’ and (maybe) on to useful, less buzzy technology that’s actually being used. More important: the Gartner Magic Quadrant rates  technology companies (and their products) according to a set of criteria that includes how forward-looking (or “visionary”) the company is. Given the sway Gartner’s ratings have in companies’ willingness to invest in products, it’s a foregone conclusion that companies Gartner picks to ‘do well’ end up…umm…doing well. Gartner has an interest in finding the next big thing in every market – but also of preserving as much of the status quo as possible. (All those quadrants generate some serious cash!!) So I was interested to read about […]

Continue Reading
1 33 34 35 36