mitigation – SSL and internet security news

Insurance and Ransomware

July 1, 2021 infossl

academic papers, cybercrime, cybersecurity, insurance, mitigation, ransomware, reports, Security technology, Uncategorized

As ransomware becomes more common, I’m seeing more discussions about the ethics of paying the ransom. Here’s one more contribution to that issue: a research paper that the insurance industry is hurting more than it’s helping. However, the most pressing challenge currently facing the industry is ransomware. Although it is a societal problem, cyber insurers … Read More “Insurance and Ransomware” »

Router Security

February 19, 2021 infossl

hardware, Internet of Things, linux, mitigation, patching, reports, Security technology, Uncategorized, vulnerabilities

This report is six months old, and I don’t know anything about the organization that produced it, but it has some alarming data about router security. Conclusion: Our analysis showed that Linux is the most used OS running on more than 90% of the devices. However, many routers are powered by very old versions of … Read More “Router Security” »

Malicious MS Office Macro Creator

May 8, 2019 infossl

malware, microsoft, mitigation, Security technology

Evil Clippy is a tool for creating malicious Microsoft Office macros: At BlackHat Asia we released Evil Clippy, a tool which assists red teamers and security testers in creating malicious MS Office documents. Amongst others, Evil Clippy can hide VBA macros, stomp VBA code (via p-code) and confuse popular macro analysis tools. It runs on … Read More “Malicious MS Office Macro Creator” »

Defending Democracies Against Information Attacks

April 30, 2019 infossl

academicpapers, essays, fakenews, hacking, mitigation, nationalsecuritypolicy, Security technology

To better understand influence attacks, we proposed an approach that models democracy itself as an information system and explains how democracies are vulnerable to certain forms of information attacks that autocracies naturally resist. Our model combines ideas from both international security and computer security, avoiding the limitations of both in explaining how influence attacks may … Read More “Defending Democracies Against Information Attacks” »

The Digital Security Exchange Is Live

April 11, 2018 infossl

mitigation, resilience, Security technology, securityeducation, threatmodels

Last year I wrote about the Digital Security Exchange. The project is live: The DSX works to strengthen the digital resilience of U.S. civil society groups by improving their understanding and mitigation of online threats. We do this by pairing civil society and social sector organizations with credible and trustworthy digital security experts and trainers … Read More “The Digital Security Exchange Is Live” »

Unfixable Automobile Computer Security Vulnerability

August 18, 2017 infossl

cars, computersecurity, mitigation, protocols, Security technology, vulnerabilities

There is an unpatchable vulnerability that affects most modern cars. It’s buried in the Controller Area Network (CAN): Researchers say this flaw is not a vulnerability in the classic meaning of the word. This is because the flaw is more of a CAN standard design choice that makes it unpatchable. Patching the issue means changing … Read More “Unfixable Automobile Computer Security Vulnerability” »

Bypassing Intel's ASLR

October 19, 2016 infossl

academicpapers, intel, malware, mitigation, Security technology, sidechannelattacks

Researchers discover a clever attack that bypasses the address space layout randomization (ALSR) on Intel’s CPUs. Here’s the paper. It discusses several possible mitigation techniques. Powered by WPeMatico