mitigation – WindowsTechs.com

Insurance and Ransomware

Posted on July 1, 2021 by Bruce Schneier

As ransomware becomes more common, I’m seeing more discussions about the ethics of paying the ransom. Here’s one more contribution to that issue: a research paper that the insurance industry is hurting more than it’s helping.

However, the most pressing challenge currently facing the industry is ransomware. Although it is a societal problem, cyber insurers have received considerable criticism for facilitating ransom payments to cybercriminals. These add fuel to the fire by incentivising cybercriminals’ engagement in ransomware operations and enabling existing operators to invest in and expand their capabilities. Growing losses from ransomware attacks have also emphasised that the current reality is not sustainable for insurers either…

Continue reading Insurance and Ransomware→

Router Security

Posted on February 19, 2021 by Bruce Schneier

This report is six months old, and I don’t know anything about the organization that produced it, but it has some alarming data about router security.

Conclusion: Our analysis showed that Linux is the most used OS running on more than 90% of the devic… Continue reading Router Security→

New iMessage Security Features

Posted on January 29, 2021 by Bruce Schneier

Apple has added added security features to mitigate the risk of zero-click iMessage attacks.

Apple did not document the changes but Groß said he fiddled around with the newest iOS 14 and found that Apple shipped a “significant refactoring of iMessage processing” that severely cripples the usual ways exploits are chained together for zero-click attacks.

Groß notes that memory corruption based zero-click exploits typically require exploitation of multiple vulnerabilities to create exploit chains. In most observed attacks, these could include a memory corruption vulnerability, reachable without user interaction and ideally without triggering any user notifications; a way to break ASLR remotely; a way to turn the vulnerability into remote code execution;; and a way to break out of any sandbox, typically by exploiting a separate vulnerability in another operating system component (e.g. a userspace service or the kernel)…

Continue reading New iMessage Security Features→

Insider Threats, a Cybercriminal Favorite, Not Easy to Mitigate

Posted on November 12, 2019 by Lindsey O'Donnell

Rogue employees — not just external threat groups — pose a formidable threat to incident response teams. Continue reading Insider Threats, a Cybercriminal Favorite, Not Easy to Mitigate→

Malicious MS Office Macro Creator

Posted on May 8, 2019 by Bruce Schneier

Evil Clippy is a tool for creating malicious Microsoft Office macros: At BlackHat Asia we released Evil Clippy, a tool which assists red teamers and security testers in creating malicious MS Office documents. Amongst others, Evil Clippy can hide VBA macros, stomp VBA code (via p-code) and confuse popular macro analysis tools. It runs on Linux, OSX and Windows. The… Continue reading Malicious MS Office Macro Creator→

Defending Democracies Against Information Attacks

Posted on April 30, 2019 by Bruce Schneier

Defending Democracies Against Information Attacks

Posted on April 30, 2019 by Bruce Schneier

To better understand influence attacks, we proposed an approach that models democracy itself as an information system and explains how democracies are vulnerable to certain forms of information attacks that autocracies naturally resist. Our model combines ideas from both international security and computer security, avoiding the limitations of both in explaining how influence attacks may damage democracy as a whole…. Continue reading Defending Democracies Against Information Attacks→

Ubiquitous Bug Allows HIPAA-Protected Malware to Hide Behind Medical Images

Posted on April 17, 2019 by Tara Seals

The ubiquitous nature of the flaw opens the door for rapidly spreading, crippling cyberattacks. Continue reading Ubiquitous Bug Allows HIPAA-Protected Malware to Hide Behind Medical Images→

The DevCentral Chronicles June Edition 1(6)

Posted on June 19, 2018 by psilva

Heading into the summer months is always a nice time of year – school is out, warmer weather, BBQs, beaches, baseball and maybe some vacation time. And hopefully all the Dads had a nice Father’s Day as we dive into our 6th installment of th… Continue reading The DevCentral Chronicles June Edition 1(6)→

The Digital Security Exchange Is Live

Posted on April 11, 2018 by Bruce Schneier

Last year I wrote about the Digital Security Exchange. The project is live: The DSX works to strengthen the digital resilience of U.S. civil society groups by improving their understanding and mitigation of online threats. We do this by pairing civil society and social sector organizations with credible and trustworthy digital security experts and trainers who can help them keep… Continue reading The Digital Security Exchange Is Live→