Black Hat USA 2013 Highlight
I attended one of the Black Hat training sessions titled “Advanced C++ Source Code Analysis.” It was quite fascinating! Looking through source code for bugs seems to be a different mindset from writing software.
The threat landscape continues to evolve—individual and state-backed hackers and agencies become increasingly emboldened to compromise websites and servers, steal CPU cycles for cryptocurrency mining, embark on social engineering efforts to find backdoors, and sway public opinion through fake news and other measures. zvelo provides the most advanced URL/IP categorization database for web filtering, whitelists and blacklists, and residential and business protections against bad actors and malicious online behavior. Explore zvelo’s Cybersecurity and threat intelligence data feeds for industry leading malicious and phishing exploit detection and the most advanced cyber threat intelligence available to OEMs and device manufacturers.
DEF CON 2013 Highlights
The annual DEF CON® hacker conference came and went as swiftly as a light rain against the hot Las Vegas strip. Consumer tech was a big focus and speakers demonstrated how various network-connected gadgets, once hacked, could be controlled to affect the real, physical world. Here are some highlights from two particular lectures about the hacking of network-connected and radio-frequency identification (RFID) enabled devices that got much attention.
Phishing Website Detections Down, Financial Industry Biggest Target
The Anti-Phishing Working Group (APWG) released their quarterly Phishing Attack Trends Report for the first quarter of 2013. Payment Services were reported as the most phished industry sector, followed by Financial Services.
US-China Talks on Cyber Security: An Exercise in Futility
With the growing number of alleged cyber-attacks that are taking place between the United States and the People’s Republic of China, the talks in early June of 2013 between President Barrack Obama and President Xi Jinping were viewed as a much needed response to the crisis. Unfortunately, such steps may end in either half-hearted agreements or may collapse entirely under their own weight. Depressing as this outlook may be, such pessimism is rooted in the fact that cyber space, as a medium on which to expand national policy, is too good to pass up on for either party. Central to this idea is the fact that both countries have invested heavily in cyber space not only as a means of communication, but for economic growth as well.
Obfuscated Mobile Malware Detection
I got my hands on a copy of a Northwestern University research paper titled “Evaluating Android Anti-malware against Transformation Attacks.” After digging into it, my zveloLABS colleagues and I decided to conduct an experiment of our own based on the information provided in the research paper.
The Convergence of Data Analytics and Security
A renewed sense of urgency to secure information, networks and electronic devices in order to thwart advanced hacking techniques loomed over the 2013 RSA conference floor in San Francisco. The harsh realization that traditional security measures simply don’t cut it anymore was confirmed by various keynotes and casual hallway conversations between peers.
Playing with Fire: The State of Cyber Attacks and Cyber Warfare
Following reports of cyber-attacks targeting the New York Times in January of 2013, a secretive legal review of the powers available to the president of the United States has brought to light the option of launching preventive cyber-attacks should credible evidence indicating an impending threat against the United States surface. In this context the United States reserves the right to use cyber weaponry with or without an existing state of war. While rhetoric concerning the growth of cyber threats has grown more prominent in the last three years, this is the first instance that a state has been reported to view cyber-instruments as a “preventive” or “deterrent” option. Though heavy investments have been made in the past years, there is no empirical evidence that demonstrates that the United States intends to utilize its cyber-capabilities as announced.
IPv6 Support a Must for Application, Library and Service Providers
News that the European Internet authority RIPE is down to its last block of IPv4 addresses escalates the importance of supporting IPv6. Within a few years, IPv4 addresses will become expensive or impossible to acquire for new businesses or for expanding service providers.
ROOTCON 2012 Information Security Conference Recap: Part Two
This is the second and final recap of the ROOTCON 2012 annual hacker conference and information security gathering, which zveloLABS had the opportunity of attending. Following are additional highlights that deserve to be shared instead of being tucked away in my personal notebook.
ROOTCON 2012 Information Security Conference Recap: Part One
zveloLABS® recently had the opportunity to attend ROOTCON 2012, an annual hacker conference and information security gathering, that was held in Cebu City, Philippines. The organizer line-up was interesting and quite varied. Attendees came from government, private and academic sectors. Following is part one of two recaps about this insightful event.