A few days ago I wrote a blog post about the evolving landscape of threat detection and how attackers need to adapt their techniques. In the previous post, I talked about one of the deception techniques that attackers are now using, called parent process ID spoofing. In this blog post, I’ll talk about another deception […]
Years ago (as early as 2009), my colleague Didier Stevens wrote a blog post about parent process ID spoofing. Back then, most companies were not as secure as they are now, therefore, most attackers got away with ‘basic’ exploitation, not having the need to do much obfuscation or deception. Thankfully, the security posture of the […]
The Hive is an open source Security Incident Response Platform (SIRP) that has gained quite some popularity over the last few years. One of the many reasons is the link with Cortex and its Analyzers and Responders. Analysts can automate the response to existing cases by initiating one or more Responders. This blog will show […]
Here phishy phishy… – source: Combell According to our latest research, which can be seen in this video , an astonishing 32% of employees click on phishing URL’s, and 1 in 5 emails can be considered as malicious. But what makes a phishing attack successful? Are we really that naive to let ourselves become phishing […]
Following our accounts of what adversarial machine learning means and how it works, we close this series of posts by describing what you can do to defend your machine learning models against attackers. There are different approaches to solve this issue, and we discuss them in order of least to most effective: target concealment, data […]
In a previous post we introduced the field of adversarial machine learning and what it could mean for bringing AI systems into the real world. Now, we’ll dig a little deeper into the concept of adversarial examples and how they work.For the purpose of illustrating adversarial examples, we’ll talk about them in the context of […]
Yes, getting staff attention for security awareness is hard. It’s not that users don’t care. But everybody is fighting for their attention. And after all, the company is investing big money on security measures, so they’re probably safe anyhow. Way too often, for each handful of truly enthusiastic users I find, there’s also a large community […]
A common principle in cybersecurity is to never trust external inputs. It’s the cornerstone of most hacking techniques, as carelessly handled external inputs always introduce the possibility of exploitation. This is equally true for APIs, mobile applications and web applications.
It’s also true for deep neural networks.
Today, we are announcing the retirement of NVISO ApkScan, our online malware scanning service we launched back in 2013. ApkScan was born with the purpose of offering the (security) community a free, reliable and quality service to statically and dynamically scan Android applications for malware. Since the inception of the project, it has been a […]
In this third blog post in a series about Azure Security Logging, we will focus on collecting security logs from Windows and Linux virtual machines. In part 1 we discussed how to define a security logging strategy in Azure. Part 2 went into detail about logging in some of the key Azure services. In this […]