The Curious Case of Notepad and Chthonic: Exposing a Malicious Infrastructure

The Curious Case of Notepad and Chthonic: Exposing a Malicious Infrastructure

Recently, I’ve been investigating malware utilizing PowerShell and have spent a considerable amount of time refining ways to identify new variants of attacks as they appear. This posting is a follow-up of my previous work on this subject in  “Pulling Back the Curtains on EncodedCommand PowerShell Attacks”. In a sample I recently analyzed, something stood [...]

Physical and Logical Security: Joining Forces to Manage your Enterprise Security Risk

Physical and Logical Security: Joining Forces to Manage your Enterprise Security Risk

Just a decade ago, as security professionals, we could talk reasonably about physical security and logical security requiring different approaches. Five years ago, we might have found ourselves having conversations about the blurring lines between the two types of security discipline, and could have easily pointed to aspects of both physical and logical security that [...]

IoT Cybersecurity Act of 2017: A Necessary But Insufficient Approach

IoT Cybersecurity Act of 2017: A Necessary But Insufficient Approach

The Mirai botnet attack on the DYN network in October 2016 highlighted to many policymakers the potential problems associated with IoT devices. The compromise and concerted use of thousands of webcams and DVRs to disrupt key Internet services focused attention on the poor implementation of security controls on millions of devices newly connected to the [...]

What Does the Future of Financial Cyber Security Look Like?

What Does the Future of Financial Cyber Security Look Like?

Today, we trust banks and other financial institutions to safely handle our money and the bulk of our monetary transactions. Successful breaches are somewhat rare thanks to technologies like multi-factor authentication and heavy investment in cyber security, but hackers are always improving their techniques, and tech is always changing. This leads to an ongoing cycle of improvement [...]