Tom Kellermann, vice president of cyber security at Trend Micro, joined me on the SC Magazine podcast to discuss an APT campaign known as IXESHE, which is going after sensitive targets from Asia to Germany. But its command-and-control infrastructure really is what makes it special.
An associate professor of reliability engineering and an associate professor of criminology have teamed up to study how the social makeup of a computer network correlates with the attacks used against it.
In this podcast, Access’ Gustaf Bjorksten discusses why the SSL system has failed and what is necessary to improve its existing design and implementation. He helped author a call-to-action paper, and believes the future trust and privacy of the internet relies on finding a solution.
The process of delivering targeted attacks to end-users has gotten easier for attackers thanks to automated social engineering, in which adversaries can write tools that scour the web for personal data to include in their emails to increase their believability. The goal, of course, is to design messages that people are more likely to click on and, as a result, install malware on their machines or divulge personal information. In this podcast, Matias Brutti, a security consultant at security services firm IOActive, explains what the automation of social engineering means for organizations and how they can fight back.
The University of Washington is thinking outside of the box when it comes to educating computer science students about information security. In this edition of the SC Magazine podcast, associate professor Yoshi Kohno explains how instructors are using “science fiction” to force students to think critically about the discipline. Considering how quickly technology evolves, how often threats change and how wide a scope the security field encompasses, pupils must use out-of-the-box thinking if they are to succeed upon graduation.
A number of universities have launched curricula in computer science, but noticeably absent are courses, even electives, that specifically address malware. In this edition of the SC Magazine podcast, George Ledin, a computer science professor at Sonoma State University in California, explains why not teaching malware at the college level can have a huge, negative impact on data security. Ledin – who just penned an essay on the topic – also takes on his critics, who argue that educators either lack the resources or time to educate students on malware, or that teaching about malicious code is taboo.
Katie Moussouris, senior security strategist lead at Microsoft, discusses the software giant’s recently announced Blue Hat competition, which offers $250,000 in cash and prizes to the winning researchers who develop advanced technologies to defend Windows against entire classes of vulnerabilities that can be exploited to bypass the platform’s existing mitigations. Moussouris describes how Microsoft came up with the idea, why defensive research is just as important as one-off vulnerability discoveries and how the oft-cynical research community is reacting to the contest.
In this episode, Michael Cotton, chief network security architect of Digital Defense, explains why targeted cyberattacks are on the rise and why many organizations are failing to recognize this increasing threat. Cotton offers a list of corporate actions that may incite such an attack and suggests some remedies for staying out of the hackers’ crosshairs and being compromised. Hint: Uninstall the programs your employees don’t need.