Living off the land (LOL) malware attack techniques use legitimate operating system (OS) utilities already on targeted hosts to breach enterprises. This blog post provides non-technical folk an introduction to this challenge, including high-level pros and cons of some remedies.

Anyone who hoped 2019 would bring a break in the pattern of rising data breach risks will be disappointed to learn that the first quarter of this year set new records in the worst way. A recent TechRepublic article notes “a record-breaking number of data breaches that exposed billions of documents to theft”  — the […]

Cyber defenders for cities are stuck between a rock and a ticking time bomb. One city after another falls prey to a growing number of attackers. Those not yet struck await what seems inevitable. Let’s see what we can learn from baltimore’s recent attack:

Microsoft’s endpoint security acquisitions and release of an agent for MacOS clearly signal Microsoft’s intent to be regarded as a full-fledged enterprise endpoint protection platform (EPP). In many ways, these capabilities are better than what other like-vendors offers. Let’s look at what enterprise anti-malware solution seekers should know about Microsoft’s capabilities. Years ago, Microsoft’s application […]

Like antibiotic-resistant strains of bacteria give nightmares to medical epidemiologists, modular malware systems are doing the same to cyber defenders. New variations of modular malware are appearing weekly, if not daily. They are designed to target Linux and Windows Servers. Xbash, AdvisorsBot, and Marap are a few examples of a modular malware that doubled in […]

Introducing the Cyber Concepts Series The articles in this series are intended to be conceptual expositions on technical topics. Engineers and uber security analysts likely prefer far more nuanced details. The non-technical person will find these articles a bit of a stretch, straddling the fence between ‘too simple’ and ‘too much’. The ultimate purpose of […]