Malicious USB drives: Still a security problem
A malicious USB drive dropped in a parking lot - this image has become a bit of a trope in IT security circles. Still, the threat is very real and more relevant than ever.
Malicious USB drives: Still a security problem
A malicious USB drive dropped in a parking lot - this image has become a bit of a trope in IT security circles. Still, the threat is very real and more relevant than ever.
Ransomware: To pay or not to pay?
Recently, several magazines have repeatedly covered how to protect against and recover from ransomware attacks. However, many companies and individuals are left with the question of whether they would pay in the event of a potential future ransomware attack.
All your hashes are belong to us: An overview of malware hashing algorithms
VirusTotal's "Basic Properties" tab alone lists eight different hashes and supports even more to use them for queries and hunt signatures. Hashes are important for malware analysis, as well as identification, description and detection. But why do so many of them exist and when should you use which…
Virus Bulletin Conference #31: Is it "Fool Us”, or is it “Us Fools”?
The annual Virus Bulletin International Conference has been running since 1991 and is one of the highlights in the calendar of events for IT security experts. I attended the Virus Bulletin Conference for the first time 26 years ago, this year it’s time again to participate with an interesting paper…
Web shells: How can we get rid of them and why law enforcement is not really the answer
Microsoft has recently seen many attacks by hackers using so-called web shells. The number of web shell attacks between August 2020 and January 2021 doubled compared to the same period a year earlier. But what are they exactly and how can you fight them?
Microsoft signed a malicious Netfilter rootkit
What started as a false positive alert for a Microsoft signed file turns out to be a WFP application layer enforcement callout driver that redirects traffic to a Chinese IP. How did this happen?
Digital Vaccination Record: Significant weaknesses in security
Instead of the yellow vaccination card, the digital proof of vaccination on the smartphone is supposed to serve as proof of vaccination. However, there are some glaring weaknesses behind the scenes that could potentially render the entire concept obsolete and raise some more than uncomfortable…
TED talk: A Tale of Two Floppies - The Basics of Cyber Security
I was thrilled when I was approached and asked to give a talk at TEDx in Leuven - in this talk I am sharing some anecdotes that have influenced my own career significantly.
Commentary: Plans for iOS15 put victims of stalking and abuse at risk
Apple has announced some innovations for iOS 15 that are a cause for concern among victims of abuse and organizations that support survivors. Among other things, it will be possible to locate devices that are switched off. This is a disaster for people who are being spied on by their own partner.
Scraping: Is it good, bad or something in between?
There has been a lot said about data scraping. Here is a breakdown of what it is, why it might be problematic and how we might deal with it going forward.