Seth Rosenblatt

The State of Election Security

Clichéd as the concept of a perfect storm is, it also feels more apt than ever to describe this year’s American election—and that’s only taking into consideration the cybersecurity challenges voters face. Since 2016, cybersecurity and election experts have been sounding an ever-louder clarion call that aggressive steps need be taken to ensure that computerized voting machines in the U.S. are secure enough to properly enroll registered voters, record their votes, and accurately count them, as...

The Grugq

kPop Fans: Non-Traditional, Non-State Actors

kPop Fans The nature of a strategic cyber force is far richer and more varied than is traditionally acknowledged. Earlier this year, Korean pop (“kPop”) music fans came to wider attention when they actively engaged with online political discussions around Black Lives Matter. This is not the first time they have been a well organised online force, but as far as we know, this is the first time they’ve taken part in a broader popular movement.  kPop fans have a years-long history of political...

Sherrod DeGrippo

A Quick Look at the 2020 Threat Landscape

There’s no doubt 2020 has already been a turbulent year: COVID-19, civil unrest, contentious elections, widespread economic instability, and major natural disasters like wildfires and hurricanes across the US are just a few of the major events making headlines. While digital threats often echo real-world events, perhaps none has had a greater impact on the threat landscape this year than COVID-19. As municipalities adopted social distancing measures and many workers shifted to remote work,...

Marc Rogers

Looking Back on Disclosure

With our second Disclosure conference in the bag, I wanted to take a look back at how things changed and what some of the key takeaways were. This year, like every other conference, we were forced to shift gears into a virtual format. This meant a lot of unknowns for us. For example, how do you preserve social interaction when everyone is isolated and scattered? How do you ensure that everyone gets an authentic conference experience instead of feeling like they are watching a TV program?...

Get Ready for Disclosure: What You Need to Know

Time flies and Disclosure is just a few days away (September 2 from 9:00am–6:00pm PDT)!   Everyone involved is looking forward to experiencing this event together and, to make sure it is a safe environment for all participants, please take a quick look at the code of conduct. Content will be available on-demand after it debuts, but Q&A with the speaker and chat with fellow viewers will not be available when viewing on-demand. If you’ve already registered, it’s time to login and get...

Marc Rogers

Your Company Needs YOU: How to Stay Safe from Phishing and Other Human Attacks

Now more than ever, people are targets. For years attackers have been evolving their attacks, looking for new opportunities to find a way in. Attacks against people—so-called social engineering attacks are perhaps the oldest in the world. All you need is a single person to successfully fool another.

The Grugq

CrimeOps: The Operational Art of Cyber Crime

Cyber Crime Innovation Is Lucrative Cybercrime rewards innovative organizations. These can innovate at the tactical level (e.g. new or updated tactics, techniques, and procedures (TTP)), the strategic level (e.g. new monetisation methods), or at the operational level—the management of resources and personnel to achieve strategic objectives. This is operational art. The operational level, the glue that enables a group to execute well, is seldom analyzed because it is rarely visible to...

Vickie Li

How Attackers Bypass MFA

To verify your identity, applications typically ask you to provide something you know, such as a password or a secret key. They may also ask you to prove ownership of something you have, such as a phone or device. Finally, they may ask for proof of who you are by utilizing biometrics. Multi-factor authentication, or MFA, refers to the practice of requiring users to prove their identities in more than one way. MFA protects users in the event of password compromise. When utilized, MFA requires...

Sami Laine

WebAuthn In Enterprise Is Great and It Has Challenges

FIDO2 and WebAuthn hold great promise not only for consumers but for enterprise users as well. There are caveats however, and the challenges for IT departments are very different than for consumer websites.

Vickie Li

Dangerous Regular Expressions

In previous posts, we’ve discussed what regex is along with ReDoS, a regex-specific vulnerability. Now it’s time for us to dig deeper into regex security.