The Dridex gang sends <Dr evil voice> millions of phishing emails a day, infecting approximately 3-5,000 computers daily. The Government accidentally spilled the beans that Snowden was the target in the Lavabit case. It explains a few things - but serves as a reminder that government secrets aren't always that easy to keep. I didn't so much … Continue reading Things I recently hearted
Author: j4vv4d
Things I recently hearted
Bsides Las Vegas is on August 2nd and 3rd at the Tuscany Suites and Casino. They are asking for volunteers. If you’ve never volunteered or helped out at a conference – particularly a Bsides, then you haven’t lived. Well OK, maybe that’s a bit strong – but seriously, you need to check out how the … Continue reading Things I recently hearted
RSA 2016 – the roundup
Go to enough conferences and it’s easy to become jaded. When you visit the same booths, listen to the same talks, and interact with the same people, it feels like Groundhog Day. I get less excited about conferences than I used to. The security industry has always been about the long game. Changes are often … Continue reading RSA 2016 – the roundup
Breaking the Fourth Wall
RSA is almost upon us which signifies a time of big announcements. Or at the very least, small announcements are made in a way to make them seem big. My blog has been my own walled-garden for several years now. It’s gone through many incarnations. But it’s the primary place where I jot down thoughts, … Continue reading Breaking the Fourth Wall
Delivering bad security news
Working in IT security means that more often than not you'll be delivering bad news. Conduct a risk assessment and you'll have to explain all the risks that exist. If you're a QSA, you'll have to break the news of how the client isn't PCI compliant. And if you're a penetration tester, then... well, there's … Continue reading Delivering bad security news
Why infosec can be like internet commentators
I try not to read the comments. Like ever. But often they are like those scabs you don't recall getting. You know it would get better if you stopped picking at it, but your fingernails can't resist the urge to scratch - that's what fingernails are for aren't they? Every now and then, I read … Continue reading Why infosec can be like internet commentators
Putting a Canary in your Data Mine
Despite having many monitoring and detection tools, many companies fail to identify attackers that have gained a foothold within their networks. Many times, a company is only aware of a breach after a 3rd party has informed them. It’s not that current tools can’t catch an attackers lateral movement within the network. Rather, the relevant … Continue reading Putting a Canary in your Data Mine
Casting a Digital Shadow over Threat Intelligence
Stand alone pure-play threat intelligence firms have all started with great promise. But somewhere along the way, many have not fully realised their potential. Recent notable threat intelligence vendor acquisitions Target Acquirer Date Amount Malcovery (key assets) PhishMe Oct 14 2015 Undisclosed iSight Partners FireEye Jan 20 2016 $200m Cyveillance LookingGlass Dec 10 2015 Undisclosed … Continue reading Casting a Digital Shadow over Threat Intelligence
Finding your passion
A few months ago, I gave my 2p (2.9c) on how one could find their niche. In short, it was about finding the intersection between your passion and expertise. Passion is what drives people to work beyond their set hours. It's an inner drive and desire to be better. Or as the dictionary would put … Continue reading Finding your passion
Invotas acquired by the all-seeing FireEye
Despite its stock sinking to an all time low. Milpitas, CA-based FireEye acquired iSight Partners for $200m a few weeks ago. iSight is somewhat complementary to Mandiant. But still left me with the feeling that the deal had a "hail Mary" feel to it. FireEye didn't stop to breath as it announced its acquisition of Invotas. … Continue reading Invotas acquired by the all-seeing FireEye
Javvad Malik 