• img May 29, 2017

Week in review: Hacking through subtitles, new class of attacks against Android

Here’s an overview of some of last week’s most interesting news and articles: How to build a better SOC teamThere’s no scarcity of discussion around the reasons for the infosec skills shortage or ideas for how we can narrow the gap. Few discussions, however, take an honest look at the contrasting career paths of veteran […]

Read More
  • img May 28, 2017

Microsoft Quietly Patches Another Critical Malware Protection Engine Flaw

Microsoft quietly patched a critical vulnerability Wednesday in its Malware Protection Engine. The vulnerability was found May 12 by Google’s Project Zero team, which said an attacker could have crafted an executable that when processed by the Malware Protection Engine’s emulator could enable remote code execution. Unlike a May 9 emergency patch for what Google researchers called the worst Windows vulnerability in […]

Read More
  • img May 26, 2017

Most people would pay a ransom to get their data back

The high-profile WannaCry attack was the first time that 57% of US consumers were exposed to how ransomware works, the results of a recent Carbon Black survey have revealed. On the one hand, this high percentage is very disturbing. Ransomware has been around since 2005, and you would think that they would have at least […]

Read More
  • img May 26, 2017

New class of attacks affects all Android versions

Researchers have demonstrated how a malicious app with two specific permission can stealthily compromise users’ Android devices. “The possible attacks include advanced clickjacking, unconstrained keystroke recording, stealthy phishing, the silent installation of a God-mode app (with all permissions enabled), and silent phone unlocking + arbitrary actions (while keeping the screen off),” the researchers, from Georgia […]

Read More
  • img May 26, 2017

Mark Dowd on Exploit Mitigation Development

Mark Dowd, fresh off his 2017 Security Analyst Summit keynote, discusses why certain exploit mitigations have been so successful in driving up the cost of exploit development for attackers. [embedded content]   This post was originally published on https://threatpost.com/feed/. https://blacklakesecurity.com/mark-dowd-on-exploit-mitigation-development/

Read More