Conquering the Rising Threat of Malvertising

The recent shift in enterprise application platforms from desktop to mobile has brought with it many exciting benefits, which organizations have recognized and leveraged to provide a more flexible and convenient workplace. Unfortunately, individuals and groups with less honorable intentions have also taken notice of this shift. In fact, a report from ISACA predicts a…

The Criminal Appeal of Advanced Ransomware: How Can Companies Protect Their Files?

Advanced ransomware—malicious software designed to take control of a computer system and hold it hostage until the victims pay for its release—is one of the fastest-growing areas of cybercrime. Another closely related threat is cyberextortion, where attackers threaten to cause harm to a company by releasing sensitive information to the public or sustaining distributed denial-of-service…

PSD2 and the E-Commerce Ecosystem

Authored by Ian Newns The European Banking Authority recently drafted the latest Directive on Payment Services II (PSD2), which serves as the legal foundation for a cross-EU payments market.  In 2016, European e-commerce sales are expected to increase 17% to €183 billion and the use of payment service providers (PSPs) is increasing significantly. Couple this with…

Industrial Control Systems (ICS) Ambiguity?

Authored by Gareth Pritchard, Azeem Aleem, Peter Tran From the days of Slammer, Stuxnet, Shamoon, etc., to the recent Ukrainian (black energy) Power Grid and “Panel Shock” Attacks, we are witnessing a sophisticated surge in the attack domains across industrial control systems. The shift from legacy systems towards process control networks with connectivity around enterprise…

Tales from the Black Hat NOC: Are We Broken?

Walking through the expo hall at Black Hat Europe was uplifting – if the vendor booths were to be believed, APT’s can be stopped in their tracks, Ransomware protection can be guaranteed, and phishing can become a term applied to lake activities again. All it requires is buying this tool! It made me wonder why people…

Blues and Bridging the Gap of Grief

The sound of blues flooded our ears, as approximately 2,000 information security professionals settled into the Ernest N. Morial Convention Center in New Orleans, LA, for the third annual RSA user conference, RSA Charge, from Oct 25-27. With our stomachs stuffed with local popular fare inclusive of crawfish, oysters & biegnets as we traversed Bourbon Street to…

Tales from the Black Hat NOC: Finding Mr. Robot?

The most significant part of Black Hat Europe 2016 finally started, and as expected – we are watching the arrival of smart security experts, who have come to the event to exchange information or show off their latest tools and products. While it’s hard to say what kind of skilled “hackers” we can expect during last…

Tales from the BlackHat NOC: Fish and Chips Edition

We’re in the first day of training at Black Hat Europe 2016, and once again – the RSA Black Hat NOC team is volunteering. This round, we’ll have more full packet capture, log analysis, session reconstruction, and analytics for both the wired and wireless networks provided by RSA NetWitness. Except this time, there is one difference (besides…

Tales from the Black Hat NOC: Setup in London

Arrival into London went without a hitch. I then took the train to Angel station and walked to the Business Design Center, which is my home for the next week, during the Black Hat Europe 2016. After walking through the doors and finding my way I was greeted by a room full of boxes. Time to…

3D Secure 2.0 – The New Sheriff in Town

EMVCo, the global standards body tasked with developing the technical standards for payments technologies, last week announced the availability of 3D Secure 2.0. Collectively, we at RSA congratulate EMVCo on this eagerly anticipated release. As an EMVCo Technical Associate, we were privileged to contribute to the development of the specifications and truly believe that the…