Skip to main content

Search

Items tagged with: Cybersecurity


I'm fascinated by the concept of measuring attacker-defender advantage in software, devices, and even entire IT environments. What do I mean by "attacker-defender advantage?" Lemme sum up and then share a chart.

Let's say you could measure the speed at which defenders remediate various types of security vulnerabilities across all relevant assets. Then say you could detect and measure the speed at which attackers find/exploit those vulnerable assets across the target population of organizations using them. Finally, plot those curves (across time and assets) to see the delta between them and derive a measure of relative advantage for attackers and defenders. That relative value is what I mean by attacker-defender advantage.

Since a picture is worth a thousand words, here's a visual example of the concept. The blue line represents defenders, measuring the speed of remediation. Red measures how attacker exploitation activity spreads across the target population. When the blue line is on top, defenders have a relative advantage (remediating faster than attackers are attempting to exploit new targets). When red's on top, the opposite is true. The delta between the lines corresponds to the relative degree of advantage (also expressed by the number in the upper left).

This chart comes from prior Cyentia Institute research in which we were able to combine datasets from two different partners (with their permission). Unfortunately, those datasets/partners are no longer available to further explore this concept - but maybe this post will inspire new partnerships and opportunities!

Any surprises in the attacker-defender advantage results depicted in the chart? Has anyone measured this or something similar?

#cybersecurity #vulnerabilities #cyberattacks #infosec #exploitation


Earlier this year, we reported on how a former employee said #Microsoft dismissed his warnings about a critical flaw because it feared losing #government business. #Russian hackers later used the weakness to breach the National Nuclear Security Administration, among others.

propublica.org/article/microso…

#Tech #News #Cybersecurity #Hacking #Data #Technology


Wild ass day in the Tor node operator world. Got an email from my VPS, forwarding a complaint from WatchDog CyberSecurity saying that my box was scanning SSH ports!

> Oh no, oh no, I knew I should have set up fail2ban, oh god why was I so lackadaisical!

So I remote in to the machine: no unusual network activity, no unusual processes, users, logins, command history, no sign that anything is doing anything I didn't tell it to do.

So what's up? Turns out there's been a widespread campaign where some actor is spoofing IPs to make it look like systems running Tor are scanning port 22: forum.torproject.org/t/tor-rel…

Operators from all over are saying they're getting nastygrams from their VPS providers because WatchDog is fingering their source IPs (which are being spoofed and NOT part of a global portscanning botnet).

@delroth did an amazing writeup of the whole thing here: delroth.net/posts/spoofed-mass…

#tor #infosec #cybersecurity #threatintel #privacy


This is ONE of the reasons why you should NEVER go to H&R Block !

"Tens of thousands of taxpayer accounts hacked as CRA repeatedly paid out millions in bogus refunds

Agency admits it vastly underreported cyberattacks against Canadian taxpayers to Parliament"

"At the height of this year's tax season, the Canada Revenue Agency discovered that hackers had obtained confidential data used by one of the country's largest tax preparation firms, H&R Block Canada."

"It eventually became clear that the stolen H&R block information helped imposters gain access to Canadians' tax returns, change banking information and even their addresses in order to claim bogus refunds and tax credits."

@gemelliz
@GottaLaff

#News #Canada #Cybersecurity #Data #Taxes #CRA #Finance #Banking #Hacking #OhHellNo

cbc.ca/news/canada/canada-reve…