cybersecurity

Google Releases Windows 8.1 Exploit Code – After 90 Days Warning to Microsoft

Google Project Zero has debuted with the aim of solving the vulnerabilities problem by identifying zero-day vulnerabilities, notifying the company which owns the software, and giving them 90 days to solve the problem. After 90 days they publish the exploit. And they just did it to Microsoft. I remember quite a while ago when we decided at the cyber labs at Ben-Gurion University to adopt such a policy following our discovery of a vulnerability in…

Continue reading

innovation

Can Microsoft afford to ignore Linux?

Microsoft completed the acquisition of Sybari Software, their new anti-virus and anti-spyware line of business – The Windows Observer–Antivirus, Anti-Spyware Strategy Moves Forward for Microsoft. One line from the news caught my eye as something that makes immediate common sense but may not be right strategically after all “Not surprisingly, Microsoft will discontinue new sales of Sybari’s products for the Unix (Solaris and AIX) and Linux operating systems. It will, however, continue to sell and…

Continue reading

cybersecurity

Is Microsoft the Big Bad Wolf?

I am writing many times on strategies and competition related to Microsoft and I wanted to clear the reason why I relate to this company a lot and why I am not on their side with my advice especially when it comes to competition with new ventures: 1) To put it up front I think that Microsoft is an excellent company with many strong core capabilities and deep strategic thinking that makes them a very…

Continue reading

cloud cybersecurity

What is Cloud Workload Protection?

Cloud usage is increasing rapidly. Analysts forecast growth of 17 percent for the worldwide public cloud services market in 2020 alone. This proliferation comes on top of already widespread cloud adoption. In a recent report by Flexera, over 83 percent of companies described themselves as intermediate to heavy users of cloud platforms, while 93 percent report having a multi-cloud strategy. With a growing number of companies planning on doing more in diverse cloud environments, cloud workloads are becoming…

Continue reading

innovation

Digital Transformation Is Hard and Existential

There is no large corporation on the planet which does not have digital transformation as one of the top three strategic priorities, and many have already deep-dived into it without necessarily understanding the meaning of success. Digital transformation is highly strategic, and many times existential due to the simple fact that technology changed everyone’s life forever and kept on doing that. A change that gave birth to a new breed of companies with technological DNA…

Continue reading

cybersecurity innovation regulation

Spanning the Chasm: The Missing Link in Tech Regulation – Part 1 of 2

Mark Zuckerberg was right when he wrote in his op-ed to the Washington Post that the internet needs new rules, though naturally, his view is limited as a CEO of a private company. For three decades, governments across the globe have created an enormous regulatory vacuum due to a profound misunderstanding of the magnitude of technology on society. As a result, they neglected their duty to protect society in the mixed reality of technology and…

Continue reading

cybersecurity iot

My Ten Cyber Security Predictions for 2019

Well, 2018 is almost over and cyber threats are still here to keep us alert and ready for our continued roller coaster ride in 2019 as well. So here are some of my predictions for the world of cybersecurity 2019: IoT IoT is slowly turning into reality and security becomes a growing concern in afterthought fashion as always. This reality will not materialize into a new cohort of specialized vendors due to its highly fragmented…

Continue reading

cybersecurity

How to Disclose a Security Vulnerability and Stay Alive

In recent ten years, I was involved in the disclosure of multiple vulnerabilities to different organizations and each story is unique and diverse as there is no standard way of doing it. I am not a security researcher and did not find those vulnerabilities on my own, but I was there. A responsible researcher, subjective to your definition of what is responsible, discloses first the vulnerability to the developer of the product via email or…

Continue reading

AI blockchain cybersecurity

Risks of Artificial Intelligence on Society

Random Thoughts on Cyber Security, Artificial Intelligence, and Future Risks at the OECD Event – AI: Intelligent Machines, Smart Policies It is the end of the first day of a fascinating event in artificial intelligence, its impact on societies, and how policymakers should act upon what seems like a once in lifetime technological revolution. As someone rooted deeply in the world of cybersecurity, I wanted to share my point of view on what the future…

Continue reading

cybersecurity

Thoughts on The Russians Intervention in the US Elections. Allegedly.

I got a call last night on whether I want to come to the morning show on TV and talk about Google?s recent findings of alleged Russian sponsored political advertising. Advertising that could have impacted the last US election results, joining other similar discoveries on Facebook and Twitter and now Microsoft is also looking for clues. At first instant, I wanted to say, what is there to say about it but still, I agreed as…

Continue reading

AI

Softbank eating the world

Softbank acquired BostonDynamics, the four legs robots maker, alongside secretive Schaft, two-legged?robots maker. Softbank, the perpetual acquirer of emerging leaders, has entered a foray into artificial life by diluting their stakes in media and communications and setting a stronghold into the full supply chain of artificial life. It starts with chipsets (ARM), but then they divested a quarter of the holdings since Google (TPU) and others have shown that specialized processors for artificial life are…

Continue reading

AI cloud

The Not So Peculiar Case of A Diamond in The Rough

IBM stock was hit severely?in recent month, mostly due to the disappointment from the latest earnings report. It wasn’t a real disappointment, but IBM had a buildup of expectations from their ongoing turnaround, and the recent earnings announcement has poured cold water on the growing enthusiasm. This post is about IBM’s story but carries a moral which applies to many other companies going through disruption in their industry. IBM is an enormous business with many…

Continue reading

cybersecurity

Searching Under The Flashlight of Recent WannaCry Attack

Random thoughts about WannaCry Propagation The propagation of the WannaCry attack was massive and mostly due to the fact it infected computers via SMB1, an old Windows file-sharing network protocol. Some security experts complained that Ransomware has been massive for two years already and this event is only a one big hype wave though I think there is a difference here and it is the magnitude of propagation. There is a big difference when attack…

Continue reading

blockchain cybersecurity

United We Stand, Divided We Fall.

If I had to single out an individual development that elevated the sophistication of cybercrime by order of magnitude, it would be sharing. Codesharing, vulnerabilities sharing, knowledge sharing, stolen passwords, and anything else one can think of. Attackers that once worked in silos, in essence competing, have discovered and fully embraced the power of cooperation and collaboration. I was honored to present a high-level overview on the topic of cyber collaboration a couple of weeks…

Continue reading

AI cybersecurity

Right and Wrong in AI

Background The DARPA Cyber Grand Challenge (CGC) 2016 competition has captured the imagination of many with its AI challenge. In a nutshell, it is a contest where seven highly capable computers compete, and a team owns each computer. Each group creates a piece of software that can autonomously identify flaws in their computer and fix them and identify flaws in the other six computers and hack them. A game inspired by the Catch The Flag…

Continue reading

cybersecurity

Cyber-Evil Getting Ever More Personal

Smartphones will soon become the target of choice for cyber attackers?making cyber warfare a personal matter. The emergence of mobile threats is nothing new, though until now, it has mainly been a phase of testing the waters and building an arms arsenal. Evil-doers are always on the lookout for weaknesses?the easiest to exploit and the most profitable. Now, it is mobile’s turn. We are witnessing a historic shift in focus from personal computers, the long-time…

Continue reading

cybersecurity

Is It GAME OVER?

Targeted attacks take many forms, though there is one common tactic most of them share: Exploitation. To achieve their goal, they need to penetrate different systems on-the-go. The way this is done is by exploiting unpatched or unknown vulnerabilities. More common forms of exploitation happen via a malicious document that exploits vulnerabilities in Adobe Reader or a malicious URL that exploits the browser in order to set a foothold inside the end-point computer. Zero-Day is…

Continue reading

cybersecurity

Most cyber attacks start with an exploit – I know how to make them go away

Yet another new Ransomware with a new sophisticated approach?http://blog.trendmicro.com/trendlabs-security-intelligence/crypvault-new-crypto-ransomware-encrypts-and-quarantines-files/ Pay attention that the key section in the description on the way it operates is “The malware arrives to affected systems via an email attachment.?When users?execute the attached malicious JavaScript file, it will?download four files from its C&C server:” When users execute the JavaScript files it means the JavaScript was loaded into the browser application and exploited the browser in order to get in and then…

Continue reading

cybersecurity startups

Cyber Tech 2015 – It’s a Wrap

It has been a crazy two days at Israel?s Cyber Tech 2015?in a good way! The exhibition hall was split into three sections: the booths of the established companies, the startups pavilion and the Cyber Spark arena. It was like examining an x-ray of the emerging cyber industry in Israel, where on one hand you have the grown-ups whom are the established players, the startups/sprouts seeking opportunities for growth, and an engine which generates such…

Continue reading

cybersecurity

Taming The Security Weakest Link(s)

Overview The security level of a computerized system is as good as the security level of its weakest links. If one part is secure and tightened properly and other parts are compromised, then your whole system is compromised, and the compromised ones become your weakest links. The weakest link fits well with attackers? mindset which always looks for the least resistant path to their goal. Third parties in computers present an intrinsic security risk for…

Continue reading

cybersecurity

The Emergence of Polymorphic Cyber Defense

Background Attackers are Stronger Now The cyber-world is witnessing a fast-paced digital arms race between attackers and security defense systems, and 2014 showed everyone that attackers have the upper hand in this match.? Attackers are on the rise due to their growing financial interest?motivating a new level of sophisticated attacks that existing defenses are unmatched to combat. The fact that almost everything today is connected to the net and the ever-growing complexity of software and…

Continue reading

cybersecurity

To Disclose or Not to Disclose, That is The Security Researcher Question

Microsoft and Google are?bashing each other on the zero-day exploit in Windows 8.1 that was disclosed by Google last week following a 90 days grace period. Disclosing is a broad term when speaking about vulnerabilities and exploits – you can disclose to the public the fact that there is a vulnerability and then you can disclose how to exploit it with an example source code. There is a big difference between just telling the world…

Continue reading

cybersecurity

Counter Attacks – Random Thoughts

The surging amount of cyber attacks against companies and their dear consequences pushes companies to the edge. Defensive measures can go only so far in terms of effectiveness, assuming they are fully deployed which is also far from being the common case. Companies are too slow to react to this new threat which is caused by a fast-paced acceleration in the level of sophistication of attackers. Today companies are at a weak point. From a…

Continue reading

cybersecurity

A Tectonic Shift in Superpowers or What Sony Hack Uncovered to Everyone Else

Sony hack has flooded my news feed in recent weeks, everyone talking about how it was done, why, whom to blame, the trails which lead to North Korea, and the politics around it. I?ve been following the story from the first report with an unexplained curiosity and was not sure why since I read about hacks all day long. A word of explanation about my “weird” habit of following hacks continuously, being a CTO of…

Continue reading

startups

What does cross platform mean?

Cross-platform is tricky. It seems like a small “technical” buzzword but actually, it is one of the biggest challenges for many technology companies and has different aspects for different people in the organization and outside of it. Developer Point of View It all starts with the fact that applications can potentially be targeted towards different computing devices. To get more people to use your applications you would like it to run on more and more…

Continue reading