Mark Zuckerberg was right when he wrote in his op-ed to the Washington Post that the internet needs new rules – though naturally, his view is limited as a CEO of a private company. For three decades governments across the globe have created an enormous regulatory vacuum due to a …
Category: cybersecurity
Well, 2018 is almost over and cyber threats are still here to keep us alert and ready for our continued roller coaster ride in 2019 as well. So here are some of my predictions for the world of cybersecurity 2019: IoT IoT is slowly turning into reality and security …
In recent ten years, I was involved in the disclosure of multiple vulnerabilities to different organizations and each story is unique and diverse as there is no standard way of doing it. I am not a security researcher and did not find those vulnerabilities on my own, but I was …
A well-known truth among security experts that humans are the weakest link and social engineering is the least resistant path for cyber attackers. The classic definition of social engineering is deception aimed to make people do what you want them to do. In the world of cybersecurity, it can be …
People create technologies to serve a purpose. It starts with a goal in mind and then the creator is going through the design phase and later on builds a technology-based system that can achieve that goal. For example, someone created Google Docs which allows people to write documents online. A …
Random Thoughts on Cyber Security, Artificial Intelligence, and Future Risks at the OECD Event – AI: Intelligent Machines, Smart Policies It is the end of the first day of a fascinating event in artificial intelligence, its impact on societies and how policymakers should act upon what seems like a once …
Recently I’ve been thinking about the intersection of blockchain and AI and although several exciting directions are rising from the intersection of the technologies I want to explore one direction here. One of the hottest discussions on AI is whether to constraint AI with regulation and ethics to prevent apocalyptic …
I got a call last night on whether I want to come to the morning show on TV and talk about Google’s recent findings of alleged Russian sponsored political advertising. Advertising that could have impacted the last US elections results, joining other similar discoveries on Facebook and Twitter and now …
Cryptography is a serious topic — a technology based on mathematical foundation posing an ever-growing challenge for attackers. On November 11th, 2016 Motherboard wrote a piece about FBI’s ability to break into suspects’ locked phones. Contrary to FBI’s constant complaints about going dark with strong encryption the actual number of …
Some random thoughts about WannaCry attack Propagation The propagation of the WannaCry attack was massive and mostly due to the fact it infected computers via SMB1, an old Windows file sharing network protocol. Some security experts complained that Ransomware has been massive for two years already and this event is only …
I had the privilege to present at the Netexplo observatory event at Unesco with a presentation about the danger of AI if and when it will adopted by cyber attackers. The full video is here and you can download my presentation from here.
CDA I had a super interesting visit to London for two cyber-related events. The first was a meeting of the CDA which is a new collaboration effort among the top European banks headed by Barclays Global CISO and the CDA themselves. The Israel Founders Group assembled top experts from the …
If I had to single out an individual development that elevated the sophistication of cybercrime by order of magnitude, it would be sharing. Code sharing, vulnerabilities sharing, knowledge sharing, stolen passwords and anything else one can think of. Attackers that once worked in silos, in essence competing, have discovered and …
Background The DARPA Cyber Grand Challenge (CGC) 2016 competition has captured the imagination of many with its AI challenge. In a nutshell, it is a contest where seven highly capable computers compete, and a team owns each computer. Each group creates a piece of software which can autonomously identify flaws …
Smartphones will soon become the target of choice for cyber attackers—making cyber warfare a personal matter. The emergence of mobile threats is nothing new, though until now, it has mainly been a phase of testing the waters and building an arms arsenal. Evil-doers are always on the lookout for weaknesses—the …
Morphisec started warming its engines with two findings related to two recent in-the-wild exploitations: IN-THE-WILD, NUCLEAR KIT FOUND THAT AUTOMATICALLY GENERATES FLASH EXPLOIT VARIANTS ON-THE-FLY ENCRYPTED FLASH EXPLOIT THAT BYPASSES MITIGATIONS FOUND IN THE WILD
Israeli startup Morphisec, which develops cyber security prevention and detection tools, has closed a $7 million Series A funding round led by Jerusalem Venture Partners (JVP), GE Ventures, Deutsche Telekom, Portage Advisors llc., and OurCrowd. The company has raised $8.5 million to date, including this financing round. http://www.globes.co.il/en/article-israeli-cyber-security-startup-morphisec-raises-7m-1001071492
Morphisec sheds some light on their anti zero-day product with their new website – check it out here.
Another excellent research from the Cyber Security Research Center @ Ben-Gurion University where your humble servant is serving as a CTO. The third one in the series of air-gap hacking breakthroughs where this time Mordechai Guri the lead researcher achieved data leakage via GSM radio frequencies to a dumb feature …
Targeted attacks take many forms, though there is one common tactic most of them share: Exploitation. To achieve their goal, they need to penetrate different systems on-the-go. The way this is done is by exploiting unpatched or unknown vulnerabilities. More common forms of exploitation happen via a malicious document which exploits …
Imagine a futuristic security technology that can stop any exploit at the exact moment of exploitation—regardless of the way the exploit was built, its evasion techniques or any mutation it might have or was possibly imagined to have. This technology is truly agnostic for any form of attack. An attack prevented with …
Public disclosure of vulnerabilities has always bothered me and I wasn’t able to put a finger on the reason until now. As a person who has been involved personally in vulnerabilities disclosure, I am highly appreciative for the contribution security researchers on awareness and it is very hard to imagine …
Excellent post by Kira Makagon on Israel’s cyber revolution http://kiramakagon.com/israels-exciting-innovations-in-cyber-security/
Yet another new Ransomware with a new sophisticated approach http://blog.trendmicro.com/trendlabs-security-intelligence/crypvault-new-crypto-ransomware-encrypts-and-quarantines-files/ Pay attention that the key section in the description on the way it operates is “The malware arrives to affected systems via an email attachment. When users execute the attached malicious JavaScript file, it will download four files from its C&C server:” When users …
The main victims of any data breach are actually the people, the customers, whom their personal information has been stolen and oddly they don’t get the deserved attention. Questions like what was the impact of the theft on me as a customer, what can I do about it and whether I deserve …