News & Analysis | No. 287

SECURITY NEWS MITRE has released D3FEND, a defensive counterpart to its offensive ATT&CK framework. It not only has its own separate ontology for defensive activities but also maps them to their offensive counterparts. “In other words, see what stops what.” More D3FEND The cyberinsurance market is facing major headwinds right now, largely…

Weekly Update 249

Presently sponsored by: Varonis. Reduce your SaaS blast radius with data-centric security for AWS, G Drive, Box, Salesforce, Slack and more.A bit of a shorter work week this one as we escaped to a little getaway for a few days. That said, it gave me some nice downtime to continue…

Lens vs. List Learning

Several years ago I wrote a piece called Algorithmic Learning, and then another one here. This will be the third in the series, as evidently this is an idea I can’t get out of my mind. The concept is this: There are two main ways we learn—passively and actively. Or…

Weekly Update 248

Presently sponsored by: Varonis. Reduce your SaaS blast radius with data-centric security for AWS, G Drive, Box, Salesforce, Slack and more.Thought I'd do a bit of AMA this week given the rest of the content was a bit lighter. If you like this sort of content then I'll try and…

How “Process Ghosting“ works

The Elastic Security team recently revealed a new technique for malware obfuscation and evasion called Process Ghosting, that allows tampering of in-memory mappings of executable files on Microsoft Windows. The technique [1] is the evolution of already known attack methods such us as Process Doppelgänging and Process Herpaderping, and could…
1 2 3 13