Posts

When it comes to cybersecurity, there’s often a language barrier between technical teams and the board of directors. While you’re talking about phishing, zero-day vulnerabilities, and lateral attacks, they’re thinking about budgets, growth, and reputation. Bridging this gap is crucial because if the board doesn’t understand the risks, they won’t back the resources you need to defend the company. So, how do you communicate cybersecurity risk to a boardroom of non-techies? Here are some pointers. ...

Deepfakes are the wild west of digital media. On one hand, the image generation tools are revolutionizing creative industries, letting people craft amazing content fast and with minimal resources. On the other, they’re a growing menace, eroding trust and blurring the lines between reality and fiction. Can we protect ourselves in a world where you can’t trust what you see or hear? I’m a hopeless optimist, so here’s my take. ...

Vehicular Ad Hoc Networks (VANETs) are like the Avengers of the road. Autonomous, connected, and ready to revolutionize transportation. But with great tech comes great vulnerabilities. Distributed Denial-of-Service (DDoS) attacks is one of the most serious threats to VANET Cloud systems. These attacks can clog networks, disrupt communication, and make a smart car, well, not-so-smart. Thankfully, researchers are on it. There are studies out there proposing a machine learning-based framework to detect DDoS attacks in VANET Clouds with a jaw-dropping accuracy of 99.59%. ...

Phishing is no joke. It is one of the most pervasive cybersecurity threats, one of the major attack vectors against corporations and individuals, with a 345% surge in unique phishing sites between 2020 and 2021. Enter machine learning, our new best friend in the fight against phishing. This research proposes a smart system for predicting phishing websites using Support Vector Machines (SVM). Let’s take a look at some practical LM to fight cyber crime, as opposed to all the AI generic claims from most vendors nowadays. ...

The Industrial Internet of Things (IIoT) sounds like futuristic—smart factories, automated systems, and seamless integration. The catch is that it’s also a playground for cyber attacks. Whether it’s stealing data, crashing operations, or good old sabotage, hackers are exploiting IIoT vulnerabilities. In this context Digital Forensic Incident Response (DFIR) is a key tool for defending against and investigating these attacks. Why is IIoT Security Hard? IIoT connects physical systems (think manufacturing equipment) with digital networks. Great for efficiency, but it also opens the door to cyber-physical attacks. Picture this: malware infects a water treatment plant and tampers with the valves, leading to a toxic spill. Or an oil pipeline operation suffers a ransomware attack that halts operations for a week and leads to fuel panic buying and price surges. ...

Cybersecurity feels like a never-ending game of cat and mouse. Technology evolves and new attack paths open up. This greatly frustrates everyone, especially non-technical top-level executives, flooded with requests to increase the cybersecurity spending. Here’s a personal reflection of the highlights (and lowlights, if I may). By no means is this a complete reference and you also need to acknowledge that this is a point in time view. I will most likely feel different next year. ...

Our smartphones are basically extensions of ourselves at this point. We use them for lots of things, authentication being one of them. And we use our phones a lot for social media (or is it just me?). And, of course, we use our phones to authenticate to social media. E-BrightPass proposes a malware-proof method for authenticating to social media. So, what’s the big deal? The Problem With Smartphone Security Most of us rely on traditional passwords or PINs to log into social media apps. And if we’re feeling extra cautious, we enable two-factor authentication (2FA). But even these methods might not be enough. Assuming a compromised device, malware can record keystrokes, read SMS-based 2FA codes, and even infer PINs by analyzing multiple login attempts. ...

Is steganography still a thing? I used to think it was just an academic flex, but this guy said 5 years ago it’s used by malware, and he got upvoted, so it must be true 😏. If you’ve ever hidden data inside an image (couldn’t you find anything more exciting to do with your time?), you know the usual drill: find the edges, hide your stuff there, and hope it’s secure. The problem? Traditional methods don’t let you embed as much data as you’d want, especially with big datasets. Enter prediction error space (PES), a new approach that finds more edges and hides more data. This could boost malware payloads—so maybe that guy was onto something. ...