Blog Elements

Half Sized Blog Element (Single Author Style)

Half Sized Blog Element (Multi Author Style)

Focused Black Hat 2013 Trainings Examine Incident Response, Malware

2013-05-28/0 Comments/in Malware/by fdesir

A posting from Dark Reading In there Security management section: Verizon’s 2013 DBIR indicates that 40% of breaches involved malware, and rapid analysis often falls to incident responders. Malware Analysis: Black Hat Edition provides a rapid intro to the tools and methodologies of Windows malware analysis. Attendees will learn how to observe malware’s actions through disassembly and debugging, extract host […]

BIOS Bummer: New Malware Can Bypass BIOS Security

2013-05-28/0 Comments/in Vulnerability & Threat Report/by fdesir

A posting from Dark Reading in there Vulnerability and Threat section: As more hardware vendors seek to implement the new NIST 800-155 specification that was designed to make the start-up BIOS firmware on our PCs and laptops more secure, they may need to rethink the security assumptions upon which the standard depends. A trio of researchers from […]

Focused Black Hat 2013 Trainings Examine Incident Response, Malware

2013-05-28/0 Comments/in Malware/by fdesir

BIOS Bummer: New Malware Can Bypass BIOS Security

2013-05-28/0 Comments/in Vulnerability & Threat Report/by fdesir

Full Sized Blog Element (Big Preview Pic)

Focused Black Hat 2013 Trainings Examine Incident Response, Malware

2013-05-28/0 Comments/in Malware/by fdesir

A posting from Dark Reading In there Security management section:

Verizon’s 2013 DBIR indicates that 40% of breaches involved malware, and rapid analysis often falls to incident responders. Malware Analysis: Black Hat Edition provides a rapid intro to the tools and methodologies of Windows malware analysis. Attendees will learn how to observe malware’s actions through disassembly and debugging, extract host and network-based indicators, and zeroing in on the Windows APIs most used by malware authors. Hands-on labs will abound, and everyone will receive a copy of Mike Sikorski’s “Practical Malware Analysis.”

Despite the staggering number of reported breaches in the past year, the typical IT staffer lacks the necessary and specialized training to properly respond. Digital Forensics and Incident Response takes up that slack, offering attendees both the theory behind digital forensics and hands-on experience with real-life situations and evidence. Upon the Training’s completion, students will be able to effectively preserve and analyze a large number of digital evidence sources, skills that are immediately useful in a number of investigative scenarios.

To read more click here:

BIOS Bummer: New Malware Can Bypass BIOS Security

2013-05-28/0 Comments/in Vulnerability & Threat Report/by fdesir

A posting from Dark Reading in there Vulnerability and Threat section:

As more hardware vendors seek to implement the new NIST 800-155 specification that was designed to make the start-up BIOS firmware on our PCs and laptops more secure, they may need to rethink the security assumptions upon which the standard depends. A trio of researchers from The MITRE Corp. say that the current approach relies too heavily on access control mechanisms that can easily be bypassed.

The researchers are taking their message to Black Hat USA later this summer in a talk where they plan to unveil new malware proofs-of-concept that can trick an endpoint’s Trusted Platform Module (TPM) chip into thinking the BIOS firmware is clean and can persist infecting the BIOS after it has been flashed, or reset, or even after it has been updated.

To read more click here: