Attacks on the Critical Infrastructure happen!

It is not new that in December 2015 and December 2016 Ukraine suffered a power outage due to a cyber-attack. Researchers now figured out that both attacks leveraged the same framework to base their attacks on. It is not as sophisticated as Stuxnet for different reasons (only leverages one vulnerability, the way it communicated, etc.)…

Details

Back in the „good old days“

It is really scary to me: We get discussions again about backdoors in crypto-algorithms, export control for encryption etc. etc. The list is endless. When I started in security just before the change of the millennium, we already had these discussions and I thought that it was agreed that this is a bad thing. Backdoors…

Details

badBIOS Malware – a Hoax? I hope so…

On Friday arstechnica published a longer story on Meet “badBIOS,” the mysterious Mac and PC malware that jumps airgaps. The author talks about a virus/rootkit discovered by Dragos Ruiu, (organizer of CanSecWest and PacSec). The plot looks like a bad Hollywood movie. He describes strange behavior of machines that are completely new, setup from scratch,…

Details

Behind the Curtain of Second Tuesdays: Challenges in Software Security Response

You might know about Bluehat, which is an internal security conference we run several times an year. Some of the presentations we record and make them publically available. There is a really good one on the Microsoft Security Response Center. Dustin (the presenter) blogged on it Behind the Curtain of Second Tuesdays: Challenges in Software…

Details