All your passwords are belong to us

There are a number of password alternatives or complements that can improve security from using passwords as the only authentication/authorization method.

How botnets are built on mass CMS exploitation

It is calculated that the internet has about 2 billion websites, and there are plenty that are built using CMS (content management frameworks).

Weaponizing Oracle WebLogic Vulnerabilities

Recent Oracle WebLogic vulnerabilities CVE-2017-10271 and CVE-2018-2628 are just another chapter in this story, as bots have already been observed attempting weaponize these vulns.

Applied Machine Learning in Security Part 1: The Introduction for Skeptics

This the first post in a multi-part series about employing “real” machine learning in network security. The remainder of the series will follow with more details to come.

Trickbot ‘Son of Dyre’

Each day, security operation centers and researchers alike wage battle against incoming waves of scanning, brute force attempts, and malicious email.

Rig Exploit Kit delivering ransomware via Adobe Flash exploit (CVE-2018-4878)

Exploit kits are very efficient tools used in the cybercrime underground. These frameworks are packed with a number of exploits and mechanisms to detect vulnerabilities in systems/applications and…

What Data Types to Prioritize to Shine the Light on Blind Spots in Your SIEM

More log data equals more money and, as a result, enterprises have to make a difficult choice around what log sources and data are what they guess is the most important. 


A new vulnerability affecting the popular content management system (CMS) framework Drupal has been announced. This vulnerability is said to affect over 1 Million websites.

Future SOC: The Universal Analyst

Backed by government funding and Silicon Valley VCs, technologists are working furiously to innovate technologies like machine learning and AI and leverage them to force-multiply SOC analyst…

New Samba Vulnerabilities

A new set of vulnerabilities found in the SAMBA service protocol highlight the need for approaches that go beyond the simple use of static signature defense technologies. These two vulnerabilities…

Four “Red Flag” SOC Phrases

Security is a hot-button issue in businesses today to a degree we haven’t seen before. For the C-suite and other business leaders that begin paying more attention to what’s going on in the SOC, it…

Domain Hijacking Impersonation Campaigns

A number of domain “forgeries” or tricky, translated look-alikes have been observed recently. These attack campaigns cleverly abuse International Domain Names (IDN) which, once translated into ASCII…

Cryptocoin Mining Attack Vectors Reshaping the Threatscape

The rise in value of cryptocurrencies is driving malicious actors to implement payloads that allow the use of CPU/GPU of compromised hosts in order to mine cryptocurrency.  The process of mining is…

Building Lightweight Streaming Time Series Models

With modern technology today, almost all personal devices participate in a highly connected interweb and leave a footprint of our digital behaviors. The power of analytic modeling can help us…

Connecting the Dots

As a technology marketer, I have spent 20 years working with technical teams to identify ways to articulate how and why solutions work the way they do. While I have worked in many complex industries,…

Love The Vendor That Loves You Back

The sales machine is a complex beast and many may misinterpret who a good sales team is ultimately meant to serve. When salespeople want you as a customer, it’s their goal to bring you into the fold…

Introducing CHIRON: A Case for Home Network Monitoring and Defense

Nowadays, all our homes have become microenvironments for complex networking, composed of almost every single home appliance with added processing and networking capabilities. Examples of these home…

Keeping the “Science” in “Data Science”: Calibrating Algorithms for Threat Detection

As attack payloads and methods have become more easily adaptable and customizable to individual campaigns and targets (e.g. polymorphic malware, customized payloads, credential theft, etc.), threat…