All Cyber-Kinetic Security & Cybersecurity Posts
-
Cyber-Kinetic Security
Emerging Tech Security Guidelines, Frameworks, Standards
Below is my attempt to list of all published 5G, IoT and “Smart Everything”-related security guidelines, frameworks and standards. If you are aware of additional entries that should be here, please let me know at [email protected]
Read More » -
Cyber-Kinetic Security
The World of Cyber-Physical Systems & Rising Cyber-Kinetic Risks
We live in a world in which the way we observe and control it is radically changing. Increasingly, we interact with physical objects through the filter of what computational systems embedded in them tell us, and we adjust them based on what those systems relate. We do this on our phones, in our cars, in our homes, in our factories and, increasingly, in our cities.…
Read More » -
Cyber-Kinetic Security
Cyber War – scaremongering or reality?
“Cyber war” is a term that is in recent days used so liberally that people may often wonder if these words are as menacing as they sound or used only as a tool to incite fear as a way to control a society that increasingly depends on technology. How we prepare and respond to cyber attacks depends on whether we believe we are in cyber…
Read More » -
Cyber-Kinetic Security
The Decline of Real Penetration Testing
As the leader of Cyber Agency, one of the largest penetration testing and red teaming specialist outfis, I have a bone to pick with where our industry is headed. Back in the late 90s and early 2000s, "pentesting" actually meant breaking into systems (and sometimes buildings!) with skill and creativity. Today, I’m watching a disappointing shift: more and more so-called pentests have turned into cheap,…
Read More » -
AI Security
Testing AI in Defense – A New Kind of Security Challenge
Looking back at our engagement, I'm concerned that the pace of AI adoption in military will overtake our abilities to validate and verify such systems. If AI systems continue proving valuable, there is nothing that will stop their adoption, but the infosec and QA communities simply don't have the tools and skills to ensure these systems behave in an ethical way. I remember our team…
Read More » -
Cyber-Kinetic Security
Polymorphic Viruses: The Shape-Shifting Malware Menace
Polymorphic viruses represent a turning point in malware history. These shape-shifting programs have shown that malicious code can be made highly adaptable, challenging the very foundations of signature-based security. We’ve examined how polymorphic malware works - using encryption, mutation engines, and self-modifying code to constantly reinvent itself - and looked at notorious examples from the past decade (Tequila, One Half, SatanBug/Natas, Marburg, and the hypothetical…
Read More » -
Cyber-Kinetic Security
Social Engineering – Greatest Information Security Risk
Social engineering doesn’t have to be just a supporting process to obtain system access; it is could be even more dangerous when it is used as the main attack. We, information security defenders, rarely consider that risk. If you think Social Engineering is an effective way to obtain access to systems by exploiting the weakest link – people – you are correct. But not completely…
Read More » -
Cyber-Kinetic Security
“Zero Tolerance” to “80-20” – Lazy Approaches to Cyber Risk
There is a new danger lurking in the information assets of countless organizations around the globe disguised by a plan devised to protect a large portion of those assets while failing miserably to protect the rest. Zero tolerance approach to cyber security is untenable Traditional approach to cyber security was for a board / management to declare that they have “zero tolerance” for cyber breaches,…
Read More »
