Security research from the front lines

Ryan Sherstobitoff

Subscribe to Ryan Sherstobitoff: eMailAlertsEmail Alerts
Get Ryan Sherstobitoff: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Top Stories by Ryan Sherstobitoff

As the malware threat landscape continues to evolve, hackers are continuously changing techniques to counteract detection technologies being developed by vendors. By using sophisticated methods to evade current antivirus technologies, hackers are relentless in their pursuit of damaging IT systems and oftentimes gaining access to sensitive information. Several years ago, hackers used polymorphism and metamorphism as tactics to constantly generate new variants of worms. Essentially, through polymorphism, the virus would morph into different variations, successfully bypassing signature-based technologies. The antivirus industry responded to this threat by creating emulation technologies to counteract the new breed of virus. This emulation engine was designed to mimic the properties of the morphed virus so it could be detected by other means (signature and heuristics). H... (more)

Virtualization - Security Should Not Take a Backseat

There’s no question that advances in server virtualization technology are becoming popular among corporations that want to save money by consolidating resources and improving operational efficiency. Virtualization enables a dramatic increase in cost savings in ongoing maintenance and the cost required to keep physical assets afloat. These benefits are often seen by CIOs and other information technology leaders as adding tremendous value to an existing robust IT infrastructure. Who wouldn’t want to save money by reducing the size and extent of their data center, especially in the ... (more)

SQL Injection Attacks: The Future of Mass Hacking Campaigns

SQL injection attacks are evolving as one of the primary modes of transportation for malicious scripts that hackers insert into legitimate websites. According to recent events, this method is becoming very popular among the hacker elite, especially considering the number of sites they are able to exploit almost overnight. Some of these victim sites include the United Nations and the Department of Homeland Security (DHS).[1] Typically they will use the website as a vehicle for distributing Trojans through encoded JavaScript that a SQL injection inserted into the website. The scar... (more)

Even Heroes Need the Right Tools in Their Utility Belts

We at SafeKidZone believe, without a doubt, that the people who make up 911 emergency services are all heroes. It’s not an easy job, but these brave folks are earnest in their willingness to do what is necessary to help save a life. In the case of the Schmitts, in the article, 911 did not make it in time to save their family home from burning to the ground simply because of situational fog: in this case poor cellular coverage which routed their emergency call to an alert center on the other side of the county. Compound that problem with difficulty locating the Schmitts and the o... (more)

Breaching Wireless Networks

Wireless networks and endpoints offer convenience and connectivity, but unless properly secured, they also offer a means of egress into the network. As evidenced by recent headlines surrounding undiscovered data breaches and subsequent public exposure, hackers have begun to turn their eye toward breaching wireless networks and taking advantage of the many weaknesses incumbent. At the same time, we continue to see a trend toward stealing cardholder information from retailers such as TJ Maxx and Hannaford Brothers. According to a recent study conducted by the Verizon Business Risk ... (more)