Security research from the front lines

Ryan Sherstobitoff

Subscribe to Ryan Sherstobitoff: eMailAlertsEmail Alerts
Get Ryan Sherstobitoff: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Top Stories by Ryan Sherstobitoff

Breaching Wireless Networks

Wireless networks and endpoints offer convenience and connectivity, but unless properly secured, they also offer a means of egress into the network. As evidenced by recent headlines surrounding undiscovered data breaches and subsequent public exposure, hackers have begun to turn their eye toward breaching wireless networks and taking advantage of the many weaknesses incumbent. At the same time, we continue to see a trend toward stealing cardholder information from retailers such as TJ Maxx and Hannaford Brothers. According to a recent study conducted by the Verizon Business Risk Team, 84 percent of the data compromised in documented breaches pertained to cardholder information. [1] The use of mobile networks is not an uncommon way of providing access for employees throughout a corporate campus. However, these networks come with several often-ignored dangers, includ... (more)

Hidden Dangers: Crimeware-as-a-Service (CaaS)

As the malware threat landscape continues to evolve, hackers are continuously changing techniques to counteract detection technologies being developed by vendors. By using sophisticated methods to evade current antivirus technologies, hackers are relentless in their pursuit of damaging IT systems and oftentimes gaining access to sensitive information. Several years ago, hackers used polymorphism and metamorphism as tactics to constantly generate new variants of worms. Essentially, through polymorphism, the virus would morph into different variations, successfully bypassing signa... (more)

The Evolution of Traditional Anti-Virus to Security as a Service

Over the past five years, the anti-virus market has experienced tremendous growth as many new technologies have emerged in response to current threat conditions. What was once a market consisting of very few players is now a multi-billion dollar enterprise consisting of numerous companies with multiple anti-virus products that vary in focus and quality. According to some analyst forecasts, the global anti-virus market will likely surpass $58 billion by 2010 through the introduction of new technologies in the areas of data loss prevention, virtualization security, security-as-a-... (more)

Virtualization - Security Should Not Take a Backseat

There’s no question that advances in server virtualization technology are becoming popular among corporations that want to save money by consolidating resources and improving operational efficiency. Virtualization enables a dramatic increase in cost savings in ongoing maintenance and the cost required to keep physical assets afloat. These benefits are often seen by CIOs and other information technology leaders as adding tremendous value to an existing robust IT infrastructure. Who wouldn’t want to save money by reducing the size and extent of their data center, especially in the ... (more)

SQL Injection Attacks: The Future of Mass Hacking Campaigns

SQL injection attacks are evolving as one of the primary modes of transportation for malicious scripts that hackers insert into legitimate websites. According to recent events, this method is becoming very popular among the hacker elite, especially considering the number of sites they are able to exploit almost overnight. Some of these victim sites include the United Nations and the Department of Homeland Security (DHS).[1] Typically they will use the website as a vehicle for distributing Trojans through encoded JavaScript that a SQL injection inserted into the website. The scar... (more)