Building off of the “101” article written here, let’s continue on with the roadmap to becoming a security researcher. In the previous article I explained the many interpretations of what this role consists of versus the “white hat hacker” nomenclature. In this blog post and onward I will be sticking to the “security researcher” title (unless otherwise stated), as this seems … [Read more...]
QEMU Poisoned with VENOM – Daily Security Byte EP.83
Virtualization technology is great, but it does add new attack surface. CrowdStrike disclosed a new QEMU vulnerability that affects many popular virtualization platforms. In today's video, I quickly summarize the issue, and share what you can do about it. (Episode Runtime: 2:10) Direct YouTube Link: https://www.youtube.com/watch?v=rNmDMq6vhyM EPISODE REFERENCES: QEMU VENOM … [Read more...]
When VMs Get Pwned: Real Security in Virtual Environments
This week I wrote an article for a few of our partners, include the well-known SpiceWorks IT pro forum. If you're interesting in learning about the additional risks introduced by hardware vritualization and in securing your virtual environment, read on. Spinning up a virtual machine (VM) without a good security policy, a hardened hypervisor, and virtual security controls is … [Read more...]
Crisis Malware Specifically Targets Virtual Machines
In a WatchGuard Security Week in Review video from about three weeks ago, I highlighted a new cross-platform malware variant called Crisis, which could infect both Windows and Mac computers by using a Java vulnerability that affected both platforms. The cross-platform nature of this malware alone made it pretty unique and interesting. This week, Symantec has uncovered new … [Read more...]
WatchGuard Security Week in Review: Episode 7
RSA Conference, Stratfor Email Leak, NASA Breach, and More Today's WatchGuard Security Week in Review is coming to you a few hours late, primarily because I've just returned from a week at the RSA Security Conference in San Francisco. In this episode, I summarize that conference's key themes, share the latest Anonymous news, mention some NASA breaches, and recommend a free … [Read more...]
