Tag Archive for: deceptive

GUEST ESSAY: Here’s why castle-wall defenses utterly fail at stopping deceptive adversaries

/in


When it comes to cyber attacks, most businesses think: “It could never happen to us,” but some plots are just hitting a little too close to home.

Related: T-Mobile breach reflects rising mobile device attacks

DevOps Experience

For instance, if you’ve ever played Grand Theft Auto, you know the goal is quite simply mass destruction: Use whatever resources you have at your disposal to cause as much damage as you possibly can and just keep going.

Not familiar with Grand Theft Auto? Let’s try Super Mario Bros. then. As Mario makes his way through eight increasingly difficult worlds, each of them is protected by a castle. As Mario reaches the end of each castle, he can defeat Bowser.

This is not unlike the mindset of modern cyber attackers – they’re wreaking havoc and becoming pros at finding ways to get away with it.Living-off-the-land (LotL) attacks are providing a way for adversaries to stay under cover. Attackers use tools and features that are already available in the systems they’re targeting so they look like legitimate users — until they steal your crown jewels.

But you can fight back. There are several methods of active defense that companies can utilize to safeguard their networks, and it’s time for CISOs to start picking. To date, the main goal in mind has been to prevent attackers from breaching your defenses and making their way into the castle, but the reality is this approach is flawed.

Israeli

Attackers will get in, it’s only a matter of time. Traditional network security solutions, such as firewalls, are not effective at detecting and stopping lateral attack movement – and that’s where the real damage is done. Many forms of access control and endpoint protection, such as EDR, are nothing more than a checkpoint that provides unfettered access once defeated – like Mario raising a flag after beating a level.

To take the analogy further, only after defeating Bowser does Mario learn that it wasn’t the real Bowser after all and that “our princess is in another castle.” Rather than just keeping Mario out of the castle entirely – i.e. deploying traditional perimeter defenses – in this scenario, Bowser deployed an advanced threat protection by sending…

Source…

Facebook bans Holocaust denial amid rapid rise in “deceptive” content

/in
Facebook's Menlo Park, California, headquarters as seen in 2017.

Enlarge / Facebook’s Menlo Park, California, headquarters as seen in 2017. (credit: Jason Doiy | Getty Images)

Facebook today is, once again, theoretically ramping up enforcement against hate speech, this time with a new policy prohibiting Holocaust denial on the platform.

The change is due to a “well-documented rise in anti-Semitism globally,” Facebook executive Monika Bickert wrote in a corporate blog post today.

The policy is a complete 180 for Facebook CEO Mark Zuckerberg, who in a 2018 interview specifically described Holocaust denial as the kind of “deeply offensive” speech he nonetheless felt should be permitted on the platform. The next day, amid blowback, he “clarified” his position:

Read 10 remaining paragraphs | Comments

Biz & IT – Ars Technica

Microsoft’s Windows 10 push is effective, damaging, desirable, and deceptive

/in

Danger!

Offering Windows 10 as a free upgrade to non-enterprise users of Windows 7 and Windows 8.1 was a sensible move on Microsoft’s part. Microsoft wants developers to create applications for the Universal Windows Platform and to do that, it has to ensure that there are many people using this platform. The company has told the developer community that it expects 1 billion Windows 10 systems within the first two-to-three years, putting an end to the usual chicken-and-egg situation surrounding new Windows releases: developers never use the latest and greatest features, because there’s nobody using the latest-and-greatest operating system; there’s no reason to use the latest-and-greatest operating system, because software runs just fine on the current one.

Knowing that few people will actively seek out a new operating system to upgrade their computers, Microsoft offered the Windows 10 upgrade through Windows Update. It also distributed updates that advertised the existence of the Windows 10 update to Windows 7 and 8.1 users. Initially, this merely allowed people to “reserve” their Windows 10 upgrade, but Microsoft has become progressively more aggressive. In the early days, this upgrade was found to be downloading the new operating system even before users opted in, and it was then accused of installing automatically.

In past weeks, the complaints have stepped up. Microsoft has been accused of changing the dialogs advertising the availability of the upgrade. Initially, pressing the X in the corner of the window canceled the upgrade; however, this was changed so that pressing the X merely delayed the upgrade.

Read 11 remaining paragraphs | Comments

Technology Lab – Ars Technica

Newspaper industry asks FTC to investigate “deceptive” adblockers

/in

The Newspaper Association of America is asking the Federal Trade Commission to investigate adblockers’ “deceptive” and “unlawful” practices.
Naked Security – Sophos