As a reaction to a number of major corporate and accounting scandals (namely Enron and WorldCom), twenty years ago the Sarbanes-Oxley Act (SOX) was enacted. The law is almost certainly present in the day-to-day professional lives of every public company CFO and CEO.
In April 2023, the most recent meeting of the United Nations Office on Drugs and Crime took place on the potential Comprehensive International Convention on Countering the Use of Information and Communications Technologies for Criminal Purposes. This meeting focused on international cooperation to unite countries to address the constant increase in cybercrimes worldwide. However, as exposed in the press, it is arduous to obtain the unanimous agreement of the member countries on subjects as legally and culturally complex as personal data transfer, judicial extradition, joint police investigations, access to cross-border data and special investigations techniques.
In January, we published a blog explaining why it is important to have strong passwords and provided advice to increase their robustness. Little did we know that this blog’s writing would create a commotion among the research team as different opinions on password managers emerged. Our last blog explained why password managers might not be as popular as the InfoSec community wishes. In this blog we will refute some of the arguments made, accept the limitations of password managers’ adoption, and propose strategies to address that.
In January, we published a blog explaining why it is important to have strong passwords, and provided some advice to increase their robustness. Little did we know that this blog’s writing would create a commotion among the research team as different opinions on password managers emerged. The next two blog posts will cover password managers. The first one aims to explain why it might not be as popular as the InfoSec community wishes, while the second one attempts to nuance that anything is better than the status quo.
With our RDP interception tool, we managed to collect a great deal of information (screen, keyboard, mouse, metadata) about opportunistic attackers, and have it on video. An engineer and a crime data scientist partner to deliver an epic story, presented at BlackHat USA titled “I Watched You Roll the Die: Unparalleled RDP Monitoring Reveal Attackers’ Tradecraft” for the first time, which includes luring, understanding and characterizing attackers, allowing to collectively focus our attention on more sophisticated threats.