Clouding Up the View

2020 has seen one of the largest shifts to remote work in history, bringing with it a new set of security challenges. A workforce largely shifted to virtual environments, coupled with rapid cloud adoption, drastically increases need for data visibility and control. This new working model has pivoted the threat landscape, and security teams

Read more

Detecting Advanced Threats with CCCS’s Cloud Based Sensor

The Canadian Centre for Cyber Security (CCCS) plays a key role in providing an additional layer of security to the Government of Canada’s infrastructure. With the growing migration from Government owned data centers to various Cloud Service Providers, CCCS was faced with the new challenge of securing the Government of Canada in the cloud.

Read more

Securing The DevOps Pipeline

Modern application development revolves around DevOps workflows that have development teams always churning out new application features, automating unit and functional testing of applications, and deploying to production in the shortest time frame possible. The newer technologies that enable this level of automation and speed create new risks

Read more

Who’s Afraid of Unmanaged Devices?

We all have seen the statistics about the growth of unmanaged devices, sometimes called the “Enterprise of Things”. This includes building management systems (lighting, cooling), security systems (cameras, badge readers), office equipment (smart TVs, headsets, printers), and specialized devices used in environments such as retail,

Read more

A Brave New World

The COVID pandemic has allowed attackers to exploit users with phishing attacks, ransomware, and other scams. FortiGuard Labs has recorded over 600 unique campaigns related to COVID cyberattacks per day. We will; examine some of the top attacks, understand how attackers are creating those attacks, and the platforms they are targeting. Learn

Read more

Deserialization Vulnerabilities: From Theory to Practice

In this talk we provide an overview of the insecure object deserialization in Java and .NET and provide an indepth look at 2 different cases of these vulnerabilities. In first part of the talk, we delve into the basics of object serialization and provide insight into why deserialization attack surfaces exist is applications built on 
Read more

Your Phone Is Using TOR and Leaking Your PII

As part of our research, we identified a surprising amount of unencrypted, sensitive and confidential user data originating from mobile devices traversing the TOR network, which included: GPS coordinates, WiFi BSSID, and general keys typed by the user. In some cases, we were able to build a complete user profile from physical movements to

Read more