Detonating a bad rabbit: Windows Defender Antivirus and layered machine learning defenses

Windows Defender Antivirus uses a layered approach to protection: tiers of advanced automation and machine learning models evaluate files in order to reach a verdict on suspected malware. While Windows Defender AV detects a vast majority of new malware files at first sight, we always strive to...

Detonating a bad rabbit: Windows Defender Antivirus and layered machine learning defenses

Windows Defender Antivirus uses a layered approach to protection: tiers of advanced automation and machine learning models evaluate files in order to reach a verdict on suspected malware. While Windows Defender AV detects a vast majority of new malware files at first sight, we always strive to...

Windows Defender ATP machine learning and AMSI: Unearthing script-based attacks that ‘live off the land’

Scripts are becoming the weapon of choice of sophisticated activity groups responsible for targeted attacks as well as malware authors who indiscriminately deploy commodity threats. Scripting engines such as JavaScript, VBScript, and PowerShell offer tremendous benefits to attackers. They run...

Windows Defender ATP machine learning and AMSI: Unearthing script-based attacks that ‘live off the land’

Scripts are becoming the weapon of choice of sophisticated activity groups responsible for targeted attacks as well as malware authors who indiscriminately deploy commodity threats. Scripting engines such as JavaScript, VBScript, and PowerShell offer tremendous benefits to attackers. They run...

Windows Defender ATP machine learning and AMSI: Unearthing script-based attacks that ‘live off the land’

Scripts are becoming the weapon of choice of sophisticated activity groups responsible for targeted attacks as well as malware authors who indiscriminately deploy commodity threats. Scripting engines such as JavaScript, VBScript, and PowerShell offer tremendous benefits to attackers. They run...

Machine Learning Image Steganalysis: Aletheia

Aletheia is a steganalysis tool for the detection of hidden messages in images. The goal of steganalysis is to identify suspected packages, determine whether or not they have a payload encoded into them, and, if possible, recover that payload. Unlike cryptanalysis, steganalysis generally starts...

Customer-driven Rapid Innovation for Hybrid Cloud Security

Cyber threats have no boundaries; they come in new and evolving forms, capable of striking at any time … so it becomes important that your threat protection extends beyond conventional boundaries as well. In the past, on premise versions of security solutions were held up by long development cycl...

A decade inside Microsoft Security

Ten years ago, I walked onto Microsofts Redmond campus to take a role on a team that partnered with governments and CERTs on cybersecurity. Id just left a meaningful career in US federal government service because I thought it would be fascinating to experience first-hand the security challenges...

From Regular Expressions to AI

Three generations of attack detection methodology The oldest and well-studied approach is based on signatures and heuristics. From before the internet times, this approach was implemented in most kinds of detection systems from firewalls to anti-viruses. The second genera- tion represents an...

Reduce cloud adoption risks and deliver superior digital experiences with Akamai Cloud Delivery Platform - Part 1

Businesses are rapidly moving to the cloud and a recent IDG survey indicates that 70% of businesses have at least 1 application in the cloud and 16% plan to take their first app to the cloud in the next 12 months. However public cloud providers present their own challenges. They are unreliable...

Fraud Detection in Pokémon Go

I play Pokémon Go. There, I've admitted it. One of the interesting aspects of the game I've been watching is how the game's publisher, Niantic, deals with cheaters. There are three basic types of cheating in Pokémon Go. The first is botting, where a computer plays the game instead of a person. Th...

Machine Learning: Identify the Unpredictable – Whiteboard Wednesday [Video]

When it comes to identifying insider threats, the fundamental challenge is how to determine when data access appears out of the ordinary for a typical user or system, and of those instances, which ones are dangerous versus merely unusual. A lot of solutions today serve up so many policy violation...

Monitor More, Worry Less. Outpace Threats With Machine Learning.

In the past two years, enterprises have created more data than has been created in the entire history of humankind. At scale, securing this amount of data requires a re-think of how we grant and revoke access to sensitive files and, more importantly, how we identify and track the inevitable acces...

Technology to Out Sex Workers

Two related stories: PornHub is using machine learning algorithms to identify actors in different videos, so as to better index them. People are worried that it can really identify them, by linking their stage names to their real names. Facebook somehow managed to link a sex worker's clients unde...

Why ArtsSEC decided to partner with Wallarm

by Maximiliano Soler, @maxisoler by Maximiliano Soller, CTO of ArtsSEC The greatest thing with partnerships is how well the organisations’ expertise complement each other. Our partnership with Wallarm has incredibly exceeded our expectations in their innovation and expertise in web application...

X-Pack Alerting and Kibana 5.6.1 security update

X-Pack alerting privileged user multiple issues An error was found in the permission model used by X-Pack alerting whereby users mapped to certain built-in roles could create a watch that results in that user gaining elevated privileges. Affected Versions: 5.0.0 to 5.6.0 Solutions and Mitigations...

The New Email Security Technologies Powered by XGen™

Today we are excited to introduce new email security technologies powered by XGen™ and a new product, Smart Protection for Office 365. This new service combines the advantages of both an email gateway with an API service integrated solution to provide complete threat protection for Microsoft Offi...

Threatpost News Wrap, September 22, 2017

Mike Mimoso and Chris Brook recap the news of the week and look back at the Equifax saga so far. They also discuss a Google HTTPS warnings paper, cryptocurrency mining at the Pirate Bay, and bringing machine learning to passwords. Download: ThreatpostNewsWrapSeptember222017.mp3 Show notes: Equifa...

Trend Micro Security’s Layered Protection, XGen™ Machine Learning, and Folder Shield Protect You Against Unknown Ransomware and Malware

On May 12 of 2017, the WannaCry ransomware struck across the globe, encrypting computers by exploiting a critical vulnerability in Windows, first discovered by the US National Security Agency. Among its first targets were the British National Health Service, Federal Express, and Telefonica, but...

Explained: False positives

What are false positives? False positive, which is sometimes written as f/p, is an expression commonly used in cybersecurity to denote that a file or setting has been flagged as malicious when it’s not. In statistics, false positives are called Type I errors, because they check for a particular...