One Missed Threat Per Week: What 25M Alerts Reveal About Low-Severity Risk

The dark secret of enterprise security operations is that defenders have quietly institutionalized the practice of not looking. This is not just anecdotal, but rather backed by a recent report investigating more than 25 million security alerts, including informational and low-severity, across liv...

It pays to be a forever student

Welcome to this week's edition of the Threat Source newsletter. If I haven't said it in a newsletter before, I'll say it now: If you want to be good at cybersecurity, be a forever student. Cultivating and feeding your desire to know how things work is one of the key ingredients to being a hacker...

Applying Public Health Systematic Approaches to Cybersecurity: The Economics of Collective Defense

The U.S. public health system increased life expectancy by more than 30 years since 1900 through systematic data collection, evidence-based intervention, and coordinated response. This paper examines whether cybersecurity can benefit from similar organizational principles. We find that both domai...

Quantifying the ROI of Cyber Threat Intelligence: a Data-Driven Approach

The valuation of Cyber Threat Intelligence CTI remains a persistent challenge due to the problem of negative evidence: successful threat prevention results in non-events that generate minimal observable financial impact, making CTI expenditures difficult to justify within traditional cost-benefit...

DMind Benchmark: toward a Holistic Assessment of LLM Capabilities across the Web3 Domain

Large Language Models LLMs have achieved impressive performance in diverse natural language processing tasks, but specialized domains such as Web3 present new challenges and require more tailored evaluation. Despite the significant user base and capital flows in Web3, encompassing smart contracts...

Deciphering the Economics of Software Development: An In-Depth Exploration

By Uzair Amir The depth of activities within software development ranges from ideation and design to coding, testing, and deployment. The… This is a post from HackRead.com Read the original post: Deciphering the Economics of Software Development: An In-Depth Exploration...

Ross Anderson

Ross Anderson unexpectedly passed away Thursday night in, I believe, his home in Cambridge. I cant remember when I first met Ross. Of course it was before 2008, when we created the Security and Human Behavior workshop. It was well before 2001, when we created the Workshop on Economics and...

openeconomics.zbw.eu Cross Site Scripting vulnerability OBB-3873594

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Security and Human Behavior (SHB) 2023

Im just back from the sixteenth Workshop on Security and Human Behavior, hosted by Alessandro Acquisti at Carnegie Mellon University in Pittsburgh. SHB is a small, annual, invitational workshop of people studying various aspects of the human side of security, organized each year by Alessandro...

incentivePool increase is broken

Lines of code Vulnerability details Impact When updating the incentivePool it divides the previous value by BASEDIVISOR. On each update, the incentivePool basically resets itself to only the increment and loses the previous incentive pool. // @audit divides entire previous incentivePool by...

economics-prorok.com Improper Access Control vulnerability OBB-2219476

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Don Spies and Kim Grauer on tracking illicit Bitcoin transactions

In this episode of Security Nation, we’re joined by Don Spies and Kim Grauer of Chainalysis. They discuss the relationship between ransomware and cryptocurrency and how Chainalysis leverages unique characteristics of the latter to combat the former. Stick around for our Rapid Rundown, where Tod a...

Emerging Edge Computing Use Cases

The first rule of edge compute thought leadership is: don't overuse the term edge. Over the course of my blog series on the topic, I have defined the edge, explained edge computing, and discussed the economics of edge computing...

Conti Gang Demands $40M Ransom from Florida School District

UPDATE The Conti Gang has demanded a $40 million ransom from a Fort Lauderdale, Fla., school district after a ransomware attack last month. Attackers stole personal information from students and teachers, disrupted the district’s networks, and caused some services to be unavailable. The incident...

Is Your Browser Extension a Botnet Backdoor?

A company that rents out access to more than 10 million Web browsers so that clients can hide their true Internet addresses has built its network by paying browser extension makers to quietly include its code in their creations. This story examines the lopsided economics of extension development,...

Credential Stuffing and Account Takeovers -- The Business View

Account takeovers ATOs, in which criminals impersonate legitimate account owners in order to take control of an account, cause tremendous pain for businesses in all industries. This pain may be monetary, such as losses from stolen accounts, but may also include a number of related problems, like...

Distinguishing Among DNS Services Part 2: The Economics

This is Part 2 of a 3-part blog series highlighting some of the distinguishing aspects of Akamai's DNS services, Edge DNS and Global Traffic Management...

Distinguishing Among DNS Services Part 2: The Economics

This is Part 2 of a three-part blog series highlighting some of the distinguishing aspects of Akamai's Domain Name System DNS services, Edge DNS and Global Traffic Management...

The 2020 Workshop on Economics and Information Security (WEIS)

The workshop on Economics and Information Security is always an interesting conference. This year, it will be online. Heres the program. Registration is free...

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I’m speaking at the ISC² Security Congress 2020, November 16, 2020. I’ll be on a panel at the OECD Global Blockchain Policy Forum 2020 on November 17, 2020. The panel is called "Deep Dive: Digital Security and Distributed Ledger...