Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

AT&T Cybersecurity

Why should you use correlation rules on top of traditional signatures?

The AT&T Cybersecurity Alien Labs team is in charge of writing correlation rules and releasing threat intelligence updates on a day-to-day basis. When researchers in the team find new malware families or threats, we always try to find the best approach to keep our customers protected. In this blog, we will look into some of the differences between signatures and correlation rules.

NO FATE

“The future is not set, there is no fate but what we make for ourselves.” John Connor, Terminator 2 There is a prevailing viewpoint among security professionals that security breaches are inevitable. They have adopted the mantra, “It is not a matter of if but a matter of when.” As recently as the day I wrote this post, I attended a meeting where this attitude was used to justify accepting easy to mitigate security risks.

A new twist on "Parental consent"

I was at breakfast the other day with some family friends, and the topic of genealogy came up. Over the past few years, various sites have sprouted up that offer to trace your origins all the way back in time; in some cases, all the way back to the eras of early human development. One of my favorite authors has actually written a book about the results of his test. The idea behind the test is simple.

Do you need certifications to get an InfoSec job?

I’ve seen Tweets and heard many discussions about certifications, like CISSP, CEH, OSCP and so on, in InfoSec. No doubt certifications have value – in many situations hiring managers are quickly going through resumes and certifications are symbolic of at least book-learning, and some degree of dedication to InfoSec. Certifications can be expensive and time consuming so having them clears the bar of at least slightly dedicated.

Healthcare security: How can blockchain help?

This is part 2 of a blog on healthcare security. For more info, check out part 1. An independent guest blogger wrote this blog. When it comes to data security, there is no more important place than the healthcare industry. When people go to the doctor, they provide all of their most sensitive information, from their health issues to their phone number, to a doctor they trust.

It is getting harder for us to prove who we are

I had an interesting experience the other day. I had to renew my driver’s license. In previous renewal cycles, this was no big deal. One could just visit the local Department of Motor Vehicles (with a bagged lunch since it was usually a multi-hour wait), read an eye chart, take a horribly unflattering photo, and be on their way with a new license.

FUD-free analysis: Natural language processing (NLP)

If you follow me on Medium or Twitter, you may already be aware. Still, if you don’t (I assure you that you’re missing out), I have been researching several technologies in preparation for an OPSEC/Anti-OSINT tool that I am crafting. I am using this tool as a means to push myself harder to learn something new that I can apply professionally. I am also doing this to be able to make a positive difference in the world.

Journey to security: Data safety for travelers

In today’s world, we enjoy incredible mobility that our ancestors could only dream of. In a matter of hours or, at most, days, we can go from one continent to another. At the same time, our lives depend on the security of all sorts of our private data: from our credit card information to our browsing habits. But if at our homes we can be sure that we have taken sufficient security measures and protected our systems, things get muddier when we travel.

Alien Labs 2019 Analysis of Threat Groups Molerats and APT-C-37

In 2019, several industry analyst reports confused the threat groups Molerats and APT-C-37 due to their similarity, and this has led to some confusion and inaccuracy of attribution. For example, both groups target the Middle East and North Africa region (with a special emphasis on Palestine territories). And, they both approach victims through the use of phishing emails that contain decoy documents (mostly in Arabic) and contain themes concerning the political situation in the area.