Ian Pratt and Simon Crosby sold XenSource to Citrix in 2007. After working at Citrix, they decided to once again spin off and focus on cybersecurity. They are available to meet during VMWorld if you’d like to talk virtualization and security. We think of them as The Godfathers of Virtualization. They work they did with XenSource lead to what is today’s clo

Introduction In 1975, a book was published that changed the way we approach complex problems. Inspired on how nature works “Adaptation in Natural and Artificial Systems” set the bases of genetic algorithms. The release date of this blogpost is strongly linked to that book, it is a symbolic tribute to its author, John Henry Holland, who passed out

We hear about cybersecurity fails all the time. We’re happy to tell you it doesn’t have to be that way. Application isolation and containment based on virtualization is delivering results. The NSA has called out this strategy as the way forward for stopping advanced threats. To many technology folks, Application Isolation may be a new term when

Hacker groups have become highly trained organizations with access to very sophisticated and easily accessible tools and techniques. Cyberattacks have become professionalized and their economic profitability has been demonstrated countless times, turning it into a billion-dollar industry in recent years. Economic profit and jeopardizing the confidential data

News stories involving zero-day Windows kernel exploits seemingly never end. Fresh examples abound with alarming regularity and devastating effects, often involving defects with a dwell time of many months before they are formally addressed by patch updates. Despite a sustained focus by Microsoft on improving cybersecurity top to bottom, dubious new records

Late last week a new Microsoft Office vulnerability was discovered by McAfee; they discovered attacks exploiting this vulnerability back to late January 2017. This should raise substantial concern for anyone responsible for cyber security at their company or federal agency. Since January, every Windows-based MS Office machine was exposed to the worst type o

A complex cybercrime spy ring has been revealed today. A China-based cyber gang is behind the effort. Countries targeted include Japan, UK, France and the United States. If you’re responsible for your company’s cyber security, chances are, someone in your office has probably already forwarded this story to you. The Telegraph is sharing a story

Year Zero, the first delivery from WikiLeaks of the “biggest document leak” the Central Intelligence Agency has ever seen, is made up of over 8,000 files. The revelations they contain are causing quite a stir. If nothing else, they’ve shown that the CIA has at its disposal an enormous cyberespionage arsenal. The documents detail how cyberweapons were prepare

In June of 2015 the United States Office of Personnel Management (OPM) announced they had been the target of what became one of the largest breaches of government data in history. When the dust settled, it was determined that over 20 million people were affected. The data stolen from individuals was Social Security numbers, names, addresses, relatives, and

WikiLeaks on Tuesday dropped one of its most explosive word bombs ever: A secret trove of documents apparently stolen from the U.S. Central Intelligence Agency (CIA) detailing methods of hacking everything from smart phones and TVs to compromising Internet routers and computers. KrebsOnSecurity is still digesting much of this fascinating data cache, but here

Your million dollar 0day just got burned and now worth nothing? No worries – we are still interested in your exploit. The value of 0days can range from a few thousands to even a million dollars for a full remote exploit chain and many companies and governments are willing to buy them. The problem with this approach is your exploits are used for attacks

If you’ve ever been inside an airport, university campus, hospital, government complex, or office building, you’ve probably seen one of HID’s brand of card readers standing guard over a restricted area. HID is one of the world’s largest manufacturers of access control systems and has become a ubiquitous part of many large companies’ physical security postur

Let’s get this out of the way up front: Having “2016 election” in the headline above is probably the only reason anyone might read this story today. It remains unclear whether Republicans and Democrats can patch things up after a bruising and divisive election, but thanks to a special Election Day Patch Tuesday hundreds of millions of Adobe

Adobe and Microsoft today each issued updates to fix critical security flaws in their products. Adobe’s got fixes for Acrobat and Flash Player ready. Microsoft’s patch bundle for October includes fixes for at least five separate “zero-day” vulnerabilities — dangerous flaws that attackers were already exploiting prior to today

Adobe on Thursday issued a critical update for its ubiquitous Flash Player software that fixes three dozen security holes in the widely-used browser plugin, including at least one vulnerability that is already being exploited for use in targeted attacks. The latest update brings Flash to v. 22.0.0.192 for Windows and Mac users alike. If you have Flash instal