Enterprise Blockchain Security 2020-6

February 5, 2021 | Mina Hao

Regulatory Policies With years of development, the blockchain industry has taken shape, but enterprise blockchain applications are still at an exploratory stage. The blockchain ecosystem contains SPs, application vendors, and users. SPs in this context provide blockchain information services, whose compliancerequirements are surely different from those for other information services (such as cloud services) due […]

Information Disclosure-Incurred Asset Compromise and Detection and Analysis

February 4, 2021 | Mina Hao

According to a survey, 25% of internal security incidents are attributed to information disclosure. Attackers, merely through information disclosure, without needing to resort to measures with obvious patterns, like password cracking, can further acquire sensitive information about users and enterprises. It should be noted that this kind of attack method has a high degree of […]

Enterprise Blockchain Security 2020-5

February 3, 2021 | Mina Hao

The enterprise-related blockchain security landscape has two layers of meanings: enterprise blockchain security situation and blockchain-related enterprise security situation. The former refers to the security posture of enterprises that have deployed blockchain applications. In the latter case, although an enterprise does not deploy any blockchain applications, security threats facing it point to blockchains. In terms […]

Risk Assessment for Industrial Control Systems

February 2, 2021 | Mina Hao

ICS security professionals should report ICS vulnerabilities to the vendor before attackers discover them and offer the vendor with remediation suggestions, mitigation measures, and security solutions to avoid network attack risks before the vulnerabilities are malicious exploited. Compared with Windows systems, a quite different method is used to assess ICS systems due to their heterogeneity. […]

Enterprise Blockchain Security 2020-4

February 1, 2021 | Mina Hao

This chapter analyzes security threats facing enterprise blockchains.

Annual IoT Security Report 2019-18

January 29, 2021 | Mina Hao

Introduction IoT devices are faced with a great security challenge and their security appears particularly important. On one hand, though IoT devices have had a long existence, legacy IoT devices and their application protocols contain a variety of vulnerabilities due to the ill-conceived security design. On the other hand, as noted in the analysis of […]

Adobe Security Bulletins for January 2021 Security Updates

January 28, 2021 | Mina Hao

Overview On January 12, 2021, local time, Adobe officially released January’s security updates to fix multiple vulnerabilities in its various products, including Adobe Bridge, Adobe Captivate, Adobe InCopy, Adobe Campaign, Classic,Adobe Animate, Adobe Illustrator, and Adobe Photoshop. For details about the security bulletins and advisories, visit the following link:

Enterprise Blockchain Security 2020-3

January 27, 2021 | Mina Hao

Current mainstream consortium blockchain platforms include Hyperledger, Quorum, and R3 Corda, which are described in detail in the following sections.

Considerations for Making ICS Networks Comply with CMMC

January 26, 2021 | Mina Hao

1. Background In early 2020, the US Department of Defense (DOD) released the Cybersecurity Maturity Model Classification (CMMC). On average, the USA loses USD 600 billion a year to adversaries in the cyberspace. Currently, the DOD has about 300,000 contractors, covering a variety of fields from hypersonic weapons to leather factories. Of all these contractors, […]

Attributed Graph-based Anomaly Detection and Its Application in Cybersecurity

January 26, 2021 | Mina Hao

1. Background On cyberspace battlefields, adversaries often lurk in the darkness, but will jump at the throat of victims whenever spotting a chance. Today, extensive collection of huge amounts of data from various dimensions is nothing new. This can be very useful for security defenses, but at the same time brings unprecedented challenges to security […]