Mark Dowd discusses why certain exploit mitigations have been so successful in driving up the cost of exploit development for attackers.

A researcher at this year’s Security Analyst Summit staged a series of honeypots at his friends’ houses to record IoT traffic, exploit attempts and other statistics.

A researcher poked holes in seven different IoT devices at last week’s Security Analyst Summit, including a host of travel routers, NAS devices, and an IP-enabled camera.

David Jacoby and Frans Rosén said at this year’s Security Analyst Summit they offered companies free pen-testing and raised $15,000 for charity in the process.

Researchers at the Security Analyst Summit on Monday divulged details behind the alleged creator of a Romanian phishing kit.

Mike Mimoso and Chris Brook recap the first day of this year’s Security Analyst Summit, including Mark Dowd’s memory corruption bug keynote, the digital archeology around Moonlight Maze, ATM hacking, and the Lazarus APT.

Attackers behind February’s fileless malware attacks dropped malware on some bank ATMs that gave them the ability to dispense money, “at any time, at the touch of a button.”

Researchers may have found a link between Moonlight Maze of the late ’90s and the Turla APT, which would elevate Turla to the ranks of the Equation Group as an elite nation-state attacker.

This year’s Security Analyst Summit is previewed and the news of the week is discussed, including a Microsoft IIS zero day, a new Mirai variant, and the broadband privacy ruling.

Attackers have been using fileless malware to hide in the memory of enterprises, steal data, and vanish without a trace.