Reacting to Ransomware and Setting Secure Defaults – Rob Allen – ASW #353
Ransomware attacks typically don't care about memory safety and dependency scanning, they often target old, unpatched vulns and too often they succeed. Rob Allen shares some of the biggest cases he's seen, what they have in common, and what appsec teams could do better to help them. Too much software still requires custom configuration to make it more secure. And too few software makers are embracing secure by default, let alone secure by design.
In the news, passively monitoring geosynchronous satellite communications on the cheap, successful LLM poisoning of any size model with a single size dose, security engineering lessons from Signal's post-quantum crypto work, improving security for JavaScript in the browser, and more!
This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more!
Rob Allen, Chief Product Officer of ThreatLocker, is an IT Professional with three decades of experience assisting small and medium enterprises embrace and utilize technology. He has spent the majority of this time working for an Irish-based MSP, which has given him invaluable insights into the challenges faced by businesses today. Rob’s background is technical – first as a system administrator, then as a technician and an engineer. His broad technical knowledge, as well as an innate understanding of customers’ needs, made him a trusted advisor for hundreds of businesses across a wide variety of industries. Rob has been at the coalface, assisting clients in remediating the effects of, and helping them recover from cyber and ransomware attacks.
Don't miss InfoSec World 2025 — October 27 to 29 at Disney’s Coronado Springs Resort! Cybersecurity pros, workshops before and after, and endless networking. Save 25% with code ISW25-SW at securityweekly.com/ISW2025!
Mike Shema
- SATCOM Security
One of the coolest and understand opening sentences for a research post I've read in a long time -- "We pointed a commercial-off-the-shelf satellite dish at the sky and carried out the most comprehensive public study to date of geostationary satellite communication."
It's very accessible research in terms of hardware. The group spent about $600. And when $30 of that is listed as "coaxial cables, connectors, power inserters, and crimping tools," you know the paper has some true low-cost DIY spirit.
So yeah, this paper grabbed even before it got into the actual findings.
- [2510.07192] Poisoning Attacks on LLMs Require a Near-constant Number of Poison Samples
Also read Anthropic's related blog post.
- Why Signal’s post-quantum makeover is an amazing engineering achievement – Ars Technica
Be sure to read Signal's technical post.
- Improving the trustworthiness of Javascript on the Web
