A million devices still vulnerable to ‘wormable’ RDP hole

Posted on May 31st, 2019 by Responsible Cyber

by Danny Bradbury An internet-wide scan has revealed almost one million devices vulnerable to BlueKeep, the Windows vulnerability that has the security community on high alert this month. BlueKeep is better known as CVE-2019-0708, a vulnerability that Microsoft announced in its May Patch Tuesday release that affects Windows Remote Desktop Services, accessible via the RDP […]

Read More

New research generates deepfake video from a single picture

Posted on May 31st, 2019 by Responsible Cyber

by Danny Bradbury You’ve all seen the deepfake video of a digital Barack Obama sockpuppet controlled by Jordan Peele, but we bet you haven’t seen an animated video of the Mona Lisa talking before. Well, thanks to the magic of AI, now you can. Deepfake AI produces realistic videos of people doing and saying fictitious […]

Read More

Unpatched Docker bug allows read-write access to host OS

Posted on May 31st, 2019 by Responsible Cyber

by Danny Bradbury There are lots of books on tools and techniques to secure software containers, but what happens when someone discovers a basic architectural flaw? And what do you do when there’s no working patch for it? That’s the situation in the Docker universe this week after Suse developer Aleksa Sarai uncovered a bug […]

Read More

WordPress plugin sees second serious security bug in six weeks

Posted on May 23rd, 2019 by Responsible Cyber

by Danny Bradbury Researchers have uncovered the second serious bug in a WordPress plugin this month that could lead to the mass compromise of WordPress websites. The bug in the WP Live Chat Support plugin allows attackers to inject their own code into websites running it. It follows a bug discovered in the plugin six […]

Read More

Brave browser concerned that Client Hints could be abused for tracking

Posted on May 23rd, 2019 by Responsible Cyber

by Danny Bradbury The people at privacy-focused browser, Brave, have criticised an industry proposal it says would make it easier for websites to identify a browser using a passive, cookie-less technique called fingerprinting. Called HTTP Client Hints, the proposal provides a standard way for a web server to ask a browser for information about itself. […]

Read More

Cache of 49 million Instagram records found online

Posted on May 22nd, 2019 by Responsible Cyber

by Danny Bradbury A security researcher has discovered a massive cache of data for millions of Instagram accounts, publicly accessible for everyone to see. The account included sensitive information that would be useful to cyberstalkers, among others. A security researcher calling themselves anurag sen on Twitter discovered the database hosted on Amazon Web Services. It […]

Read More

Feds say Russian 2016 election meddling spanned all US states

Posted on April 12th, 2019 by Responsible Cyber

by Danny Bradbury A multi-agency report has strengthened claims that Russia meddled with election systems in all 50 US states during the last presidential race. The report is called a joint intelligence bulletin (JIB), and it comes from the Department of Homeland Security and the FBI. It is an unclassified document intended for internal distribution […]

Read More

Flickr tackling online image theft with new AI service

Posted on April 12th, 2019 by Responsible Cyber

by Danny Bradbury Photo-sharing website Flickr is trying to combat copyright infringement with a service that spots copies of its users’ images online. The company is partnering with image monitoring company Pixsy to offer the AI-powered feature. Flickr began offering the service this week, claiming it as a step forward in the fight to protect […]

Read More

Android banking and finance apps’ security found wanting

Posted on April 6th, 2019 by Responsible Cyber

by Danny Bradbury Many mobile finance apps are littered with bugs that could allow attackers to access users’ sensitive data, a report revealed this week. The smallest providers of mobile financial apps had the best security practices, while the larger players produced the most vulnerable apps, according to a six-week analysis commissioned by application protection […]

Read More

Nvidia patches severe bugs in edge computing modules

Posted on April 5th, 2019 by Responsible Cyber

by Danny Bradbury Nvidia has released 13 patches targeting two low-end embedded computing boards. The processor company explained in a security advisory this week that the flaws could lead to code execution, denial of service, escalation of privileges, or information disclosure. These security bugs won’t turn up in your gaming PC, but they could cause […]

Read More