Financial Firms Scrutinize Third-Party Supplier Risk

Posted on April 6th, 2019 by Responsible Cyber

But executives aren’t confident in the accuracy of cybersecurity assessment data received from their vendors, a new study shows. Financial services executives and managers responsible for the corporate checkbook would rather forgo business with a partner that is not serious about cybersecurity than run the risk of a breach, a new report found. Some 97% […]

Read More

Major Mobile Financial Apps Harbor Built-in Vulnerabilities

Posted on April 6th, 2019 by Responsible Cyber

A wide variety of financial services companies’ apps suffer from poor programing practices and unshielded data. Mobile apps for financial services are an important part of many consumers’ financial lives, yet those apps are suffering a “vulnerability epidemic,” according to a new report. The report, commissioned by Arxan and produced by the Aite Group, looks […]

Read More

How iOS App Permissions Open Holes for Hackers

Posted on April 6th, 2019 by Responsible Cyber

The permissions iOS apps request from users can turn the devices into spy tools and provide a toehold into the enterprise network, according to new research. In many ways, the era of the smartphone is defined by apps, which do everything from sending messages to tracking our exercise. New research shows how Apple iOS apps come […]

Read More

New, Improved BEC Campaigns Target HR and Finance

Posted on April 6th, 2019 by Responsible Cyber

Spearphishing campaigns from new and established business email compromise (BEC) gangs are stealing from companies using multiple tactics. A wave of business email compromise (BEC) campaigns targeting direct-deposit payroll information demonstrate once again that sophisticated technical skills aren’t necessary when you can convince employees to simply hand you money. Vade Secure recently discovered an ongoing […]

Read More

3 Lessons Security Leaders Can Learn from Theranos

Posted on April 6th, 2019 by Responsible Cyber

Theranos flamed out in spectacular fashion, but you can still learn from the company’s “worst practices.” In Alex Gibney’s absorbing new HBO documentary, “The Inventor: Out for Blood in Silicon Valley,” we see the cautionary tale of Elizabeth Holmes, the now infamous entrepreneur who dropped out of Stanford at age 19 to start Theranos. The […]

Read More

Advanced Persistent Threat: Dark Reading Caption Contest Winners

Posted on April 6th, 2019 by Responsible Cyber

From sushi and phishing to robots, passwords and ninjas — and the winners are … Mike Epplin (mepplin), Tampa, Fla., earns the top honors and a $25 Amazon gift card for his apt APT-related caption, inked below by cartoonist John Klossner. When not writing cartoon captions, Epplin’s day job is presales engineer at Respond Software. Second […]

Read More

How Political Campaigns Use Personal Data

Posted on April 6th, 2019 by Responsible Cyber

Really interesting report from Tactical Tech. Data-driven technologies are an inevitable feature of modern political campaigning. Some argue that they are a welcome addition to politics as normal and a necessary and modern approach to democratic processes; others say that they are corrosive and diminish trust in already flawed political systems. The use of these […]

Read More

How Can A Security Champion Help Your Development Team?

Posted on April 5th, 2019 by Responsible Cyber

A security champion serves as the voice of the developer while satisfying the needs of the business from a security perspective. In this episode we dig deeper into details on the role of the security champion and what effect having a champion can have on development and security. Listeners will learn about: How to identify […]

Read More

20 Years of STRIDE: Looking Back, Looking Forward – Dark Reading

Posted on March 30th, 2019 by Responsible Cyber

The invention of STRIDE was the key inflection point in the development of threat modeling from art to engineering practice. Today, let me contrast two 20-year-old papers on threat modeling. My first paper on this topic, “Breaking Up Is Hard to Do,” written with Bruce Schneier, analyzed smart-card security.  We talked about categories of threats, […]

Read More

Friday Squid Blogging: New Research on Squid Camouflage

Posted on March 24th, 2019 by Responsible Cyber

From the New York Times: Now, a paper published last week in Nature Communications suggests that their chromatophores, previously thought to be mainly pockets of pigment embedded in their skin, are also equipped with tiny reflectors made of proteins. These reflectors aid the squid to produce such a wide array of colors, including iridescent greens […]

Read More