UK Watchdog Criticizes Huawei for Lax Software Security, Development

Posted on March 30th, 2019 by Responsible Cyber

Calling the company’s software development practices chaotic and unsustainable, a UK government oversight group calls on the company to make measurable progress toward more secure and sustainable code. The group responsible for overseeing Huawei’s technical compliance with software and security standards in the UK roundly criticized the company for “serious and systematic defects in software […]

Read More

APT group Elfin switches from data destruction to data stealing via WinRAR vulnerability

Posted on March 28th, 2019 by Responsible Cyber

Elfin (aka APT33), a hacker group affiliated with the Iranian government, is described by Symantec as “one of the most active groups currently operating in the Middle East.” They have been linked with a string of attacks on U.S. and Saudi Arabian companies, particularly in the aerospace and energy sectors. However, where previously the group […]

Read More

Preserving the privacy of large data sets: Lessons learned from the Australian census

Posted on March 14th, 2019 by Responsible Cyber

Who needs hackers when the government puts sensitive information about every person in the country online and invites the internet to look at it? That’s what happened last year in Australia, and it sends a warning message of what not to do during the upcoming U.S. Census 2020. The Australian Bureau of Statistics published data […]

Read More

Dow Jones Leak Exposes Watchlist Database

Posted on March 1st, 2019 by Responsible Cyber

The Watchlist, which contained the identities of government officials, politicians, and people of political interest, is used to identify risk when researching someone. A data leak at Dow Jones exposed the financial firm’s Watchlist database, which contains information on high-risk individuals and was left on a server sans password. Watchlist is used by major global […]

Read More

The cybersecurity legislation agenda: 5 areas to watch

Posted on February 21st, 2019 by Responsible Cyber

New digital threats that could topple business, government, military and political institutions is moving cybersecurity to the top of the congressional agenda. The newly seated 116th Congress has so far seen 30 bills introduced in the House of Representatives and seven bills introduced in the Senate that directly deal with cybersecurity issues. That does not […]

Read More

A Deep Dive on the Recent Widespread DNS Hijacking Attacks — Krebs on Security

Posted on February 20th, 2019 by Responsible Cyber

The U.S. government — along with a number of leading security companies — recently warned about a series of highly complex and widespread attacks that allowed suspected Iranian hackers to siphon huge volumes of email passwords and other sensitive data from multiple governments and private companies. But to date, the specifics of exactly how that […]

Read More

Japanese Government Will Hack Citizens’ IoT Devices

Posted on February 1st, 2019 by Responsible Cyber

The Japanese government is going to run penetration tests against all the IoT devices in their country, in an effort to (1) figure out what’s insecure, and (2) help consumers secure them: The survey is scheduled to kick off next month, when authorities plan to test the password security of over 200 million IoT devices, […]

Read More

Ep. 017 – DNS hijacking, a weird breach and a cybersecurity confession [PODCAST]

Posted on January 30th, 2019 by Responsible Cyber

by Paul Ducklin In this episode, we dig into a US Emergency Directive to stop government sites getting hijacked, examine a data breach with a difference, and hear a cybersecurity expert’s confession of how his Instagram got hacked. With Anna Brading. Paul Ducklin, Mark Stockley and Matthew Boddy. This week’s stories: The social network advice […]

Read More

Japanese government will try to hack its citizens’ IOT devices

Posted on January 30th, 2019 by Responsible Cyber

by Lisa Vaas Starting next month, the Japanese government is going to try its hand at credential stuffing the country’s Internet of Things (IoT), including gizmos at both the enterprise network level down to citizens’ “oops, never changed the default password!” webcams and everything in between. Credential stuffing is when attackers grab login credentials that […]

Read More

How the U.S. Govt. Shutdown Harms Security — Krebs on Security

Posted on January 30th, 2019 by Responsible Cyber

The ongoing partial U.S. federal government shutdown is having a tangible, negative impact on cybercrime investigations, according to interviews with federal law enforcement investigators and a report issued this week by a group representing the interests of FBI agents. Even if lawmakers move forward on new proposals to reopen the government, sources say the standoff […]

Read More