WordPress iOS App Bug Leaked Secret Access Tokens to Third-Party Sites

Posted on April 6th, 2019 by Responsible Cyber

If you have a “private” blog with WordPress.com and are using its official iOS app to create or edit posts and pages, the secret authentication token for your admin account might have accidentally been leaked to third-party websites.WordPress has recently patched a severe vulnerability in its iOS application that apparently leaked secret authorization tokens for […]

Read More

The case for continuous automated security validation

Posted on April 5th, 2019 by Responsible Cyber

Chinese military strategist Sun Tzu is quoted as saying, “if you know the enemy and you know yourself, you need not fear the results of a hundred battles.” In cybersecurity terms, that means knowing the cyber-adversaries and associated tactics, techniques, and procedures (TTPs) they use to attack your organization. Additionally, Sun Tzu’s quote extends to […]

Read More

Critical Magento SQL Injection Vulnerability Discovered – Patch Your Sites

Posted on March 30th, 2019 by Responsible Cyber

If your online e-commerce business is running over the Magento platform, you must pay attention to this information.Magento yesterday released new versions of its content management software to address a total of 37 newly-discovered security vulnerabilities.Owned by Adobe since mid-2018, Magento is one of the most popular content management system (CMS) platform that powers 28% […]

Read More

Self-sovereign identity: 3 key questions

Posted on March 15th, 2019 by Responsible Cyber

If you work in the area of identity you will have noticed a lot of talk about self-sovereign identity (SSI).  As a concept, it applies the goal of placing the user at the center of digital identity management and control. User-centric digital identity is not a new idea. I first came across it back in […]

Read More

New WordPress Flaw Lets Unauthenticated Remote Attackers Hack Sites

Posted on March 14th, 2019 by Responsible Cyber

If for some reason your WordPress-based website has not yet been automatically updated to the latest version 5.1.1, it’s highly recommended to immediately upgrade it before hackers could take advantage of a newly disclosed vulnerability to hack your website.Simon Scannell, a researcher at RIPS Technologies GmbH, who previously reported multiple critical vulnerabilities in WordPress, has […]

Read More

Zero-Day Flaws in Counter-Strike 1.6 Let Malicious Servers Hack Gamers’ PCs

Posted on March 14th, 2019 by Responsible Cyber

If you are a Counter-Strike gamer, then beware, because 39% of all existing Counter-Strike 1.6 game servers available online are malicious that have been set-up to remotely hack gamers’ computers.A team of cybersecurity researchers at Dr. Web has disclosed that an attacker has been using malicious gaming servers to silently compromise computers of Counter-Strike gamers […]

Read More

Have we doubled the number of women in infosec?

Posted on February 14th, 2019 by Responsible Cyber

If you’ve been watching trends in cybersecurity staffing for the last decade or so, you may be accustomed to panicky headlines about how everything is forever getting worse, and how this will “inevitably” cause some impending cyber-apocalypse. Within a recent (ISC)2 report states that states the worldwide talent shortfall is already nearing 3 million unfilled […]

Read More

Cybersecurity: A global threat that we can control

Posted on February 6th, 2019 by Responsible Cyber

If there were any question about the critically important role that information and cyber security practitioners play in the welfare of today’s society, there is new evidence spelling it out in stark, attention-grabbing terms.  Data fraud/theft and large-scale cyberattacks were each identified among the top five global threats in the latest edition of the World Economic Forum’s […]

Read More

Nest Secure had a secret microphone, can now be a Google Assistant

Posted on February 5th, 2019 by Responsible Cyber

If your IoT device secretly contained a microphone, which was previously undocumented, would you be happy when the device maker announced an over-the-air update that can enable the microphone for virtual assistant voice functionality? That’s what happened with the security alarm system Nest Secure. @nest where in any of the nest guard product materials does […]

Read More

Europol Now Going After People Who Bought DDoS-for-Hire Services

Posted on February 2nd, 2019 by Responsible Cyber

If you were a buyer of any online DDoS-for-hire service, you might be in trouble.After taking down and arresting the operators of the world’s biggest DDoS-for-hire service last year, the authorities are now in hunt for customers who bought the service that helped cyber criminals launch millions of attacks against several banks, government institutions, and […]

Read More