Canadian Police Raid ‘Orcus RAT’ Author — Krebs on Security

Posted on April 6th, 2019 by Responsible Cyber

Canadian police last week raided the residence of a Toronto software developer behind “Orcus RAT,” a product that’s been marketed on underground forums and used in countless malware attacks since its creation in 2015. Its author maintains Orcus is a legitimate Remote Administration Tool that is merely being abused, but security experts say it includes multiple features more […]

Read More

Friday Squid Blogging: New Research on Squid Camouflage

Posted on March 24th, 2019 by Responsible Cyber

From the New York Times: Now, a paper published last week in Nature Communications suggests that their chromatophores, previously thought to be mainly pockets of pigment embedded in their skin, are also equipped with tiny reflectors made of proteins. These reflectors aid the squid to produce such a wide array of colors, including iridescent greens […]

Read More

Zipcar Disruption – Schneier on Security

Posted on March 24th, 2019 by Responsible Cyber

Zipcar DisruptionThis isn’t a security story, but it easily could have been. Last Saturday, Zipcar had a system outage: “an outage experienced by a third party telecommunications vendor disrupted connections between the company’s vehicles and its reservation software.” That didn’t just mean people couldn’t get cars they reserved. Sometimes is meant they couldn’t get the […]

Read More

Criminals Use One Line of Code to Steal Card Data from E-Commerce Sites

Posted on March 15th, 2019 by Responsible Cyber

New JavaScript sniffer is similar to malware used in the Magecart campaign last year that affected over 800 sites. Criminals using just one line of malicious code have successfully compromised at least seven e-commerce sites and potentially stolen payment card data belonging to thousands of customers of the online stores. Six of the e-commerce sites […]

Read More

My two favorite companies from RSA Conference 2019

Posted on March 14th, 2019 by Responsible Cyber

I’ve got a confession to make. I’ve never attended an RSA Conference before last week. For RSAC 2019, however, I had the honor of giving one of my favorite presentations, 12 Ways to Hack 2FA. The crowd filled the presentation room and a spill-over room to hear it. I was a little under the weather, […]

Read More

New CISA director outlines top 5 priorities for protecting U.S. critical infrastructure

Posted on March 14th, 2019 by Responsible Cyber

Last November, the former, somewhat awkwardly named National Protection and Programs Directorate (NPPD) was elevated within the U.S. Department of Homeland Security (DHS) to become the Cybersecurity and Infrastructure Security Agency (CISA) following enactment of the Cybersecurity and Infrastructure Security Agency Act of 2018. CISA is responsible for protecting the country’s critical infrastructure from physical […]

Read More

BEWARE – New ‘Creative’ Phishing Attack You Really Should Pay Attention To

Posted on March 14th, 2019 by Responsible Cyber

A cybersecurity researcher who last month warned of a creative phishing campaign has now shared details of a new but similar attack campaign with The Hacker News that has specifically been designed to target mobile users.Just like the previous campaign, the new phishing attack is also based on the idea that a malicious web page […]

Read More

The buzz at RSA 2019: Cloud security, network security and more

Posted on March 14th, 2019 by Responsible Cyber

Like many other cybersecurity professionals, I spent last week at the RSA security conference in rainy San Francisco. Here are a few of my impressions: Cybersecurity and business leaders are coming together – awkwardly. Remember when we used to wish that business executives would get more involved with cybersecurity? Well, be careful what you wish […]

Read More

John Oliver bombards the FCC with anti-robocall robocall campaign

Posted on March 14th, 2019 by Responsible Cyber

by Maria Varmazis Americans are fed up with robocalls, and John Oliver of Last Week Tonight wants to do something about it. Despite the existence of a do-not-call list and tools like call-blocking apps and caller ID to slow down incoming call spam, these tools have barely made a dent in the flood of harassing […]

Read More

Judging Facebook’s Privacy Shift – Schneier on Security

Posted on March 14th, 2019 by Responsible Cyber

Judging Facebook’s Privacy ShiftFacebook is making a new and stronger commitment to privacy. Last month, the company hired three of its most vociferous critics and installed them in senior technical positions. And on Wednesday, Mark Zuckerberg wrote that the company will pivot to focus on private conversations over the public sharing that has long defined […]

Read More