Patched Apache Vulnerability Could Still Cause Problems

Posted on April 6th, 2019 by Responsible Cyber

More than 2 million Apache HTTP servers remain at risk for a critical privilege escalation vulnerability. A vulnerability in Apache HTTP Server has been found and patched, but the sheer number of servers still running older, unpatched versions of the software means hundreds of thousands of sites and servers could still be in danger. CVE-2019-0211 […]

Read More

Security technologies that provide the most savings

Posted on April 4th, 2019 by Responsible Cyber

Many older, more well-established security technologies – data loss prevention (DLP), perimeter controls and policy management – provided the least in cost savings; all offering less than $200,000 in savings compared to their costs. “Those ‘brilliant basics’ are things we’ve been doing for 20 years… the things that are the bread and butter of security […]

Read More

IoT Widens the Security Gap. Now What?

Posted on March 30th, 2019 by Responsible Cyber

In a previous blog, I explored why 802.11ax means more IoT. 802.11ax, now known as Wi-Fi 6, makes the WLAN even more IoT-friendly given the support for dense concentrations of clients in environments such as buildings with smart lighting, environmental controls, and meeting room technology. Wi-Fi 6 introduces some terrific new security features, but the IoT security risk is […]

Read More

Businesses Manage 9.7PB of Data but Struggle to Protect It

Posted on March 24th, 2019 by Responsible Cyber

What’s more, their attempts to secure it may be putting information at risk, a new report finds. Organizations managed an average of 9.7 petabytes of data in 2018, a 569% spike compared with the 1.45 petabytes they handled in 2016. Most see the value of data, and more are monetizing it, yet very few are confident […]

Read More

Businesses Increase Investments in AI and Machine Learning

Posted on March 15th, 2019 by Responsible Cyber

More than three-quarters of IT pros say they feel safer for having done so, according to a new report. Artificial intelligence (AI) and machine learning (ML) are buzzwords in the cybersecurity industry as companies try to keep up with an expanding threat environment. That is reflected in a new study from Webroot, which found 73% […]

Read More

Patch Tuesday, March 2019 Edition — Krebs on Security

Posted on March 14th, 2019 by Responsible Cyber

Microsoft on Tuesday pushed out software updates to fix more than five dozen security vulnerabilities in its Windows operating systems, Internet Explorer, Edge, Office and Sharepoint. If you (ab)use Microsoft products, it’s time once again to start thinking about getting your patches on. Malware or bad guys can remotely exploit roughly one-quarter of the flaws […]

Read More

Digital Signatures in PDFs Are Broken

Posted on March 14th, 2019 by Responsible Cyber

Researchers have demonstrated spoofing of digital signatures in PDF files. This would matter more if PDF digital signatures were widely used. Still, the researchers have worked with the various companies that make PDF readers to close the vulnerabilities. You should update your software. Details are here. News article. Tags: academic papers, signatures, spoofing, vulnerabilities Go […]

Read More

Three in Five Politicians’ Websites Don’t Use HTTPS

Posted on March 14th, 2019 by Responsible Cyber

Comparitech assessed the websites of more than 7,500 politicians in 37 countries and found 60.8% did not use valid SSL certificates. Security and politics have become so intertwined since the 2016 presidential election that research group Comparitech decided it was time to look into the security of politicians’ websites. What they found is alarming: Three […]

Read More

Dow Jones Watchlist of risky businesses exposed on public server

Posted on March 1st, 2019 by Responsible Cyber

by Lisa Vaas Yet more sensitive data has been left lying around in the cloud. The Dow Jones Watchlist, which details purportedly dicey executives, their dicey buddies and their dicey businesses to aid organizations in their due diligence, was discovered in an Amazon Web Services (AWS)-hosted Elasticsearch database that somebody forgot to slap a password […]

Read More

Dow Jones list of high-risk businesses, people on unsecured database

Posted on February 28th, 2019 by Responsible Cyber

Security researcher Bob Diachenko discovered an unprotected 4.4GB Elasticsearch database chock-full of more than 2.4 million records of people and businesses considered to be high-risk by Dow Jones. A third-party company left this Dow Jones watchlist on a public server without even so much as a password to protect it. The proprietary watchlist, hosted on […]

Read More