Cisco Router Vulnerability Gives Window into Researchers’ World

Posted on February 2nd, 2019 by Responsible Cyber

The research around a recent vulnerability shows how researchers follow leads and find unexpected results. In late January, researchers found a vulnerability in Cisco RV320 and RV325 routers — routers aimed at the needs of small businesses and remote offices. Cisco quickly released a software patch to close the vulnerability, but some of the research […]

Read More

Hacking the GCHQ Backdoor – Schneier on Security

Posted on February 1st, 2019 by Responsible Cyber

Hacking the GCHQ BackdoorLast week, I evaluated the security of a recent GCHQ backdoor proposal for communications systems. Furthering the debate, Nate Cardozo and Seth Schoen of EFF explain how this sort of backdoor can be detected: In fact, we think when the ghost feature is active­ — silently inserting a secret eavesdropping member into […]

Read More

How to defend Office 386 from spear-phishing attacks

Posted on January 30th, 2019 by Responsible Cyber

A recent Windows Defender Advanced Threat Protection (ATP) alert described an Adobe Flash zero-day vulnerability (CVE-2018-15982) that was used in a spear-phishing attack against a medical institution in Russia. Adobe released a patch on December 5, 2018. This vulnerability and attack sequence highlighted a number of mitigations that you can use to block such attacks. […]

Read More

OSCP cheating allegations a reminder to verify hacking skills when hiring

Posted on January 30th, 2019 by Responsible Cyber

Few infosec certifications have developed the prestige in recent years of the Offensive Security Certified Professional (OSCP), an entry-level penetration testing certification with a reputation for being one of the most difficult out there.  Run by Offensive Security (OffSec), the makers of Kali Linux, whose motto is “Try harder,” the OSCP features a grueling 24-hour […]

Read More