Unhackable Cryptography? – Schneier on Security

Posted on April 6th, 2019 by Responsible Cyber

Unhackable Cryptography?A recent article overhyped the release of EverCrypt, a cryptography library created using formal methods to prove security against specific attacks. The Quantum magazine article sets off a series of “snake-oil” alarm bells. The author’s Github README is more measured and accurate, and illustrates what a cool project this really is. But it’s not […]

Read More

Consolidation: Why there should be big acquisition announcements at RSA

Posted on March 14th, 2019 by Responsible Cyber

Blackberry became a bigger player in cybersecurity with its recent acquisition of Cylance. In the past year, Palo Alto made several acquisitions, including the recently announced Demisto deal, to improve its security offerings and is expected to make more. With the RSA Security Conference on the horizon, will there be more consolidation announcements? Will this […]

Read More

Microsoft Expands AccountGuard to Help Europe Prep for Cyberattacks

Posted on February 22nd, 2019 by Responsible Cyber

A recent wave of cybercrime has targeted organizations with employees in Belgium, France, Germany, Poland, Romania, and Serbia. Microsoft is expanding its AccountGuard cybersecurity service to 12 new European markets to help organizations defend against a rise in cyberthreats as they prepare for upcoming Parliament elections. Nation-states and other attackers aim to influence elections and […]

Read More

Cisco Router Vulnerability Gives Window into Researchers’ World

Posted on February 2nd, 2019 by Responsible Cyber

The research around a recent vulnerability shows how researchers follow leads and find unexpected results. In late January, researchers found a vulnerability in Cisco RV320 and RV325 routers — routers aimed at the needs of small businesses and remote offices. Cisco quickly released a software patch to close the vulnerability, but some of the research […]

Read More

Hacking the GCHQ Backdoor – Schneier on Security

Posted on February 1st, 2019 by Responsible Cyber

Hacking the GCHQ BackdoorLast week, I evaluated the security of a recent GCHQ backdoor proposal for communications systems. Furthering the debate, Nate Cardozo and Seth Schoen of EFF explain how this sort of backdoor can be detected: In fact, we think when the ghost feature is active­ — silently inserting a secret eavesdropping member into […]

Read More

How to defend Office 386 from spear-phishing attacks

Posted on January 30th, 2019 by Responsible Cyber

A recent Windows Defender Advanced Threat Protection (ATP) alert described an Adobe Flash zero-day vulnerability (CVE-2018-15982) that was used in a spear-phishing attack against a medical institution in Russia. Adobe released a patch on December 5, 2018. This vulnerability and attack sequence highlighted a number of mitigations that you can use to block such attacks. […]

Read More

OSCP cheating allegations a reminder to verify hacking skills when hiring

Posted on January 30th, 2019 by Responsible Cyber

Few infosec certifications have developed the prestige in recent years of the Offensive Security Certified Professional (OSCP), an entry-level penetration testing certification with a reputation for being one of the most difficult out there.  Run by Offensive Security (OffSec), the makers of Kali Linux, whose motto is “Try harder,” the OSCP features a grueling 24-hour […]

Read More