Triton – Schneier on Security

Posted on March 24th, 2019 by Responsible Cyber

1&1~=Umm • March 20, 2019 9:45 AM From the article, “‘Their research paints a worrying picture of a sophisticated cyberweapon built and deployed by a determined and patient hacking group whose identity has yet to be established with certainty.’” Is in effect pointing out the attribution problem. The article goes on to indicate that a […]

Read More

There May Be a Ceiling on Vulnerability Remediation

Posted on March 14th, 2019 by Responsible Cyber

Most organizations are doing all they can to keep up with the release of vulnerabilities, new research shows. Security has no shortage of metrics — everything from the number of vulnerabilities and attacks to the number of bytes per second in a denial-of-service attack. Now a new report focuses on how long it takes organizations […]

Read More

Attacking Soldiers on Social Media

Posted on March 1st, 2019 by Responsible Cyber

A research group at NATO’s Strategic Communications Center of Excellence catfished soldiers involved in an European military exercise — we don’t know what country they were from — to demonstrate the power of the attack technique. Over four weeks, the researchers developed fake pages and closed groups on Facebook that looked like they were associated […]

Read More

On the Security of Password Managers

Posted on March 1st, 2019 by Responsible Cyber

There’s new research on the security of password managers, specifically 1Password, Dashlane, KeePass, and Lastpass. This work specifically looks at password leakage on the host computer. That is, does the password manager accidentally leave plaintext copies of the password lying around memory? All password managers we examined sufficiently secured user secrets while in a “not […]

Read More

US House and Senate debate new data privacy law

Posted on February 28th, 2019 by Responsible Cyber

by Lisa Vaas Most people in the US – 91%, according to the Pew Research Center – feel they’ve lost control over their data. Lawmakers feel your pain, citizens. They’re not interested in hearing your thoughts, though. This week, both the House and the Senate are holding hearings on privacy legislation, transparency about how data […]

Read More

Human Negligence to Blame for the Majority of Insider Threats

Posted on February 22nd, 2019 by Responsible Cyber

In 98% of the assessments conducted for its research, Dtex found employees exposed proprietary company information on the Web – a 20% jump from 2018. Nearly two-thirds (64%) of insider threats are caused by users who introduce risk due to careless behavior or human error, according to new research from Dtex. This compares to 13% […]

Read More

Toyota Prepping ‘PASTA’ for its GitHub Debut

Posted on February 15th, 2019 by Responsible Cyber

Carmaker’s open source car-hacking tool platform soon will be available to the research community. The lead developer behind Toyota’s new cybersecurity testing tool said the carmaker plans to make its so-called PASTA (Portable Automotive Security Testbed) available via GitHub as early as next month or April. Tsuyoshi Toyama, senior researcher at Toyota InfoTechnology Center, told […]

Read More

Inside a GandCrab targeted ransomware attack on a hospital

Posted on February 14th, 2019 by Responsible Cyber

by Mark Stockley Thanks to Sophos experts Vikas Singh and Peter Mackenzie for the research in this article. Just before 9pm on Sunday, 3 February 2019, a GandCrab executable sparked into life for an instant, before its brief existence was snuffed out by antivirus software. Stopped in its tracks, the malware triggered the first of what […]

Read More

‘Picnic’ Passes Test for Protecting IoT From Quantum Hacks

Posted on February 13th, 2019 by Responsible Cyber

Researchers from DigiCert, Utimaco, and Microsoft Research gives thumbs-up to a new algorithm for implementing quantum hacking-proof digital certificates. Researchers at DigiCert, Utimaco, and Microsoft Research this week announced the successful test of a newly created algorithm named “Picnic,” with digital certificates used to encrypt, authenticate, and provide integrity for Internet of Things (IoT) devices. The […]

Read More

Cisco Router Vulnerability Gives Window into Researchers’ World

Posted on February 2nd, 2019 by Responsible Cyber

The research around a recent vulnerability shows how researchers follow leads and find unexpected results. In late January, researchers found a vulnerability in Cisco RV320 and RV325 routers — routers aimed at the needs of small businesses and remote offices. Cisco quickly released a software patch to close the vulnerability, but some of the research […]

Read More