Attacking Soldiers on Social Media

Posted on March 1st, 2019 by Responsible Cyber

A research group at NATO’s Strategic Communications Center of Excellence catfished soldiers involved in an European military exercise — we don’t know what country they were from — to demonstrate the power of the attack technique. Over four weeks, the researchers developed fake pages and closed groups on Facebook that looked like they were associated […]

Read More

On the Security of Password Managers

Posted on March 1st, 2019 by Responsible Cyber

There’s new research on the security of password managers, specifically 1Password, Dashlane, KeePass, and Lastpass. This work specifically looks at password leakage on the host computer. That is, does the password manager accidentally leave plaintext copies of the password lying around memory? All password managers we examined sufficiently secured user secrets while in a “not […]

Read More

US House and Senate debate new data privacy law

Posted on February 28th, 2019 by Responsible Cyber

by Lisa Vaas Most people in the US – 91%, according to the Pew Research Center – feel they’ve lost control over their data. Lawmakers feel your pain, citizens. They’re not interested in hearing your thoughts, though. This week, both the House and the Senate are holding hearings on privacy legislation, transparency about how data […]

Read More

Human Negligence to Blame for the Majority of Insider Threats

Posted on February 22nd, 2019 by Responsible Cyber

In 98% of the assessments conducted for its research, Dtex found employees exposed proprietary company information on the Web – a 20% jump from 2018. Nearly two-thirds (64%) of insider threats are caused by users who introduce risk due to careless behavior or human error, according to new research from Dtex. This compares to 13% […]

Read More

Toyota Prepping ‘PASTA’ for its GitHub Debut

Posted on February 15th, 2019 by Responsible Cyber

Carmaker’s open source car-hacking tool platform soon will be available to the research community. The lead developer behind Toyota’s new cybersecurity testing tool said the carmaker plans to make its so-called PASTA (Portable Automotive Security Testbed) available via GitHub as early as next month or April. Tsuyoshi Toyama, senior researcher at Toyota InfoTechnology Center, told […]

Read More

Inside a GandCrab targeted ransomware attack on a hospital

Posted on February 14th, 2019 by Responsible Cyber

by Mark Stockley Thanks to Sophos experts Vikas Singh and Peter Mackenzie for the research in this article. Just before 9pm on Sunday, 3 February 2019, a GandCrab executable sparked into life for an instant, before its brief existence was snuffed out by antivirus software. Stopped in its tracks, the malware triggered the first of what […]

Read More

‘Picnic’ Passes Test for Protecting IoT From Quantum Hacks

Posted on February 13th, 2019 by Responsible Cyber

Researchers from DigiCert, Utimaco, and Microsoft Research gives thumbs-up to a new algorithm for implementing quantum hacking-proof digital certificates. Researchers at DigiCert, Utimaco, and Microsoft Research this week announced the successful test of a newly created algorithm named “Picnic,” with digital certificates used to encrypt, authenticate, and provide integrity for Internet of Things (IoT) devices. The […]

Read More

Cisco Router Vulnerability Gives Window into Researchers’ World

Posted on February 2nd, 2019 by Responsible Cyber

The research around a recent vulnerability shows how researchers follow leads and find unexpected results. In late January, researchers found a vulnerability in Cisco RV320 and RV325 routers — routers aimed at the needs of small businesses and remote offices. Cisco quickly released a software patch to close the vulnerability, but some of the research […]

Read More

Hacking Construction Cranes – Schneier on Security

Posted on February 1st, 2019 by Responsible Cyber

Hacking Construction CranesConstruction cranes are vulnerable to hacking: In our research and vulnerability discoveries, we found that weaknesses in the controllers can be (easily) taken advantage of to move full-sized machines such as cranes used in construction sites and factories. In the different attack classes that we’ve outlined, we were able to perform the attacks […]

Read More