BitLocker hacked? Disk encryption – and why you still need it [VIDEO]

Posted on March 22nd, 2019 by Responsible Cyber

by Paul Ducklin A security researcher in New Zealand just showed that it’s possible to wire up a low-cost data sniffer to the security chip in a Microsoft Surface laptop… …and read out the decryption key used by BitLocker, the software that is there to keep the data on your hard disk safe. That has […]

Read More

Google Discloses Unpatched ‘High-Severity’ Flaw in Apple macOS Kernel

Posted on March 14th, 2019 by Responsible Cyber

Cybersecurity researcher at Google’s Project Zero division has publicly disclosed details and proof-of-concept exploit of a high-severity security vulnerability in macOS operating system after Apple failed to release a patch within 90 days of being notified.Discovered by Project Zero researcher Jann Horn and demonstrated by Ian Beer, the vulnerability resides in the way macOS XNU […]

Read More

BEWARE – New ‘Creative’ Phishing Attack You Really Should Pay Attention To

Posted on March 14th, 2019 by Responsible Cyber

A cybersecurity researcher who last month warned of a creative phishing campaign has now shared details of a new but similar attack campaign with The Hacker News that has specifically been designed to target mobile users.Just like the previous campaign, the new phishing attack is also based on the idea that a malicious web page […]

Read More

Severe Flaw Disclosed In StackStorm DevOps Automation Software

Posted on March 14th, 2019 by Responsible Cyber

A security researcher has discovered a severe vulnerability in the popular, open source event-driven platform StackStorm that could allow remote attackers to trick developers into unknowingly execute arbitrary commands on targeted services.StackStorm, aka “IFTTT for Ops,” is a powerful event-driven automation tool for integration and automation across services and tools that allows developers to configure […]

Read More

Dow Jones list of high-risk businesses, people on unsecured database

Posted on February 28th, 2019 by Responsible Cyber

Security researcher Bob Diachenko discovered an unprotected 4.4GB Elasticsearch database chock-full of more than 2.4 million records of people and businesses considered to be high-risk by Dow Jones. A third-party company left this Dow Jones watchlist on a public server without even so much as a password to protect it. The proprietary watchlist, hosted on […]

Read More

Almost Half A Million Delhi Citizens’ Personal Data Exposed Online

Posted on February 22nd, 2019 by Responsible Cyber

Exclusive — A security researcher has identified an unsecured server that was leaking detailed personal details of nearly half a million Indian citizens… thanks to another MongoDB database instance that company left unprotected on the Internet accessible to anyone without password.In a report shared with The Hacker News, Bob Diachenko disclosed that two days ago he […]

Read More

Facebook flaw could have allowed an attacker to hijack accounts

Posted on February 19th, 2019 by Responsible Cyber

by John E Dunn If you’re a security researcher in search of a fat bug bounty, Facebook must look like a good place to start your next hunt. The site has suffered a lot of niggling security flaws in recent times, to which can now be added a new Cross Site Request Forgery (CSRF) protection […]

Read More

First Android Clipboard Hijacking Crypto Malware Found On Google Play Store

Posted on February 14th, 2019 by Responsible Cyber

A security researcher has discovered yet another cryptocurrency-stealing malware on the official Google Play Store that was designed to secretly steal bitcoin and cryptocurrency from unwitting users.The malware, described as a “Clipper,” masqueraded as a legitimate cryptocurrency app and worked by replacing cryptocurrency wallet addresses copied into the Android clipboard with one belonging to attackers, […]

Read More

Google paid out $3.4m in bug bounties last year

Posted on February 14th, 2019 by Responsible Cyber

by Lisa Vaas A 19-year-old researcher from Uruguay; a restaurant owner from Cluj, Romania; and a Cambridge professor: these are just three of the 317 researchers who were rewarded for reporting vulnerabilities and helping keep Google users safer in 2018, the company said in its yearly bug bounty payout wrap-up. Google awarded a total of […]

Read More

Digital signs left wide open with default password

Posted on February 6th, 2019 by Responsible Cyber

by Lisa Vaas Security researcher Drew Green has pried open an internet-connected digital signage system thanks to a default admin web interface password: an easily changeable password that allowed him into the web interface, from where he stumbled onto a chain of vulnerabilities that could allow a malicious attacker to upload whatever unsavories they’d like […]

Read More