Hackers Infect 50,000 MS-SQL and PHPMyAdmin Servers with Rootkit Malware

Posted on May 31st, 2019 by Responsible Cyber

Cyber Security researchers at Guardicore Labs today published a detailed report on a widespread cryptojacking campaign attacking Windows MS-SQL and PHPMyAdmin servers worldwide.Dubbed Nansh0u, the malicious campaign is reportedly being carried out by an APT-style Chinese hacking group who has already infected nearly 50,000 servers and are installing a sophisticated kernel-mode rootkit on compromised systems […]

Read More

Security Recruiter Directory

Posted on May 31st, 2019 by Responsible Cyber

Looking for a qualified candidate or new job? CSO’s security recruiter directory is your one-stop shop. The recruiters listed below can help you find your next Chief Security Officer (CSO), Chief Information Security Officer (CISO), or VP of Security and fill hard-to-hire positions in risk management, security operations, security engineering, compliance, application security, penetration testers, […]

Read More

28 DevSecOps tools for baking security into the development process

Posted on May 31st, 2019 by Responsible Cyber

DevSecOps is the process of integrating security into the entire application development process — when there’s an ideal opportunity to fortify your app from the inside out against potential threats. DevSecOps is gaining traction because many organizations are developing applications frequently to satisfy customer or business partner demands, notes Michael Isbitski, senior director analyst, security […]

Read More

Black Hat Q&A: Building Infosec Communities for Women

Posted on May 31st, 2019 by Responsible Cyber

Three security experts offer a sneak peek into their upcoming Black Hat USA talk on organizing female infosec communities in Korea, Japan and Taiwan. We recently spoke (via email) with Asuka Nakajima, Suhee Kang, and Hazel Yen who will be sharing their success stories about building a thriving network of cybersecurity communities for women during […]

Read More

First American Financial Corp. Data Records Leak

Posted on May 31st, 2019 by Responsible Cyber

Krebs on Security is reporting a massive data leak by the real estate title insurance company First American Financial Corp. “The title insurance agency collects all kinds of documents from both the buyer and seller, including Social Security numbers, drivers licenses, account statements, and even internal corporate documents if you’re a small business. You give […]

Read More

5 ways compliance hurts security

Posted on May 30th, 2019 by Responsible Cyber

Most of us in the IT security business know that compliance isn’t the same as security. Compliance is an auditing, paperwork, checklist mentality. Security is a tactical, real-world cybersecurity, risk-reduction mentality. Compliance is “Do you have a patch management program that applies critical patches in a timely manner — yes or no?” Security is figuring […]

Read More

Why businesses don’t report cybercrimes to law enforcement

Posted on May 30th, 2019 by Responsible Cyber

Companies are often compelled to report security incidents such as data breaches to regulators. Companies in the UK, for example, will be legally obligated under GDPR to inform the Information Commissioner’s Office (ICO) if they suffer a breach involving personal information of customers or employees. Similar obligations exist under the likes of the Health Insurance […]

Read More

Bluetooth Flaw Found in Google Titan Security Keys; Get Free Replacement

Posted on May 23rd, 2019 by Responsible Cyber

A team of security researchers at Microsoft discovered a potentially serious vulnerability in the Bluetooth-supported version of Google’s Titan Security Keys that could not be patched with a software update.However, users do not need to worry as Google has announced to offer a free replacement for the affected Titan Security Key dongles.In a security advisory […]

Read More

Microsoft Releases Patches For A Critical ‘Wormable Flaw’ and 78 Other Issues

Posted on May 23rd, 2019 by Responsible Cyber

It’s Patch Tuesday—the day when Microsoft releases monthly security updates for its software.Microsoft has software updates to address a total of 79 CVE-listed vulnerabilities in its Windows operating systems and other products, including a critical wormable flaw that can propagate malware from computer to computer without requiring users’ interaction.Out of 79 vulnerabilities, 18 issues have […]

Read More

What’s Behind the Wolters Kluwer Tax Outage? — Krebs on Security

Posted on May 23rd, 2019 by Responsible Cyber

Early in the afternoon on Friday, May, 3, I asked a friend to relay a message to his security contact at CCH, the cloud-based tax division of the global information services firm Wolters Kluwer in the Netherlands. The message was that the same file directories containing new versions of CCH’s software were open and writable by […]

Read More