Patch Tuesday Lowdown, April 2019 Edition — Krebs on Security

Posted on April 13th, 2019 by Responsible Cyber

Microsoft today released fifteen software updates to fix more than 70 unique security vulnerabilities in various flavors of its Windows operating systems and supported software, including at least two zero-day bugs. These patches apply to Windows, Internet Explorer (IE) and Edge browsers, Office, Sharepoint and Exchange. Separately, Adobe has issued security updates for Acrobat/Reader and Flash Player. […]

Read More

Popular Video Editing Software Website Hacked to Spread Banking Trojan

Posted on April 13th, 2019 by Responsible Cyber

If you have downloaded the VSDC multimedia editing software between late February to late March this year, there are high chances that your computer has been infected with a banking trojan and an information stealer.The official website of the VSDC software — one of the most popular, free video editing and converting app with over […]

Read More

In Security, Programmers Aren’t Perfect

Posted on April 6th, 2019 by Responsible Cyber

Software developers and their managers must change their perception of secure coding from being an optional feature to being a requirement that is factored into design from the beginning. Fifth in a continuing series about the human element in cybersecurity. Programmers are responsible for developing and releasing new systems and applications, and subsequently announcing vulnerabilities and […]

Read More

Canadian Police Raid ‘Orcus RAT’ Author — Krebs on Security

Posted on April 6th, 2019 by Responsible Cyber

Canadian police last week raided the residence of a Toronto software developer behind “Orcus RAT,” a product that’s been marketed on underground forums and used in countless malware attacks since its creation in 2015. Its author maintains Orcus is a legitimate Remote Administration Tool that is merely being abused, but security experts say it includes multiple features more […]

Read More

New Apache Web Server Bug Threatens Security of Shared Web Hosts

Posted on April 6th, 2019 by Responsible Cyber

Mark J Cox, one of the founding members of the Apache Software Foundation and the OpenSSL project, today posted a tweet warning users about a recently discovered important flaw in Apache HTTP Server software.The Apache web server is one of the most popular, widely used open-source web servers in the world that powers almost 40 […]

Read More

Hackers Could Turn Pre-Installed Antivirus App on Xiaomi Phones Into Malware

Posted on April 6th, 2019 by Responsible Cyber

What could be worse than this, if the software that’s meant to protect your devices leave backdoors open for hackers or turn into malware?Researchers today revealed that a security app that comes pre-installed on more than 150 million devices manufactured by Xiaomi, China’s biggest and world’s 4th largest smartphone company, was suffering from multiple issues […]

Read More

What your antivirus software doesn’t tell you, and how to get that data

Posted on March 30th, 2019 by Responsible Cyber

Since the beginning, antivirus software vendors have lied about their accuracy. Many claim 100 percent accuracy in detecting bad programs and we, despite nearly every computer being protected by an antivirus program, are still exploited by malware. Submit any malware program to Google’s VirusTotal and get it scanned by 67 to 70 antivirus programs. Never […]

Read More

UK Watchdog Criticizes Huawei for Lax Software Security, Development

Posted on March 30th, 2019 by Responsible Cyber

Calling the company’s software development practices chaotic and unsustainable, a UK government oversight group calls on the company to make measurable progress toward more secure and sustainable code. The group responsible for overseeing Huawei’s technical compliance with software and security standards in the UK roundly criticized the company for “serious and systematic defects in software […]

Read More

PuTTY Releases Important Software Update to Patch 8 High-Severity Flaws

Posted on March 24th, 2019 by Responsible Cyber

The popular SSH client program PuTTY has released the latest version of its software that includes security patches for 8 high-severity security vulnerabilities.PuTTY is one of the most popular and widely used open-source client-side programs that allows users to remotely access computers over SSH, Telnet, and Rlogin network protocols.Almost 20 months after releasing the last […]

Read More

CAs Reissue Over One Million Weak Certificates

Posted on March 24th, 2019 by Responsible Cyber

Turns out that the software a bunch of CAs used to generate public-key certificates was flawed: they created random serial numbers with only 63 bits instead of the required 64. That may not seem like a big deal to the layman, but that one bit change means that the serial numbers only have half the […]

Read More