Black Hat Q&A: Building Infosec Communities for Women

Posted on May 31st, 2019 by Responsible Cyber

Three security experts offer a sneak peek into their upcoming Black Hat USA talk on organizing female infosec communities in Korea, Japan and Taiwan. We recently spoke (via email) with Asuka Nakajima, Suhee Kang, and Hazel Yen who will be sharing their success stories about building a thriving network of cybersecurity communities for women during […]

Read More

Caveat Emptor: Calculating the Impact of Global Attacks on Cyber Insurance – Dark Reading

Posted on May 31st, 2019 by Responsible Cyber

The reality for business owners and CISOs looking to protect their business from a cyberattack is that cyber insurance is not a catchall for protecting against risk and loss. The cyber insurance investigation into the loss potential of the recent ransomware attack on one of the world’s largest aluminum producers, Norsk Hydro, has begun. It […]

Read More

Satan Ransomware Adds More Evil Tricks

Posted on May 23rd, 2019 by Responsible Cyber

The latest changes to the Satan ransomware framework demonstrate attackers are changing their operations while targeting victims more carefully. The operators and developers behind a 2-year-old ransomware framework, dubbed Satan, continue to expand the codebase, adding exploits for the Spring Web application framework, the ElasticSearch search engine, and ThinkPHP Web application framework popular in China, […]

Read More

8 ‘SOC-as-a-Service’ Offerings

Posted on April 13th, 2019 by Responsible Cyber

These new cloud services seek to help companies figure out what their traditional SIEM alerts mean, plus how they can prioritize responses and improve their security operations. 1 of 9 At the RSA Conference in San Francisco last month, several vendors were on hand touting security operations center (SOC)-as-a-service. But Anton Chuvakin, distinguished vice president […]

Read More

In Security, Programmers Aren’t Perfect

Posted on April 6th, 2019 by Responsible Cyber

Software developers and their managers must change their perception of secure coding from being an optional feature to being a requirement that is factored into design from the beginning. Fifth in a continuing series about the human element in cybersecurity. Programmers are responsible for developing and releasing new systems and applications, and subsequently announcing vulnerabilities and […]

Read More

What your antivirus software doesn’t tell you, and how to get that data

Posted on March 30th, 2019 by Responsible Cyber

Since the beginning, antivirus software vendors have lied about their accuracy. Many claim 100 percent accuracy in detecting bad programs and we, despite nearly every computer being protected by an antivirus program, are still exploited by malware. Submit any malware program to Google’s VirusTotal and get it scanned by 67 to 70 antivirus programs. Never […]

Read More

What can we learn about infosec from the Varsity Blues college admissions scandal?

Posted on March 24th, 2019 by Responsible Cyber

There is tremendous pressure with successful parents to get their kids into top colleges. Graduation from a top school doesn’t just bring with it the prestige of its diploma, it’s also the connections and job opportunities that come from the college experience at those institutions. For instance, graduates have a great likelihood to work for […]

Read More

SoftNAS Cloud 0day found: Upgrade ASAP

Posted on March 24th, 2019 by Responsible Cyber

SoftNAS users should upgrade their virtual appliance immediately following the discovery of a security issue in the product’s session management. Texas pen-testing outfit Digital Defense discovered the vulnerability during an engagement and coordinated disclosure with SoftNAS. Version 4.2.2 contains the relevant security patch. “SoftNAS Cloud Enterprise 4.2.0 is vulnerable to an authenticated bypass that could […]

Read More

Facebook Stored Hundreds of Millions of User Passwords in Plain Text for Years — Krebs on Security

Posted on March 24th, 2019 by Responsible Cyber

Hundreds of millions of Facebook users had their account passwords stored in plain text and searchable by thousands of Facebook employees — in some cases going back to 2012, KrebsOnSecurity has learned. Facebook says an ongoing investigation has so far found no indication that employees have abused access to this data. Facebook is probing a […]

Read More

Businesses Manage 9.7PB of Data but Struggle to Protect It

Posted on March 24th, 2019 by Responsible Cyber

What’s more, their attempts to secure it may be putting information at risk, a new report finds. Organizations managed an average of 9.7 petabytes of data in 2018, a 569% spike compared with the 1.45 petabytes they handled in 2016. Most see the value of data, and more are monetizing it, yet very few are confident […]

Read More