In Security, Programmers Aren’t Perfect

Posted on April 6th, 2019 by Responsible Cyber

Software developers and their managers must change their perception of secure coding from being an optional feature to being a requirement that is factored into design from the beginning. Fifth in a continuing series about the human element in cybersecurity. Programmers are responsible for developing and releasing new systems and applications, and subsequently announcing vulnerabilities and […]

Read More

What your antivirus software doesn’t tell you, and how to get that data

Posted on March 30th, 2019 by Responsible Cyber

Since the beginning, antivirus software vendors have lied about their accuracy. Many claim 100 percent accuracy in detecting bad programs and we, despite nearly every computer being protected by an antivirus program, are still exploited by malware. Submit any malware program to Google’s VirusTotal and get it scanned by 67 to 70 antivirus programs. Never […]

Read More

What can we learn about infosec from the Varsity Blues college admissions scandal?

Posted on March 24th, 2019 by Responsible Cyber

There is tremendous pressure with successful parents to get their kids into top colleges. Graduation from a top school doesn’t just bring with it the prestige of its diploma, it’s also the connections and job opportunities that come from the college experience at those institutions. For instance, graduates have a great likelihood to work for […]

Read More

SoftNAS Cloud 0day found: Upgrade ASAP

Posted on March 24th, 2019 by Responsible Cyber

SoftNAS users should upgrade their virtual appliance immediately following the discovery of a security issue in the product’s session management. Texas pen-testing outfit Digital Defense discovered the vulnerability during an engagement and coordinated disclosure with SoftNAS. Version 4.2.2 contains the relevant security patch. “SoftNAS Cloud Enterprise 4.2.0 is vulnerable to an authenticated bypass that could […]

Read More

Facebook Stored Hundreds of Millions of User Passwords in Plain Text for Years — Krebs on Security

Posted on March 24th, 2019 by Responsible Cyber

Hundreds of millions of Facebook users had their account passwords stored in plain text and searchable by thousands of Facebook employees — in some cases going back to 2012, KrebsOnSecurity has learned. Facebook says an ongoing investigation has so far found no indication that employees have abused access to this data. Facebook is probing a […]

Read More

Businesses Manage 9.7PB of Data but Struggle to Protect It

Posted on March 24th, 2019 by Responsible Cyber

What’s more, their attempts to secure it may be putting information at risk, a new report finds. Organizations managed an average of 9.7 petabytes of data in 2018, a 569% spike compared with the 1.45 petabytes they handled in 2016. Most see the value of data, and more are monetizing it, yet very few are confident […]

Read More

It Takes an Average of 3 to 6 Months to Fill a Cybersecurity Job

Posted on March 14th, 2019 by Responsible Cyber

Meanwhile, organizations are looking at unconventional ways to staff up and train their workforce as technical expertise gets even harder to find. As the demand for cybersecurity professionals continues to rise against the backdrop of a job candidate shortage, employers say only half of applicants (or fewer) actually meet the qualifications. The new data from […]

Read More

Bolstering Endpoint Security

Posted on March 14th, 2019 by Responsible Cyber

For many organizations, endpoint security remains the weak link in their security strategy. While organizations are able to ensure that endpoint clients are installed on company-owned assets, security becomes more challenging when workers use their personal devices for work-related activities. The organizational risks introduced several years ago by BYOD have been compounded as the number […]

Read More

MyEquifax.com Bypasses Credit Freeze PIN — Krebs on Security

Posted on March 14th, 2019 by Responsible Cyber

Most people who have frozen their credit files with Equifax have been issued a numeric Personal Identification Number (PIN) which is supposed to be required before a freeze can be lifted or thawed. Unfortunately, if you don’t already have an account at the credit bureau’s new myEquifax portal, it may be simple for identity thieves […]

Read More

Staffing Shortage Makes Vulnerabilities Worse

Posted on February 21st, 2019 by Responsible Cyber

Businesses don’t have sufficient staff to find vulnerabilities or protect against their exploit, according to a new report by Ponemon Institute. For enterprise IT groups, responding to the volume of new vulnerabilities is growing more difficult – compounded by a chronic lack of skilled cybersecurity professionals to deal with the issues. That is one of the […]

Read More