Inside a GandCrab targeted ransomware attack on a hospital

Posted on February 14th, 2019 by Responsible Cyber

by Mark Stockley Thanks to Sophos experts Vikas Singh and Peter Mackenzie for the research in this article. Just before 9pm on Sunday, 3 February 2019, a GandCrab executable sparked into life for an instant, before its brief existence was snuffed out by antivirus software. Stopped in its tracks, the malware triggered the first of what […]

Read More

Bomb Threat Hoaxer Exposed by Hacked Gaming Site — Krebs on Security

Posted on February 14th, 2019 by Responsible Cyber

Federal authorities this week arrested a North Carolina man who allegedly ran with a group of online hooligans that attacked Web sites (including this one), took requests on Twitter to call in bomb threats to thousands of schools, and tried to frame various online gaming sites as the culprits. In an ironic twist, the accused […]

Read More

USB Cable with Embedded Wi-Fi Controller

Posted on February 14th, 2019 by Responsible Cyber

It’s only a prototype, but this USB cable has an embedded Wi-Fi controller. Whoever controls that Wi-Fi connection can remotely execute commands on the attached computer. Tags: implants, side-channel attacks, USB, Wi-Fi Go to Source Author: Bruce Schneier

Read More

What’s behind this 1,000-character phishing URL?

Posted on February 14th, 2019 by Responsible Cyber

by Danny Bradbury Phishing sites are common, but this week the internet found a strange strain that’s a little rarer: a phishing site with a URL almost a thousand characters long. Experts have a good theory about why a scammer would go to all that trouble. Bleeping Computer learned of a strange phishing campaign which […]

Read More

Cyberinsurance and Acts of War

Posted on February 13th, 2019 by Responsible Cyber

I had not heard about this case before. Zurich Insurance has refused to pay Mondelez International’s claim of $100 million in damages from NotPetya. It claims it is an act of war and therefor not covered. Mondelez is suing. Those turning to cyber insurance to manage their exposure presently face significant uncertainties about its promise. […]

Read More

Microsoft Patch Tuesday — February 2019 Update Fixes 77 Flaws

Posted on February 13th, 2019 by Responsible Cyber

Microsoft has issued its second Patch Tuesday for this year to address a total of 77 CVE-listed security vulnerabilities in its Windows operating systems and other products, 20 of which are rated critical, 54 important and 3 moderate in severity.February security update addresses flaws in Adobe Flash Player, Internet Explorer, Edge, Windows, MS Office, and […]

Read More

Hacker who reported flaw in Hungarian Telekom faces up to 8-years in prison

Posted on February 2nd, 2019 by Responsible Cyber

Many of you might have this question in your mind:”Is it illegal to test a website for vulnerability without permission from the owner?”Or… “Is it illegal to disclose a vulnerability publicly?”Well, the answer is YES, it’s illegal most of the times and doing so could backfire even when you have good intentions.Last year, Hungarian police […]

Read More

Clever Smartphone Malware Concealment Technique

Posted on February 1st, 2019 by Responsible Cyber

This is clever: Malicious apps hosted in the Google Play market are trying a clever trick to avoid detection — they monitor the motion-sensor input of an infected device before installing a powerful banking trojan to make sure it doesn’t load on emulators researchers use to detect attacks. The thinking behind the monitoring is that […]

Read More

Ep. 017 – DNS hijacking, a weird breach and a cybersecurity confession [PODCAST]

Posted on January 30th, 2019 by Responsible Cyber

by Paul Ducklin In this episode, we dig into a US Emergency Directive to stop government sites getting hijacked, examine a data breach with a difference, and hear a cybersecurity expert’s confession of how his Instagram got hacked. With Anna Brading. Paul Ducklin, Mark Stockley and Matthew Boddy. This week’s stories: The social network advice […]

Read More

Data Supports DevSecOps Practices

Posted on January 30th, 2019 by Responsible Cyber

In this episode, we will look at the emergence of DevSecOps in the enterprise. Tim Jarrett, Senior Director of Product Marketing with Veracode, joins us to explain the goal of building security into the software development process at the outset. Listeners will learn more about: What research says about the effectiveness of DevSecOps The core […]

Read More