More Than 22,000 Vulns Were Disclosed in 2018, 27% Without Fixes

Posted on March 1st, 2019 by Responsible Cyber

As in previous years, input validation vulnerabilities accounted for a substantial proportion of total, Risk Based Security report shows. The number of security vulnerabilities present in web applications and other software shows little signs of coming down anytime soon. A new report from Risk Based Security (RBS) shows that a total of 22,022 security vulnerabilities […]

Read More

Severe Flaws in SHAREit Android App Let Hackers Steal Your Files

Posted on March 1st, 2019 by Responsible Cyber

Security researchers have discovered two high-severity vulnerabilities in the SHAREit Android app that could allow attackers to bypass device authentication mechanism and steal files containing sensitive from a victim’s device.With over 1.5 billion users worldwide, SHAREit is a popular file sharing application for Android, iOS, Windows and Mac that has been designed to help people […]

Read More

New Flaws Re-Enable DMA Attacks On Wide Range of Modern Computers

Posted on March 1st, 2019 by Responsible Cyber

Security researchers have discovered a new class of security vulnerabilities that impacts all major operating systems, including Microsoft Windows, Apple macOS, Linux, and FreeBSD, allowing attackers to bypass protection mechanisms introduced to defend against DMA attacks.Known for years, Direct memory access (DMA)-based attacks let an attacker compromise a targeted computer in a matter of seconds […]

Read More

Cyber Extortionists Can Earn $360,000 a Year

Posted on February 22nd, 2019 by Responsible Cyber

Extortion scams capitalize on compromised credentials, sensitive data, and technical vulnerabilities on Internet-facing applications to pressure victims to pay up. Cybercriminals seeking sensitive data on high net-worth individuals will pay aspiring extortionists an average of $360,000 per year to target executives, lawyers, doctors, and other prominent figures, researchers discovered. The Digital Shadows Photon Research Team […]

Read More

Why Cybersecurity Burnout Is Real (and What to Do About It)

Posted on February 22nd, 2019 by Responsible Cyber

The constant stresses from advanced malware to zero-day vulnerabilities can easily turn into employee overload with potentially dangerous consequences. Here’s how to turn down the pressure. Cybersecurity is one of the only IT roles where there are people actively trying to ruin your day, 24/7. The pressure concerns are well documented. A 2018 global survey […]

Read More

Hackers can invisibly eavesdrop on Bigscreen VR users

Posted on February 22nd, 2019 by Responsible Cyber

Meet the new man-in-the-room attack, which exploited vulnerabilities in the Bigscreen virtual reality (VR) app, allowing attackers to invisibly eavesdrop in VR rooms. Attackers could also exploit the flaws to gain complete control over Bigscreen users’ computers, to secretly deliver malware, and even to start a worm infection spreading through VR. Breathe easy – it’s […]

Read More

Staffing Shortage Makes Vulnerabilities Worse

Posted on February 21st, 2019 by Responsible Cyber

Businesses don’t have sufficient staff to find vulnerabilities or protect against their exploit, according to a new report by Ponemon Institute. For enterprise IT groups, responding to the volume of new vulnerabilities is growing more difficult – compounded by a chronic lack of skilled cybersecurity professionals to deal with the issues. That is one of the […]

Read More

Cataloging IoT Vulnerabilities – Schneier on Security

Posted on February 20th, 2019 by Responsible Cyber

Blog > Cataloging IoT Vulnerabilities Recent articles about IoT vulnerabilities describe hacking of construction cranes, supermarket freezers, and electric scooters. Tags: hacking, Internet of Things, vulnerabilities Comments Subscribe to comments on this entry Photo of Bruce Schneier by Per Ervland. Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient. […]

Read More

Patch Tuesday, February 2019 Edition — Krebs on Security

Posted on February 14th, 2019 by Responsible Cyber

Microsoft on Tuesday issued a bevy of patches to correct at least 70 distinct security vulnerabilities in Windows and software designed to interact with various flavors of the operating system. This month’s patch batch tackles some notable threats to enterprises — including multiple flaws that were publicly disclosed prior to Patch Tuesday. It also bundles […]

Read More

Security Analysis of the LIFX Smart Light Bulb

Posted on February 1st, 2019 by Responsible Cyber

The security is terrible: In a very short limited amount of time, three vulnerabilities have been discovered: Wifi credentials of the user have been recovered (stored in plaintext into the flash memory). No security settings. The device is completely open (no secure boot, no debug interface disabled, no flash encryption). Root certificate and RSA private […]

Read More