28 DevSecOps tools for baking security into the development process

Posted on May 31st, 2019 by Responsible Cyber

DevSecOps is the process of integrating security into the entire application development process — when there’s an ideal opportunity to fortify your app from the inside out against potential threats. DevSecOps is gaining traction because many organizations are developing applications frequently to satisfy customer or business partner demands, notes Michael Isbitski, senior director analyst, security […]

Read More

Microsoft Releases Patches For A Critical ‘Wormable Flaw’ and 78 Other Issues

Posted on May 23rd, 2019 by Responsible Cyber

It’s Patch Tuesday—the day when Microsoft releases monthly security updates for its software.Microsoft has software updates to address a total of 79 CVE-listed vulnerabilities in its Windows operating systems and other products, including a critical wormable flaw that can propagate malware from computer to computer without requiring users’ interaction.Out of 79 vulnerabilities, 18 issues have […]

Read More

Baltimore Email, Other Systems Still Offline from May 7 Ransomware Attack

Posted on May 23rd, 2019 by Responsible Cyber

The city’s mayor says there’s no ‘exact timeline on when all systems will be restored.’ The city of Baltimore’s email system remains down today as it continues its recovery from a massive ransomware attack on May 7 that is under investigation by the FBI.  Baltimore suffered an attack from the so-called Robbinhood ransomware variant but vowed […]

Read More

Fingerprinting iPhones – Schneier on Security

Posted on May 23rd, 2019 by Responsible Cyber

Fingerprinting iPhonesThis clever attack allows someone to uniquely identify a phone when you visit a website, based on data from the accelerometer, gyroscope, and magnetometer sensors. We have developed a new type of fingerprinting attack, the calibration fingerprinting attack. Our attack uses data gathered from the accelerometer, gyroscope and magnetometer sensors found in smartphones to […]

Read More

A Tough Week for IP Address Scammers — Krebs on Security

Posted on May 23rd, 2019 by Responsible Cyber

In the early days of the Internet, there was a period when Internet Protocol version 4 (IPv4) addresses (e.g. 4.4.4.4) were given out like cotton candy to anyone who asked. But these days companies are queuing up to obtain new IP space from the various regional registries that periodically dole out the prized digits. With […]

Read More

Moving beyond template-based notifications

Posted on May 22nd, 2019 by Responsible Cyber

When it comes to incident response, there is no one-size-fits-all approach. Every company, every incident, every regulatory framework looks different and has different characteristics and requirements. With all these variables at play, it stands to reason that no two responses are ever going to look the same. So why do companies insist on using the […]

Read More

The Modern Definition of Network Security

Posted on April 12th, 2019 by Responsible Cyber

When it comes to network security, the definition of those responsibilities has greatly evolved, just as the capabilities of networking have evolved. Think of the past environments you have worked in, going back as far as your token ring or dial-up days. Then fast forward to modern data centers, littered with fiber connections and traffic […]

Read More

Serious Security: How web forms can steal your bandwidth and harm your brand

Posted on April 11th, 2019 by Responsible Cyber

by Paul Ducklin Spamming is a word we all know and an activity we all loathe – it’s when crooks blast out unwanted emails for products we don’t want at a price we won’t pay from from suppliers we’ll never trust. And the word spam has given us related terms such as SPIM for spam […]

Read More

Vulnerability management woes continue, but there is hope

Posted on March 28th, 2019 by Responsible Cyber

I remember giving a presentation when I first started working in cybersecurity in 2003 (note: It was called information security back then). I talked about the importance of good security hygiene, focusing on deploying secure system configurations, managing access controls, and performing regular vulnerability scans.  When it came to the Q&A portion of my presentation, […]

Read More

Upcoming Speaking Engagements – Schneier on Security

Posted on March 24th, 2019 by Responsible Cyber

Blog > Upcoming Speaking Engagements This is a current list of where and when I am scheduled to speak: I’m teaching a live online class called “Spotlight on Cloud: The Future of Internet Security with Bruce Schneier” on O’Reilly’s learning platform, Thursday, April 4, at 10:00 AM PT/1:00 PM ET. The list is maintained on this […]

Read More