A hacker or your cloud provider. Who presents the greatest risk to your data?

Posted on April 6th, 2019 by Responsible Cyber

It’s your worst nightmare. All of your most important and sensitive data, the thing your business values most, the thing your company cannot operate without, the thing your regulators require you to protect, has been taken hostage. Your business grinds to a halt. Your customers and business partners are livid. Your regulators are demanding an […]

Read More

Recovering Smartphone Typing from Microphone Sounds

Posted on April 6th, 2019 by Responsible Cyber

Yet another side-channel attack on smartphones: “Hearing your touch: A new acoustic side channel on smartphones,” by Ilia Shumailov, Laurent Simon, Jeff Yan, and Ross Anderson. Abstract: We present the first acoustic side-channel attack that recovers what users type on the virtual keyboard of their touch-screen smartphone or tablet. When a user taps the screen […]

Read More

Hackers Could Turn Pre-Installed Antivirus App on Xiaomi Phones Into Malware

Posted on April 6th, 2019 by Responsible Cyber

What could be worse than this, if the software that’s meant to protect your devices leave backdoors open for hackers or turn into malware?Researchers today revealed that a security app that comes pre-installed on more than 150 million devices manufactured by Xiaomi, China’s biggest and world’s 4th largest smartphone company, was suffering from multiple issues […]

Read More

Insecure UC Browser ‘Feature’ Lets Hackers Hijack Android Phones Remotely

Posted on March 30th, 2019 by Responsible Cyber

Beware! If you are using UC Browser on your smartphones, you should consider uninstalling it immediately.Why? Because the China-made UC Browser contains a “questionable” ability that could be exploited by remote attackers to automatically download and execute code on your Android devices.Developed by Alibaba-owned UCWeb, UC Browser is one of the most popular mobile browsers, […]

Read More

Critical Magento SQL Injection Vulnerability Discovered – Patch Your Sites

Posted on March 30th, 2019 by Responsible Cyber

If your online e-commerce business is running over the Magento platform, you must pay attention to this information.Magento yesterday released new versions of its content management software to address a total of 37 newly-discovered security vulnerabilities.Owned by Adobe since mid-2018, Magento is one of the most popular content management system (CMS) platform that powers 28% […]

Read More

New WordPress Flaw Lets Unauthenticated Remote Attackers Hack Sites

Posted on March 14th, 2019 by Responsible Cyber

If for some reason your WordPress-based website has not yet been automatically updated to the latest version 5.1.1, it’s highly recommended to immediately upgrade it before hackers could take advantage of a newly disclosed vulnerability to hack your website.Simon Scannell, a researcher at RIPS Technologies GmbH, who previously reported multiple critical vulnerabilities in WordPress, has […]

Read More

New Google Chrome Zero-Day Vulnerability Found Actively Exploited in the Wild

Posted on March 14th, 2019 by Responsible Cyber

You must update your Google Chrome immediately to the latest version of the web browsing application.Security researcher Clement Lecigne of Google’s Threat Analysis Group discovered and reported a high severity vulnerability in Chrome late last month that could allow remote attackers to execute arbitrary code and take full control of the computers.The vulnerability, assigned as […]

Read More

How to hack a smartcard to gain privileged access

Posted on March 14th, 2019 by Responsible Cyber

I can change an email address and steal your most privileged credentials. One of the most consistent IT security best practice recommendations is to require that admins use multi-factor authentication (MFA). In many corporate environments, this means using smartcards. Most smartcard environments don’t know that using smartcards (in an Active Directory environment) makes privilege escalation […]

Read More

Insert Skimmer + Camera Cover PIN Stealer — Krebs on Security

Posted on March 14th, 2019 by Responsible Cyber

Very often the most clever component of your typical ATM skimming attack is the hidden pinhole camera used to record customers entering their PINs. These little video bandits can be hidden 100 different ways, but they’re frequently disguised as ATM security features — such as an extra PIN pad privacy cover, or an all-in-one skimmer […]

Read More

Misconfigured Box accounts leak terabytes of companies’ sensitive data

Posted on March 13th, 2019 by Responsible Cyber

by Lisa Vaas If your company uses Box for cloud-based file sharing, security researchers are advising you to stop reading right now and immediately disable public file sharing: vanity-named subdomains and URLs are “easily brute-forceable,” leaving companies’ publicly shared data open to extremely easy attacks. Security firm Adversis published a report on Monday after using […]

Read More