December 21, 2016 - Shane Stevens
This Holiday Season Beware Prying Eyes

This holiday season’s breakout gift for the younger set, Hatchimals, were scarce even on Black Friday. However, at least in their current form they’re unlikely to spy on you. The same can’t be said for this year’s in-demand, slightly older demographic equivalent, drones. As most of us are acutely aware, drones are naturally, albeit passively intrusive. Still, that doesn’t make them entirely benign and based on how much people talk… Read more


GAO report on privacy and security: a wake-up call for HHS?

For years, I have been a vocal proponent of securing protected health information. It is no secret that The U.S. Department of Health and Human Services (HHS) swept security and authentication under the rug during the rollout of electronic health records (EHRs) as to not to impede adoption of electronic records by providers by making it difficult to use them. The current minimum requirements for identity assurance are set low, requiring… Read more


November 25, 2016 - Guest Blogger Lars Birkeland, Marketing Director of Promon
Tesla cars can be stolen by hacking the app

Our researchers have demonstrated that because of lack of security in the Tesla smartphone app, cyber criminals could take control of the company’s vehicles, to the point where they can track and locate the car in real-time, and unlock and drive the car away unhindered. Such a hack gives criminals total control of the vehicle, providing additional functionality to that exposed by Keen Security Labs in a different hack in… Read more


November 15, 2016 - Guest Blogger Lars Birkeland, Marketing Director of Promon
A total of 89 per cent of users wouldn’t know if their mobile device had been cyber attacked

A recent survey by app security specialist Promon has revealed that mobile users are massively unaware of cyber threats, with an overwhelming 89 per cent of respondents admitting they wouldn’t know if their device has been infected through a cyber attack. Users’ lack of awareness of mobile threats presents a significant challenge for businesses across every sector, meaning companies need to take extra steps to secure their customers’ data. Avoiding… Read more


Too often security experts and security companies focus on the business to business (B2B) or business to government markets (B2G).  STOP. THINK. CONNECT.™ is the global online safety awareness campaign to help all digital citizens stay safer and more secure online addressing the consumer. Last month, the White House and the National Cyber Security Alliance (NCSA) launched “Lock Down Your Login,” a STOP. THINK. CONNECT.™ Initiative.  “We were basically approached by… Read more


The silent nature of all mobile attacks is what makes them so damaging. Sadly, users are still their own worst enemy as they are not taking the safeguards to help protect themselves in digital mobile market today. As reported by Infosecurity Magazine, today, only 45% report locking their phone with a pin, password or biometric. Yet 83% of consumers are extremely, very or somewhat concerned about Identity theft in America… Read more


Convenience Over Security is Often Not the Best Policy

Now NIST says SMS authentication is a “no-go” Forget your password?  No problem, just click “reset password” to receive a one-time code sent via SMS to your registered mobile phone.  From there you can create a new password to access your account. Inexpensive and Convenient?  Absolutely! Secure?  Maybe. Well, for federal agencies, “maybe” does not make the grade when it comes to security and the National Institute of Standards and… Read more


How to win Pokémon Go (by cheating)

What RASP can do for your app The hottest game in the market today is the new release Pokémon Go, developed by Niantic.  The game forces you to go outside and interact with the real world (in a safe manner, hopefully).  As you walk around, Pokémon appear and allow you to toss Pokéballs at them in an attempt to catch them all.  The more you walk the more you can… Read more


August 8, 2016 - John Gunn
5 Ways That DEF CON Totally Owned Black Hat

The world’s most influential IT security gatherings just concluded and it was bigger and badder than ever. It is magnificently convenient that the two most important conferences, Black Hat and DEF CON, happen the same week in the same city. For two confabs serving the same industry, you won’t find two more distinctly dissimilar events anywhere else. While the overlap in audience is huge (it seemed like every attendee at… Read more


SMS is insecure, and is no longer suitable as a strong authentication mechanism.

The news is in that the National Institute of Standards and Technology has finally stated what both security professionals and hackers alike have known for years: SMS is insecure, and is no longer suitable as a strong authentication mechanism.  SMS Messages are not protected from the wrong eyes seeing them, and there is no assurance that they will actually go to the intended recipient.  So everyone knew this day was… Read more