Software Integrity

Archive for June 2016

 

Supply chain firmware flaw may have helped botnet spawn

Flaws in firmware commonly used by Closed Circuit TV (CCTV) devices worldwide have been exploited to create a powerful IoT-based botnet, according to one security firm. On Monday, Securi published a blog about a customer, a small jewelry shop, that was seeing a large amount of network traffic through its CCTV cameras. Investigating further, the […]

Continue Reading...

Posted in Internet of Things | Comments Off on Supply chain firmware flaw may have helped botnet spawn

 

How does Agile overcome common software security challenges?

Paradoxically, security is a negative goal. To secure something, you must understand how insecure it is. Start by trying to break it or by figuring out how other people might break it. The same is true of software. For example, a simple user input field on a mobile or web app may require the user to […]

Continue Reading...

Posted in Agile Methodology, Software Development Life Cycle (SDLC), Software Security Testing | Comments Off on How does Agile overcome common software security challenges?

 

Vulnerabilities hit anti-malware software solutions

A Google researcher has disclosed a number of very serious vulnerabilities in Symantec and Norton anti-malware products. “These vulnerabilities are as bad as it gets,” wrote Google’s Project Zero researcher Tavis Ormandy. “They don’t require any user interaction, they affect the default configuration, and the software runs at the highest privilege levels possible. In certain […]

Continue Reading...

Posted in Application Security, Software Security Testing, Vulnerability Assessment | Comments Off on Vulnerabilities hit anti-malware software solutions

 

Feds consider a ‘hack the FDA’ bug bounty program

Coming on the heels of a successful “Hack the Pentagon” bug bounty program, in which one 18-year old received a $1K prize, the U.S. Federal Government is considering a similar program for healthcare. Last Thursday, Lucia Savage, chief privacy officer at HHS’s Office of the National Coordinator for Health Information Technology, said that the practice […]

Continue Reading...

Posted in Medical Device Security | Comments Off on Feds consider a ‘hack the FDA’ bug bounty program

 

CISO strategies for overcoming weak organizational trust

Organizations have a CISO in place to set the risk tolerance tone for the firm. CISOs are responsible for protecting terabytes of sensitive data. They strategize the organization’s technical risk management within the overarching business objectives. They manage the risks that come with internal software assets and third-party vendors. They ensure that operations follow regulatory standards, and do […]

Continue Reading...

Posted in Application Security, Security Risk Assessment | Comments Off on CISO strategies for overcoming weak organizational trust

 

Old malware creates new headaches for healthcare IT

A new study finds that old malware is actively being exploited in healthcare environments. On Monday, TrapX, a deceptive technology start up, released a report on Medical Device Hijack or Medjack entitled Anatomy of an Attack – Medical Device Hijack 2. The report, which updates a similar report from last year, is based on attacks […]

Continue Reading...

Posted in Medical Device Security | Comments Off on Old malware creates new headaches for healthcare IT

 

Why patching core open source libraries is only half the battle

On Tuesday, Talos, a division of Cisco, warned against three critical memory-related vulnerabilities that remain exploitable even after patching an open source component. Up to 90 percent of software today consists of third party components. Admins today must also ensure that third-party software running the library is also fixed. In other words, what are the […]

Continue Reading...

Posted in Open Source Security, Vulnerability Assessment | Comments Off on Why patching core open source libraries is only half the battle

 

Lexus infotainment systems go dark after software glitch

Toyota confirmed on Thursday that infotainment and navigation systems on some Lexus models have shut down due to a software glitch. An automatic software update sent to 2014 to 2016 Lexus vehicles equipped with a specific generation “Enform” system with navigation. Toyota said owners experiencing the loss of infotainment and navigation should visit their dealer […]

Continue Reading...

Posted in Automotive Security, Internet of Things | Comments Off on Lexus infotainment systems go dark after software glitch

 

Are your applications really protected? It’s all about the pivot

Originally posted on SecurityWeek Hackers are human. Hopefully that doesn’t surprise you too much. Being human means that they are subject to human tendencies, like taking the path of least resistance. To a hacker, this means avoiding the most protected way to an asset. They know that no one can simply walk into the room […]

Continue Reading...

Posted in Agile Methodology, Application Security, Network Security, Software Security Testing | Comments Off on Are your applications really protected? It’s all about the pivot

 

VA to adopt UL Cybersecurity Assurance Program

The U.S. Department of Veteran Affairs (VA) and UL (Underwriters Laboratories) have signed Cooperative Research and Development Agreement Program (CRADA) for medical devices cybersecurity standards and certification approaches. CRADA project will support improvement of Veterans patient safety and security through the use and verification of UL’s Cybersecurity Assurance Program (UL CAP), an independent third-party testing […]

Continue Reading...

Posted in Medical Device Security, Security Standards and Compliance | Comments Off on VA to adopt UL Cybersecurity Assurance Program