Software Security

Archive for July 2016

 

Synopsys supports Presidential Policy Directive 41

New presidential directive outlines threat response and asset response activities and could be enhanced with use of the Synopsys Software Integrity Platform that includes AbuseSA, as well as Coverity, Defensics, Protecode, and Seeker. On Tuesday, the White House published the Presidential Policy Directive-41 (PPD-41) on United States Cyber Incident Coordination. Essentially it establishes a Cyber […]

Continue Reading...

Posted in Government Security | Comments Off on Synopsys supports Presidential Policy Directive 41

 

Checklist: Take control of your risk management process

The power of threat modeling is that it makes you think about your system’s specific characteristics. It allows you to gain visibility around weaknesses that pose significant impact to your entire organization. This checklist explores four key ways to use threat modeling to avoid sink holes in your risk management process. Identify threats that exist […]

Continue Reading...

Posted in Software Security Testing, Threat Modeling | Comments Off on Checklist: Take control of your risk management process

 

Dell patches software ‘backdoor’ in SonicWALL Global Management

Six software vulnerabilities, some critical, in Dell’s SonicWALL Global Management have been patched. An advisory last week from Digital Defense disclosed six vulnerabilities in the Dell SonicWALL Global Management System (GMS). The vulnerabilities could allow command injection, unauthorized XXE, default account, and unauthorized modification of virtual appliance networking information. GMS a used by enterprise organizations […]

Continue Reading...

Posted in Application Security, Vulnerability Assessment | Comments Off on Dell patches software ‘backdoor’ in SonicWALL Global Management

 

Smart baby crib: The newest way to welcome hackers into your home

A few weeks ago, Google-owned Nest published a patent for a “smart” or internet-connected smart baby crib that they filed in 2014. From the early designs and description of the smart crib, it will be equipped with a variety of sensors, cameras, and microphones to allow parents and caretakers to monitor every aspect of their […]

Continue Reading...

Posted in Internet of Things | Comments Off on Smart baby crib: The newest way to welcome hackers into your home

 

U.S. Department of Transportation wants more cybersecurity sharing

U.S. Department of Transportation Secretary Anthony Foxx urges automakers to share information about cybersecurity. Speaking at the Billington Cybersecurity Summit in Detroit, Foxx stressed industry collaboration aimed at keeping cars safe from being hacked. “There is no one company that can do on its own what all companies can accomplish together,” Foxx said. He added, […]

Continue Reading...

Posted in Automotive Security, Internet of Things | Comments Off on U.S. Department of Transportation wants more cybersecurity sharing

 

How connected cars are driving greater security concerns

Originally posted on SecurityWeek Early in 2001, before I was even in the IT Security business, I saw a glimpse of the future. While at a CIO conference dinner, I started talking to a gentleman who was responsible for the IT infrastructure behind an emerging new service called OnStar. The conversation soon turned to the […]

Continue Reading...

Posted in Internet of Things, Software Security Testing | Comments Off on How connected cars are driving greater security concerns

 

Blast from the past: 15-year-old security hole hits websites

A flaw in Httpoxy, first disclosed 15-years ago, has resurfaced and potentially leaves server-side website software open to hijackers. In response, The Apache Software Foundation, Red Hat, Ngnix and others have rushed to patched the httpoxy flaw, officially known as: CVE-2016-5385 in PHP; CVE-2016-5386 in Go; CVE-2016-5387 in Apache HTTP server; CVE-2016-5388 in Apache TomCat; […]

Continue Reading...

Posted in Software Security Testing, Web Application Security | Comments Off on Blast from the past: 15-year-old security hole hits websites

 

Software glitch affects Southwest Airlines flights

On Wednesday, technical problems with software disrupted nationwide travel for about three hours on Southwest Airlines. The Texas-based company confirmed the difficulties to USA Today. “We are now managing flight delays across our system,” the airline added in its statement from 4:40 p.m. ET. “We apologize to our customers whose travel plans are impacted. We […]

Continue Reading...

Posted in Software Security Testing, Vulnerability Assessment | Comments Off on Software glitch affects Southwest Airlines flights

 

Web application security threats and countermeasures

Security is a game of constant catch-up. We are always trying to secure against threats while remaining agile enough to accommodate the unanticipated curve ball. Properly mitigating threats requires strong security considerations during development, deployment, and maintenance of a Web application. In this post, we’ll examine how maintaining focus on key threats to a Web application […]

Continue Reading...

Posted in Software Security Testing, Web Application Security | Comments Off on Web application security threats and countermeasures

 

The rise of ransomware

Ransomware has become quite the lucrative discipline. Cyber-criminals are on pace to rake in 1 billion dollars this year by extorting businesses though ransomware. The FBI recently revealed that $209 million dollars were lost to cyber-extortion within the first three months of 2016. What’s causing the rise of ransomware? Criminals distribute ransomware as a means […]

Continue Reading...

Posted in Data Breach, Vulnerability Assessment, Web Application Security | Comments Off on The rise of ransomware