Software Integrity Blog

Search Results for 'insider threat'

 

Don’t let insider threats rain on your cloud deployment

Insider threats in cloud computing are increasing. Reduce your exposure to both malicious and careless insider threats by securing your cloud deployments.

Continue Reading...

Posted in Cloud Security

 

Ex-CIA employee insider threat, FlightTrader24 hack, and RedHat licenses

Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity in this week’s Security Mashup episode. What’s in this week’s Security Mashup episode, you ask? Ex-CIA employee insider threat and how he was outed, insight into the FlightTrader24 hack, and what you need to know about the RedHat open source license copyright conundrum. Watch and learn more:

Continue Reading...

Posted in Data Breach, General, Open Source Security

 

10 critical cloud security threats in 2018 and beyond

Explore 10 critical cloud security threats: data breaches, human error, data loss, insider threats, DDoS attacks, insecure APIs, exploits, account hijacking, APTs, and CPU flaws.

Continue Reading...

Posted in Cloud Security, General

 

For sale: voter data, ‘unbowed’ by Florence or ransomware, and binding email security

Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity in this week’s Security Mashup. What’s in this week’s Security Mashup, you ask? Voter records for sale on the dark web, what the ONWASA ransomware attack says about the state of critical infrastructure security, and the government does DMARC adoption right. Watch this week’s episode here:

Continue Reading...

Posted in General

 

Creating a secure SDLC, solving open source’s biggest problem, government unprepared for cyber attacks

This week in the news: creating a secure SDLC, solving open source’s biggest problem, our government is unprepared for cyber attacks, and more.

Continue Reading...

Posted in Open Source Security

 

Blockchain security and the cryptocurrency boom, Part 1: Theory

Thanks to Bitcoin, it’s fair to say that “blockchain” is a buzzword at the moment—like DevOps, or Zumba. This article isn’t going to dive into what a blockchain is, because many others out there already do that. Here’s a pretty good one that has a snappy description of the evolution of Bitcoin and its symbiotic buddy, blockchain. (I may have written that one as well.)

Continue Reading...

Posted in Financial Services Security

 

Top cyber security trends of 2016

As we near the end of 2016, it’s time to reflect on some of the biggest security issues that we saw this year. 2016 was an interesting year in which many security issues came into focus. We saw many attacks with a goal of financial gain. We saw nation-states threatening cyber attacks around the US election. And, we saw the revival of the security versus privacy debate that rages on.

Continue Reading...

Posted in Data Breach

 

If you’re only as strong as your allies, should you trust third-party code?

Originally posted on SecurityWeek

Continue Reading...

Posted in General, Open Source Security

 

3 security risks that architecture analysis can resolve

Verizon performs an annual assessment of a large sample of breaches and attacks that take place all over the world and analyzes the most common problems and key areas which lead to major attacks. In this article, we discuss three specific security incident patterns from Verizon’s report and how architecture analysis assessments can help organizations detect and prevent these issues earlier in the software development life cycle (SDLC). Point-of-Sale (PoS) intrusions Point-of-Sale (PoS) intrusion happens when an attacker tries to capture payment data by compromising the computers/servers running the PoS applications. Such attacks can originate from a social engineering attack (like a phone call to gain credentials) to a more sophisticated mechanism involving multiple steps. Trends from the past three years show a constant growth in PoS attacks (2013 – 173, 2014 – 196, and 2015 – 396).

Continue Reading...

Posted in Software Architecture and Design, Web Application Security

 

Detection strategies to unmask the source of malicious code

Let’s imagine you discover a string of suspicious code within one of your applications. Perhaps a routine scan by your application testing team finds a point of interest that indicates malcode, such as a time bomb or backdoor, has been inserted by a malicious insider within your software supply chain.

Continue Reading...

Posted in Software Architecture and Design