Software Integrity

Search Results for 'threat intelligence'

 

Half a billion IoT devices vulnerable, breaches at Homeland Security, FedEx, and the fastest growing cyberthreat

Software Integrity Insight is switching over to a monthly schedule, but we’ll still bring you the best SAST, DAST, and SCA security news as we find it. And don’t despair: You can still get your weekly fix of application security (and insecurity) news by following our colleague Taylor Armerding’s video blog, Security Mashup. With so […]

Continue Reading...

Posted in Open Source Security | Comments Off on Half a billion IoT devices vulnerable, breaches at Homeland Security, FedEx, and the fastest growing cyberthreat

 

Ukraine dodges attack, but VPNFilter threat remains

Ukraine had been warned. So it was prepared. And the result, according to the government’s intelligence branch, the Security Service of Ukraine (SBU), is that it was able to detect and thwart a cyber attack that used the now notorious VPNFilter malware against the Auly Chlorine Distillation Station, which supplies chlorine to 23 provinces of […]

Continue Reading...

Posted in Critical Infrastructure Security, Internet of Things | Comments Off on Ukraine dodges attack, but VPNFilter threat remains

 

Artificial intelligence for open source risk management

Artificial Intelligence (AI) is revolutionizing the way we live, work and think. In recent times, computing machines have become intelligent enough to recognize real world objects, recognize speech, learn programs, paint like an artist, or even dream like humans. Security and reliability of software systems, which is enormously important to our modern economy, is also […]

Continue Reading...

Posted in Agile, CI/CD & DevOps, Open Source Security | Comments Off on Artificial intelligence for open source risk management

 

4 threat modeling questions to ask before your next Agile sprint

Creating a threat model for a moderately complex application can take several weeks and requires a certain level of software security expertise. Just because you’re following an Agile development methodology doesn’t mean that you can ignore potential flaws in the design of the application. The way in which you look for those flaws may need […]

Continue Reading...

Posted in Agile, CI/CD & DevOps, Software Architecture and Design | Comments Off on 4 threat modeling questions to ask before your next Agile sprint

 

Threats threatening with threats

By now, everyone has heard of the Mandiant report. Many of you have taken the time to read it. This report and the discussion it generated refers to ‘threat’ so frequently that it’s worth discussing how its use of the word differs from what you commonly see here. The buzz around hundreds of individuals poking […]

Continue Reading...

Posted in Software Architecture and Design | Comments Off on Threats threatening with threats

 

Need a job? Consider a career in cyber security | NCSAM at Synopsys

Now more than ever, deciding on a career is a daunting prospect. Yes, unemployment’s at a record low, and new jobs will inevitably replace whatever jobs are lost to “progress.” But those seeking new careers now have to consider that their next career will probably not be their last one. Between artificial intelligence, robots, and […]

Continue Reading...

Posted in General | Comments Off on Need a job? Consider a career in cyber security | NCSAM at Synopsys

 

Hacking Security Episode 2: The 4 CISO tribes

Hacking Security is a monthly podcast on emerging trends in application security development hosted by Steve Giguere, lead EMEA engineer at Synopsys. The CISO Report In Episode 2, we discuss notable CISOs and then dive into the four tribes found in the Synopsys CISO Report. Take 20 minutes to listen to the latest episode below. Transcript […]

Continue Reading...

Posted in Hacking Security, Podcasts, Web Application Security | Comments Off on Hacking Security Episode 2: The 4 CISO tribes

 

Porous portals, Newegg is a broken egg, and Mirai’s creators have new hats

Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity in this week’s Security Mashup. What’s in this week’s Security Mashup, you ask? Porous payment portals lead to government data breaches, Magecart pwns Newegg, and the Mirai creators trade in their black hats for white ones. Watch this week’s […]

Continue Reading...

Posted in Data Breach, Government Security, Weekly Security Mashup | Comments Off on Porous portals, Newegg is a broken egg, and Mirai’s creators have new hats

 

CVE-2018-11776—The latest Apache Struts vulnerability

About a week ago, a security researcher disclosed a critical remote code execution vulnerability in the Apache Struts web application framework that could allow remote attackers to run malicious code on the affected servers. The vulnerability (CVE-2018-11776) affects all supported versions of Struts 2 and was patched by the Apache Software Foundation on Aug. 22. Users of […]

Continue Reading...

Posted in Data Breach, Open Source Security, Software Composition Analysis | Comments Off on CVE-2018-11776—The latest Apache Struts vulnerability

 

Vulnerable routers are still out there—and hackers are noticing

Vulnerable routers aren’t news Long ago and far away—in 2014, which is indeed long ago and far away in our cutting-edge world of information technology—security gurus like Dan Geer, Jim Gettys, and Bruce Schneier were issuing urgent warnings about the catastrophic insecurity of routers—those devices in our homes that give us access to the World […]

Continue Reading...

Posted in Internet of Things, Static Analysis (SAST) | Comments Off on Vulnerable routers are still out there—and hackers are noticing