Half a billion IoT devices vulnerable, breaches at Homeland Security, FedEx, and the fastest growing cyberthreat
Software Integrity Insight is switching over to a monthly schedule, but we’ll still bring you the best SAST, DAST, and SCA security news as we find it. And don’t despair: You can still get your weekly fix of application security (and insecurity) news by following our colleague Taylor Armerding’s video blog, Security Mashup. With so many eyeballs, is open source security better? via eSecurity Planet: Dirk Hohndel, VP and chief open source officer at VMware: “One of the biggest challenges for any software product, whether it’s open source or not, is to get enough qualified reviewers to make sure that you don’t get overwhelmed by the speed of innovation and you take the time to actually do decent code review.” AppSec at the speed of DevOps in the age of open source via JAXenter: In the world of DevOps, traditional application security is no longer enough. How can we improve AppSec? What are the newest security challenges that arise as DevOps becomes more mature? JAXenter editor Gabriela Motroc caught up with Tim Mackey, technical evangelist for Black Duck by Synopsys at DevOpsCon 2018 to talk about all this and more. Retailers need to get real about security via Xconomy: There is big opportunity in online retailing. However, until retailers stop treating software as an ancillary aspect of their business and begin to think and act like software companies, security breaches will continue to plague them. IoT security flaw leaves 496 million devices vulnerable at businesses: Report via CRN: Nearly a half-billion Internet of Things devices are vulnerable to cyberattacks at businesses worldwide because of a 10-year-old security flaw, according to a new report from a security software vendor. Under GDPR, data breach reports in UK have quadrupled via BankInfoSecurity: In both March and April, the total number of breaches reported to the ICO was about 400, according to data released by the ICO last week. But the number of breach reports climbed to about 700 in May and hit about 1,750 in June, the ICO says. These are 2018’s biggest hacks, leaks, and data breaches [so far] via ZDNet: Homeland Security, FedEx, Orbitz, Aadhaar, L’Express, Cambridge Analytica, Twitter, T-Mobile, and more. Equifax’s security overhaul, a year after its epic breach via Wired: Jamil Farshchi, chief information security officer at Equifax: “The barriers you face at any company not post-breach is you’re always fighting for budget, you’re always fighting for face time, trying to justify and convince people about the importance of security and risk management. When you’re in a post-breach environment, everyone already knows that it’s critically important.” Best practices for application security testing in the era of DevOps and AI via DevOps.com: As the pace of application development techniques (and their inevitable vulnerabilities) evolve, AppSec personnel have found themselves caught between the desire to keep pace with their management of security testing requirements and their ability to allow the developer teams to operate in the modern, fast-paced ecosystem of DevOps and artificial intelligence. A guide to DevSecOps tools via SD Times: Synopsys, a recognized leader in application security, provides static analysis, software composition analysis, and dynamic analysis solutions that enable teams to quickly find and fix vulnerabilities and defects in proprietary code, open source components, and application behavior. Secure code: You are the solution to open source’s biggest problem via Dark Reading: Seventy-eight percent of open source codebases examined in a recent study contain at least one unpatched vulnerability, with an average of 64 known vulnerabilities per codebase. Unsecured server exposes 157 GB of highly sensitive data from Tesla, Toyota and more via CSO: A security researcher discovered 157 GB of highly sensitive data from more than 100 companies, including automakers such as Ford, GM, Tesla, Toyota, Chrysler, Fiat, and Volkswagen, exposed on the web. What is the fastest growing cyberthreat? 80% say supply chain attacks via TechRepublic: According to the report, nearly 90% of respondents believe they are currently at risk for a supply chain attack. . . . On average, supply chain attacks cost organizations $1.1 million. For US companies however, the average cost per attack is $1.27 million. Timehop breach provides GDPR response template via Synopsys Software Integrity blog: With the disclosure of 21 million individuals’ account information being accessed in a data breach at Timehop, we now have a blueprint for what public disclosure of a breach might look like under the new GDPR rules.
Posted in Open Source Security | Comments Off on Half a billion IoT devices vulnerable, breaches at Homeland Security, FedEx, and the fastest growing cyberthreat