It took security researchers only minutes to gain access to more than a dozen voting machines at last month’s DEF CON security conference. The nearly two dozen machines, all purchased from eBay and government auctions, are considered representative of the wide variety of electronic voting systems in use today. One even contained actual voting data from a previous election, exposing another issue: how to delete old data.
Continue Reading...
Posted in Data Breach Security | Comments Off on DEF CON 25 exposes voting system vulnerabilities
The Internet of Things (IoT) Cybersecurity Improvement Act of 2017 aims to mitigate risks and increase security in IoT products. Does it stand a chance?
Continue Reading...
Posted in IoT Security | Comments Off on How will new IoT legislation strengthen the future of cyber security?
Before the public sessions kick off at Black Hat on Wednesday and Thursday, there are four days of training courses. The course I took part in this year was a two-day, hands-on car hacking course. My instructor, Robert Leale, is the founder and coordinator for the car hacking village at DEF CON. Both the weekend and weekday editions of this course were sold out.
Continue Reading...
Posted in Automotive Cyber Security | Comments Off on Are there ever legitimate reasons for hacking a car?
A vulnerability in a single software component, found in an internet-connected security camera, may leave thousands of different security camera models (and other Internet of Things devices) at risk. But Devil’s Ivy and other such flaws can be avoided with effective software supply chain management.
Continue Reading...
Posted in IoT Security, Software Composition Analysis (SCA) | Comments Off on Devil’s Ivy security vulnerability leaves IoT devices at risk
By mid-2018, global organizations doing business in Europe will need to comply with a new data security regulation known as the General Data Protection Regulation (GDPR). In light of recent high-profile data breaches, the GDPR is a much-needed revision of the EU’s 1995 Data Protection Directive 95/46/EC. It establishes new best practices for organizations doing business in the EU.
Continue Reading...
Posted in Data Breach Security, Software Compliance, Quality & Standards | Comments Off on How will the EU’s GDPR set a higher data security standard?
There are initiatives in the auto industry and in municipal governments to roll out V2I and V2V communication systems responsibility and securely.
Continue Reading...
Posted in Automotive Cyber Security, Data Breach Security | Comments Off on New V2V communication could give hackers a free ride
The State of Software Composition 2017 identified 16,868 unique software components and versions, a majority of which were FOSS packages and libraries. Clearly, open source is here to stay. So what are the pros and cons of using it?
Continue Reading...
Posted in Open Source Security, Software Composition Analysis (SCA) | Comments Off on The pros and cons of adding open source to your software
50% of the vulnerabilities we found were more than four years old. In almost every case, newer versions of these vulnerable software components were available.
Continue Reading...
Posted in Open Source Security | Comments Off on Synopsys report finds old, vulnerable software components still in use
With just one line of code, a malicious attacker can exploit a recently disclosed seven-year-old vulnerability in SAMBA. Known as CVE-2017-7494, the vulnerability affects Linux and Unix systems that:
Continue Reading...
Posted in Software Architecture & Design, Web Application Security | Comments Off on 7-year-old SAMBA flaw prompts new concerns (and patches)
A new report investigates whether medical device makers and healthcare delivery organizations align on the need to address cyber security risks.
Continue Reading...
Posted in Healthcare Security & Privacy, Medical Device Security | Comments Off on Synopsys report finds the medical device industry vulnerable to attack
