It took security researchers only minutes to gain access to more than a dozen voting machines at last month’s DEF CON security conference. The nearly two dozen machines, all purchased from eBay and government auctions, are considered representative of the wide variety of electronic voting systems in use today. One even contained actual voting data from a previous election, exposing another issue: how to delete old data.
Continue Reading...
Posted in Data Breach Security, Public Sector Cyber Security
The Internet of Things (IoT) Cybersecurity Improvement Act of 2017 aims to mitigate risks and increase security in IoT products. Does it stand a chance?
Continue Reading...
Posted in IoT Security
Before the public sessions kick off at Black Hat on Wednesday and Thursday, there are four days of training courses. The course I took part in this year was a two-day, hands-on car hacking course. My instructor, Robert Leale, is the founder and coordinator for the car hacking village at DEF CON. Both the weekend and weekday editions of this course were sold out.
Continue Reading...
Posted in Automotive Cyber Security
A vulnerability in a single software component, found in an internet-connected security camera, may leave thousands of different security camera models (and other Internet of Things devices) at risk. But Devil’s Ivy and other such flaws can be avoided with effective software supply chain management.
Continue Reading...
Posted in IoT Security, Software Composition Analysis (SCA)
By mid-2018, global organizations doing business in Europe will need to comply with a new data security regulation known as the General Data Protection Regulation (GDPR). In light of recent high-profile data breaches, the GDPR is a much-needed revision of the EU’s 1995 Data Protection Directive 95/46/EC. It establishes new best practices for organizations doing business in the EU.
Continue Reading...
Posted in Data Breach Security, Software Compliance, Quality & Standards
There are initiatives in the auto industry and in municipal governments to roll out V2I and V2V communication systems responsibility and securely.
Continue Reading...
Posted in Automotive Cyber Security, Data Breach Security
The State of Software Composition 2017 identified 16,868 unique software components and versions, a majority of which were FOSS packages and libraries. Clearly, open source is here to stay. So what are the pros and cons of using it?
Continue Reading...
Posted in Open Source Security, Software Composition Analysis (SCA)
50% of the vulnerabilities we found were more than four years old. In almost every case, newer versions of these vulnerable software components were available.
Continue Reading...
Posted in Open Source Security
With just one line of code, a malicious attacker can exploit a recently disclosed seven-year-old vulnerability in SAMBA. Known as CVE-2017-7494, the vulnerability affects Linux and Unix systems that:
Continue Reading...
Posted in Software Architecture & Design, Web Application Security
A new report investigates whether medical device makers and healthcare delivery organizations align on the need to address cyber security risks.
Continue Reading...
Posted in Healthcare Security & Privacy, Medical Device Security
