Software Integrity Blog

Author Archive

Robert Vamosi

robertvamosi


Posts by Robert Vamosi:

 

Improper input flaw affects most Android phones

On Thursday security researchers disclosed that a Qualcomm flaw that may expose users’ text messages, call histories, and possibly other sensitive data. In a blog from FireEye the company’s Mandiant Red Team detected CVE-2016-2060 which leverages CWE-20 (Improper Input Validation). CodeAurora “the netd service does not properly validate the interface name when a new upstream […]

Continue Reading...

Posted in Uncategorized | Comments Off on Improper input flaw affects most Android phones

 

Fitbit IoT bathroom scale hit with critical vulnerabilities

Users of Fitbit’s Aria internet-connected smart scales will need to install a firmware patch as a result of critical security flaws reported last week. Google’s Project Zero researcher Tavis Ormandy disclosed “a static transaction identifier for DNS requests, which could allow an attacker to trick the scale into synchronizing with a non-Fitbit server,” according to […]

Continue Reading...

Posted in Internet of Things | Comments Off on Fitbit IoT bathroom scale hit with critical vulnerabilities

 

Anti-virus scan shuts down medical device … During a procedure

In February 2016, a patient undergoing a routine cardiac catheterization procedure had to remain sedated five additional minutes while the device rebooted as the result of ant-virus scan. Merge Healthcare describes its Merge Hemo as a device that “monitors, measures, and records physiological data from a human patient undergoing a cardiac catheterization procedure.” however, as […]

Continue Reading...

Posted in Medical Device Security | Comments Off on Anti-virus scan shuts down medical device … During a procedure

 

Podcast: Securing the supply chain through procurement language, Part 2

Until recently, there has not been real pressure to have supply chain software vendors attest to the validity of their wares. But with the introduction of software into automobiles, television sets, and medical devices, software integrity has taken on greater meaning. Many industries have specific hardware procurement requirements for parts introduced into their supply chains, […]

Continue Reading...

Posted in Software Architecture and Design, Web Application Security | Comments Off on Podcast: Securing the supply chain through procurement language, Part 2

 

Satellite spins itself to destruction after receiving bad data

A Japanese X-ray telescope disintegrated in orbit after bad data in a software update package made it unstable. The satellite, Hitomi, also known as ASTRO-H, was launched in February 2016, and at the end of March became unstable. Last week the Japanese government announced it had lost the $286 million satellite, as well as three […]

Continue Reading...

Posted in Uncategorized | Comments Off on Satellite spins itself to destruction after receiving bad data

 

German nuclear plant finds PCs full of viruses

More than a dozen common computer viruses have been found on PCs at one nuclear plant in Germany, according to its operator. The German utility RWE, which runs the Gundremmingen plant, located about 75 miles northwest of Munich, said it found the malware “W32.Ramnit” and “Conficker,” among others, in a computer system the company retrofitted […]

Continue Reading...

Posted in Critical Infrastructure Security | Comments Off on German nuclear plant finds PCs full of viruses

 

Connected car security and privacy questioned

A new report due out on Monday from U.S. senator finds that the auto makers attempts to prevent hackers from gaining control of a vehicle’s electronics are “inconsistent and haphazard,” while the companies collect driver histories, and other personal data, often without customer consent. “Drivers have come to rely on these new technologies, but unfortunately […]

Continue Reading...

Posted in Automotive Security, Internet of Things | Comments Off on Connected car security and privacy questioned

 

SWIFT interbank network patches software vulnerabilities

SWIFT, the Society for Worldwide Interbank Financial Telecommunication, has issued a patch after identifying a vulnerability that may have lead to last month’s theft of theft of $81 million from a Bangladesh Bank account at the New York Federal Reserve Bank. “SWIFT is aware of a number of recent cyber incidents in which malicious insiders […]

Continue Reading...

Posted in Financial Services Security, Software Architecture and Design | Comments Off on SWIFT interbank network patches software vulnerabilities

 

As FDA medical device comment period ends, 2 healthcare organizations call for more standards

Two healthcare executive organizations are calling on the Food & Drug Administration (FDA) and the Department of Health and Human Services (HHS) to produce more guidance for medical device manufacturers. In seeking to clarify the need for greater collaboration among medical device manufacturers around cybersecurity in general, the Food & Drug Administration (FDA) last January […]

Continue Reading...

Posted in Medical Device Security, Security Standards and Compliance | Comments Off on As FDA medical device comment period ends, 2 healthcare organizations call for more standards

 

US Congress investigates Juniper software flaw

On Wednesday, a tech savvy member of the U.S. Congress criticized a no show by Juniper Networks executives during a hearing exploring whether any government data was stolen as a result of a software flaw first disclosed last December. Rep. Ted Lieu (D-Calif.) said “I find it disrespectful that they did not come here to […]

Continue Reading...

Posted in Uncategorized | Comments Off on US Congress investigates Juniper software flaw