Software Integrity Blog

Author Archive

Robert Vamosi

robertvamosi


Posts by Robert Vamosi:

 

Connected trucks could pave the way for autonomous cars

On Thursday, representatives from the Netherlands will meet with the EU in Rotterdam to define potential changes to legislation to make self-driving cars a reality in Europe. This comes at the end of a successful trial where a platoon of trucks was connected over Wi-Fi, with the first vehicle determining the speed and route of the trucks.

Continue Reading...

Posted in Automotive Security | Comments Off on Connected trucks could pave the way for autonomous cars

 

Report finds criminal use of zero days doubled in 2015

The latest edition of the Symantec Internet Security Threat Report finds that the use of zero days, software flaws previously unknown to the software vendor, doubled in 2015 over the previous year. That’s a 125 percent increase from the year before. Or, as Symantec phrased it on their web site, that’s a new zero-day vulnerability found every week (on average) in 2015.

Continue Reading...

Posted in Software Architecture and Design | Comments Off on Report finds criminal use of zero days doubled in 2015

 

Open Source Vulnerability Database suspends operation

The Open Source Vulnerability Database is no more.

Continue Reading...

Posted in Open Source Security, Software Architecture and Design | Comments Off on Open Source Vulnerability Database suspends operation

 

Toyota working with Microsoft Azure on new connected services

Toyota announced it will expand its five-year-old partnership with Microsoft. In a blog published Monday, Microsoft said the intent is for Toyota to create new internet-connected vehicle services for owners and dealers.

Continue Reading...

Posted in Automotive Security | Comments Off on Toyota working with Microsoft Azure on new connected services

 

Podcast: Rauli Kaksonen on discovering Heartbleed

It’s been two years since a critical vulnerability, CVE-2014-0160 better known as Heartbleed, was first disclosed. The flaw, found in certain older versions of OpenSSL, did not properly handle Heartbeat Extension packets, protocol is to determine the persistence of the another machine in a transaction, in this case the encryption between a client and a server. It affected hundreds of thousands of popular websites, and allowed an attacker to request more than a simple response; it could allow for the leakage of passphrases and encryption keys.

Continue Reading...

Posted in Open Source Security, Software Architecture and Design | Comments Off on Podcast: Rauli Kaksonen on discovering Heartbleed

 

2 years later, 200K+ IP addresses remain vulnerable to Heartbleed

The numbers aren’t impressive. In the first month after the Heartbleed vulnerability was disclosed in April 2014, nearly 300,000 IP addresses patched their systems. But over the course of the next 22 months, only one-third of the remaining vulnerable systems were patched. That means roughly 200,000 systems remain vulnerable worldwide today.

Continue Reading...

Posted in Open Source Security, Web Application Security | Comments Off on 2 years later, 200K+ IP addresses remain vulnerable to Heartbleed

 

New hospital ransomware targets JBoss flaws

Ransomware is malicious software that encrypts data until a ransom is paid. Recently there has been a spate of attacks against healthcare organizations. On Monday, Washington-based MedStar Health had to shut down operations because of ransomware.

Continue Reading...

Posted in Healthcare Security, Medical Device Security | Comments Off on New hospital ransomware targets JBoss flaws

 

Supply chain firmware weakens surveillance camera security

According to a researcher at RSA, the software running on closed circuit camera used by over 70 different vendors may be vulnerable to “root” access to the affected device. In this case the new attack vector compromises the Digital Video Recorder boxes, the part of the camera that stores the images for later viewing.

Continue Reading...

Posted in Internet of Things | Comments Off on Supply chain firmware weakens surveillance camera security

 

Early notice of Badlock bug draws criticism

Engineers at Microsoft and the Samba Team have put system administrators on notice—without providing much detail. Call it an awareness campaign that something serious will be disclosed mid-April. But some in the security community are questioning the need for the early notice.

Continue Reading...

Posted in Software Architecture and Design | Comments Off on Early notice of Badlock bug draws criticism

 

Hospitals under attack from ransomware

Are computer criminals drawn to hospital networks by the lure of valuable patient health data? Or is it perhaps because hospitals and healthcare providers appear to be the least secure kids on the internet these days?

Continue Reading...

Posted in Healthcare Security | Comments Off on Hospitals under attack from ransomware