Software Integrity Blog

Author Archive

Robert Vamosi

robertvamosi


Posts by Robert Vamosi:

 

New hospital ransomware targets JBoss flaws

Ransomware is malicious software that encrypts data until a ransom is paid. Recently there has been a spate of attacks against healthcare organizations. On Monday, Washington-based MedStar Health had to shut down operations because of ransomware.

Continue Reading...

Posted in Healthcare Security, Medical Device Security | Comments Off on New hospital ransomware targets JBoss flaws

 

Supply chain firmware weakens surveillance camera security

According to a researcher at RSA, the software running on closed circuit camera used by over 70 different vendors may be vulnerable to “root” access to the affected device. In this case the new attack vector compromises the Digital Video Recorder boxes, the part of the camera that stores the images for later viewing.

Continue Reading...

Posted in Internet of Things | Comments Off on Supply chain firmware weakens surveillance camera security

 

Early notice of Badlock bug draws criticism

Engineers at Microsoft and the Samba Team have put system administrators on notice—without providing much detail. Call it an awareness campaign that something serious will be disclosed mid-April. But some in the security community are questioning the need for the early notice.

Continue Reading...

Posted in Software Architecture and Design | Comments Off on Early notice of Badlock bug draws criticism

 

Hospitals under attack from ransomware

Are computer criminals drawn to hospital networks by the lure of valuable patient health data? Or is it perhaps because hospitals and healthcare providers appear to be the least secure kids on the internet these days?

Continue Reading...

Posted in Healthcare Security | Comments Off on Hospitals under attack from ransomware

 

Uber wants you to find its software flaws

The ride-sharing company Uber today released a technical map of its computer and communications system along with an invitation to security researchers help secure their software. According to the Reuters News Service, Uber has released a “treasure map” of its software infrastructure, identifying what sorts of data might be exposed inadvertently and suggesting what types of flaws are the most likely to be found. A list on HackerOne enumerates what is and what is not a valid vulnerability.

Continue Reading...

Posted in Automotive Security | Comments Off on Uber wants you to find its software flaws

 

Apple iMessage vulnerability patched in iOS 9.3

Communications via Apple’s popular iMessage are vulnerable with a software flaw that could allow attackers to decrypt a photo stored on the company’s iCloud backup system, according to Matthew D. Green, a computer science professor at Johns Hopkins University. Green led the research team that found the bug in Apple’s encryption that would enable an attacker to decrypt photos and videos sent as secure instant messages. It would not, according to the WashingtonPost.com, allow an attacker to decrypt an entire iPhone, however.

Continue Reading...

Posted in Mobile Application Security | Comments Off on Apple iMessage vulnerability patched in iOS 9.3

 

Adobe Flash flaw compromises ‘kid-friendly’ tablet

It’s a familiar story: A newly disclosed software flaw could allow a remote hacker to follow a user’s online activity, activate the in-built microphone, and take pictures using the front-facing camera on the device. The problem is in this case the device is a kid’s toy.

Continue Reading...

Posted in Internet of Things | Comments Off on Adobe Flash flaw compromises ‘kid-friendly’ tablet

 

Big banks as security vendors

Stung by early data breaches, some big banks have been quietly developing their own software products to protect their global assets.

Continue Reading...

Posted in Financial Services Security | Comments Off on Big banks as security vendors

 

Smart home, dumb software mistake

Over the weekend, Hive, which is an automated home thermostat system run by British Gas. suffered a glitch, causing dozens of customers to boil with rage – literally.

Continue Reading...

Posted in Internet of Things | Comments Off on Smart home, dumb software mistake

 

New OpenSSL flaws to be patched

On Tuesday, the first day of RSA 2016, the OpenSSL project will released updates, specifically versions 1.0.2g, 1.0.1s. All that is known is that the organization ranks these with maximum severity “high”. According to the OpenSSL Policy, high means the patch will include issues that are of a lower risk than critical, perhaps due to affecting less common configurations, or which are less likely to be exploitable.

Continue Reading...

Posted in Open Source Security | Comments Off on New OpenSSL flaws to be patched