Software intended to protect your computer from malware and remote attackers shouldn’t be vulnerable to exploitation, yet that is what one security researcher is finding.
Discovering password manager vulnerability
Posted in General | Comments Off on When your anti-malware program has a zero-day
A security researcher disclosed on Wednesday that certain Nissan Leaf models can allow their heating and air-conditioning systems to be hijacked because of a flaw in its companion app. Security researcher Troy Hunt found that the NissanConnect app needed only the vehicle identification number (VIN) for any Nissan Leaf car to take control. However, he found that since the commands could also be sent via a web browser, one didn’t need the app to take control of the cars.
Posted in Automotive Security, Internet of Things | Comments Off on Nissan Leaf app flaw allows remote access
On Tuesday, the Federal Trade Commission (FTC) announced a decision to require network hardware manufacturer Asus to provide and maintain a comprehensive security program for the next 20 years and also be subject to audits. The action stems from a remote attack on Asus routers in February 2014.
Posted in Uncategorized | Comments Off on Asus settlement prompts federal monitoring
Lockheed Martin’s new F-35 fighter jet won’t begin testing to see how it will perform in combat until at least August 2018, one full year later than planned, according to sources. That’s because of software vulnerabilities. The F-35 has been characterized as a flying computer, with more than 8 million lines of software code, so the software has to be flawless.
Flaws identified in the F-35
According to Michel Gilmore, the U.S. Defense Department’s top weapons tester, a number of flaws have been identified within the “3F” software, which is considered crucial to the fighter jet. For one thing, the 3F software gives the F-35 its full combat capability. The software delay hasn’t stopped production, however.
Posted in Software Architecture and Design | Comments Off on Software flaw postpones Lockheed Martin’s F-35
A number of Mac apps, including popular ones such as Camtasia and uTorrent, are susceptible to man-in-the-middle attacks, according to new research. A vulnerability found in Sparkle, a third-party software framework used by Mac apps to receive updates, could allow a remote attacker to install malicious code.
Posted in Software Architecture and Design | Comments Off on Mac apps vulnerable to third-party update flaw
A supplier for audio-visual equipment to the US federal government on Thursday issued an update to its products that removed a potential backdoor that could allow “higher privileges than even administrative access to the system via the backdoor,” according to the researchers who first reported it.
Posted in Uncategorized | Comments Off on Backdoor found in government AV equipment
Hoping to end manufacturer responsibility around the issuance of software updates for medical devices, and whether or not such updates change the device’s compliance status, the Food & Drug Administration (FDA) last Friday released a new draft document that also calls for greater collaboration among medical device manufacturers around cybersecurity in general. The document looks at both pre-market considerations as well as post-market considerations for the mitigation of patient risk when improving the security posture of their products.
Posted in Healthcare Security, Medical Device Security | Comments Off on FDA clarifies medical device security