Software Integrity Blog

Author Archive

Robert Vamosi

robertvamosi


Posts by Robert Vamosi:

 

New hospital ransomware targets JBoss flaws

Ransomware is malicious software that encrypts data until a ransom is paid. Recently there has been a spate of attacks against healthcare organizations. On Monday, Washington-based MedStar Health had to shut down operations because of ransomware. One variation of ransomware, SamSam, stands out because it skips the user and focuses directly on the network under […]

Continue Reading...

Posted in Healthcare Security, Medical Device Security | Comments Off on New hospital ransomware targets JBoss flaws

 

Supply chain firmware weakens surveillance camera security

According to a researcher at RSA, the software running on closed circuit camera used by over 70 different vendors may be vulnerable to “root” access to the affected device. In this case the new attack vector compromises the Digital Video Recorder boxes, the part of the camera that stores the images for later viewing. In […]

Continue Reading...

Posted in Internet of Things | Comments Off on Supply chain firmware weakens surveillance camera security

 

Early notice of Badlock bug draws criticism

Engineers at Microsoft and the Samba Team have put system administrators on notice—without providing much detail. Call it an awareness campaign that something serious will be disclosed mid-April. But some in the security community are questioning the need for the early notice. On Wednesday the site Badlock bug went live three weeks early to give […]

Continue Reading...

Posted in Software Architecture and Design | Comments Off on Early notice of Badlock bug draws criticism

 

Hospitals under attack from ransomware

Are computer criminals drawn to hospital networks by the lure of valuable patient health data? Or is it perhaps because hospitals and healthcare providers appear to be the least secure kids on the Internet these days? On Monday, a Henderson, Kentucky-based healthcare facility said it was experiencing an “internal state of emergency” after an outbreak […]

Continue Reading...

Posted in Healthcare Security | Comments Off on Hospitals under attack from ransomware

 

Bangladesh Bank security breach prompts U.S. probe

The SWIFT secure financial messaging system is under U.S. government scrutiny after last week’s disclosure of the theft of millions from a Bangladesh Central Bank account at the Federal Reserve Bank of New York. Although smaller transfers between the Bangladesh bank and the federal reserve did go through, a large transfer of between $850-$870 million […]

Continue Reading...

Posted in Data Breach, Financial Services Security | Comments Off on Bangladesh Bank security breach prompts U.S. probe

 

Uber wants you to find its software flaws

The ride-sharing company Uber today released a technical map of its computer and communications system along with an invitation to security researchers help secure their software. According to the Reuters News Service, Uber has released a “treasure map” of its software infrastructure, identifying what sorts of data might be exposed inadvertently and suggesting what types […]

Continue Reading...

Posted in Automotive Security | Comments Off on Uber wants you to find its software flaws

 

Apple iMessage vulnerability patched in iOS 9.3

Communications via Apple’s popular iMessage are vulnerable with a software flaw that could allow attackers to decrypt a photo stored on the company’s iCloud backup system, according to Matthew D. Green, a computer science professor at Johns Hopkins University. Green led the research team that found the bug in Apple’s encryption that would enable an […]

Continue Reading...

Posted in Mobile Application Security | Comments Off on Apple iMessage vulnerability patched in iOS 9.3

 

VMware patches XSS flaws

A security advisory posted on VMWare warns of two “important” vulnerabilities are found within the VMware vRealize Automation and VMware vRealize Business Advanced and Enterprise software platforms. The flaws, the company, said, could lead to the compromise of user workstations. Both are cross-site scripting (XSS) issues. The first vulnerability, CVE-2015-2344, impacts VMware vRealize Automation 6.x […]

Continue Reading...

Posted in Software Architecture and Design | Comments Off on VMware patches XSS flaws

 

Adobe Flash flaw compromises ‘kid-friendly’ tablet

It’s a familiar story: A newly disclosed software flaw could allow a remote hacker to follow a user’s online activity, activate the in-built microphone, and take pictures using the front-facing camera on the device. The problem is in this case the device is a kid’s toy from LeapFrog. In a blog, security researcher Mike McCarthy […]

Continue Reading...

Posted in Internet of Things | Comments Off on Adobe Flash flaw compromises ‘kid-friendly’ tablet

 

Big banks as security vendors

Stung by early data breaches, some big banks have been quietly developing their own software products to protect their global assets. According to Reuters, U.S. banks, including Goldman Sachs Group, Morgan Stanley, and JPMorgan Chase, are beginning to sell technology developed internally. Others, such as Bank of America Corp and Citigroup say they do not […]

Continue Reading...

Posted in Financial Services Security | Comments Off on Big banks as security vendors