Posts by Robert Vamosi:
Another round of ransomware (malware that encrypts the contents of a hard drive until a paid Bitcoin ransom unlocks them) is spreading globally. The new ransomware, known as PetrWrap/Petya, is similar and yet significantly different than WannaCry. Unlike the previous attack, PetrWrap/Petya is a virus that spreads by spam campaigns using malicious Microsoft Word documents. Therefore, it cannot spread itself. Despite years of promoting good security hygiene, people are apparently clicking on the infected files.
Posted in General | Comments Off on PetrWrap/Petya ransomware spreading globally: Here’s what you need to know
By mid-2018, global organizations doing business in Europe will need to comply with a new data security regulation known as the General Data Protection Regulation (GDPR). In light of recent high-profile data breaches, the GDPR is a much-needed revision of the EU’s 1995 Data Protection Directive 95/46/EC. It establishes new best practices for organizations doing business in the EU.
Posted in Data Breach, Security Standards and Compliance | Comments Off on How will the EU’s GDPR set a higher data security standard?
Adding communications to cars and the transportation infrastructure provides cool new services (e.g., safe driving, faster transit times, etc.). From a security perspective, it also widens the threat landscape. Potentially, a bad actor sitting along the roadside with wireless access might be able to mess with the internal workings of your car or the traffic lights ahead.
Posted in Automotive Security, Data Breach | Comments Off on New car communications could give hackers a free ride
The State of Software Composition 2017 identified 16,868 unique software components and versions, a majority of which were FOSS packages and libraries. Clearly, open source is here to stay. So what are the pros and cons of using it?
Posted in Open Source Security, Software Composition Analysis | Comments Off on The pros and cons of adding open source to your software
50% of the vulnerabilities we found are more than four years old. In almost every case, newer versions of these vulnerable software components are available.
Posted in Open Source Security, Webinars | Comments Off on Synopsys report finds old, vulnerable software components still in use
With just one line of code, a malicious attacker can exploit a recently disclosed seven-year-old vulnerability in SAMBA. Known as CVE-2017-7494, the vulnerability affects Linux and Unix systems that:
Posted in Software Architecture and Design, Web Application Security | Comments Off on 7-year-old SAMBA flaw prompts new concerns (and patches)
In a new report, Synopsys found that 67% of medical device manufacturers and 56% of healthcare delivery organizations (HDOs) believe an attack on a medical device built or in use by their organization is likely to occur over the next 12 months.
Posted in Medical Device Security | Comments Off on Synopsys report finds the medical device industry vulnerable to attack
There’s been a fair share of attention paid to the security inside the connected car. There’s also been a significant uptick in new devices and apps that communicate with the vehicle from afar. These devices and apps use traditional means of communication (e.g., Bluetooth, Wi-Fi, etc.). They also make some very common software mistakes. For instance, lacking proper authentication of users and commands, potentially putting the end user at risk, both for physical harm and data loss.
Posted in Automotive Security, Mobile Application Security | Comments Off on Automotive security goes beyond the car
With a technical story like WannaCry, there are bound to be some falsehoods spread as fact. As with any misconception, there is often a kernel of truth. More often though, the answer is more complicated than it first seems. Learn about these WannaCry misconceptions today.
5 key WannaCry misconceptions
Here are a few important falsehoods that have been circulating in the last 48 hours:
WannaCry spreads via phishing emails
False. WannaCry is a ransomware worm that spreads via port 445, looking for Server Message Block (SMB) vulnerabilities in systems running Microsoft Windows and have not yet been patched or disabled. There is no link between WannaCry and current phishing campaigns.
Posted in Data Breach | Comments Off on Don’t fall victim to these 5 WannaCry ransomware misconceptions
Last Friday, a piece of malware known as WannaCry (WanaCrypt0r 2.0/WCry) infected over 200,000 Windows-based machines in over 150 countries. What made this malware different was that it encrypted the hard drive, withholding the contents until the victim paid $300 Bitcoins. While ransomware itself is not new, the rapid spread of WannaCry caught many people off guard.
Posted in General | Comments Off on In the wake of WannaCry: What we now know and how to move forward