Posts by Robert Vamosi:
Adding communications to cars and the transportation infrastructure provides cool new services (e.g., safe driving, faster transit times, etc.). From a security perspective, it also widens the threat landscape. Potentially, a bad actor sitting along the roadside with wireless access might be able to mess with the internal workings of your car or the traffic lights ahead.
Posted in Automotive Security, Data Breach | Comments Off on New car communications could give hackers a free ride
The State of Software Composition 2017 identified 16,868 unique software components and versions, a majority of which were FOSS packages and libraries. Clearly, open source is here to stay. So what are the pros and cons of using it?
Posted in Open Source Security, Software Composition Analysis | Comments Off on The pros and cons of adding open source to your software
50% of the vulnerabilities we found are more than four years old. In almost every case, newer versions of these vulnerable software components are available.
Posted in Open Source Security, Webinars | Comments Off on Synopsys report finds old, vulnerable software components still in use
With just one line of code, a malicious attacker can exploit a recently disclosed seven-year-old vulnerability in SAMBA. Known as CVE-2017-7494, the vulnerability affects Linux and Unix systems that:
Posted in Software Architecture and Design, Web Application Security | Comments Off on 7-year-old SAMBA flaw prompts new concerns (and patches)
In a new report, Synopsys found that 67% of medical device manufacturers and 56% of healthcare delivery organizations (HDOs) believe an attack on a medical device built or in use by their organization is likely to occur over the next 12 months.
Posted in Medical Device Security | Comments Off on Synopsys report finds the medical device industry vulnerable to attack
There’s been a fair share of attention paid to the security inside the connected car. There’s also been a significant uptick in new devices and apps that communicate with the vehicle from afar. These devices and apps use traditional means of communication (e.g., Bluetooth, Wi-Fi, etc.). They also make some very common software mistakes. For instance, lacking proper authentication of users and commands, potentially putting the end user at risk, both for physical harm and data loss.
Posted in Automotive Security, Mobile Application Security | Comments Off on Automotive security goes beyond the car
With a technical story like WannaCry, there are bound to be some falsehoods spread as fact. As with any misconception, there is often a kernel of truth. More often though, the answer is more complicated than it first seems. Learn about these WannaCry misconceptions today.
5 key WannaCry misconceptions
Here are a few important falsehoods that have been circulating in the last 48 hours:
WannaCry spreads via phishing emails
False. WannaCry is a ransomware worm that spreads via port 445, looking for Server Message Block (SMB) vulnerabilities in systems running Microsoft Windows and have not yet been patched or disabled. There is no link between WannaCry and current phishing campaigns.
Posted in Data Breach | Comments Off on Don’t fall victim to these 5 WannaCry ransomware misconceptions
Last Friday, a piece of malware known as WannaCry (WanaCrypt0r 2.0/WCry) infected over 200,000 Windows-based machines in over 150 countries. What made this malware different was that it encrypted the hard drive, withholding the contents until the victim paid $300 Bitcoins. While ransomware itself is not new, the rapid spread of WannaCry caught many people off guard.
Posted in General | Comments Off on In the wake of WannaCry: What we now know and how to move forward
On Friday, several organizations around the world fell victim to a wave of ransomware that swept the globe. Ransomware is malware that encrypts the hard drives of compromised machines until the owner makes full payment. Such attacks have been persistent but relatively quiet.
Posted in General | Comments Off on WannaCry ransomware attack takes the world by storm
A hacking tool leaked in April by a mysterious organization is attacking older Windows boxes, exposing gaps in organizational update and upgrade policies. One researcher estimates that between 100K and 200K boxes may already be compromised worldwide.
Posted in Data Breach, Software Architecture and Design | Comments Off on DoublePulsar continues to expose older Windows boxes: What you need to know