In a new report, Synopsys found that 67% of medical device manufacturers and 56% of healthcare delivery organizations (HDOs) believe an attack on a medical device built or in use by their organization is likely to occur over the next 12 months.
Posted in Medical Device Security | Comments Off on Synopsys report finds the medical device industry vulnerable to attack
There’s been a fair share of attention paid to the security inside the connected car. There’s also been a significant uptick in new devices and apps that communicate with the vehicle from afar. These devices and apps use traditional means of communication (e.g., Bluetooth, Wi-Fi, etc.). They also make some very common software mistakes. For instance, lacking proper authentication of users and commands, potentially putting the end user at risk, both for physical harm and data loss.
Posted in Automotive Cyber Security, Mobile App Security | Comments Off on Automotive security goes beyond the car
A hacking tool leaked in April by a mysterious organization is attacking older Windows boxes, exposing gaps in organizational update and upgrade policies. One researcher estimates that between 100K and 200K boxes may already be compromised worldwide.
Posted in Data Breach Security, Software Architecture & Design | Comments Off on DoublePulsar continues to expose older Windows boxes: What you need to know
DevOps choose a long-term survival strategy: invest in better cyber security or reduce the number of software components it must struggle to secure?
Posted in Agile, CI/CD & DevOps | Comments Off on Dan Geer explores the DevOps ‘Law of the Jungle’ dilemma
Last fall, someone released a benign worm looking to protect Internet of Things (IoT) devices from more dangerous worms. Known as Hajime, the vigilante malware appears to be designed to block another IoT worm, Mirai. The two are chasing each other around the world. Each are locked in a weird internet turf war seemingly bent on IoT domination and we have already seen collateral damage from it. Virus vs worm First, some basic terminology here.
Posted in IoT Security | Comments Off on Hajime and Mirai locked in an IoT botnet turf war
Legacy vulnerabilities are often old “features” that weren’t designed for modern use. Since every new day brings a new attack, it’s time to secure them.
Posted in Software Architecture & Design | Comments Off on Sirens in the night: Civil defense systems susceptible to legacy vulnerabilities
The features that drive new car sales today are increasingly based on software. Drivers want their own music. They want to stay connected with their digital world. They want digital assistants to help park or even drive autonomously.
Posted in Automotive Cyber Security | Comments Off on Secure automotive software at any speed
Last month a researcher announced that a commercial dishwashing machine contained a dangerous vulnerability allowing a remote attacker to gain access to privileged assets on a connected network. Jens Regel of the German company Schneider & Wulf made the vulnerability public on Full Disclosure after contacting the vendor and waiting the customary 90 days. The vendor, Miele, has yet to respond.
Posted in IoT Security | Comments Off on What happens when dishwashers attack the network?
Software quality and security assurance both concern risk to the organization, but they do so for different reasons. Risk might be mission critical such as software on a scientific robot crawling another planet. Or risk might be associated with sensitive financial information. In the first example the integrity of the software is paramount; it is hard to fix something on another planet. In the latter example both quality and security are important, with security perhaps paramount.
Posted in Software Architecture & Design, Software Compliance, Quality & Standards, Software Composition Analysis (SCA) | Comments Off on Does software quality equal software security? It depends.
Earlier this month WikiLeaks announced it had in its possession a cache of zero days allegedly from the Central Intelligence Agency. These unpatched vulnerabilities, it said, could affect Apple and Android devices (including TVs). It is suspected that exploitation of these vulnerabilities could allow the spy agency – or anyone else who knows about them — to surveil targets by activating microphones and receivers as well as eavesdropping on communications.
Posted in Fuzz Testing, Static Analysis (SAST) | Comments Off on Zeroing in on zero day vulnerabilities
