Software Integrity Blog

Author Archive

Robert Vamosi

robertvamosi


Posts by Robert Vamosi:

 

PetrWrap/Petya ransomware spreading globally: Here’s what you need to know

Another round of ransomware (malware that encrypts the contents of a hard drive until a paid Bitcoin ransom unlocks them) is spreading globally. The new ransomware, known as PetrWrap/Petya, is similar and yet significantly different than WannaCry. Unlike the previous attack, PetrWrap/Petya is a virus that spreads by spam campaigns using malicious Microsoft Word documents. Therefore, it […]

Continue Reading...

Posted in General | Comments Off on PetrWrap/Petya ransomware spreading globally: Here’s what you need to know

 

How will the EU’s GDPR set a higher data security standard?

By mid-2018, global organizations doing business in Europe will need to comply with a new data security regulation known as the General Data Protection Regulation (GDPR). In light of recent high-profile data breaches, the GDPR is a much-needed revision of the EU’s 1995 Data Protection Directive 95/46/EC. It establishes new best practices for organizations doing business […]

Continue Reading...

Posted in Data Breach, Security Standards and Compliance | Comments Off on How will the EU’s GDPR set a higher data security standard?

 

New car communications could give hackers a free ride

Adding communications to cars and the transportation infrastructure provides cool new services (e.g., safe driving, faster transit times, etc.). From a security perspective, it also widens the threat landscape. Potentially, a bad actor sitting along the roadside with wireless access might be able to mess with the internal workings of your car or the traffic lights […]

Continue Reading...

Posted in Automotive Security, Data Breach | Comments Off on New car communications could give hackers a free ride

 

The pros and cons of adding open source to your software

The State of Software Composition 2017 identified 16,868 unique software components and versions, a majority of which were FOSS packages and libraries. Clearly, open source is here to stay. So what are the pros and cons of using it? For years, free and open source software (FOSS) has a had a negative connotation, with some […]

Continue Reading...

Posted in Open Source Security, Software Composition Analysis | Comments Off on The pros and cons of adding open source to your software

 

Synopsys report finds old, vulnerable software components still in use

In a new report, Synopsys identifies that 50% of the vulnerabilities found in software today are more than four years old. In almost every case, a newer, more secure version of the vulnerable software component is available. The Synopsys report, The State of Software Composition 2017 uses the Synopsys Software Composition Analysis tool, Black Duck […]

Continue Reading...

Posted in Open Source Security | Comments Off on Synopsys report finds old, vulnerable software components still in use

 

7-year-old SAMBA flaw prompts new concerns (and patches)

With just one line of code, a malicious attacker can exploit a recently disclosed seven-year-old vulnerability in SAMBA. Known as CVE-2017-7494, the vulnerability affects Linux and Unix systems that: Are running SAMBA 3.5.0 or later Provide file- and printer-sharing on port 445 Are addressable from the internet Contain shared files Include write privileges Involve guessable […]

Continue Reading...

Posted in Software Architecture and Design, Web Application Security | Comments Off on 7-year-old SAMBA flaw prompts new concerns (and patches)

 

Synopsys report finds the medical device industry vulnerable to attack

In a new report, Synopsys found that 67% of medical device manufacturers and 56% of healthcare delivery organizations (HDOs) believe an attack on a medical device built or in use by their organization is likely to occur over the next 12 months. The Synopsys report, Medical Device Security: An Industry Under Attack and Unprepared to […]

Continue Reading...

Posted in Medical Device Security | Comments Off on Synopsys report finds the medical device industry vulnerable to attack

 

Automotive security goes beyond the car

There’s been a fair share of attention paid to the security inside the connected car. There’s also been a significant uptick in new devices and apps that communicate with the vehicle from afar. These devices and apps use traditional means of communication (e.g., Bluetooth, Wi-Fi, etc.). They also make some very common software mistakes. For instance, […]

Continue Reading...

Posted in Automotive Security, Mobile Application Security | Comments Off on Automotive security goes beyond the car

 

Don’t fall victim to these 5 WannaCry ransomware misconceptions

With a technical story like WannaCry, there are bound to be some falsehoods spread as fact. As with any misconception, there is often a kernel of truth. More often though, the answer is more complicated than it first seems. Learn about these WannaCry misconceptions today. 5 key WannaCry misconceptions Here are a few important falsehoods that […]

Continue Reading...

Posted in Data Breach | Comments Off on Don’t fall victim to these 5 WannaCry ransomware misconceptions

 

In the wake of WannaCry: What we now know and how to move forward

Last Friday, a piece of malware known as WannaCry (WanaCrypt0r 2.0/WCry) infected over 200,000 Windows-based machines in over 150 countries. What made this malware different was that it encrypted the hard drive, withholding the contents until the victim paid $300 Bitcoins. While ransomware itself is not new, the rapid spread of WannaCry caught many people […]

Continue Reading...

Posted in General | Comments Off on In the wake of WannaCry: What we now know and how to move forward