Software Integrity Blog

Author Archive

Robert Vamosi

robertvamosi


Posts by Robert Vamosi:

 

U.S. cybersecurity plans under a new administration

Little is known about Donald Trump’s actual policies regarding cybersecurity except that it is being discussed as a top-level priority in the new administration. As a candidate, Trump articulated a four-part strategy, however, among security experts it was deemed fairly light-weight in response to the growing threat. “It sounds like a fairly rational, high-level playbook […]

Continue Reading...

Posted in Government Security | Comments Off on U.S. cybersecurity plans under a new administration

 

A software glitch may have crashed the European mars lander

The European Mars lander, Schiaparelli, destroyed last week on the surface of Mars, may have been the victim of a software error, according preliminary data reviewed by researchers. Last Wednesday, at approximately four minutes and 41 seconds into its entry, descent, and landing (EDL) sequence, the European Mars lander suffered a software glitch. According to […]

Continue Reading...

Posted in Static Analysis (SAST) | Comments Off on A software glitch may have crashed the European mars lander

 

Flaw in Intel chips might allow ALSR bypass

A flaw in chip hardware might allow attackers to circumvent ALSR protection in operating systems and applications. Running a recent version of Linux on top of a Haswell processor from Intel, researchers from the State University of New York at Binghamton were able to exploit a flaw in the part of the CPU known as […]

Continue Reading...

Posted in Software Architecture and Design | Comments Off on Flaw in Intel chips might allow ALSR bypass

 

St. Jude plans cyber security medical advisory board

On Monday, St. Jude Medical said that it planned to set up its own medical advisory board focused on cyber-security issues affecting patient care and safety. According to the Reuters news service, the U.S. Food and Drug Administration has started an investigation into the company’s medical devices after a report in August from short-seller Muddy […]

Continue Reading...

Posted in Healthcare Security, Medical Device Security | Comments Off on St. Jude plans cyber security medical advisory board

 

The code used to create massive IoT-based botnet now public

The malware that may have created the IoT-based botnet that brought down a security website a few ago has been released to the public. Known as Mirai, the source code was published Friday on the English-language hacking community Hackforums. The malware targets vulnerable firmware on IoT devices such as internet-connected surveillance cameras. The person releasing […]

Continue Reading...

Posted in Internet of Things | Comments Off on The code used to create massive IoT-based botnet now public

 

IoT fueling larger DDoS attacks

Hacked internet-connected cameras and digital video recorders are to blame for a series of DDoS attacks that took down KrebsonSecurity last week. The attacks were first reported on September 19 by Octave Klaba, the founder and CTO of OVH. According to Ars Technica Klaba reported that more than 6,800 new cameras had joined the botnet […]

Continue Reading...

Posted in Internet of Things, Software Architecture and Design | Comments Off on IoT fueling larger DDoS attacks

 

Tesla adopts code signing after remote access hack

After researchers discovered a way to hack into Tesla vehicles and reprogram their firmware, the auto manufacture pushed out not only a fix for that vulnerability, but a method for securing all the code running on the vehicle. The researchers from Tencent were able to remotely access a Tesla via its infotainment system. They faked […]

Continue Reading...

Posted in Automotive Security | Comments Off on Tesla adopts code signing after remote access hack

 

HERE opens automotive data services

A digital mapping service HERE collects real-time driving data from cars via its Open Location Platform. In advance of next week’s Paris Auto Show, HERE unveiled a series of initial tools, namely HERE Real-Time Traffic, HERE Hazard Warnings, HERE Road Signs and HERE On-Street Parking. Beginning in 2017, any customer inside or outside of the […]

Continue Reading...

Posted in Automotive Security, Internet of Things | Comments Off on HERE opens automotive data services

 

Security journalist silenced by IoT-based DDoS attack

Last week security reporter Brian Krebs suffered the largest DDoS attack in history, and lost his internet protection company and, briefly, no one had access to his site. As of Monday morning, KrebsOnSecurity.com is back up, this time using the DDoS protection service provided by Google. Krebs said his previous protection company, Akami, with its […]

Continue Reading...

Posted in Internet of Things | Comments Off on Security journalist silenced by IoT-based DDoS attack

 

Yahoo admits 500 million records breached

Yahoo says a “a state-sponsored actor” is responsible for a 2014 data breach, although it declined to say more. Previously Yahoo had said it was investigating with law enforcement a breach of 200 million user accounts. Apparently the investigation has found a deeper intrusion into its network. “The account information may have included names, email […]

Continue Reading...

Posted in Data Breach | Comments Off on Yahoo admits 500 million records breached