Software Integrity Blog

Author Archive

Robert Vamosi

robertvamosi


Posts by Robert Vamosi:

 

Researchers successfully hack a Tesla Model S remotely

While the Tesla Model S has been hacked before, this new attack can be carried out without any physical contact the car and from up to several miles away. On Monday, researchers from Keen Security Lab, lead by Chris Evans, announced “we have discovered multiple security vulnerabilities and successfully implemented remote, aka none physical contact, […]

Continue Reading...

Posted in Automotive Security | Comments Off on Researchers successfully hack a Tesla Model S remotely

 

Power meters vulnerable to remote attacks, says ICS-CERT

ICS-CERT says power meters from two manufacturers are vulnerable to remote cross-site request forgery attacks (CSRF) and/or compromise. In one advisory, ICS-CERT cited Schneider Electric’s ION Power Meter products. A remote attacker using CSRF could perform unauthorized actions on the affected devices, such as configuration parameter changes or saving modified configuration. Models affected include ION […]

Continue Reading...

Posted in Critical Infrastructure Security | Comments Off on Power meters vulnerable to remote attacks, says ICS-CERT

 

The Fed hires its first CISO

A retired U.S. Air Force brigadier general will be the U.S. government’s first federal cyber security chief (CISO). As federal CISCO, U.S. Air Force brigadier general Gregory Touhill’s new job will be to protect government networks and critical infrastructure from cyber threats. The position was previously announced last February as part of the creation of […]

Continue Reading...

Posted in Government Security | Comments Off on The Fed hires its first CISO

 

In-vehicle infotainment vulnerabilities through the MirrorLink Interoperability Standard

Researchers say they can hijack a communication from a smartphone to a vehicle information system and potentially take control of a car’s systems such as brakes and steering. In a paper presented at last month’s WOOT 16 USENIX conference, researchers Sahar Mazloom, Mohammad Rezaeirad, and Aaron Hunter from George Mason University, and Damon McCoy from […]

Continue Reading...

Posted in Automotive Security | Comments Off on In-vehicle infotainment vulnerabilities through the MirrorLink Interoperability Standard

 

Researchers question Muddy Water’s security report on St. Jude Medical

New research suggests that parts of a report from a capital investment firm alleging vulnerabilities in St Jude Medical devices were inaccurate. Last week, Muddy Waters Capital founder Carson Brock said in a statement, “We find STJ Cardiac Devices’ vulnerabilities orders of magnitude more worrying than the medical device hacks that have been publicly discussed […]

Continue Reading...

Posted in Healthcare Security, Medical Device Security | Comments Off on Researchers question Muddy Water’s security report on St. Jude Medical

 

SWIFT discloses additional bank hacking thefts

Months after February’s high-profile $81 million heist at Bangladesh Bank, the global financial messaging system known as SWIFT said it has faced additional attempts to steal money starting in June. SWIFT messaging services are used and trusted by more than 11,000 financial institutions in more than 200 countries and territories around the world, according to […]

Continue Reading...

Posted in Data Breach, Financial Services Security | Comments Off on SWIFT discloses additional bank hacking thefts

 

Dangerous iOS flaws patched in emergency update

iPhone and iPad users should update their iOS software to the latest release version as soon as possible following the disclosure of three dangerous vulnerabilities on Thursday. Researchers from Toronto-based Citizens Lab, working with Lookout, said they had discovered three zero days, vulnerabilities not previously known to Apple or others, which could allow third parties […]

Continue Reading...

Posted in Mobile Application Security | Comments Off on Dangerous iOS flaws patched in emergency update

 

Analysts find that apps run in containers more secure than not

Two analyst firms have concluded that running apps in containers is more secure than alternatives. Gartner analyst Joerg Fritsch stated in a new research note “How to Secure Docker Containers in Operation”. In a follow-up blog post, he said: “… despite the challenges, Gartner believes that one of the biggest benefits of containers is security. […]

Continue Reading...

Posted in Uncategorized | Comments Off on Analysts find that apps run in containers more secure than not

 

U.S. government stresses security in procurement and acquisitions

U.S. National Counterintelligence and Security Center (NSCS) will soon supply specific critical U.S. telecommunications, energy and financial organizations with classified supply chain threat reports. Last Thursday, the NSCS released a video highlighting the need for greater security around the supply chain. The video points out that during the Cold War, one could protect secrets by […]

Continue Reading...

Posted in Software Security Initiative (SSI) | Comments Off on U.S. government stresses security in procurement and acquisitions

 

Study finds security warnings ignored 90% of the time

A new study finds that people ignore security warnings from software up to 90% of the time. In a paper, More Harm Than Good? How Messages That Interrupt Can Make Us Vulnerable PDF, researchers from BYU, in collaboration with Google Chrome engineers, found that if a security warning appears while people are typing, watching a […]

Continue Reading...

Posted in Software Architecture and Design | Comments Off on Study finds security warnings ignored 90% of the time