Software Integrity Blog

Author Archive

Taylor Armerding

tarmerding

Taylor Armerding is an award-winning journalist who left the declining field of mainstream newspapers in 2011 to write in the explosively expanding field of information security. He has previously written for CSO Online and the Sophos blog Naked Security. When he’s not writing he hikes, bikes, golfs, and plays bluegrass music. Follow him on Twitter @tarmerding2.


Posts by Taylor Armerding:

 

TRITON attack: A failure this time, but still ominous

Yet another cyber attack on a critical infrastructure installation ought to send yet another warning to operators of industrial control systems (ICS) that it is long past time to, as they say, harden their defenses. The attack, reportedly on a facility somewhere in the Middle East, was reported in early December by the Mandiant division […]

Continue Reading...

Posted in Critical Infrastructure Security, Data Breach | Comments Off on TRITON attack: A failure this time, but still ominous

 

Closing the CVE gap still a work in progress

It’s hard to think of a better security concept than the CVE (Common Vulnerabilities and Exposures) program. It amounts to crowdsourcing security. The idea is that everybody who finds an exploitable flaw or bug in software or firmware notifies a single organization—in this case, the nonprofit, federally funded MITRE Corp.—which maintains a database in which […]

Continue Reading...

Posted in Software Architecture and Design | Comments Off on Closing the CVE gap still a work in progress

 

SSO flaw fixed for some, but risk remains

A recently discovered flaw that undermines the security of numerous single sign-on (SSO) services has been patched by four major providers. But the risk remains for those who don’t install available patches and those for whom no patch is available yet. It’s true that SSO’s major selling point is convenience, not security It makes it […]

Continue Reading...

Posted in Data Breach | Comments Off on SSO flaw fixed for some, but risk remains

 

The GitHub Memcached DDoS: It shouldn’t have happened

The record-breaking, 1.35 TB DDoS attack this past week against code repository GitHub, using Memcached servers—a few have sardonically labeled it Memcrashed—shouldn’t have happened. Not in the sense that people shouldn’t do bad things to other people, like attack their websites, even though yes, of course they shouldn’t. It shouldn’t have happened because it shouldn’t […]

Continue Reading...

Posted in Data Breach | Comments Off on The GitHub Memcached DDoS: It shouldn’t have happened

 

Small crypto mining attack points to big browser problem

As malware attacks go, this one was relatively benign. But that doesn’t mean it shouldn’t be taken seriously. The criminals who infected an estimated 5,000 or more websites in the US, the UK, Canada, Ireland and Australia starting at 11:14 a.m. GMT Sunday – many of them government sites – were apparently only interested in sucking electricity and […]

Continue Reading...

Posted in Data Breach | Comments Off on Small crypto mining attack points to big browser problem

 

In an IoT-filled world, it’s time to be alert in the wake of ‘Hide ‘N Seek”

A relatively new Internet of Things (IoT) botnet took its time going viral – it even disappeared for 10 days – but once it got back in gear, it spread worldwide in a matter of days. Hence the name – HNS or “Hide and Seek” – that researchers at Bitdefender Labs gave it after they first spotted […]

Continue Reading...

Posted in Data Breach, Internet of Things, Software Architecture and Design | Comments Off on In an IoT-filled world, it’s time to be alert in the wake of ‘Hide ‘N Seek”

 

New reports detail how most 2017 security breaches were easily preventable

For data breaches, 2017 was (no drum roll, please)…The. Worst. Year. Ever. No drum roll needed, because there wasn’t even a shred of suspense about it. Just as it will be no surprise to learn a year from now that 2018 was the new worst year ever for data breaches. A small flood of reports […]

Continue Reading...

Posted in Data Breach, Software Architecture and Design | Comments Off on New reports detail how most 2017 security breaches were easily preventable

 

Privacy still an uphill climb on Data Privacy Day

It’s been called Data Privacy Day since it was launched in 2008 to commemorate the signing of Convention 108—the first legally binding international treaty dealing with privacy and data protection—on Jan. 28, 1981. But you could make a pretty solid case that a decade later, this year’s observance, on Sunday, ought to be called Lack […]

Continue Reading...

Posted in Internet of Things, Privacy | Comments Off on Privacy still an uphill climb on Data Privacy Day