Software Integrity Blog

Author Archive

Taylor Armerding

tarmerding

Taylor Armerding is an award-winning journalist who left the declining field of mainstream newspapers in 2011 to write in the explosively expanding field of information security. He has previously written for CSO Online and the Sophos blog Naked Security. When he’s not writing he hikes, bikes, golfs, and plays bluegrass music. Follow him on Twitter @tarmerding2.


Posts by Taylor Armerding:

 

How and why business is migrating to the cloud

It might not be the best thing to have your head in the clouds. But it has become a very good thing, or at least a very popular thing, to have your business in the cloud—multiple surveys confirm it. Druva, a cloud data management and security company, reported last month that moving virtualized workloads to […]

Continue Reading...

Posted in Cloud Security | Comments Off on How and why business is migrating to the cloud

 

Porous portals, Newegg is a broken egg, and Mirai’s creators have new hats

Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity in this week’s Security Mashup. What’s in this week’s Security Mashup, you ask? Porous payment portals lead to government data breaches, Magecart pwns Newegg, and the Mirai creators trade in their black hats for white ones. Watch this week’s […]

Continue Reading...

Posted in Data Breach, General | Comments Off on Porous portals, Newegg is a broken egg, and Mirai’s creators have new hats

 

Equifax breach: Catastrophic, but no game changer yet

This article was originally published in Forbes. I hate to say I told you so…well, actually, like most people, I love to say I told you so. I’m just willing to admit it. Because the state of software security a year after the catastrophic data breach of Equifax became public, basically confirms what I wrote last October: […]

Continue Reading...

Posted in Data Breach | Comments Off on Equifax breach: Catastrophic, but no game changer yet

 

Tesla key fob issues, Tor Browser zero-day woes, and you’ve got malware!

Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity in this week’s Security Mashup. What’s in this week’s Security Mashup, you ask? Dude, don’t take my Tesla! Plus Tor Browser zero-day (already wiped away), and you’ve got malware (if you fall for it!). Watch this week’s episode […]

Continue Reading...

Posted in Automotive Security, General | Comments Off on Tesla key fob issues, Tor Browser zero-day woes, and you’ve got malware!

 

Medical device security improvements coming—but not anytime soon

This article was originally published in Forbes. The cybersecurity of connected medical devices—notoriously poor for decades—should finally start to improve. That is genuinely good news. But it is tempered by the reality that it will not happen quickly. The long-overdue change is coming thanks to the federal Food and Drug Administration’s (FDA) announcement in June that it […]

Continue Reading...

Posted in Healthcare Security | Comments Off on Medical device security improvements coming—but not anytime soon

 

CamuBot malware, SonarSnoop hacking, and government backdoors

Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity in this week’s Security Mashup. What’s in this week’s Security Mashup, you ask? CamuBot malware is the new kid on the block, the sounds of hacking (SonarSnoop), and back to the government’s wish for chat backdoors. Watch this […]

Continue Reading...

Posted in General | Comments Off on CamuBot malware, SonarSnoop hacking, and government backdoors

 

Gmail Confidential? Not so much

According to privacy advocates, Google has a problem with truth in labeling. No, not about its surreptitious tracking of users who have turned their Location History off, which has sucked up most of the headline space over the past few weeks. This is about the rollout of their allegedly “confidential” Gmail feature. Confidential mode doesn’t […]

Continue Reading...

Posted in General | Comments Off on Gmail Confidential? Not so much

 

Fixing the CVE program, your personal data checking out and taking flight

Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity in this week’s Security Mashup. What’s in this week’s Security Mashup, you ask? Fixing the CVE program, your personal data has already “checked out,” and it even “may potentially” have taken flight. Watch this week’s episode below to […]

Continue Reading...

Posted in General, Mobile Application Security | Comments Off on Fixing the CVE program, your personal data checking out and taking flight

 

These hacks brought to you by ‘leaky’ APIs

“Leaky” is almost never a good thing. The whole idea, in just about any case, is to make things that don’t leak and to plug things that do. And that’s true of cyber security, as demonstrated by a couple of recent incidents involving leaky APIs (application programming interfaces). Hacked at Black Hat A couple of […]

Continue Reading...

Posted in Data Breach, Web Application Security | Comments Off on These hacks brought to you by ‘leaky’ APIs

 

SamSam ransomware keeps striking—victims still unprepared

“You can pay (a little) now or you can pay (a lot) later” is a very old line—a pitch for oil filters almost 40 years ago. Unfortunately, it remains relevant in cyber security, especially when it comes to ransomware. And especially when that ransomware is the potent, pernicious SamSam. The “trade-off” is stark: You can […]

Continue Reading...

Posted in General | Comments Off on SamSam ransomware keeps striking—victims still unprepared