Software Integrity Blog

Author Archive

Taylor Armerding

tarmerding

Taylor Armerding is an award-winning journalist who left the declining field of mainstream newspapers in 2011 to write in the explosively expanding field of information security. He has previously written for CSO Online and the Sophos blog Naked Security. When he’s not writing he hikes, bikes, golfs, and plays bluegrass music. Follow him on Twitter @tarmerding2.


Posts by Taylor Armerding:

 

Ukraine dodges attack, but VPNFilter threat remains

Ukraine had been warned. So it was prepared. And the result, according to the government’s intelligence branch, the Security Service of Ukraine (SBU), is that it was able to detect and thwart a cyber attack that used the now notorious VPNFilter malware against the Auly Chlorine Distillation Station, which supplies chlorine to 23 provinces of […]

Continue Reading...

Posted in Critical Infrastructure Security, Internet of Things | Comments Off on Ukraine dodges attack, but VPNFilter threat remains

 

Hackers target cryptocurrency exchange, new Spectre vulnerabilities, and healthier healthcare

Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity in this week’s Security Mashup. Watch the episode below:   What’s in this week’s Security Mashup, you ask? Cryptocurrency exchange Bancor gets targeted by hackers and loses $23.5 million, two new subvariants of Spectre vulnerabilities have been discovered, […]

Continue Reading...

Posted in Medical Device Security, Security Standards and Compliance, Weekly Security Mashup | Comments Off on Hackers target cryptocurrency exchange, new Spectre vulnerabilities, and healthier healthcare

 

6 months later, Spectre still haunts

It’s now more than six months since the major design flaw in computer chips labeled Spectre became public. And as predicted, it is still haunting the world of information technology. That’s largely because, as experts explained at the time, Spectre is not a software bug that can be fixed by rolling out a patch or […]

Continue Reading...

Posted in General | Comments Off on 6 months later, Spectre still haunts

 

Golden Cup was a world cup of trouble

Nobody with any connection to, or interest in, the FIFA World Cup can say they weren’t warned. In the days leading up to the quadrennial world championship of European football (or soccer), security experts put the word out constantly that everybody involved—players, organizers, staff, and spectators (including those watching on TV or online)—would be a […]

Continue Reading...

Posted in Mobile Application Security, Privacy | Comments Off on Golden Cup was a world cup of trouble

 

GDPR raises the stakes on data breaches

Another week, another list of data breaches resulting from vulnerabilities in third-party contractors for high-profile companies. But since May 25, at least in the European Union (EU), it is more than just another week. There is the potential for something both more harsh and more expensive than unhappy customers, brand damage, or even class action […]

Continue Reading...

Posted in Data Breach, Security Standards and Compliance | Comments Off on GDPR raises the stakes on data breaches

 

Another inside job, Gmail privacy, and UK cyber crime court

Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity in this week’s Security Mashup. What’s in this week’s Security Mashup, you ask? Another inside job, or perhaps it should be described as an “insider job.” A former NSO employee has been accused of stealing spyware. Who is […]

Continue Reading...

Posted in Government Security, Privacy, Weekly Security Mashup | Comments Off on Another inside job, Gmail privacy, and UK cyber crime court

 

Supreme Court puts the brakes on Big Brother

The troops on the front lines of the war to protect personal privacy won a couple of significant battles last week. Significant, but likely not seismic—at least not yet. It’s not like the clock got rewound to 1990, before the Internet became mainstream, when mobile phones were still relatively rare. And we still live in […]

Continue Reading...

Posted in Privacy | Comments Off on Supreme Court puts the brakes on Big Brother

 

Third parties spoil the party and WordPress content mismanagement

Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity in this week’s Security Mashup. What’s in this week’s Security Mashup, you ask? FastBooking and BetVictor third parties spoil the security party, and a WordPress security flaw allows hackers to hijack entire websites. Watch to learn more: Hundreds […]

Continue Reading...

Posted in Open Source Security, Weekly Security Mashup | Comments Off on Third parties spoil the party and WordPress content mismanagement

 

Vulnerable routers are still out there—and hackers are noticing

Vulnerable routers aren’t news Long ago and far away—in 2014, which is indeed long ago and far away in our cutting-edge world of information technology—security gurus like Dan Geer, Jim Gettys, and Bruce Schneier were issuing urgent warnings about the catastrophic insecurity of routers—those devices in our homes that give us access to the World […]

Continue Reading...

Posted in Internet of Things, Static Analysis (SAST) | Comments Off on Vulnerable routers are still out there—and hackers are noticing

 

Ex-CIA employee insider threat, FlightTrader24 hack, and RedHat licenses

Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity in this week’s Security Mashup episode. What’s in this week’s Security Mashup episode, you ask? Ex-CIA employee insider threat and how he was outed, insight into the FlightTrader24 hack, and what you need to know about the RedHat […]

Continue Reading...

Posted in Data Breach, Government Security, Open Source Security, Weekly Security Mashup | Comments Off on Ex-CIA employee insider threat, FlightTrader24 hack, and RedHat licenses