Taylor Armerding is an award-winning journalist who left the declining field of mainstream newspapers in 2011 to write in the explosively expanding field of information security. He has previously written for CSO Online and the Sophos blog Naked Security. When he’s not writing he hikes, bikes, golfs, and plays bluegrass music. Follow him on Twitter @tarmerding2.
Maybe you could call it two-factor fakery. Because the latest zero-day to plague Microsoft’s Office 365—a cloud-based service that includes Office 2016—was created by somebody who figured out that the way to get malicious emails past its security systems is to split a malicious link in two. Researchers at the security firm Avanan, who said […]
Posted in Data Breach | Comments Off on Office 365 email protection gets blindsided
Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity in this week’s Weekly Security Mashup episode. When employees post passwords online via Brian Krebs, security blogger – Krebsonsecurity.com – Hosts of companies using the online collaboration tool Trello.com share passwords for sensitive internal resources. New hacking tool lets […]
Posted in Data Breach, Weekly Security Mashup | Comments Off on Employees post passwords online, Hacking tool grants access to DVRs, and Blockchain
The 2018 Verizon Data Breach Investigations Report (DBIR)—the 11th annual exhaustive collection of good advice and (mostly) bad news—which dropped a couple of weeks ago, doesn’t contain any major surprises about the state of online security. The number of confirmed breaches—at least the ones reported by 67 contributors globally—was 2,216, among 53,308 “real-world incidents.” In […]
Posted in Data Breach, Maturity Model (BSIMM), Software Architecture and Design | Comments Off on Verizon DBIR puts security burden on users
FUD—fear, uncertainty, and doubt—is usually met with relentless mockery in the cyber security world, since it’s sometimes used to try to frighten people into buying a product. But nobody was mocking the FUD generated by a live simulation of a hack of an infusion pump that then delivered a massive overdose of medication to a […]
Posted in Healthcare Security, Medical Device Security, Webinars | Comments Off on Physician hackers: Healthcare security is in critical condition
Wednesday, RSA 2018: On any given day, there are more than 150 sessions to choose from here. Good luck getting to even 5% of those. The good news is that attendees can get access to most of the sessions they missed after the fact, since the slide presentations are posted and videos are made of […]
Posted in Automotive Security, Events, Medical Device Security, Red Teaming | Comments Off on Behavioral security at RSA Conference 2018
It was mostly sunny outside RSA Conference 2018 in San Francisco during the opening keynotes on Tuesday. Inside? Well, there were some sunny breaks, but plenty of clouds as well. It started sunny, when RSA president Rohit Ghai acknowledged the clouds but chose to focus on “Three Silver Linings.” “I’m not in denial,” he said. […]
Posted in Events | Comments Off on RSA day 2: Cloudy forecast with some sunny breaks
The cryptocurrency industry is both beloved and feared for being the so-called Wild West of finance. Beloved because of minimal regulation and at least a measure of anonymity. Feared because of minimal protection. There is no Federal Reserve to set a value, no FDIC to guarantee at least a portion of what you have stored […]
Posted in Financial Services Security | Comments Off on Regulation looming for cryptocurrency
Anonymity—one of the biggest draws of cryptocurrency and the blockchain infrastructure it depends on—could get turned on its head if the vision of the head of the International Monetary Fund (IMF) comes true. Christine Lagarde, managing director of the IMF, called in a recent blog post for more regulation of the cryptocurrency market—to include the […]
Posted in Financial Services Security | Comments Off on IMF wants to pierce the blockchain anonymity veil
Securing the Internet of Things (IoT) seems like an endless reality version of “Mission Impossible”—really impossible. Many have tried—with lists of best practices and standards, exhortations, and warnings—but none has succeeded. Still, the U.K. government, in a policy paper titled Secure by Design released earlier this month, says it is also going to try, with a 13-point […]
Posted in Internet of Things, Security Standards and Compliance | Comments Off on U.K. threatens to force IoT security by design
Recommendations are a fine first step, but without real IoT security regulation, securing the Internet of Things (IoT) makes herding cats look like a breeze.
Posted in Internet of Things, Security Standards and Compliance | Comments Off on Still just recommendations, not regulation, for IoT security
Get the latest Software Integrity news, thought leadership, and more.
