Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity in this week’s Security Mashup episode. What’s in this week’s episode, you ask? Russia vs. Ukraine, Beemer as the ultimate hackable machine, and Nest “smart home” devices. Learn more by watching the full episode below: New VPNFilter […]
Continue Reading...
Posted in Application Security, Automotive Security, Internet of Things, Vulnerability Assessment, Weekly Security Mashup | Comments Off on VPNFilter, BMW connected car vulnerability, and Nest IoT devices go offline
Software Integrity Insight is your resource on the cyber security and open source security that made the headlines! 8 takeaways from NIST’s application container security guide via Synopsys Software Integrity: Chances are, hackers are aware of the growing popularity of containers as well, says technical evangelist Tim Mackey. Which is why we compiled eight takeaways […]
Continue Reading...
Posted in Automotive Security, Containers, Open Source Security | Comments Off on NIST report on container security, GitLab Developer Report, VW and Audi remote hacks
Wednesday, RSA 2018: On any given day, there are more than 150 sessions to choose from here. Good luck getting to even 5% of those. The good news is that attendees can get access to most of the sessions they missed after the fact, since the slide presentations are posted and videos are made of […]
Continue Reading...
Posted in Automotive Security, Medical Device Security, Red Teaming, Security Conference or Event | Comments Off on Behavioral security at RSA Conference 2018
The habit of breaking things When I was a child, I liked to break things to see how they were built. When I was older, I didn’t grow out of this habit. In fact, I joined a company with like-minded individuals. Now we don’t break things just for the sake of breaking them; we break […]
Continue Reading...
Posted in Automotive Security, Fuzz Testing | Comments Off on How to break car kits with Bluetooth fuzz testing
The Black Duck blog and Open Source Insight become part of the Synopsys Software Integrity blog in early April. You’ll still get the latest open source security and license compliance news, insights, and opinions you’ve come to expect, plus the latest software security trends, news, tips, best practices, and thought leadership every week. Don’t delay, […]
Continue Reading...
Posted in Automotive Security, Internet of Things | Comments Off on Securing IoT, Atlanta ransomware, Congress on cybersecurity
We look at the three reasons you must attend the FLIGHT Amsterdam conference; how to build outstanding projects in the open source community; and why isn’t every app being security tested? Plus, in-depth into the TRITON attack; why 2018 is the year of open source; how open source is driving both IoT and AI and […]
Continue Reading...
Posted in Automotive Security, Data Breach, DevOps, GDPR, Open Source Security | Comments Off on Who owns Linux? TRITON attack, app security testing, future of GDPR
Picture this: you’re driving your newly purchased, fully equipped, top-of-the-line automobile. You’ve just filled your tank, thanks to the crowd sourcing app GasBuddy, and you’re about to begin the commute to work. But first— coffee. Thanks to SYNC3, Ford’s latest infotainment system, you easily order by stating “Alexa, ask Starbucks to start my order.” Your […]
Continue Reading...
Posted in Automotive Security | Comments Off on What’s under your hood? Connected car security and you
A recent “Innovation Spotlight” in the IEEE XPLORE Digital Library announced “a first-of-its-kind charger that allows plug-in electric vehicles (PEVs) to deliver excess capacity to the power grid and recharge during off-peak hours.” Promising new technologies often evoke questions about security. Suppose a bad actor exploits the connection somehow and brings down portions of the […]
Continue Reading...
Posted in Automotive Security, Government Security, Security Standards and Compliance, Smart Grid Security | Comments Off on Smart devices, smart grids, and cyber security
Before the public sessions kick off at Black Hat on Wednesday and Thursday, there are four days of training courses. The course I took part in this year was a two-day, hands-on car hacking course. My instructor, Robert Leale, is the founder and coordinator for the car hacking village at DEF CON. Both the weekend […]
Continue Reading...
Posted in Application Security, Automotive Security, Embedded Software Testing | Comments Off on Are there ever legitimate reasons for hacking a car?
Fiat Chrysler Automobiles (FCA) announced recently that it was recalling 7,802 Dodge Challengers to “update transmission software,” in response to vehicle movement (“rolling”) after drivers shifted into park. While 7,802 pales compared to the 811,000 recalled from inadvertent “rolling” last year, the concept of pulling cars away from customers for a software upgrade is beginning […]
Continue Reading...
Posted in Automotive Security | Comments Off on OTA updates driving connected car revolution?
