Software Integrity Blog

Archive for the 'Data Breach' Category

 

Patch now or pay later: Report

To prevent data breaches, practice these two fundamentals: shift left (perform application security testing early and often in your SDLC), and always patch.

Continue Reading...

Posted in Data Breach | Comments Off on Patch now or pay later: Report

 

More medical mega-breaches thanks to third-party insecurity

The AMCA breach hammers home the need for supply chain security. Here’s how to vet your vendors so you can keep from becoming the next Quest or LabCorp.

Continue Reading...

Posted in Data Breach, Healthcare Security, Maturity Model (BSIMM) | Comments Off on More medical mega-breaches thanks to third-party insecurity

 

The Verizon DBIR and the art of the breach

An attack path is a series of threat actions leading to a successful data breach. The Verizon 2019 DBIR (Data Breach Investigations Report) offers insights.

Continue Reading...

Posted in Data Breach, Software Architecture and Design | Comments Off on The Verizon DBIR and the art of the breach

 

GDPR: Not heavy-handed yet, but driving data breaches into the open

The GDPR fines issued so far have been small, but breach notifications are up. As GDPR continues to ramp up, it seems likely to achieve its goals of privacy.

Continue Reading...

Posted in Data Breach, Security Standards and Compliance | Comments Off on GDPR: Not heavy-handed yet, but driving data breaches into the open

 

Throwback Thursday: Whatever happened to Anthem?

Whatever happened to Anthem? In 2014–2015, the firm suffered the largest healthcare data breach ever. But healthcare cyber security has improved since then.

Continue Reading...

Posted in Data Breach, Healthcare Security | Comments Off on Throwback Thursday: Whatever happened to Anthem?

 

Click2Gov breaches show the power of zero-days

Patching issues fast is a step toward software security. But as the Click2Gov breaches show, zero-day vulnerabilities resist even the most persistent patchers.

Continue Reading...

Posted in Data Breach | Comments Off on Click2Gov breaches show the power of zero-days

 

Security lessons from the House Oversight and Government Reform Committee

The U.S. House Committee on Oversight and Government Reform has more than a few things to say about responsible enterprise application security.

Continue Reading...

Posted in Data Breach, Open Source Security | Comments Off on Security lessons from the House Oversight and Government Reform Committee

 

Cooking up digital privacy, indecent (data) exposure, and just another zero-day

Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity in this week’s Security Mashup. What’s in this week’s Security Mashup, you ask? Cook calls for digital privacy laws, user data exposed in the Wife Lovers hack, and just another Windows zero-day. Watch this week’s episode here:

Continue Reading...

Posted in Data Breach, General | Comments Off on Cooking up digital privacy, indecent (data) exposure, and just another zero-day

 

Things get ‘seriously’ insecure yet again for Facebook

Facebook CEO Mark Zuckerberg has had to use variations of the word “serious” a lot over the past year—most notoriously regarding the social media giant’s sale of member data to Cambridge Analytica, which was viewed as affecting the 2016 presidential election.

Continue Reading...

Posted in Data Breach | Comments Off on Things get ‘seriously’ insecure yet again for Facebook

 

Porous portals, Newegg is a broken egg, and Mirai’s creators have new hats

Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity in this week’s Security Mashup. What’s in this week’s Security Mashup, you ask? Porous payment portals lead to government data breaches, Magecart pwns Newegg, and the Mirai creators trade in their black hats for white ones. Watch this week’s episode here:

Continue Reading...

Posted in Data Breach, General | Comments Off on Porous portals, Newegg is a broken egg, and Mirai’s creators have new hats