Software Integrity Blog

Archive for the 'Data Breach Security' Category

 

Patch now or pay later: Report

To prevent data breaches, practice these two fundamentals: shift left (perform application security testing early and often in your SDLC), and always patch.

Continue Reading...

Posted in Data Breach Security | Comments Off on Patch now or pay later: Report

 

More medical mega-breaches thanks to third-party insecurity

The AMCA breach hammers home the need for supply chain security. Here’s how to vet your vendors so you can keep from becoming the next Quest or LabCorp.

Continue Reading...

Posted in Data Breach Security, Healthcare Security & Privacy, Software Security Program | Comments Off on More medical mega-breaches thanks to third-party insecurity

 

The Verizon DBIR and the art of the breach

An attack path is a series of threat actions leading to a successful data breach. The Verizon 2019 DBIR (Data Breach Investigations Report) offers insights.

Continue Reading...

Posted in Data Breach Security, Software Architecture & Design | Comments Off on The Verizon DBIR and the art of the breach

 

GDPR: Not heavy-handed yet, but driving data breaches into the open

The GDPR fines issued so far have been small, but breach notifications are up. As GDPR continues to ramp up, it seems likely to achieve its goals of privacy.

Continue Reading...

Posted in Data Breach Security, Software Compliance, Quality & Standards | Comments Off on GDPR: Not heavy-handed yet, but driving data breaches into the open

 

Advances in healthcare security since the Anthem data breach

The Anthem data breach in 2014–2015 was the largest healthcare data breach ever. But healthcare cyber security has improved since then.

Continue Reading...

Posted in Data Breach Security, Healthcare Security & Privacy | Comments Off on Advances in healthcare security since the Anthem data breach

 

Click2Gov breaches show the power of zero-days

Patching issues fast is a step toward software security. But as the Click2Gov breaches show, zero-day vulnerabilities resist even the most persistent patchers.

Continue Reading...

Posted in Data Breach Security | Comments Off on Click2Gov breaches show the power of zero-days

 

Security lessons from the House Oversight and Government Reform Committee

The U.S. House Committee on Oversight and Government Reform has more than a few things to say about responsible enterprise application security.

Continue Reading...

Posted in Data Breach Security, Open Source Security | Comments Off on Security lessons from the House Oversight and Government Reform Committee

 

Cooking up digital privacy, indecent (data) exposure, and just another zero-day

Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity in this week’s Security Mashup. What’s in this week’s Security Mashup, you ask? Cook calls for digital privacy laws, user data exposed in the Wife Lovers hack, and just another Windows zero-day. Watch this week’s episode here:

Continue Reading...

Posted in Data Breach Security | Comments Off on Cooking up digital privacy, indecent (data) exposure, and just another zero-day

 

Things get ‘seriously’ insecure yet again for Facebook

Facebook CEO Mark Zuckerberg has had to use variations of the word “serious” a lot over the past year—most notoriously regarding the social media giant’s sale of member data to Cambridge Analytica, which was viewed as affecting the 2016 presidential election.

Continue Reading...

Posted in Data Breach Security | Comments Off on Things get ‘seriously’ insecure yet again for Facebook

 

Porous portals, Newegg is a broken egg, and Mirai’s creators have new hats

Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity in this week’s Security Mashup. What’s in this week’s Security Mashup, you ask? Porous payment portals lead to government data breaches, Magecart pwns Newegg, and the Mirai creators trade in their black hats for white ones. Watch this week’s episode here:

Continue Reading...

Posted in Data Breach Security | Comments Off on Porous portals, Newegg is a broken egg, and Mirai’s creators have new hats