Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity in this week’s Security Mashup episode. What’s in this week’s Security Mashup episode, you ask? The FIFA World Cup overfloweth—with hackers, forgeries take a bite out of Apple security, and routing us to “Hackerville” (a VPNFilter update). Watch this […]
Continue Reading...
Posted in Application Security, Data Breach, Weekly Security Mashup | Comments Off on World Cup device hacking dangers, Apple malware, and VPNFilter updates
We took the opportunity at RSA Conference last month to survey our booth visitors about their organizations’ application security programs. We’ve sponsored and conducted a number of surveys on topics ranging from DevSecOps to open source security to medical device security, but there’s something about collecting feedback from conference attendees in person that really hits home—a […]
Continue Reading...
Posted in Application Security, Data Breach, Infographic | Comments Off on Security IRL at RSA Conference 2018
Security researcher Robert Wiggins recently uncovered a serious security issue in the TeenSafe “secure” monitoring product for Android and iOS platforms. The app allows users (typically parents) to monitor devices (typically their children’s) to view location, text messages, calls, browsing history, and more. TeenSafe claims the technology can and will help protect your child. There […]
Continue Reading...
Posted in Application Security, Data Breach, Vulnerability Assessment | Comments Off on How does the TeenSafe data leak present a classic false sense of security?
Maybe you could call it two-factor fakery. Because the latest zero-day to plague Microsoft’s Office 365—a cloud-based service that includes Office 2016—was created by somebody who figured out that the way to get malicious emails past its security systems is to split a malicious link in two. Researchers at the security firm Avanan, who said […]
Continue Reading...
Posted in Application Security, Data Breach | Comments Off on Office 365 email protection gets blindsided
Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity in this week’s Weekly Security Mashup episode. When employees post passwords online via Brian Krebs, security blogger – Krebsonsecurity.com – Hosts of companies using the online collaboration tool Trello.com share passwords for sensitive internal resources. New hacking tool lets […]
Continue Reading...
Posted in Application Security, Blockchain Security, Data Breach, Weekly Security Mashup | Comments Off on Employees post passwords online, Hacking tool grants access to DVRs, and Blockchain
The 2018 Verizon Data Breach Investigations Report (DBIR)—the 11th annual exhaustive collection of good advice and (mostly) bad news—which dropped a couple of weeks ago, doesn’t contain any major surprises about the state of online security. The number of confirmed breaches—at least the ones reported by 67 contributors globally—was 2,216, among 53,308 “real-world incidents.” In […]
Continue Reading...
Posted in Application Security, Data Breach, Maturity Model (BSIMM), Vulnerability Assessment | Comments Off on Verizon DBIR puts security burden on users
RSA happened last week, and a ton of news—some gloomy, some encouraging—has come from the world’s largest cyber security conference. The Israeli government follows Great Britain, the U.S., and France and moves to open source. TaskRabbit pledges “more security” after a data breach, and nine things you can expect to have an impact on cyber […]
Continue Reading...
Posted in Application Security, Data Breach, DevOps, Open Source Security, Security Conference or Event | Comments Off on RSA news, Israel shifts to open source, latest on TaskRabbit breach
It’s nearly an all-Tim Mackey issue of Software Integrity Insight as our technical evangelist weighs in on data breaches, container adoption, GitHub, and open source serverless applications. Other stories in this week’s software integrity news include the SirenJack vulnerability, a security vulnerability potentially putting warning sirens across the city of San Francisco at risk, and […]
Continue Reading...
Posted in Application Security, Containers, Data Breach, Internet of Things, Open Source Security | Comments Off on Data breaches, SirenJack, and serverless apps vulns
It’s been quite an interesting few weeks in the land of data breach disclosures. We started with Under Armour disclosing a breach in their MyFitnessPal application that impacted 150 million users. A few days later, Lord & Taylor and Saks Fifth Avenue disclosed a breach impacting millions of their in-store shoppers. Later the same day, […]
Continue Reading...
Posted in Application Security, Black Duck by Synopsys, Data Breach, Security Conference or Event, Security Standards and Compliance | Comments Off on Data breaches and more data breaches—oh my!
Open Source Insight makes the transition to the Synopsys Software Integrity (SIG) blog this week, and you can find us here, as well as the latest posts from SIG technology evangelist Tim Mackey. This week’s edition looks at security for container images, cyber security in healthcare, how most data breaches occur, and a host of […]
Continue Reading...
Posted in Blockchain Security, Containers, Data Breach, Healthcare Security, Open Source Security | Comments Off on What’s in your containers?, Spring Break vulnerability, cyber security in healthcare
