Software Integrity

Archive for the 'Data Breach' Category

 

Small crypto mining attack points to big browser problem

As malware attacks go, this one was relatively benign. But that doesn’t mean it shouldn’t be taken seriously. The criminals who infected an estimated 5,000 or more websites in the US, the UK, Canada, Ireland and Australia starting at 11:14 a.m. GMT Sunday – many of them government sites – were apparently only interested in sucking electricity and […]

Continue Reading...

Posted in Application Security, Data Breach | No Comments »

 

In an IoT-filled world, it’s time to be alert in the wake of ‘Hide ‘N Seek”

A relatively new Internet of Things (IoT) botnet took its time going viral – it even disappeared for 10 days – but once it got back in gear, it spread worldwide in a matter of days. Hence the name – HNS or “Hide and Seek” – that researchers at Bitdefender Labs gave it after they first spotted […]

Continue Reading...

Posted in Data Breach, Internet of Things, Vulnerability Assessment | No Comments »

 

New reports detail how most 2017 security breaches were easily preventable

For data breaches, 2017 was (no drum roll, please)…The. Worst. Year. Ever. No drum roll needed, because there wasn’t even a shred of suspense about it. Just as it will be no surprise to learn a year from now that 2018 was the new worst year ever for data breaches. A small flood of reports […]

Continue Reading...

Posted in Application Security, Data Breach, Vulnerability Assessment | Comments Off on New reports detail how most 2017 security breaches were easily preventable

 

How can SMBs maximize AppSec returns on an SMB budget?

Small and medium-size businesses (SMBs) are nonsubsidiary, independent firms that employ fewer than a given number of employees. This number varies from country to country: Gartner defines an SMB as having fewer than 1,000 employees, but the European Union defines an SMB as having fewer than 250 employees. Managing an SMB budget Many factors affect […]

Continue Reading...

Posted in Application Security, Cloud Security, Data Breach, Software Security Program Development, Static Analysis (SAST) | Comments Off on How can SMBs maximize AppSec returns on an SMB budget?

 

Open source vulnerabilities: Are you prepared to run the race?

Originally posted on SecurityWeek.  After going through 24 seasons of cross-country, winter track, and spring track with my boys, I fully understand that if you put your toe on the line, you had better be prepared to race, or bad things happen. As the use of open source continues to rise, many organizations are putting […]

Continue Reading...

Posted in Data Breach, Open Source Security, Software Composition Analysis | Comments Off on Open source vulnerabilities: Are you prepared to run the race?

 

Top security breaches of 2017 (+2018 cyber security predictions)

The year 2017 broke records for the number of reported security vulnerabilities in software. We also saw one of the worst data breaches ever in terms of impact. Let’s look back at some of the security news from 2017. Record number of vulnerabilities The number of publicly disclosed vulnerabilities in 2017 far exceeds the number […]

Continue Reading...

Posted in Application Security, Data Breach | Comments Off on Top security breaches of 2017 (+2018 cyber security predictions)

 

PayPal uncovers TIO Networks data breach affecting 1.6 million users

In July 2017, PayPal completed its acquisition of TIO Networks for $238 million. TIO Networks, a multichannel payment processor, serves over 16 million consumer bill pay accounts and offers solutions for payment services to financially underserved consumers and consumer services. Fast-forward to Nov. 10, 2017, when PayPal announced the suspension of TIO Networks’ operations due […]

Continue Reading...

Posted in Application Security, Data Breach, Vendor Risk Management | Comments Off on PayPal uncovers TIO Networks data breach affecting 1.6 million users

 

Learning from KRACK and ROCA: Here’s how to equip your firm

Last week’s news introduced us to another pair of vulnerabilities hitting right at the foundation of everything we place our trust in. Named KRACK and ROCA, these flaws target specific facets of Wi-Fi networks and cryptographic keys, meaning that attackers can potentially sneak into networks we consider private, and decipher things we consider secret. Who’s affected? […]

Continue Reading...

Posted in Application Security, Data Breach, Security Training, Vulnerability Assessment | Comments Off on Learning from KRACK and ROCA: Here’s how to equip your firm

 

KRACK: Examining the WPA2 protocol flaw and what it means for your business

WPA2? The weekend of Friday the 13th took a frightening turn—even for those of us who aren’t superstitious—when detrimental weaknesses were discovered in Wi-Fi Protected Access II (WPA2), the protocol responsible for securing Wi-Fi networks. WPA2 was first made available back in 2004 and has been required on all Wi-Fi branded devices since March 2006. […]

Continue Reading...

Posted in Application Security, Data Breach, Software Quality, Vulnerability Assessment | Comments Off on KRACK: Examining the WPA2 protocol flaw and what it means for your business

 

ROCA: Cryptographic flaws in BitLocker, Secure Boot, and millions of smartcards

What happened and what can we learn? There’s been some very big news in the cryptographic world this week. So far, several technology news sites have highlighted the impact of a new vulnerability on Estonian and Slovakian smartcards, but the reach of this vulnerability is far wider than that. Five security researchers have just announced […]

Continue Reading...

Posted in Application Security, Cryptography, Data Breach | Comments Off on ROCA: Cryptographic flaws in BitLocker, Secure Boot, and millions of smartcards