Fault Injection is a podcast from Synopsys that digs into software quality and security issues. In this episode, host Robert Vamosi, CISSP and Security Strategist at Synopsys, interviews Kevin Mitnick about how to stay secure at security conferences. Kevin draws on tips from his latest book, The Art of Invisibility: The World’s Most Famous Hacker […]
Continue Reading...
Posted in Application Security, Data Breach, Security Conference or Event | Comments Off on Fault Injection Podcast: Kevin Mitnick discusses how to stay secure at security conferences
A vulnerability in a single software component, found in an internet-connected security camera, may leave thousands of different security camera models (and other IoT devices) at risk. On Tuesday, IoT researchers at Senrio disclosed a hackable flaw they’re calling “Devil’s Ivy.” Officially known as CVE-2017-9765, the vulnerability is a stack buffer overflow that, if successfully […]
Continue Reading...
Posted in Application Security, Data Breach, Internet of Things | Comments Off on Devil’s Ivy security vulnerability leaves IoT devices at risk
This week’s malware outbreak that removed computer data capabilities from large enterprises worldwide is now thought to have been designed to damage, not to earn profit. Therefore, it only masquerades as traditional ransomware. First seen on Tuesday, NotPetya/Petya is like last month’s WannaCry in that it displayed a ransom request of $300 in BitCoin on […]
Continue Reading...
Posted in Application Security, Data Breach | Comments Off on Beyond WannaCry and NotPetya / Petya: What’s next for enterprises?
Another round of ransomware (malware that encrypts the contents of a hard drive until a paid BitCoin ransom unlocks them) is spreading globally. The new ransomware, known as PetrWrap/Petya, is similar and yet significantly different than WannaCry. Unlike the previous attack, PetrWrap/Petya is a virus that spreads by spam campaigns using malicious Microsoft Word documents. Therefore, it […]
Continue Reading...
Posted in Application Security, Data Breach | Comments Off on PetrWrap/Petya ransomware spreading globally: Here’s what you need to know
By mid 2018, global organizations doing business in Europe will need to comply with a new data security regulation known as the General Data Protection Regulation (GDPR). In light of recent high-profile data breaches, the GDPR is a much-needed revision of the EU’s 1995 Data Protection Directive 95/46/EC. It establishes new best practices for organizations doing […]
Continue Reading...
Posted in Data Breach, Security Standards and Compliance | Comments Off on How will the EU’s GDPR set a higher data security standard?
Adding communications to cars and the transportation infrastructure provides cool new services (e.g., safe driving, faster transit times, etc.). From a security perspective, it also widens the threat landscape. Potentially, a bad actor sitting along the roadside with wireless access might be able to mess with the internal workings of your car or the traffic lights […]
Continue Reading...
Posted in Application Security, Automotive Security, Data Breach | Comments Off on New car communications could give hackers a free ride
With a technical story like WannaCry, there are bound to be some falsehoods spread as fact. As with any misconception, there is often a kernel of truth. More often though, the answer is more complicated than it first seems. Here are a few important falsehoods that have been circulating in the last 48 hours: WannaCry spreads via […]
Continue Reading...
Posted in Application Security, Data Breach | Comments Off on Don’t fall victim to these 5 WannaCry ransomware misconceptions
Last Friday, a piece of malware known as WannaCry (WanaCrypt0r 2.0/WCry) infected over 200,000 Windows-based machines in over 150 countries. What made this malware different was that it encrypted the hard drive, withholding the contents until the victim paid $300 BitCoins. While ransomware itself is not new, the rapid spread of WannaCry caught many people […]
Continue Reading...
Posted in Application Security, Data Breach | Comments Off on In the wake of WannaCry: What we now know and how to move forward
On Friday, several organizations around the world fell victim to a wave of ransomware that swept the globe. Ransomware is malware that encrypts the hard drives of compromised machines until the owner makes full payment. Such attacks have been persistent but relatively quiet. Until now, ransomware had been confined to limited or one-off events. A […]
Continue Reading...
Posted in Application Security, Data Breach | Comments Off on WannaCry ransomware attack takes the world by storm
A hacking tool leaked in April by a mysterious organization is attacking older Windows boxes, exposing gaps in organizational update and upgrade policies. One researcher estimates that between 100K and 200K boxes may already be compromised worldwide. What’s particularly interesting is that Microsoft issued a patch for the underlying vulnerabilities in March. Shadow Brokers Several […]
Continue Reading...
Posted in Application Security, Data Breach, Vulnerability Assessment | Comments Off on DoublePulsar continues to expose older Windows boxes: What you need to know