Software Security

Archive for the 'Data Breach' Category

 

Lessons learned from this year’s biggest security breaches

As this year draws to a close, we can look back on 2016 and see what challenges the security industry has had to overcome. Jumping on this bandwagon a bit early, I hope to draw attention to some of the more difficult challenges our industry will face in the coming year. In order to do […]

Continue Reading...

Posted in Data Breach, Internet of Things, Red Teaming, Software Security Testing | Comments Off on Lessons learned from this year’s biggest security breaches

 

Top cyber security trends of 2016

As we near the end of 2016, it’s time to reflect on some of the biggest security issues that we saw this year. 2016 was an interesting year in which many security issues came into focus. We saw many attacks with a goal of financial gain. We saw nation-states threatening cyberattacks around the US election. And, we […]

Continue Reading...

Posted in Application Security, Data Breach | Comments Off on Top cyber security trends of 2016

 

Cyberattacks erase Saudi government data

The data on thousands of computers at the headquarters of the General Authority of Civil Aviation in Saudi Arabia was erased starting in mid-November by malware from “outside the country,” according to a state report. On Thursday, the state-run Saudi Press Agency confirmed that a series of attacks on government systems, especially the transportation sector. […]

Continue Reading...

Posted in Data Breach, Government Security, Industrial Control System Security | Comments Off on Cyberattacks erase Saudi government data

 

Mirai botnet targets Deutsche Telekom routers, causing outages

Over the weekend, around 1 million Deutsche Telekom customers experienced interruptions in their Internet services, a denial of service that has now been traced to the Mirai botnet. Mirai leverages flaws in Internet of Things devices to create a compromised network or botnet. The source code for Mirai botnet went public in early October, allowing […]

Continue Reading...

Posted in Data Breach, Internet of Things | Comments Off on Mirai botnet targets Deutsche Telekom routers, causing outages

 

DDoS attack, BlackNurse, uses ICMP

Criminal hackers with limited resource can defeat firewalls with a new attack. Dubbed BlackNurse by the Denmark-based TDC Security Operations researchers who first found it, the attack allows volumes of as little as 15 megabits, or about 40,000 packets per second, to bombard sites with volumes approaching or exceeding 1 terabit per second. It uses […]

Continue Reading...

Posted in Data Breach, Network Security | Comments Off on DDoS attack, BlackNurse, uses ICMP

 

Voter registration and election security: What you need to know

If you’re registered to vote in the U.S., you probably recall the information collected at registration. To refresh your memory, personal details such as your name, address, date of birth, driver’s license number, and the last four digits of your social security number are all contained within your state’s voter rolls and records. All of this information is […]

Continue Reading...

Posted in Data Breach, Software Security Testing | Comments Off on Voter registration and election security: What you need to know

 

How to overcome common software security training hurdles

Software security training is an important part of software development. In the latest Ponemon study on data breaches, training and awareness programs are the number one control implemented after a data breach. However, as with any security control, it’s possible to incorrectly implement training. Within this post, I’ll discuss several common software security training hurdles […]

Continue Reading...

Posted in Data Breach, Security Training, Software Security Testing | Comments Off on How to overcome common software security training hurdles

 

Yahoo admits 500 million records breached

Yahoo says a “a state-sponsored actor” is responsible for a 2014 data breach, although it declined to say more. Previously Yahoo had said it was investigating with law enforcement a breach of 200 million user accounts. Apparently the investigation has found a deeper intrusion into its network. “The account information may have included names, email […]

Continue Reading...

Posted in Data Breach, Network Security | Comments Off on Yahoo admits 500 million records breached

 

Benefits of application security training: Moving beyond compliance

The official organizational response to a data breach almost always includes the statement: “We met all regulatory and legal requirements for data protection.” Training is required for many compliance regimes, and it might just be good enough as a compliance control. However, as a security control it’s inadequate. There are multiple major retailers that were […]

Continue Reading...

Posted in Data Breach, Maturity Model (BSIMM), Security Metrics, Security Training, Software Security Testing | Comments Off on Benefits of application security training: Moving beyond compliance

 

SWIFT discloses additional bank hacking thefts

Months after February’s high-profile $81 million heist at Bangladesh Bank, the global financial messaging system known as SWIFT said it has faced additional attempts to steal money starting in June. SWIFT messaging services are used and trusted by more than 11,000 financial institutions in more than 200 countries and territories around the world, according to […]

Continue Reading...

Posted in Data Breach, Financial Services Security | Comments Off on SWIFT discloses additional bank hacking thefts