Last week’s news introduced us to another pair of vulnerabilities hitting right at the foundation of everything we place our trust in. Named KRACK and ROCA, these flaws target specific facets of Wi-Fi networks and cryptographic keys, meaning that attackers can potentially sneak into networks we consider private, and decipher things we consider secret. Who’s affected? […]
Continue Reading...
Posted in Application Security, Data Breach, Security Training, Vulnerability Assessment | No Comments »
WPA2? The weekend of Friday the 13th took a frightening turn—even for those of us who aren’t superstitious—when detrimental weaknesses were discovered in Wi-Fi Protected Access II (WPA2), the protocol responsible for securing Wi-Fi networks. WPA2 was first made available back in 2004 and has been required on all Wi-Fi branded devices since March 2006. […]
Continue Reading...
Posted in Application Security, Data Breach, Software Quality, Vulnerability Assessment | No Comments »
What happened and what can we learn? There’s been some very big news in the cryptographic world this week. So far, several technology news sites have highlighted the impact of a new vulnerability on Estonian and Slovakian smartcards, but the reach of this vulnerability is far wider than that. Five security researchers have just announced […]
Continue Reading...
Posted in Application Security, Cryptography, Data Breach, Featured | No Comments »
The information technology sector is one of the world’s fastest growing industries. In fact, the rate at which software and software products are evolving is many times greater when compared to the rate at which software security is evolving. In an age of cybercrime, some of the most widespread cyber-based crimes include: Stealing information via […]
Continue Reading...
Posted in Application Security, Data Breach, Software Security Program Development | Comments Off on Why do companies need a software security program?
Initially created to support hands-free headsets, Bluetooth in 2017 is far from a simple wireless technology standard. It has evolved into a much different technology than today’s standard Wi-Fi wireless protocols. Researchers Ben Seri and Gregory Vishnepolsky of Armis Labs examine how complicated the Bluetooth implementation has become by navigating the complex protocol implementations in […]
Continue Reading...
Posted in Application Security, Data Breach, Vulnerability Assessment | Comments Off on What you need to know about BlueBorne Bluetooth flaws
In recent days, more details concerning the Equifax breach have come to light. There’s now speculation that attackers exploited a vulnerability in Apache Struts to steal data. There has also been plenty of speculation regarding the exact vulnerability that may have been exploited. The Apache Struts theory The Apache Struts Program Management Committee released a […]
Continue Reading...
Posted in Data Breach, Open Source Security | Comments Off on Did an Apache Struts vulnerability trigger the Equifax hack?
On Sept. 7, Equifax announced that attackers had stolen information from about 143 million people in the United States. Canadian and U.K. residents’ data was also stolen. However, Equifax has not yet revealed the number of people affected. We do not know the exact vulnerability that was exploited. Equifax stated only that “criminals exploited a […]
Continue Reading...
Posted in Application Security, Data Breach | Comments Off on What can your firm learn from the unfolding Equifax hack?
It took security researchers only minutes to gain access to more than a dozen voting machines at last month’s DEF CON security conference. The nearly two dozen machines, all purchased from eBay and government auctions, are considered representative of the wide variety of electronic voting systems in use today. One even contained actual voting data from […]
Continue Reading...
Posted in Application Security, Data Breach, Government Security | Comments Off on DEF CON 25 exposes voting system vulnerabilities
Fault Injection is a podcast from Synopsys that digs into software quality and security issues. In this episode, host Robert Vamosi, CISSP and Security Strategist at Synopsys, interviews Kevin Mitnick about how to stay secure at security conferences. Kevin draws on tips from his latest book, The Art of Invisibility: The World’s Most Famous Hacker […]
Continue Reading...
Posted in Application Security, Data Breach, Security Conference or Event | Comments Off on Fault Injection Podcast: Kevin Mitnick discusses how to stay secure at security conferences
A vulnerability in a single software component, found in an internet-connected security camera, may leave thousands of different security camera models (and other IoT devices) at risk. On Tuesday, IoT researchers at Senrio disclosed a hackable flaw they’re calling “Devil’s Ivy.” Officially known as CVE-2017-9765, the vulnerability is a stack buffer overflow that, if successfully […]
Continue Reading...
Posted in Application Security, Data Breach, Internet of Things | Comments Off on Devil’s Ivy security vulnerability leaves IoT devices at risk