It’s nearly an all-Tim Mackey issue of Software Integrity Insight as our technical evangelist weighs in on data breaches, container adoption, GitHub, and open source serverless applications. Other stories in this week’s software integrity news include the SirenJack vulnerability, a security vulnerability potentially putting warning sirens across the city of San Francisco at risk, and […]
Continue Reading...
Posted in Application Security, Containers, Data Breach, Internet of Things, Open Source Security | No Comments »
It’s been quite an interesting few weeks in the land of data breach disclosures. We started with Under Armour disclosing a breach in their MyFitnessPal application that impacted 150 million users. A few days later, Lord & Taylor and Saks Fifth Avenue disclosed a breach impacting millions of their in-store shoppers. Later the same day, […]
Continue Reading...
Posted in Application Security, Black Duck by Synopsys, Data Breach, Security Conference or Event, Security Standards and Compliance | No Comments »
Open Source Insight makes the transition to the Synopsys Software Integrity (SIG) blog this week, and you can find us here, as well as the latest posts from SIG technology evangelist Tim Mackey. This week’s edition looks at security for container images, cyber security in healthcare, how most data breaches occur, and a host of […]
Continue Reading...
Posted in Blockchain Security, Containers, Data Breach, Healthcare Security, Open Source Security | No Comments »
Facebook has extended their long-running bug bounty program to include data misuse by third-party application providers. I applaud Facebook for making this stand. Despite the news being about one social media platform, one third-party application collecting data for a purported psychological survey, and the firms and people that surround the incident, it is important to […]
Continue Reading...
Posted in Application Security, Data Breach | Comments Off on Data misuse is a first-class security concern
The city of Atlanta has become one of the latest victims of a ransomware attack. The attack is believed to be the result of the SamSam malware that has compromised various healthcare, government, and educational systems over the past several years. Is SamSam malware responsible? This malware initially targeted a remote code execution vulnerability in […]
Continue Reading...
Posted in Data Breach | Comments Off on What you should know about the recent Atlanta ransomware attack
Yet another cyber attack on a critical infrastructure installation ought to send yet another warning to operators of industrial control systems (ICS) that it is long past time to, as they say, harden their defenses. The attack, reportedly on a facility somewhere in the Middle East, was reported in early December by the Mandiant division […]
Continue Reading...
Posted in Application Security, Data Breach, Industrial Control System Security | Comments Off on TRITON attack: A failure this time, but still ominous
A recently discovered flaw that undermines the security of numerous single sign-on (SSO) services has been patched by four major providers. But the risk remains for those who don’t install available patches and those for whom no patch is available yet. It’s true that SSO’s major selling point is convenience, not security It makes it […]
Continue Reading...
Posted in Application Security, Data Breach | Comments Off on SSO flaw fixed for some, but risk remains
The record-breaking, 1.35 TB DDoS attack this past week against code repository GitHub, using Memcached servers—a few have sardonically labeled it Memcrashed—shouldn’t have happened. Not in the sense that people shouldn’t do bad things to other people, like attack their websites, even though yes, of course they shouldn’t. It shouldn’t have happened because it shouldn’t […]
Continue Reading...
Posted in Application Security, Data Breach | Comments Off on The GitHub Memcached DDoS: It shouldn’t have happened
As malware attacks go, this one was relatively benign. But that doesn’t mean it shouldn’t be taken seriously. The criminals who infected an estimated 5,000 or more websites in the US, the UK, Canada, Ireland and Australia starting at 11:14 a.m. GMT Sunday – many of them government sites – were apparently only interested in sucking electricity and […]
Continue Reading...
Posted in Application Security, Data Breach | Comments Off on Small crypto mining attack points to big browser problem
A relatively new Internet of Things (IoT) botnet took its time going viral – it even disappeared for 10 days – but once it got back in gear, it spread worldwide in a matter of days. Hence the name – HNS or “Hide and Seek” – that researchers at Bitdefender Labs gave it after they first spotted […]
Continue Reading...
Posted in Data Breach, Internet of Things, Vulnerability Assessment | Comments Off on In an IoT-filled world, it’s time to be alert in the wake of ‘Hide ‘N Seek”
