Whatever happened to Anthem? In 2014–2015, the firm suffered the largest healthcare data breach ever. But healthcare cyber security has improved since then.
Posted in Data Breach, Healthcare Security | Comments Off on Throwback Thursday: Whatever happened to Anthem?
Patching issues fast is a step toward software security. But as the Click2Gov breaches show, zero-day vulnerabilities resist even the most persistent patchers.
Posted in Data Breach, Government Security | Comments Off on Click2Gov breaches show the power of zero-days
The U.S. House Committee on Oversight and Government Reform has more than a few things to say about responsible enterprise application security.
Posted in Data Breach, Open Source Security | Comments Off on Security lessons from the House Oversight and Government Reform Committee
Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity in this week’s Security Mashup. What’s in this week’s Security Mashup, you ask? Cook calls for digital privacy laws, user data exposed in the Wife Lovers hack, and just another Windows zero-day. Watch this week’s episode here: Tim […]
Posted in Data Breach, Privacy, Weekly Security Mashup | Comments Off on Cooking up digital privacy, indecent (data) exposure, and just another zero-day
Facebook CEO Mark Zuckerberg has had to use variations of the word “serious” a lot over the past year—most notoriously regarding the social media giant’s sale of member data to Cambridge Analytica, which was viewed as affecting the 2016 presidential election. He had to use it again, and not in a good way, on Friday […]
Posted in Data Breach | Comments Off on Things get ‘seriously’ insecure yet again for Facebook
Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity in this week’s Security Mashup. What’s in this week’s Security Mashup, you ask? Porous payment portals lead to government data breaches, Magecart pwns Newegg, and the Mirai creators trade in their black hats for white ones. Watch this week’s […]
Posted in Data Breach, Government Security, Weekly Security Mashup | Comments Off on Porous portals, Newegg is a broken egg, and Mirai’s creators have new hats
This article was originally published in Forbes. I hate to say I told you so…well, actually, like most people, I love to say I told you so. I’m just willing to admit it. Because the state of software security a year after the catastrophic data breach of Equifax became public, basically confirms what I wrote last October: […]
Posted in Data Breach | Comments Off on Equifax breach: Catastrophic, but no game changer yet
“Leaky” is almost never a good thing. The whole idea, in just about any case, is to make things that don’t leak and to plug things that do. And that’s true of cyber security, as demonstrated by a couple of recent incidents involving leaky APIs (application programming interfaces). Hacked at Black Hat A couple of […]
Posted in Data Breach, Web Application Security | Comments Off on These hacks brought to you by ‘leaky’ APIs
Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity in this week’s Security Mashup. What’s in this week’s Security Mashup, you ask? Not a real hack, but maybe a test hack, don’t let Ghostscript haunt you, and a helpful hacker. Watch this week’s episode below: Why the […]
Posted in Data Breach, Open Source Security, Weekly Security Mashup | Comments Off on A test hack, don’t let Ghostscript haunt you, and a helpful hacker
About a week ago, a security researcher disclosed a critical remote code execution vulnerability in the Apache Struts web application framework that could allow remote attackers to run malicious code on the affected servers. The vulnerability (CVE-2018-11776) affects all supported versions of Struts 2 and was patched by the Apache Software Foundation on Aug. 22. Users of […]
Posted in Data Breach, Open Source Security, Software Composition Analysis | Comments Off on CVE-2018-11776: The latest Apache Struts vulnerability
Get the latest Software Integrity news, thought leadership, and more.
