Software Integrity Blog

Archive for the 'Data Breach' Category

 

Facing off with Google, Snap out of it, and Password protection

Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity in this week’s Security Mashup. What’s in this week’s Security Mashup, you ask? Facing off with Google, Snap out of it, and Password protection. Watch this week’s episode taped live at Black Hat USA 2018. Inside Google’s plan […]

Continue Reading...

Posted in Data Breach, Open Source Security, Webinars, Weekly Security Mashup | Comments Off on Facing off with Google, Snap out of it, and Password protection

 

GDPR raises the stakes on data breaches

Another week, another list of data breaches resulting from vulnerabilities in third-party contractors for high-profile companies. But since May 25, at least in the European Union (EU), it is more than just another week. There is the potential for something both more harsh and more expensive than unhappy customers, brand damage, or even class action […]

Continue Reading...

Posted in Data Breach, Security Standards and Compliance | Comments Off on GDPR raises the stakes on data breaches

 

Timehop breach provides GDPR response template

With the disclosure of 21 million individuals’ account information being accessed in a data breach at Timehop, we now have a blueprint for what public disclosure of a breach might look like under the new GDPR rules. In their disclosure, Timehop stated that on July 4, malicious actors gained access to account information for 21 […]

Continue Reading...

Posted in Data Breach, Security Standards and Compliance | Comments Off on Timehop breach provides GDPR response template

 

Ex-CIA employee insider threat, FlightTrader24 hack, and RedHat licenses

Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity in this week’s Security Mashup episode. What’s in this week’s Security Mashup episode, you ask? Ex-CIA employee insider threat and how he was outed, insight into the FlightTrader24 hack, and what you need to know about the RedHat […]

Continue Reading...

Posted in Data Breach, Government Security, Open Source Security, Weekly Security Mashup | Comments Off on Ex-CIA employee insider threat, FlightTrader24 hack, and RedHat licenses

 

World Cup device hacking dangers, Apple malware, and VPNFilter updates

Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity in this week’s Security Mashup episode. What’s in this week’s Security Mashup episode, you ask? The FIFA World Cup overfloweth—with hackers, forgeries take a bite out of Apple security, and routing us to “Hackerville” (a VPNFilter update). Watch this […]

Continue Reading...

Posted in Data Breach, Weekly Security Mashup | Comments Off on World Cup device hacking dangers, Apple malware, and VPNFilter updates

 

Microsoft acquires GitHub, Election Insecurity, and Ticketfly data breach

  Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and unsecurity in this week’s Security Mashup episode. What’s in this week’s Security Mashup episode, you ask? GitHub acquired by Microsoft, election insecurity persists, and the Ticketfly data breach.  Play this week’s episode below:   Microsoft has snapped up […]

Continue Reading...

Posted in Data Breach, Government Security, Open Source Security, Weekly Security Mashup | Comments Off on Microsoft acquires GitHub, Election Insecurity, and Ticketfly data breach

 

Security IRL at RSA Conference 2018

We took the opportunity at RSA Conference last month to survey our booth visitors about their organizations’ application security programs. We’ve sponsored and conducted a number of surveys on topics ranging from DevSecOps to open source security to medical device security, but there’s something about collecting feedback from conference attendees in person that really hits home—a […]

Continue Reading...

Posted in Data Breach, Events, Infographic | Comments Off on Security IRL at RSA Conference 2018

 

How does the TeenSafe data leak present a classic false sense of security?

Security researcher Robert Wiggins recently uncovered a serious security issue in the TeenSafe “secure” monitoring product for Android and iOS platforms. The app allows users (typically parents) to monitor devices (typically their children’s) to view location, text messages, calls, browsing history, and more. TeenSafe claims the technology can and will help protect your child. There […]

Continue Reading...

Posted in Cloud Security, Data Breach, Software Architecture and Design | Comments Off on How does the TeenSafe data leak present a classic false sense of security?

 

Office 365 email protection gets blindsided

Maybe you could call it two-factor fakery. Because the latest zero-day to plague Microsoft’s Office 365—a cloud-based service that includes Office 2016—was created by somebody who figured out that the way to get malicious emails past its security systems is to split a malicious link in two. Researchers at the security firm Avanan, who said […]

Continue Reading...

Posted in Data Breach | Comments Off on Office 365 email protection gets blindsided

 

Employees post passwords online, Hacking tool grants access to DVRs, and Blockchain

Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity in this week’s Weekly Security Mashup episode. When employees post passwords online via Brian Krebs, security blogger – Krebsonsecurity.com – Hosts of companies using the online collaboration tool Trello.com share passwords for sensitive internal resources. New hacking tool lets […]

Continue Reading...

Posted in Data Breach, Weekly Security Mashup | Comments Off on Employees post passwords online, Hacking tool grants access to DVRs, and Blockchain