Software Integrity Blog

Archive for the 'Data Breach' Category

 

Equifax breach: Catastrophic, but no game changer yet

The Equifax breach generated plenty of sound and fury. Has the government responded with stricter regulation? Have companies stepped up their security game?

Continue Reading...

Posted in Data Breach | Comments Off on Equifax breach: Catastrophic, but no game changer yet

 

These hacks brought to you by ‘leaky’ APIs

“Leaky” is almost never a good thing. The whole idea, in just about any case, is to make things that don’t leak and to plug things that do.

Continue Reading...

Posted in Data Breach, Web Application Security | Comments Off on These hacks brought to you by ‘leaky’ APIs

 

A test hack, don’t let Ghostscript haunt you, and a helpful hacker

Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity in this week’s Security Mashup. What’s in this week’s Security Mashup, you ask? Not a real hack, but maybe a test hack, don’t let Ghostscript haunt you, and a helpful hacker. Watch this week’s episode below:

Continue Reading...

Posted in Data Breach, General, Open Source Security | Comments Off on A test hack, don’t let Ghostscript haunt you, and a helpful hacker

 

CVE-2018-11776: The latest Apache Struts vulnerability

About a week ago, a security researcher disclosed a critical remote code execution vulnerability in the Apache Struts web application framework that could allow remote attackers to run malicious code on the affected servers. The vulnerability (CVE-2018-11776) affects all supported versions of Struts 2 and was patched by the Apache Software Foundation on Aug. 22. Users of Struts 2.3 should upgrade to 2.3.35; users of Struts 2.5 need to upgrade to 2.5.17. They should do so as soon as possible, given that bad actors are already working on exploits. More critical than the Equifax vulnerability “On the whole, this is more critical than the highly critical Struts RCE vulnerability that the Semmle Security Research Team discovered and announced last September,” Man Yue Mo, the researcher who uncovered the flaw, told the media, referring to CVE-2017-9805. CVE-2017-9805 was announced the same day (September 7, 2017) that Equifax announced the massive data breach via CVE-2017-5638, which led to the lifting of personal details of over 148 million consumers.

Continue Reading...

Posted in Data Breach, Open Source Security, Software Composition Analysis | Comments Off on CVE-2018-11776: The latest Apache Struts vulnerability

 

Facing off with Google, Snap out of it, and Password protection

Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity in this week’s Security Mashup. What’s in this week’s Security Mashup, you ask? Facing off with Google, Snap out of it, and Password protection. Watch this week’s episode taped live at Black Hat USA 2018.

Continue Reading...

Posted in Data Breach, General, Open Source Security | Comments Off on Facing off with Google, Snap out of it, and Password protection

 

SingHealth hit with ‘unprecedented’ cyber attack

After the SingHealth cyber attack, it took a week for attackers to steal the personal data of 1.5 million people—about a quarter of the city-state’s population.

Continue Reading...

Posted in Data Breach, Healthcare Security | Comments Off on SingHealth hit with ‘unprecedented’ cyber attack

 

GDPR raises the stakes on data breaches

Another week, another list of data breaches resulting from vulnerabilities in third-party contractors for high-profile companies.

Continue Reading...

Posted in Data Breach, Security Standards and Compliance | Comments Off on GDPR raises the stakes on data breaches

 

Timehop breach provides GDPR response template

The Timehop breach disclosed 21 million individuals’ account information. And now we know what public disclosure of a breach might look like under GDPR.

Continue Reading...

Posted in Data Breach, Security Standards and Compliance | Comments Off on Timehop breach provides GDPR response template

 

Ex-CIA employee insider threat, FlightTrader24 hack, and RedHat licenses

Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity in this week’s Security Mashup episode. What’s in this week’s Security Mashup episode, you ask? Ex-CIA employee insider threat and how he was outed, insight into the FlightTrader24 hack, and what you need to know about the RedHat open source license copyright conundrum. Watch and learn more:

Continue Reading...

Posted in Data Breach, General, Mergers & Acquisitions, Open Source Security | Comments Off on Ex-CIA employee insider threat, FlightTrader24 hack, and RedHat licenses

 

World Cup device hacking dangers, Apple malware, and VPNFilter updates

Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity in this week’s Security Mashup episode. What’s in this week’s Security Mashup episode, you ask? The FIFA World Cup overfloweth—with hackers, forgeries take a bite out of Apple security, and routing us to “Hackerville” (a VPNFilter update). Watch this episode here:

Continue Reading...

Posted in Data Breach, General | Comments Off on World Cup device hacking dangers, Apple malware, and VPNFilter updates