Software Integrity Blog

Archive for the 'Data Breach Security' Category

 

Microsoft acquires GitHub, Election Insecurity, and Ticketfly data breach

 

Continue Reading...

Posted in Data Breach Security, Mergers & Acquisitions, Open Source Security | Comments Off on Microsoft acquires GitHub, Election Insecurity, and Ticketfly data breach

 

Security IRL at RSA Conference 2018

We took the opportunity at RSA Conference last month to survey our booth visitors about their organizations’ application security programs. We’ve sponsored and conducted a number of surveys on topics ranging from DevSecOps to open source security to medical device security, but there’s something about collecting feedback from conference attendees in person that really hits home—a glimpse into security IRL, if you will. Taking a look at security IRL Most attendees (78%) reported direct roles in cybersecurity, risk management or software engineering, representing a wide range of industries. Some of the findings were far from unexpected. For example, 40% of respondents cited a lack of skilled security professionals as the biggest challenge in implementing their application security programs. We also found that a startling number of respondents didn’t even know whether their organizations were the target of a cyber attack in the last two years.

Continue Reading...

Posted in Data Breach Security | Comments Off on Security IRL at RSA Conference 2018

 

How does the TeenSafe data leak present a classic false sense of security?

Security researcher Robert Wiggins recently uncovered a serious security issue in the TeenSafe “secure” monitoring product for Android and iOS platforms.

Continue Reading...

Posted in Cloud Security, Data Breach Security, Software Architecture & Design | Comments Off on How does the TeenSafe data leak present a classic false sense of security?

 

Office 365 email protection gets blindsided

Maybe you could call it two-factor fakery.

Continue Reading...

Posted in Data Breach Security | Comments Off on Office 365 email protection gets blindsided

 

Employees post passwords online, Hacking tool grants access to DVRs, and Blockchain

Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity in this week’s Weekly Security Mashup episode.

Continue Reading...

Posted in Data Breach Security | Comments Off on Employees post passwords online, Hacking tool grants access to DVRs, and Blockchain

 

Data breaches and more data breaches—oh my!

It’s been quite an interesting few weeks in the land of data breach disclosures. We started with Under Armour disclosing a breach in their MyFitnessPal application that impacted 150 million users. A few days later, Lord & Taylor and Saks Fifth Avenue disclosed a breach impacting millions of their in-store shoppers. Later the same day, we learned that Panera Bread had been leaking private user details for its millions of online users for eight months. Three days later we had yet another breach disclosure from Delta Airlines and Sears Holdings, who were using third-party chat services from [24]7.ai. The [24]7.ai breach then expanded to include Kmart and Best Buy a few days later.

Continue Reading...

Posted in Data Breach Security, Software Compliance, Quality & Standards | Comments Off on Data breaches and more data breaches—oh my!

 

Data misuse is a first-class security concern

Facebook has extended their long-running bug bounty program to include data misuse by third-party application providers.

Continue Reading...

Posted in Data Breach Security | Comments Off on Data misuse is a first-class security concern

 

What you should know about the recent Atlanta ransomware attack

The Atlanta ransomware attack is believed to be the result of the SamSam malware that has compromised healthcare, government, and educational systems.

Continue Reading...

Posted in Data Breach Security | Comments Off on What you should know about the recent Atlanta ransomware attack

 

TRITON attack: A failure this time, but still ominous

Yet another cyber attack on a critical infrastructure installation ought to send yet another warning to operators of industrial control systems (ICS) that it is long past time to, as they say, harden their defenses.

Continue Reading...

Posted in Data Breach Security | Comments Off on TRITON attack: A failure this time, but still ominous

 

SSO flaw fixed for some, but risk remains

A recently discovered flaw that undermines the security of numerous single sign-on (SSO) services has been patched by four major providers. But the risk remains for those who don’t install available patches and those for whom no patch is available yet. It’s true that SSO’s major selling point is convenience, not security It makes it easier, and much quicker, to sign into multiple applications, platforms, servers, and so on.

Continue Reading...

Posted in Data Breach Security | Comments Off on SSO flaw fixed for some, but risk remains