Software Integrity Blog

Archive for the 'Data Breach' Category

 

Office 365 email protection gets blindsided

Maybe you could call it two-factor fakery. Because the latest zero-day to plague Microsoft’s Office 365—a cloud-based service that includes Office 2016—was created by somebody who figured out that the way to get malicious emails past its security systems is to split a malicious link in two. Researchers at the security firm Avanan, who said […]

Continue Reading...

Posted in Data Breach | Comments Off on Office 365 email protection gets blindsided

 

Employees post passwords online, Hacking tool grants access to DVRs, and Blockchain

Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity in this week’s Weekly Security Mashup episode. When employees post passwords online via Brian Krebs, security blogger – Krebsonsecurity.com – Hosts of companies using the online collaboration tool Trello.com share passwords for sensitive internal resources. New hacking tool lets […]

Continue Reading...

Posted in Data Breach, General | Comments Off on Employees post passwords online, Hacking tool grants access to DVRs, and Blockchain

 

Verizon DBIR puts security burden on users

The 2018 Verizon Data Breach Investigations Report (DBIR)—the 11th annual exhaustive collection of good advice and (mostly) bad news—which dropped a couple of weeks ago, doesn’t contain any major surprises about the state of online security. The number of confirmed breaches—at least the ones reported by 67 contributors globally—was 2,216, among 53,308 “real-world incidents.” In […]

Continue Reading...

Posted in Data Breach, Maturity Model (BSIMM), Software Architecture and Design | Comments Off on Verizon DBIR puts security burden on users

 

RSA news, Israel shifts to open source, latest on TaskRabbit breach

RSA happened last week, and a ton of news—some gloomy, some encouraging—has come from the world’s largest cyber security conference. The Israeli government follows Great Britain, the U.S., and France and moves to open source. TaskRabbit pledges “more security” after a data breach, and nine things you can expect to have an impact on cyber […]

Continue Reading...

Posted in Agile, CI/CD & DevOps, Data Breach, General, Open Source Security | Comments Off on RSA news, Israel shifts to open source, latest on TaskRabbit breach

 

Data breaches, SirenJack, and serverless apps vulns

It’s nearly an all-Tim Mackey issue of Software Integrity Insight as our technical evangelist weighs in on data breaches, container adoption, GitHub, and open source serverless applications. Other stories in this week’s software integrity news include the SirenJack vulnerability, a security vulnerability potentially putting warning sirens across the city of San Francisco at risk, and […]

Continue Reading...

Posted in Container Security, Data Breach, Internet of Things, Open Source Security, Webinars | Comments Off on Data breaches, SirenJack, and serverless apps vulns

 

Data breaches and more data breaches—oh my!

It’s been quite an interesting few weeks in the land of data breach disclosures. We started with Under Armour disclosing a breach in their MyFitnessPal application that impacted 150 million users. A few days later, Lord & Taylor and Saks Fifth Avenue disclosed a breach impacting millions of their in-store shoppers. Later the same day, […]

Continue Reading...

Posted in Data Breach, Security Standards and Compliance | Comments Off on Data breaches and more data breaches—oh my!

 

What’s in your containers?, Spring Break vulnerability, cyber security in healthcare

Open Source Insight makes the transition to the Synopsys Software Integrity (SIG) blog this week, and you can find us here, as well as the latest posts from SIG technology evangelist Tim Mackey. This week’s edition looks at security for container images, cyber security in healthcare, how most data breaches occur, and a host of […]

Continue Reading...

Posted in Container Security, Data Breach, Healthcare Security, Open Source Security | Comments Off on What’s in your containers?, Spring Break vulnerability, cyber security in healthcare

 

Data misuse is a first-class security concern

Facebook has extended their long-running bug bounty program to include data misuse by third-party application providers. I applaud Facebook for making this stand. Despite the news being about one social media platform, one third-party application collecting data for a purported psychological survey, and the firms and people that surround the incident, it is important to […]

Continue Reading...

Posted in Data Breach | Comments Off on Data misuse is a first-class security concern

 

What you should know about the recent Atlanta ransomware attack

The city of Atlanta has become one of the latest victims of a ransomware attack. The attack is believed to be the result of the SamSam malware that has compromised various healthcare, government, and educational systems over the past several years. Is SamSam malware responsible? This malware initially targeted a remote code execution vulnerability in […]

Continue Reading...

Posted in Data Breach | Comments Off on What you should know about the recent Atlanta ransomware attack

 

Who owns Linux? TRITON attack, app security testing, future of GDPR

We look at the three reasons you must attend the FLIGHT Amsterdam conference; how to build outstanding projects in the open source community; and why isn’t every app being security tested? Plus, going in-depth into the TRITON attack, why 2018 is the year of open source, how open source is driving both IoT and AI, […]

Continue Reading...

Posted in Agile, CI/CD & DevOps, Automotive Security, Data Breach, Open Source Security, Security Standards and Compliance, Webinars | Comments Off on Who owns Linux? TRITON attack, app security testing, future of GDPR