Software Integrity Blog

Archive for the 'Data Breach' Category

 

RSA news, Israel shifts to open source, latest on TaskRabbit breach

RSA happened last week, and a ton of news—some gloomy, some encouraging—has come from the world’s largest cyber security conference. The Israeli government follows Great Britain, the U.S., and France and moves to open source. TaskRabbit pledges “more security” after a data breach, and nine things you can expect to have an impact on cyber […]

Continue Reading...

Posted in Agile, CI/CD & DevOps, Data Breach, Events, Open Source Security

 

Data breaches, SirenJack, and serverless apps vulns

It’s nearly an all-Tim Mackey issue of Software Integrity Insight as our technical evangelist weighs in on data breaches, container adoption, GitHub, and open source serverless applications. Other stories in this week’s software integrity news include the SirenJack vulnerability, a security vulnerability potentially putting warning sirens across the city of San Francisco at risk, and […]

Continue Reading...

Posted in Container Security, Data Breach, Internet of Things, Open Source Security

 

Data breaches and more data breaches—oh my!

It’s been quite an interesting few weeks in the land of data breach disclosures. We started with Under Armour disclosing a breach in their MyFitnessPal application that impacted 150 million users. A few days later, Lord & Taylor and Saks Fifth Avenue disclosed a breach impacting millions of their in-store shoppers. Later the same day, […]

Continue Reading...

Posted in Data Breach, Security Standards and Compliance

 

What’s in your containers?, Spring Break vulnerability, cyber security in healthcare

Open Source Insight makes the transition to the Synopsys Software Integrity (SIG) blog this week, and you can find us here, as well as the latest posts from SIG technology evangelist Tim Mackey. This week’s edition looks at security for container images, cyber security in healthcare, how most data breaches occur, and a host of […]

Continue Reading...

Posted in Container Security, Data Breach, Healthcare Security, Open Source Security

 

Data misuse is a first-class security concern

Facebook has extended their long-running bug bounty program to include data misuse by third-party application providers. I applaud Facebook for making this stand. Despite the news being about one social media platform, one third-party application collecting data for a purported psychological survey, and the firms and people that surround the incident, it is important to […]

Continue Reading...

Posted in Data Breach

 

What you should know about the recent Atlanta ransomware attack

The city of Atlanta has become one of the latest victims of a ransomware attack. The attack is believed to be the result of the SamSam malware that has compromised various healthcare, government, and educational systems over the past several years. Is SamSam malware responsible? This malware initially targeted a remote code execution vulnerability in […]

Continue Reading...

Posted in Data Breach

 

Who owns Linux? TRITON attack, app security testing, future of GDPR

We look at the three reasons you must attend the FLIGHT Amsterdam conference; how to build outstanding projects in the open source community; and why isn’t every app being security tested? Plus, going in-depth into the TRITON attack, why 2018 is the year of open source, how open source is driving both IoT and AI, […]

Continue Reading...

Posted in Agile, CI/CD & DevOps, Automotive Security, Data Breach, Open Source Security, Security Standards and Compliance

 

TRITON attack: A failure this time, but still ominous

Yet another cyber attack on a critical infrastructure installation ought to send yet another warning to operators of industrial control systems (ICS) that it is long past time to, as they say, harden their defenses. The attack, reportedly on a facility somewhere in the Middle East, was reported in early December by the Mandiant division […]

Continue Reading...

Posted in Critical Infrastructure Security, Data Breach

 

SSO flaw fixed for some, but risk remains

A recently discovered flaw that undermines the security of numerous single sign-on (SSO) services has been patched by four major providers. But the risk remains for those who don’t install available patches and those for whom no patch is available yet. It’s true that SSO’s major selling point is convenience, not security It makes it […]

Continue Reading...

Posted in Data Breach

 

The GitHub Memcached DDoS: It shouldn’t have happened

The record-breaking, 1.35 TB DDoS attack this past week against code repository GitHub, using Memcached servers—a few have sardonically labeled it Memcrashed—shouldn’t have happened. Not in the sense that people shouldn’t do bad things to other people, like attack their websites, even though yes, of course they shouldn’t. It shouldn’t have happened because it shouldn’t […]

Continue Reading...

Posted in Data Breach