Software Integrity Blog

Archive for the 'Data Breach Security' Category

 

Data misuse is a first-class security concern

Facebook has extended their long-running bug bounty program to include data misuse by third-party application providers.

Continue Reading...

Posted in Data Breach Security | Comments Off on Data misuse is a first-class security concern

 

What you should know about the recent Atlanta ransomware attack

The Atlanta ransomware attack is believed to be the result of the SamSam malware that has compromised healthcare, government, and educational systems.

Continue Reading...

Posted in Data Breach Security | Comments Off on What you should know about the recent Atlanta ransomware attack

 

TRITON attack: A failure this time, but still ominous

Yet another cyber attack on a critical infrastructure installation ought to send yet another warning to operators of industrial control systems (ICS) that it is long past time to, as they say, harden their defenses.

Continue Reading...

Posted in Data Breach Security | Comments Off on TRITON attack: A failure this time, but still ominous

 

SSO flaw fixed for some, but risk remains

A recently discovered flaw that undermines the security of numerous single sign-on (SSO) services has been patched by four major providers. But the risk remains for those who don’t install available patches and those for whom no patch is available yet. It’s true that SSO’s major selling point is convenience, not security It makes it easier, and much quicker, to sign into multiple applications, platforms, servers, and so on.

Continue Reading...

Posted in Data Breach Security | Comments Off on SSO flaw fixed for some, but risk remains

 

The GitHub Memcached DDoS: It shouldn’t have happened

The record-breaking, 1.35 TB DDoS attack this past week against code repository GitHub, using Memcached servers—a few have sardonically labeled it Memcrashed—shouldn’t have happened.

Continue Reading...

Posted in Data Breach Security | Comments Off on The GitHub Memcached DDoS: It shouldn’t have happened

 

Small crypto mining attack points to big browser problem

As malware attacks go, this one was relatively benign. But that doesn’t mean it shouldn’t be taken seriously.

Continue Reading...

Posted in Data Breach Security | Comments Off on Small crypto mining attack points to big browser problem

 

In an IoT-filled world, be alert in the wake of ‘Hide and Seek’

The Hide and Seek botnet goes after some of the billions of devices that compose the IoT attack surface. Learn how to defend IoT devices against botnets.

Continue Reading...

Posted in Data Breach Security, IoT Security | Comments Off on In an IoT-filled world, be alert in the wake of ‘Hide and Seek’

 

The best way to secure applications in 2018? Learn from 2017

2017—a turbulent year in application security From breaches making headlines to exciting new technologies, 2017 was abuzz with conversation around securing applications and the implications of access to personal data. We saw what can happen when sensitive data is not properly secured, providing a sharp reminder of why application security is so important. Looking ahead, we need to reflect on emerging threats, technologies, and practices in application security in 2017, so organizations can prepare for building secure applications in 2018.

Continue Reading...

Posted in Data Breach Security | Comments Off on The best way to secure applications in 2018? Learn from 2017

 

How can SMBs maximize AppSec returns on an SMB budget?

Small and medium-size businesses (SMBs) are nonsubsidiary, independent firms that employ fewer than a given number of employees. This number varies from country to country: Gartner defines an SMB as having fewer than 1,000 employees, but the European Union defines an SMB as having fewer than 250 employees. Managing an SMB budget Many factors affect the management of any budget. For an SMB, these factors include (but aren’t limited to) these:

Continue Reading...

Posted in Cloud Security, Data Breach Security, Static Analysis (SAST) | Comments Off on How can SMBs maximize AppSec returns on an SMB budget?

 

Open source vulnerabilities: Are you prepared to run the race?

As the use of open source continues to rise, many organizations are unprepared to defend their systems from attacks against open source vulnerabilities.

Continue Reading...

Posted in Data Breach Security, Open Source Security, Software Composition Analysis (SCA) | Comments Off on Open source vulnerabilities: Are you prepared to run the race?