Software Integrity

Archive for the 'Government Security' Category

 

US vows to go on cyber offense

The original version of this article was published in Forbes. We’re all familiar with saber rattling. But this is the digital age. Welcome to the world of cyber rattling. This version of it comes in two policy papers from the U.S. government: the White House Cyber Policy and the Department of Defense (DoD) Cyber Strategy. One of […]

Continue Reading...

Posted in Critical Infrastructure Security, Government Security

 

Porous portals, Newegg is a broken egg, and Mirai’s creators have new hats

Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity in this week’s Security Mashup. What’s in this week’s Security Mashup, you ask? Porous payment portals lead to government data breaches, Magecart pwns Newegg, and the Mirai creators trade in their black hats for white ones. Watch this week’s […]

Continue Reading...

Posted in Data Breach, Government Security, Weekly Security Mashup

 

CamuBot malware, SonarSnoop hacking, and government backdoors

Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity in this week’s Security Mashup. What’s in this week’s Security Mashup, you ask? CamuBot malware is the new kid on the block, the sounds of hacking (SonarSnoop), and back to the government’s wish for chat backdoors. Watch this […]

Continue Reading...

Posted in Government Security, Weekly Security Mashup

 

SamSam ransomware keeps striking—victims still unprepared

“You can pay (a little) now or you can pay (a lot) later” is a very old line—a pitch for oil filters almost 40 years ago. Unfortunately, it remains relevant in cyber security, especially when it comes to ransomware. And especially when that ransomware is the potent, pernicious SamSam. The “trade-off” is stark: You can […]

Continue Reading...

Posted in Government Security

 

Another inside job, Gmail privacy, and UK cyber crime court

Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity in this week’s Security Mashup. What’s in this week’s Security Mashup, you ask? Another inside job, or perhaps it should be described as an “insider job.” A former NSO employee has been accused of stealing spyware. Who is […]

Continue Reading...

Posted in Government Security, Privacy, Weekly Security Mashup

 

Ex-CIA employee insider threat, FlightTrader24 hack, and RedHat licenses

Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity in this week’s Security Mashup episode. What’s in this week’s Security Mashup episode, you ask? Ex-CIA employee insider threat and how he was outed, insight into the FlightTrader24 hack, and what you need to know about the RedHat […]

Continue Reading...

Posted in Data Breach, Government Security, Open Source Security, Weekly Security Mashup

 

Microsoft acquires GitHub, Election Insecurity, and Ticketfly data breach

  Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and unsecurity in this week’s Security Mashup episode. What’s in this week’s Security Mashup episode, you ask? GitHub acquired by Microsoft, election insecurity persists, and the Ticketfly data breach.  Play this week’s episode below:   Microsoft has snapped up […]

Continue Reading...

Posted in Data Breach, Government Security, Open Source Security, Weekly Security Mashup

 

DEF CON 25 exposes voting system vulnerabilities

It took security researchers only minutes to gain access to more than a dozen voting machines at last month’s DEF CON security conference. The nearly two dozen machines, all purchased from eBay and government auctions, are considered representative of the wide variety of electronic voting systems in use today. One even contained actual voting data from […]

Continue Reading...

Posted in Data Breach, Government Security

 

Smart devices, smart grids, and cyber security

A recent “Innovation Spotlight” in the IEEE XPLORE Digital Library announced “a first-of-its-kind charger that allows plug-in electric vehicles (PEVs) to deliver excess capacity to the power grid and recharge during off-peak hours.” Promising new technologies often evoke questions about security. Suppose a bad actor exploits the connection somehow and brings down portions of the […]

Continue Reading...

Posted in Critical Infrastructure Security, Government Security, Maturity Model (BSIMM), Security Standards and Compliance

 

How will new IoT legislation strengthen the future of cyber security?

New legislation proposed this month in U.S. Congress seeks to mitigate the risk of botnets commandeering Internet of Things (IoT) devices used in the U.S. government. The Internet of Things Cybersecurity Improvement Act of 2017 is a proposal from Sens. Mark R. Warner (D-Va.) and Cory Gardner (R-Colo.), co-chairs of the Senate Cybersecurity Caucus, along […]

Continue Reading...

Posted in Government Security, Internet of Things