Originally posted on SecurityWeek. We have collectively heard the saying, “where there is smoke, there is fire” throughout our lives. And, sure enough, it is true far more often than it is false. I have been seeing a lot of smoke lately, so I suspect that there is an interesting fire burning. First, the smoke […]
Posted in Internet of Things | Comments Off on IoT security: Where there is smoke, there is fire
New legislation proposed this month in U.S. Congress seeks to mitigate the risk of botnets commandeering Internet of Things (IoT) devices used in the U.S. government. The Internet of Things Cybersecurity Improvement Act of 2017 is a proposal from Sens. Mark R. Warner (D-Va.) and Cory Gardner (R-Colo.), co-chairs of the Senate Cybersecurity Caucus, along […]
Posted in Government Security, Internet of Things | Comments Off on How will new IoT legislation strengthen the future of cyber security?
Another week of InfoSec in the desert is history. Black Hat USA started as the Black Hat Briefings in 1997, and has remained mostly corporate. It grew out of the hacker-friendly environment of DEF CON which started as a going away party for a friend of the founder, Jeff Moss, in 1993. Together, the two […]
Posted in Fuzz Testing, Internet of Things, Security Conference or Event | Comments Off on Black Hat USA and DEF CON 2017: And that’s a wrap!
You’ve probably come across article headlines about parents facing the headache-inducing consequences of their children placing orders online. We’ve reached the day when it has become so easy to shop online that toddlers can (and do) place successful internet orders. In fact, earlier this year, a San Diego news station reported a story about a […]
Posted in Application Security, Internet of Things | Comments Off on How do Internet of Things devices impact retail security?
A vulnerability in a single software component, found in an internet-connected security camera, may leave thousands of different security camera models (and other IoT devices) at risk. On Tuesday, IoT researchers at Senrio disclosed a hackable flaw they’re calling “Devil’s Ivy.” Officially known as CVE-2017-9765, the vulnerability is a stack buffer overflow that, if successfully […]
Posted in Application Security, Data Breach, Internet of Things | Comments Off on Devil’s Ivy security vulnerability leaves IoT devices at risk
Fault Injection is a podcast from Synopsys that digs into software quality and security issues. This week, hosts Robert Vamosi, CISSP and Security Strategist at Synopsys, and Chris Clark, Principal Security Engineer at Synopsys, go into detail about automotive software security and the future of connected cars. You can always join the discussion by sending […]
Posted in Automotive Security, Embedded Software Testing, Internet of Things, Security Standards and Compliance | Comments Off on Fault Injection Podcast .004: Driving automotive software security
Join the Synopsys team as we host the world’s most exclusive cybersecurity event at the House of Blues inside of Mandalay Bay in Las Vegas on Tuesday, July 25. In addition to an evening of networking and entertainment, our thought leadership program will include presentations on DevOps security, IoT, and building security into your SDLC. […]
Posted in DevOps, Internet of Things, Security Conference or Event, Software Development Life Cycle (SDLC) | Comments Off on The countdown to codenomi-con USA 2017 is on!
Last month a researcher announced that a commercial dishwashing machine contained a dangerous vulnerability allowing a remote attacker to gain access to privileged assets on a connected network. Jens Regel of the German company Schneider-Wulf made the vulnerability public on Full Disclosure after contacting the vendor and waiting the customary 90 days. The vendor, Miele, has […]
Posted in Internet of Things, Network Security, Software Development Life Cycle (SDLC), Software Security Testing | Comments Off on What happens when dishwashers attack the network?
Originally posted on SecurityWeek. The prediction business is a tricky thing. You can be right, but until you are proven right, you’re either early or wrong. Being early feels just like being wrong–up until the moment you are right. When toymaker VTech announced in November 2015 that nearly five million customer records had been leaked […]
Posted in Application Security, Internet of Things | Comments Off on The connected toy conundrum is beginning to boil
Each year the Embedded World Exhibition and Conference in Nuremberg offers the embedded community an opportunity to gather information about new products and innovations, and to develop valuable contacts with others in the industry. An estimated 930 exhibitors will be presenting state-of-the-art embedded technologies at this year’s event. Embedded World Conference 2017 Join us in […]
Posted in Embedded Software Testing, Internet of Things, Security Conference or Event | Comments Off on Embedded World and CodenomiCON Europe 2017 will kick your IoT security into high gear