Software Integrity

Archive for the 'Internet of Things' Category

 

Data breaches, SirenJack, and serverless apps vulns

It’s nearly an all-Tim Mackey issue of Software Integrity Insight as our technical evangelist weighs in on data breaches, container adoption, GitHub, and open source serverless applications. Other stories in this week’s software integrity news include the SirenJack vulnerability, a security vulnerability potentially putting warning sirens across the city of San Francisco at risk, and […]

Continue Reading...

Posted in Application Security, Containers, Data Breach, Internet of Things, Open Source Security | No Comments »

 

U.K. threatens to force IoT security by design

Securing the Internet of Things (IoT) seems like an endless reality version of “Mission Impossible”—really impossible. Many have tried—with lists of best practices and standards, exhortations, and warnings—but none has succeeded. Still, the U.K. government, in a policy paper titled Secure by Design released earlier this month, says it is also going to try, with a 13-point […]

Continue Reading...

Posted in Internet of Things, Security Standards and Compliance | Comments Off on U.K. threatens to force IoT security by design

 

Still just recommendations, not regulation, for IoT security

Trying to secure the Internet of Things (IoT) makes herding cats look like a breeze. The IoT is rapidly becoming the Internet of Everything—billions of devices with an almost endless variety of designs and purposes, embedded in vehicles, homes, factories, critical infrastructure, health, fitness, finance, and more. And for the large majority of those devices, […]

Continue Reading...

Posted in Internet of Things, Security Standards and Compliance | Comments Off on Still just recommendations, not regulation, for IoT security

 

In an IoT-filled world, it’s time to be alert in the wake of ‘Hide ‘N Seek”

A relatively new Internet of Things (IoT) botnet took its time going viral – it even disappeared for 10 days – but once it got back in gear, it spread worldwide in a matter of days. Hence the name – HNS or “Hide and Seek” – that researchers at Bitdefender Labs gave it after they first spotted […]

Continue Reading...

Posted in Data Breach, Internet of Things, Vulnerability Assessment | Comments Off on In an IoT-filled world, it’s time to be alert in the wake of ‘Hide ‘N Seek”

 

Privacy still an uphill climb on Data Privacy Day

It’s been called Data Privacy Day since it was launched in 2008 to commemorate the signing of Convention 108—the first legally binding international treaty dealing with privacy and data protection—on Jan. 28, 1981. But you could make a pretty solid case that a decade later, this year’s observance, on Sunday, ought to be called Lack […]

Continue Reading...

Posted in Internet of Things | Comments Off on Privacy still an uphill climb on Data Privacy Day

 

IoT security: Where there is smoke, there is fire

Originally posted on SecurityWeek.  We have collectively heard the saying, “where there is smoke, there is fire” throughout our lives. And, sure enough, it is true far more often than it is false. I have been seeing a lot of smoke lately, so I suspect that there is an interesting fire burning. First, the smoke […]

Continue Reading...

Posted in Internet of Things | Comments Off on IoT security: Where there is smoke, there is fire

 

How will new IoT legislation strengthen the future of cyber security?

New legislation proposed this month in U.S. Congress seeks to mitigate the risk of botnets commandeering Internet of Things (IoT) devices used in the U.S. government. The Internet of Things Cybersecurity Improvement Act of 2017 is a proposal from Sens. Mark R. Warner (D-Va.) and Cory Gardner (R-Colo.), co-chairs of the Senate Cybersecurity Caucus, along […]

Continue Reading...

Posted in Government Security, Internet of Things | Comments Off on How will new IoT legislation strengthen the future of cyber security?

 

Black Hat USA and DEF CON 2017: And that’s a wrap!

Another week of InfoSec in the desert is history. Black Hat USA started as the Black Hat Briefings in 1997, and has remained mostly corporate. It grew out of the hacker-friendly environment of DEF CON which started as a going away party for a friend of the founder, Jeff Moss, in 1993. Together, the two […]

Continue Reading...

Posted in Fuzz Testing, Internet of Things, Security Conference or Event | Comments Off on Black Hat USA and DEF CON 2017: And that’s a wrap!

 

How do Internet of Things devices impact retail security?

You’ve probably come across article headlines about parents facing the headache-inducing consequences of their children placing orders online. We’ve reached the day when it has become so easy to shop online that toddlers can (and do) place successful internet orders. In fact, earlier this year, a San Diego news station reported a story about a […]

Continue Reading...

Posted in Application Security, Internet of Things | Comments Off on How do Internet of Things devices impact retail security?

 

Devil’s Ivy security vulnerability leaves IoT devices at risk

A vulnerability in a single software component, found in an internet-connected security camera, may leave thousands of different security camera models (and other IoT devices) at risk. On Tuesday, IoT researchers at Senrio disclosed a hackable flaw they’re calling “Devil’s Ivy.” Officially known as CVE-2017-9765, the vulnerability is a stack buffer overflow that, if successfully […]

Continue Reading...

Posted in Application Security, Data Breach, Internet of Things | Comments Off on Devil’s Ivy security vulnerability leaves IoT devices at risk