A vulnerability in a single software component, found in an internet-connected security camera, may leave thousands of different security camera models (and other IoT devices) at risk. On Tuesday, IoT researchers at Senrio disclosed a hackable flaw they’re calling “Devil’s Ivy.” Officially known as CVE-2017-9765, the vulnerability is a stack buffer overflow that, if successfully […]
Continue Reading...
Posted in Application Security, Data Breach, Featured, Internet of Things | No Comments »
Fault Injection is a podcast from Synopsys that digs into software quality and security issues. This week, hosts Robert Vamosi, CISSP and Security Strategist at Synopsys, and Chris Clark, Principal Security Engineer at Synopsys, go into detail about automotive software security and the future of connected cars. You can always join the discussion by sending […]
Continue Reading...
Posted in Automotive Security, Embedded Software Testing, Internet of Things, Security Standards and Compliance | Comments Off on Fault Injection Podcast .004: Driving automotive software security
Join the Synopsys team as we host the world’s most exclusive cybersecurity event at the House of Blues inside of Mandalay Bay in Las Vegas on Tuesday, July 25. In addition to an evening of networking and entertainment, our thought leadership program will include presentations on DevOps security, IoT, and building security into your SDLC. […]
Continue Reading...
Posted in DevOps, Featured, Internet of Things, Security Conference or Event, Software Development Life Cycle (SDLC) | Comments Off on The countdown to codenomi-con USA 2017 is on!
Last month a researcher announced that a commercial dishwashing machine contained a dangerous vulnerability allowing a remote attacker to gain access to privileged assets on a connected network. Jens Regel of the German company Schneider-Wulf made the vulnerability public on Full Disclosure after contacting the vendor and waiting the customary 90 days. The vendor, Miele, has […]
Continue Reading...
Posted in Internet of Things, Network Security, Software Development Life Cycle (SDLC), Software Security Testing | Comments Off on What happens when dishwashers attack the network?
Originally posted on SecurityWeek. The prediction business is a tricky thing. You can be right, but until you are proven right, you’re either early or wrong. Being early feels just like being wrong–up until the moment you are right. When toymaker VTech announced in November 2015 that nearly five million customer records had been leaked […]
Continue Reading...
Posted in Application Security, Internet of Things | Comments Off on The connected toy conundrum is beginning to boil
Each year the Embedded World Exhibition and Conference in Nuremberg offers the embedded community an opportunity to gather information about new products and innovations, and to develop valuable contacts with others in the industry. An estimated 930 exhibitors will be presenting state-of-the-art embedded technologies at this year’s event. Embedded World Conference 2017 Join us in […]
Continue Reading...
Posted in Embedded Software Testing, Internet of Things, Security Conference or Event | Comments Off on Embedded World and CodenomiCON Europe 2017 will kick your IoT security into high gear
On February 4, 2017, a Saturday night, a high-school student in the U.K. realized he wasn’t going to university to study computer science so he wrote a short program in C, and within a few hours had 150,000 internet-connected printers across the world spitting out ASCII art and messages. All this was harmless although the […]
Continue Reading...
Posted in Internet of Things, Software Composition Analysis, Software Security Testing, Threat Modeling | Comments Off on Internet of Things (IoT): Rethinking the threat model
Gamers, warring over turf, may have launched the Mirai botnet, according to research by KrebsonSecurity. On Wednesday, Brian Krebs published a long and detailed article explain his month’s long investigation into the author of the Mirai botnet which was used to darken the internet for much of North America for several hours in October. The […]
Continue Reading...
Posted in Internet of Things, Vulnerability Assessment | Comments Off on Minecraft and the Mirai IoT botnet connection
The inflight services that allow passengers to enjoy movies and music on their flights might also allow clever individuals to change cabin lighting. In an article in the Telegraph Ruben Santamarta, principle security consultant at IOActive, said he could access the in-flight system from Panasonic Avionics. He claimed he could hack its on-board displays. He […]
Continue Reading...
Posted in Internet of Things | Comments Off on Researcher finds some airline infotainment systems vulnerable
Over the holidays, a software engineer disclosed to Twitter that a family member had contracted ransomware on their smart TV. Software engineer Darren Cauthon said his wife had downloaded an app and was in the process of watching a movie when the TV froze. He rebooted the TV except when the image came up, it […]
Continue Reading...
Posted in Application Security, Internet of Things | Comments Off on Yes, Virginia, smart televisions can get ransomware