Software Integrity

Archive for the 'Network Security' Category

 

Synopsys launches the Fault Injection Podcast

Fault Injection is a podcast from Synopsys that digs into software quality and security issues. Hosts Chris Clark, Principal Security Engineer at Synopsys, and Robert Vamosi, CISSP and Security Strategist at Synopsys, provide a forum for industry experts to talk about software security topics and their intersection with specific verticals such as medical, automotive, and […]

Continue Reading...

Posted in Application Security, Ethical Hacking, Network Security, Software Security Testing, Web Application Security | Comments Off on Synopsys launches the Fault Injection Podcast

 

What happens when dishwashers attack the network?

Last month a researcher announced that a commercial dishwashing machine contained a dangerous vulnerability allowing a remote attacker to gain access to privileged assets on a connected network. Jens Regel of the German company Schneider-Wulf made the vulnerability public on Full Disclosure after contacting the vendor and waiting the customary 90 days. The vendor, Miele, has […]

Continue Reading...

Posted in Internet of Things, Network Security, Software Development Life Cycle (SDLC), Software Security Testing | Comments Off on What happens when dishwashers attack the network?

 

Zeroing in on zero day vulnerabilities

Earlier this month WikiLeaks announced it had in its possession a cache of zero days allegedly from the Central Intelligence Agency. These unpatched vulnerabilities, it said, could affect Apple and Android devices (including TVs). It is suspected that exploitation of these vulnerabilities could allow the spy agency – or anyone else who knows about them […]

Continue Reading...

Posted in Code Review, Embedded Software Testing, Fuzz Testing, Network Security, Software Security Testing, Static Analysis (SAST) | Comments Off on Zeroing in on zero day vulnerabilities

 

Howard Schmidt, the United States’ first Cybersecurity Czar, has died

Howard A. Schmidt, a friend to many in the security community, has died. A statement on his Facebook page says that he died today “in the presence of his wife and four sons … following a long battle with cancer.” Schmidt served as the White House Cybersecurity Advisor to Presidents Barack Obama and George W. […]

Continue Reading...

Posted in Fuzz Testing, Government Security, Medical Device Security, Network Security, Software Security Testing | Comments Off on Howard Schmidt, the United States’ first Cybersecurity Czar, has died

 

Mark your calendar: RSA USA 2017 is almost here

RSA Conference 2017 is taking place at the Moscone Center in San Francisco from February 13-17, 2017. While you’re there, be sure to stop by South Hall booth #1933 where we’ll be hosting prize giveaways, offering product demos, and setting up time to discuss our offerings in more detail. Also stop by to visit us at […]

Continue Reading...

Posted in Application Security, Mobile Application Security, Network Security, Security Conference or Event, Web Application Security | Comments Off on Mark your calendar: RSA USA 2017 is almost here

 

‘PoisonTap’ steals network passwords

A new exploit tool requires only 30 seconds to install a privacy-invading backdoor on a previously locked computer. Dubbed “PoisonTap” the exploit can be run from a Raspberry Pi Zero device plugged into any USB port. From there it intercepts all unencrypted Web traffic. In particular PoisonTap captures any authentication cookies being used to log […]

Continue Reading...

Posted in Network Security | Comments Off on ‘PoisonTap’ steals network passwords

 

DDoS attack, BlackNurse, uses ICMP

Criminal hackers with limited resource can defeat firewalls with a new attack. Dubbed BlackNurse by the Denmark-based TDC Security Operations researchers who first found it, the attack allows volumes of as little as 15 megabits, or about 40,000 packets per second, to bombard sites with volumes approaching or exceeding 1 terabit per second. It uses […]

Continue Reading...

Posted in Data Breach, Network Security | Comments Off on DDoS attack, BlackNurse, uses ICMP

 

Stealing authentication tokens from locked machines with a mobile phone

Stealing credentials from locked machines shouldn’t work. And yet, it does. The main reason for this is that the operating system automatically loads device drivers if it has access to them. This is true even when a machine is locked. In the case of locked machines, USB Ethernet adapter drivers ship with every major operating […]

Continue Reading...

Posted in Mobile Application Security, Network Security, Software Security Testing | Comments Off on Stealing authentication tokens from locked machines with a mobile phone

 

Securing IoT devices in the wake of last week’s Mirai malware attack

Last Friday, two major Distributed Denial of Service (DDoS) attacks on Dyn’s Managed DNS infrastructure brought down the websites of over 80 Internet giants including Amazon, PayPal, and Twitter. The sophisticated attack involved tens of millions of IP addresses. Many of these addresses were associated with the open source Mirai botnet. The attack leveraged Internet of […]

Continue Reading...

Posted in Application Security, Internet of Things, Network Security | Comments Off on Securing IoT devices in the wake of last week’s Mirai malware attack

 

Yahoo admits 500 million records breached

Yahoo says a “a state-sponsored actor” is responsible for a 2014 data breach, although it declined to say more. Previously Yahoo had said it was investigating with law enforcement a breach of 200 million user accounts. Apparently the investigation has found a deeper intrusion into its network. “The account information may have included names, email […]

Continue Reading...

Posted in Data Breach, Network Security | Comments Off on Yahoo admits 500 million records breached