Software Integrity

Archive for the 'Vulnerability Assessment' Category

 

In an IoT-filled world, it’s time to be alert in the wake of ‘Hide ‘N Seek”

A relatively new Internet of Things (IoT) botnet took its time going viral – it even disappeared for 10 days – but once it got back in gear, it spread worldwide in a matter of days. Hence the name – HNS or “Hide and Seek” – that researchers at Bitdefender Labs gave it after they first spotted […]

Continue Reading...

Posted in Data Breach, Internet of Things, Vulnerability Assessment | No Comments »

 

Blockchain security and the cryptocurrency boom, Part 2: Application

In Part 1 of our article on blockchain security and cryptocurrency, we took a hard look at the core components that make up a successful cryptocurrency like Bitcoin. From the distributed network itself to the individuals who wish to own and use a cryptocurrency wallet to transfer or spend Bitcoin, security is key (pun intended) […]

Continue Reading...

Posted in Cryptography, Software Security Testing, Vulnerability Assessment | Comments Off on Blockchain security and the cryptocurrency boom, Part 2: Application

 

New reports detail how most 2017 security breaches were easily preventable

For data breaches, 2017 was (no drum roll, please)…The. Worst. Year. Ever. No drum roll needed, because there wasn’t even a shred of suspense about it. Just as it will be no surprise to learn a year from now that 2018 was the new worst year ever for data breaches. A small flood of reports […]

Continue Reading...

Posted in Application Security, Data Breach, Vulnerability Assessment | Comments Off on New reports detail how most 2017 security breaches were easily preventable

 

Blockchain security and the cryptocurrency boom, Part 1: Theory

Thanks to Bitcoin, it’s fair to say that “blockchain” is a buzzword at the moment—like DevOps, or Zumba. This article isn’t going to dive into what a blockchain is, because many others out there already do that. Here’s a pretty good one that has a snappy description of the evolution of Bitcoin and its symbiotic […]

Continue Reading...

Posted in Cryptography, Software Security Testing, Vulnerability Assessment | Comments Off on Blockchain security and the cryptocurrency boom, Part 1: Theory

 

Navigating responsible vulnerability disclosure best practices

The definition of responsible vulnerability disclosure varies based on who you ask. Tech goliath Microsoft has openly disagreed with Google on this very topic, as outlined by The Verge. In the vulnerability management industry, discretion is key. Because we’re continuously handling vulnerabilities that can be used maliciously by black hats, there are widespread implications and […]

Continue Reading...

Posted in Application Security, Fuzz Testing, Security Risk Assessment, Software Security Testing, Vulnerability Assessment | Comments Off on Navigating responsible vulnerability disclosure best practices

 

Attacks on TLS vulnerabilities: Heartbleed and beyond

Over the past few years, we’ve seen a variety of TLS vulnerabilities steadily surface. In general, we brand each one as “just another TLS vulnerability,” but the intricacies of each are rather distinct, though not horribly convoluted. Let’s walk through a few together.  2014: Heartbleed and POODLE Heartbleed affects the OpenSSL library’s implementation of a […]

Continue Reading...

Posted in Application Security, Vulnerability Assessment | Comments Off on Attacks on TLS vulnerabilities: Heartbleed and beyond

 

Learning from KRACK and ROCA: Here’s how to equip your firm

Last week’s news introduced us to another pair of vulnerabilities hitting right at the foundation of everything we place our trust in. Named KRACK and ROCA, these flaws target specific facets of Wi-Fi networks and cryptographic keys, meaning that attackers can potentially sneak into networks we consider private, and decipher things we consider secret. Who’s affected? […]

Continue Reading...

Posted in Application Security, Data Breach, Security Training, Vulnerability Assessment | Comments Off on Learning from KRACK and ROCA: Here’s how to equip your firm

 

KRACK: Examining the WPA2 protocol flaw and what it means for your business

WPA2? The weekend of Friday the 13th took a frightening turn—even for those of us who aren’t superstitious—when detrimental weaknesses were discovered in Wi-Fi Protected Access II (WPA2), the protocol responsible for securing Wi-Fi networks. WPA2 was first made available back in 2004 and has been required on all Wi-Fi branded devices since March 2006. […]

Continue Reading...

Posted in Application Security, Data Breach, Software Quality, Vulnerability Assessment | Comments Off on KRACK: Examining the WPA2 protocol flaw and what it means for your business

 

Learn how to customize the OWASP Top 10 to fit your firm

A list of critical web application security vulnerabilities is a necessary risk management tool. Equally true is that each organization has a different set of vulnerabilities plaguing their applications. To complete a trifecta of fundamental truths, crowdsourced lists such as the OWASP Top 10 rarely reflect an individual organization’s priorities. Given all that, many organizations […]

Continue Reading...

Posted in OWASP, Security Risk Assessment, Threat Intelligence, Vulnerability Assessment | Comments Off on Learn how to customize the OWASP Top 10 to fit your firm

 

What you need to know about BlueBorne Bluetooth flaws

Initially created to support hands-free headsets, Bluetooth in 2017 is far from a simple wireless technology standard. It has evolved into a much different technology than today’s standard Wi-Fi wireless protocols. Researchers Ben Seri and Gregory Vishnepolsky of Armis Labs examine how complicated the Bluetooth implementation has become by navigating the complex protocol implementations in […]

Continue Reading...

Posted in Application Security, Data Breach, Vulnerability Assessment | Comments Off on What you need to know about BlueBorne Bluetooth flaws