Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity in this week’s Security Mashup.
It’s open season on enterprise open source, the Infinite Campus DDoS attack takes the company to its limits, and a Mojave zero-day vulnerability makes that macOS a bad apple. Watch this week’s episode here:
via Charlie Osborne, ZDNet: Open source is popular for a reason. Whenever you need a piece of code to do something, whatever that something is, there’s an open source component in the market that’ll do it. But the popularity of open source has become something of a problem: As enterprise open source use becomes more widespread, so do vulnerabilities. That’s because organizations do a miserable job of keeping track of the open source they use. And as you might expect, their failure to track leads to their failure to patch—thus perpetuating vulnerabilities that we’ve already fixed. Learn more about open source in the enterprise and the dangers of open source ignorance here.
via Kacy Zurkus, Infosecurity Magazine: You don’t hear about DDoS attacks too much these days. They just don’t generate the fear—and clicks—that data breaches do. But the Infinite Campus DDoS attack should serve as a harbinger of potential doom. When the educational software company experienced a DDoS attack that affected the availability of its Oklahoma City Public Schools parent portal, they assured parents that no student data was breached. But if an organization serving education systems in 45 states hasn’t bothered with DDoS protection, how can we trust that they’re following other basic security practices? Watch our take on the DDoS attack on Infinite Campus here.
via Tara Seals, Threatpost: It’s true that Apple is a for-profit organization—and thus not the self-sacrificing personal data privacy champion its most fervid proponents want it to be. But it’s also true that the company rarely makes a misstep when it comes to high-visibility data security issues (e.g., law enforcement, encryption, data downloads). Which means it’s little puzzling as to why the company has remained silent about a zero-day vulnerability recently unearthed in Mojave that could compromise users’ data privacy. See why the Mojave macOS zero-day is trending here.