Software Integrity Blog


Third-party security, Russian grid meddling, and patch Apache!

Weekly Security Mashup - July 31, 2018
Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity in this week’s Security Mashup.

What’s in this week’s Security Mashup, you ask?

Third-party security party poopers, more Russian meddling in the grid, and patch Apache. Watch this episode below:


Robotics supplier’s sloppy security leaks 10 years’ worth of data from major car manufacturers

via Graham Cluley, Graham Cluley Blog: Researchers from UpGuard found sensitive data from more than 100 manufacturing companies exposed online, for anyone to access and even modify. The culprit was Level One Robotics, a supplier who apparently failed to secure a sync/backup server containing 157 GB of both confidential and personal data. This proves (yet again) that the security of your enterprise is only as strong as the weakest link in your supply chain. Learn why this third-party vulnerability is trending when you watch this segment.

Russian hackers reach U.S. utility control rooms, Homeland Security officials say

via Rebecca Smith, Wall Street Journal: You may have heard the term “cyber Pearl Harbor” from time to time. And while numerous experts say the threat is exaggerated—that the U.S. grid is too resilient and diversified to be taken down in a major way, even by a nation-state—that doesn’t mean the Russians aren’t interested trying. They’ve successfully disrupted the power supply in Ukraine. So just how close are they to doing it in the United States? Uncover why this segment is trending when you watch it.

Apache OpenWhisk users urged to patch

via Warwick Ashford, Computer Weekly: Patching is a security fundamental. Why do development organizations issue patches? To fix known vulnerabilities. The Apache open source community has released two patches relating to the Apache OpenWhisk platform. So what did they find? Patch now and then watch this segment.

Stay up-to-date on the latest security news—subscribe to the blog today.


More by this author