Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity in this week’s Security Mashup.
What’s in this week’s Security Mashup, you ask?
Third-party security party poopers, more Russian meddling in the grid, and patch Apache. Watch this episode below:
via Graham Cluley, Graham Cluley Blog: Researchers from UpGuard found sensitive data from more than 100 manufacturing companies exposed online, for anyone to access and even modify. The culprit was Level One Robotics, a supplier who apparently failed to secure a sync/backup server containing 157 GB of both confidential and personal data. This proves (yet again) that the security of your enterprise is only as strong as the weakest link in your supply chain. Learn why this third-party vulnerability is trending when you watch this segment.
via Rebecca Smith, Wall Street Journal: You may have heard the term “cyber Pearl Harbor” from time to time. And while numerous experts say the threat is exaggerated—that the U.S. grid is too resilient and diversified to be taken down in a major way, even by a nation-state—that doesn’t mean the Russians aren’t interested trying. They’ve successfully disrupted the power supply in Ukraine. So just how close are they to doing it in the United States? Uncover why this segment is trending when you watch it.
via Warwick Ashford, Computer Weekly: Patching is a security fundamental. Why do development organizations issue patches? To fix known vulnerabilities. The Apache open source community has released two patches relating to the Apache OpenWhisk platform. So what did they find? Patch now and then watch this segment.