Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity in this week’s Security Mashup.
Cook calls for digital privacy laws, user data exposed in the Wife Lovers hack, and just another Windows zero-day. Watch this week’s episode here:
via Rachel England, Engadget: Apple CEO Tim Cook didn’t say anything new, but he said it louder and clearer, and in a bigger forum, than anyone else. When Cook demanded we combat the weaponization of data made possible (if not directly perpetrated) by big data collectors, he wasn’t just preaching to the choir. He was telling Google and Facebook to their faces. The solution, Cook says, is digital privacy laws like GDPR. Watch this segment to learn more about the rights and values Tim Cook has called on governments worldwide to protect.
via Tara Seals, Threatpost: Identity theft resulting from data breaches is bad, but extortion might be worse. Which is why the recent Wife Lovers hack is so worrying. We should note that the hack was an exercise by a pro. It’s not clear whether anyone else ever accessed the database, and the website owner has taken it offline. Little consolation, though, to those of us who have ever given our information to an organization we’d rather not be publicly associated with—and who live in a country that doesn’t recognize our right to be forgotten. Find out more about how the database was cracked and what information might have been exposed.
via Swati Khandelwal, The Hacker News: There are a few great ways to find a new job—and a lot of bad ones. It’s not clear which category “disclosing a vulnerability on Twitter” falls into, but perhaps it’s the latter. @SandboxEscaper first posted details of a Windows vulnerability on Twitter last August. But as of this week, when she posted about a new Windows zero-day, her Twitter bio still said she was unemployed. It’s in the eye of the potential employer, of course, whether discretion or just straight-up software security skills is a more valuable asset. Learn more about SandboxEscaper’s disclosure here.
*** This is a Security Bloggers Network syndicated blog from Software Integrity authored by Taylor Armerding. Read the original post at: https://www.synopsys.com/blogs/software-security/digital-privacy-laws-wife-lovers-hack-windows-zero-day/
Leading UK Credit Card Consumer Finance Company Uses Advanced Graph Analytics to Intercept Fraudulent Credit Card Applications, Boost Anti-Fraud Efforts…
Digital+ Partners Leads Continuation Funding Round in Growing Automated Threat Analysis & Detection Provider, Closing its Series B Round at…
For three years OpenWRT had a severe validation problem with its download package manager, until a fuzz tester found and…
It’s time to say a final “Goodbye” to Flash. (Or should that be “Good riddance”?) With earlier this week seeing…
1. Be a student of (information security, network security, cyber security). Always strive to know what the latest tactics, trends,…
This is the second in a series of blog posts that discuss how smart DNS resolvers can enhance ongoing network…