Indictment of Chinese Hackers Underscores Need for Stronger Cybersecurity
According to a newly unsealed indictment, two Chinese nationals working with the Chinese ministry of state security have been charged with hacking a number of U.S. government agencies and corporations. The court filing indicates that Zhu Hua and Zhang Jianguo, members of Advanced Persistent Threat 10 (APT10), used phishing techniques ... Read More
These Silent Fixes are Silent Killers in Open Source Security
When it comes to open source software, it’s natural for development and security leaders to want to know that the code they’re using is secure. Historically, they’ve relied on traditional software composition analysis solutions and the National Vulnerability Database to mine for open source issues. Yet there is a little-discussed ... Read More
An Avoidable Breach That Could Happen to Any Organization
Following a 14-month investigation into the Equifax breach that affected 148 million consumers around the world, a new report from a House Oversight and Government Reform Committee has concluded that the breach was entirely preventable. According to the report, Equifax “failed to fully appreciate and mitigate its cybersecurity risks” and ... Read More
Open Source Risk Continues to Challenge Organizations’ Software Security
The pressure on software development teams to produce more software, and faster, is greater than ever before. This demand has necessitated heavy adoption of open source libraries and components, as they empower developers to reach production deadlines by adding functionality to their code without starting wholly from scratch. Download the ... Read More
Marriott Confirms Breach Impacts As Many As 500 Million Guests
Marriott International has disclosed that the guest reservation database of its Starwood division has been breached, affecting as many as 500 million guests. The company has also confirmed that there has been unauthorized access to the Starwood network since 2014. According to a report from the BBC, for roughly 327 ... Read More
Retailers Fix Software Flaws Quickly, Despite Continued Code Quality Issues
The 2018 holiday shopping season is off to a record-breaking start, thanks to consumers’ growing comfort with making online purchases and an increasing number of retailers offering Black Friday pricing starting on Thanksgiving. In fact, in the first two days of the shopping season, online retailers saw nearly $10 billion ... Read More
Instagram Bug Accidentally Reveals User Passwords
Facebook and Instagram have been having a rough go of it this year. According to The Information, some Instagram users who made use of the platform's new feature received notification that their passwords were showing up in the URL of their web browsers. What's more, this information was also stored ... Read More
Removing the Barriers to Secure Development and Scalable Application Security with CA Veracode Greenlight
It is not uncommon for organizations to have “appsec programs” and not actually affect the security of their applications. What good is it if the applications coming out of that program aren’t any better than when they went in? You have two competing objectives in your organizations Keep pushing software ... Read More
Insecure code cited in Facebook hack impacting nearly 50 million users
On Sept. 28, Facebook announced via its blog that it discovered attackers exploited a vulnerability in its code that impacted its "View As" feature. While Guy Rosen, VP of product management, notes that the investigation is still in its early stages, the breach is expected to have affected 50 million ... Read More
New Apache Struts Vulnerability Highlights Need for Software Composition Analysis
On Aug. 22, the Apache Software Foundation announced that a new critical remote code execution vulnerability was found in Apache Struts 2 (CVE-2018-11776). According to the Semmle Security Research Team, who first identified and reported the vulnerability, this flaw is "more critical" than the Struts vulnerability behind the massive data ... Read More
