Weekly Security Mashup - August 14, 2018

Facing off with Google, Snap out of it, and Password protection

Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity in this week’s Security Mashup. What’s in this week’s Security Mashup, you ask? Facing off with Google, Snap out of it, and Password protection. Watch this week’s episode taped live at Black Hat ... Read More
How to help your medical devices meet the UL (and FDA) standard

How to help your medical devices meet the UL (and FDA) standard

Any effort to overhaul the cyber security of connected medical devices is likely to take considerable time and energy. Given that many of them are made to last decades, securing them while they’re in use can make turning an ocean liner look positively nimble. Still, the announcement last month by ... Read More
Black Hat USA 2018 Keynote: Parisa Tabriz

Project Zero director exhorts Black Hat audience to do security better

Google’s famous “Don’t be evil” motto got a corollary this week at Black Hat from Parisa Tabriz, director of engineering for the company’s Project Zero: “Do things better.” “We have a responsibility to do things better. Computer security is becoming the security of the world,” she said during her Wednesday ... Read More
Codenomi-con speakers agree: Bringing back privacy requires citizen action

Codenomi-con speakers agree: Bringing back privacy requires citizen action

We keep hearing that privacy is dead. But there is a good chance that a lot of us still aren’t aware of just how dead. So this week Synopsys presented codenomi-con, in connection with the Black Hat conference in Las Vegas, offering reminders about that reality in both government and ... Read More
NetSpectre: An ominous Spectre variant, but no immediate danger

NetSpectre: An ominous Spectre variant, but no immediate danger

NetSpectre sounds like it could be Spectre on steroids. Then again, it sounds like it could be more like a lab mutation of probably the most serious design flaw in CPUs (central processing units) or computer chips in a generation – interesting, but not much of a threat in the ... Read More
Weekly Security Mashup - July 31, 2018

Third-party security, Russian grid meddling, and patch Apache!

Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity in this week’s Security Mashup. What’s in this week’s Security Mashup, you ask? Third-party security party poopers, more Russian meddling in the grid, and patch Apache. Watch this episode below: , Robotics supplier’s ... Read More
Seeker is a better IAST tool—You can count the ways

Seeker is a better IAST tool—You can count the ways

The need for web apps to be secure is demonstrated at least weekly, if not daily. At the end of June, just two of several examples were the U.K. branch of the ticket-selling giant Ticketmaster, breached because of vulnerable code on its payments page, and a collection of around 4,000 ... Read More
Singapore healthcare hit with “unprecedented” cyber attack

Singapore healthcare hit with “unprecedented” cyber attack

It apparently took just about a week after cyber attackers broke into SingHealth, Singapore’s largest healthcare group, for them to steal the “non-medical personal particulars” of 1.5 million people—about a quarter of the city-state’s population—plus “information on outpatient dispensed medicines” of about 160,000 of them. SingHealth (Singapore Health Services) operates ... Read More
IAST—A better bugtrap

IAST—A better bugtrap

Everybody’s heard the cliché that if you build a better mousetrap, the world will beat a path to your door. The same applies to building a better bugtrap—as in software bug. Which is why developers ought to be beating a path to a tool that offers a better way to ... Read More
FDA adopts UL 2900-2-1, improves cyber security of connected medical devices

FDA adopts UL 2900-2-1, improves cyber security of connected medical devices

The cyber security of connected medical devices, notoriously poor for decades, could finally start to improve. The June 6 announcement by the federal Food and Drug Administration (FDA) on a change in the premarket certification process of devices was low-key—11 pages of dense bureaucratese buried within tens of thousands of ... Read More
Loading...