Risks of Evidentiary Software

Schneier on Security

Over at Lawfare, Susan Landau has an excellent essay on the risks posed by software used to collect evidence (a Breathalyzer is probably the most obvious example). The software engineers proposed a three-part test.

The Software Bill of Materials and Software Development

Security Boulevard

Building secure software using the Software Bill of Materials. The Software Bill of Materials (SBOM) directly impacts all developers. The SBOM requires third-party software companies to provide customers with the code equivalent of a “nutrition chart.” Software Developers.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Hackers Hide Software Skimmer in Social Media Sharing Icons

Security Affairs

Security researchers have uncovered a new technique to inject a software skimmer onto checkout pages, the malware hides in social media buttons. Security experts at Sansec have detailed a new technique used by crooks to inject a software skimmer into checkout pages.

Effective Tools for Software Composition Analysis

Security Boulevard

Our second in the series, we first looked at benefits of data quality to Software Composition Analysis (SCA). The post Effective Tools for Software Composition Analysis appeared first on Security Boulevard.

Reduce open source software risks in your supply chain

Security Boulevard

Knowing what’s in your open source software, whether you’re a consumer or producer, can help you manage security risks in your supply chain. The post Reduce open source software risks in your supply chain appeared first on Software Integrity Blog.

Russia’s SolarWinds Attack and Software Security

Schneier on Security

These are important discussions to have, but we also need to address the economic incentives that led to SolarWinds being breached and how that insecure software ended up in so many critical US government networks. Software has become incredibly complicated.

DevilsTongue Malware matches Pegasus Spying Software

CyberSecurity Insiders

Researchers from MTIC have confirmed that DevilsTongue malware was invented by Israel’s firm Candiru that sells software to companies that support state funded attacks. The post DevilsTongue Malware matches Pegasus Spying Software appeared first on Cybersecurity Insiders.

Top Microsegmentation Software for 2021

eSecurity Planet

DxOdyssey (DxO) is a Software Defined Perimeter (SDP) solution that enables secure, available, per-application connectivity between remote users, edge devices, sites, and clouds. The post Top Microsegmentation Software for 2021 appeared first on eSecurityPlanet.

When Biology Becomes Software

Schneier on Security

If this sounds to you a lot like software coding, you're right. Programmers write software through trial and error. Because computer systems are so complex and there is no real theory of software, programmers repeatedly test the code they write until it works properly. Again due to the complexity of modern software systems, "works properly" doesn't mean that it's perfectly correct.

Software Engineering Radio

Adam Shostack

I enjoyed being a guest on Software Engineering Radio: Adam Shostack on Threat Modeling. It’s a substantial, in depth interview, running nearly 80 minutes, and covering a wide variety of topics. podcasts threat modeling

CISO’s Guide to Secure Software Development

Security Boulevard

This CISO‘s guide to secure software development can help. The post CISO’s Guide to Secure Software Development appeared first on Security Boulevard.

CISO 91

Governnment Software Vendor Tyler Technologies Announces Breach

Adam Levin

Tyler Technologies, a software and technology provider for U.S. We have confirmed that the malicious software the intruder used was ransomware.”. The post Governnment Software Vendor Tyler Technologies Announces Breach appeared first on Adam Levin.

Transition to Version 1.1 for New Secure SLC and Secure Software Submissions

PCI perspectives

With the release of the Secure Software Lifecycle (“Secure SLC”) Standard v1.1 in February 2021 and the Secure Software Standard v1.1 Software Awareness Software Security Framework

Cybersecurity Executive Order requires new software security standards

Security Boulevard

President Biden’s Cybersecurity Executive Order requires new software security standards and best practices. The post Cybersecurity Executive Order requires new software security standards appeared first on Software Integrity Blog.

Software Developers and Security

Schneier on Security

According to a survey : "68% of the security professionals surveyed believe it's a programmer's job to write secure code, but they also think less than half of developers can spot security holes." And that's a problem. Nearly half of security pros surveyed, 49%, said they struggle to get developers to make remediation of vulnerabilities a priority. Worse still, 68% of security professionals feel fewer than half of developers can spot security vulnerabilities later in the life cycle.

How to choose the best SIEM software

CSO Magazine

That’s the fundamental notion behind SIEM (security information and event management) software, which is essential to the security defenses of most large and many medium enterprises. To protect your enterprise against security threats, you need maximum visibility.

How to Successfully Transition Software from PA-DSS to the PCI Secure Software Standard

PCI perspectives

Software Training Acquirers Vendors Interview PA-DSS QSA Software Security FrameworkOn 28 October 2022, the Payment Application Data Security Standard (PA-DSS) program will officially close.

Kaseya Left Customer Portal Vulnerable to 2015 Flaw in its Own Software

Krebs on Security

The attackers exploited a vulnerability in software from Kaseya , a Miami-based company whose products help system administrators manage large networks remotely. “It’s a patch for their own software.

Antivirus software, explained

Zero Day

Antivirus software isn’t enough to protect our devices and accounts any longer, but it still provides a key layer of defense

Employee Monitoring Software Secures Remote Teams

Security Boulevard

The post Employee Monitoring Software Secures Remote Teams appeared first on Security Boulevard. Many organizations only embrace cybersecurity as a bottom-line business priority after years of unprecedented, expensive and significant data breaches and cybersecurity incidents.

At Least 30,000 U.S. Organizations Newly Hacked Via Holes in Microsoft’s Email Software

Krebs on Security

The espionage group is exploiting four newly-discovered flaws in Microsoft Exchange Server email software, and has seeded hundreds of thousands of victim organizations worldwide with tools that give the attackers total, remote control over affected systems.

Practical solutions for a secure automotive software development process following ISO/SAE 21434

Security Boulevard

Learn what cyber security activities are critical to building secure automotive software systems using ISO/SAE 21434 as guidance. The post Practical solutions for a secure automotive software development process following ISO/SAE 21434 appeared first on Software Integrity Blog.

Automotive Software Safety and Security Still Needs Improvement

Security Boulevard

A recent blog post, “ Automotive software defects ”, from Phil Koopman, Carnegie Mellon professor and author of “ Better Embedded Software ”, talks about increasing number of software defects in automotive software that are significant safety hazards.

Software renewal scammers unmasked

Malwarebytes

Here the scammers left a few trails with the VBS script but more importantly the first website we visited to download remote access software. The post Software renewal scammers unmasked appeared first on Malwarebytes Labs.

3 razões para usar um software de diagrama de rede

Security Boulevard

The post 3 razões para usar um software de diagrama de rede appeared first on ManageEngine Blog. The post 3 razões para usar um software de diagrama de rede appeared first on Security Boulevard.

"Insider Threat" Detection Software

Schneier on Security

Notice this bit from an article on the arrest of Christopher Hasson: It was only after Hasson's arrest last Friday at his workplace that the chilling plans prosecutors assert he was crafting became apparent, detected by an internal Coast Guard program that watches for any "insider threat." The program identified suspicious computer activity tied to Hasson, prompting the agency's investigative service to launch an investigation last fall, said Lt. Scott McBride, a service spokesman.

Flash Is Dead—But Not Gone

WIRED Threat Level

Zombie versions of Adobe’s troubled software can still cause problems in systems around the world. Security Security / Security News

Executive Order Update: NIST Establishes a Definition for Critical Software and Outlines Scan Requirements for Software Source Code

Security Boulevard

Department of Commerce’s National Institute of Standards and Technology (NIST) to enhance the security of the software supply chain. . One of NIST’s first orders of business was to define critical software by June 26, 2021. Cloud-based and hybrid software.

Securing Industrial Automation and Control Systems Starts in Software Development

Security Boulevard

Following the IEC 62443 standard for security software development ensures quality, safety and security. The post Securing Industrial Automation and Control Systems Starts in Software Development appeared first on Security Boulevard.

SAFECode and PCI SSC Discuss the Evolution of Secure Software

PCI perspectives

When the PCI Security Standards Council (PCI SSC) developed its Software Security Framework (SSF) a few years ago, it relied on the expertise of a Software Security Task Force. Software Guidance Awareness Interview PCI DSS PA-DSS PCI SSC Third Party Risk Software Security Framework

Machine Learning to Detect Software Vulnerabilities

Schneier on Security

While the literature generally focuses on the different uses of AI by attackers and defenders ­ and the resultant arms race between the two ­ I want to talk about software vulnerabilities. All software contains bugs. The reason is basically economic: The market doesn't want to pay for quality software. The result is that any large modern software package contains hundreds or thousands of bugs.

Revisiting Software Vulnerabilities in the Boeing 787

Schneier on Security

I previously blogged about a Black Hat talk that disclosed security vulnerabilities in the Boeing 787 software. Ben Rothke concludes that the vulnerabilities are real, but not practical. airtravel vulnerabilities

Malware Hidden in Call of Duty Cheating Software

Schneier on Security

“Guides for cheats will typically ask users to disable or uninstall antivirus software and host firewalls, disable kernel code signing, etc.” News article : Most troublingly, Activision says that the “cheat” tool has been advertised multiple times on a popular cheating forum under the title “new COD hack.” ” (Gamers looking to flout the rules will typically go to such forums to find new ways to do so.)

Top Risk Management Software Vendors

eSecurity Planet

Risk management software can provide risk monitoring, identification, analysis, assessment and mitigation, all in one solution. There are many factors that go into choosing the best risk management software for your specific organization’s business needs.

Risk 52

3 reasons to use network diagram software

Security Boulevard

The post 3 reasons to use network diagram software appeared first on ManageEngine Blog. The post 3 reasons to use network diagram software appeared first on Security Boulevard.

Best Password Management Software & Tools

eSecurity Planet

Top Password Manager Software. Bitwarden is free, open source software that can stand up to commercial alternatives. The post Best Password Management Software & Tools appeared first on eSecurityPlanet. Trends computer security password software software security tips

Crooks hide software skimmer inside CSS files

Security Affairs

Security researchers have uncovered a new technique to inject a software skimmer onto websites, the malware hides in CSS files. Security researchers have uncovered a new technique used by threat actors to inject a software skimmer onto websites, the attackers hide the malware in CSS files.

Nasty macOS Malware XCSSET Now Targets Google Chrome, Telegram Software

The Hacker News

A malware known for targeting macOS operating system has been updated once again to add more features to its toolset that allows it to amass and exfiltrate sensitive data stored in a variety of apps, including apps such as Google Chrome and Telegram, as part of further "refinements in its tactics."

Top Patch Management Software for 2021

eSecurity Planet

Shockingly, security holes in software from vendors such as Fortinet, Microsoft, and Adobe are being exploited over and over again by hackers. We’ll cover key patch management features and buying advice below, but first, here’s our picks for the best patch management software.

Software Vulnerabilities in the Boeing 787

Schneier on Security

Boeing left its software unprotected, and researchers have analyzed it for vulnerabilities: At the Black Hat security conference today in Las Vegas, Santamarta, a researcher for security firm IOActive, plans to present his findings, including the details of multiple serious security flaws in the code for a component of the 787 known as a Crew Information Service/Maintenance System.

Can Your Data Protection Software Recover from Modern Ransomware?

Security Boulevard

The post Can Your Data Protection Software Recover from Modern Ransomware? Your nightmare has come true. Your organization was just attacked by ransomware.

Mongolian Certificate Authority Hacked to Distribute Backdoored CA Software

The Hacker News

In yet another instance of software supply chain attack, unidentified hackers breached the website of MonPass, one of Mongolia's major certificate authorities, to backdoor its installer software with Cobalt Strike binaries.

Dirt-Cheap, Legit, Windows Software: Pick Two

Krebs on Security

Buying heavily discounted, popular software from second-hand sources online has always been something of an iffy security proposition. But purchasing steeply discounted licenses for cloud-based subscription products like recent versions of Microsoft Office can be an extremely risky transaction, mainly because you may not have full control over who has access to your data.