Coverity, the leader in software quality and security testing solutions, has released its annual Coverity Scan Open Source Report. For the first time in this year’s report, it was found that commercial code bases are significantly more secure than open source. This is likely due to a high number of open source security incidents during 2014 and the general inaccessibility of common security tools to open source projects due to limited budgets Synopsys, Inc. (Nasdaq:SNPS) announced the release of its annual Coverity Scan® Open Source Report. The 2014 report details the analysis of nearly 10 billion lines of source code…
ISBuzz Team
Threat Intelligence is rapidly becoming an ever-higher business priority. There is a general awareness of the need to ‘do’ threat intelligence, and vendors are falling over themselves to offer a confusingly diverse array of threat intelligence products. Over the past 6 years threat intelligence has grown dramatically. Whether it has been its popularity in search engines, possible products or general awareness. The term Threat Intelligence has been placed in the spotlight of the cyber world, but what exactly does it all mean? David Chismon and Martyn Ruks of MWR-Info Security, in conjunction with CERT UK and The Centre for the Protection…
Apache Hadoop has been growing in popularity over recent years, known to be a valuable solution in cost effectively running large-scale analytics and processing. However, this popularity has meant that its security capabilities have been under scrutiny lately and questions have been raised around whether Hadoop is ready for secure environments. With big data projects on the rise, many organisations are turning to Apache Hadoop for help. Hadoop can enable companies to cost-effectively run large-scale analytics and processing. However, questions have been raised around Hadoop’s security and whether it is ready for production use. Hadoop’s versatility puts security under scrutiny…
Israeli researchers have discovered a new threat to critical infrastructure by finding a way to steal data from air-gapped computers using a simple cellphone. Air-gapped computing is used for the most sensitive work environments like critical infrastructure such as nuclear power plants. The air-gapping computers prevent workers from inserting USB sticks into the computers. Many times, smartphones are banned from the workspace to prevent them from being turned into listening devices. Lane Thames, Security Research and Software Development Engineer at Tripwire says that with IoT, air gapped computing is quickly becoming a thing of the past and will pose a…
New research finds zero-day vulnerabilities in Amazon’s top-selling smart home systems Tripwire, Inc., a leading global provider of advanced threat, security and compliance management solutions, announced results of an extensive security assessment of three top-selling smart home automation hub products available on Amazon. The research uncovered zero-day flaws in each hub that could allow hackers to take control of smart home functionalities. Smart home hubs are used to control lighting, heating, locks and cameras in people’s homes. In order to understand the risks associated with smart home hubs, Tripwire’s Vulnerability and Exposure Research Team (VERT) analyzed three of the top-selling smart…
Integration brings enterprises simplified access to 20 million Wi-Fi hotspots globally iPass Inc. (NASDAQ: IPAS), the world’s largest commercial Wi-Fi network, today announced that it now supports single sign-on with three leading identity management platforms: Okta, OneLogin and Ping Identity. With single sign-on capability, business users can securely self-provision themselves to use the iPass global Wi-Fi network using a simplified one-click activation process, reducing challenges associated with lost or changing passwords while bolstering enterprise security. Distributed workforces and mobile devices are disrupting business as usual – especially when it comes to identity management. With business users connecting to enterprise services from…
Vulnerability intelligence firm Secunia has released its Q2 quarterly country report for US and 14 other countries around the world. Big take away this round is the continued massive vulns out there on PDF readers. Kasper Lindgaard, Director of Research and Security at Secunia commented on the releasing of Q2 report. Kasper Lindgaard, Director of Research and Security at Secunia : “PDF readers remain one of the world’s most popular targets for hackers so it is concerning that we are still seeing 75% of PCs that have Adobe Reader 10 or 11 installed are unpatched. There are steps that PC users can take to defend…
It’s well established that all organizations, regardless of nature and size, are facing significant online threats that, in many cases, are entering through backdoors unintentionally opened by their own employees. One embodiment of this challenge is the use of anonymizers, or sites designed to make Internet activity untraceable. Employees are increasingly turning to sites that mask traffic and circumvent corporate network restrictions and, as a result, are unknowingly putting the corporate network at risk. Recent data shows the average employee made 6.2 attempts per day to access blocked social networking sites and 1.5 attempts to access workplace inappropriate content, like…
As usual, the cyber blame game goes into full swing after a major breach. Although the targeted data breach at OPM is one of the most disastrous breaches, it brings yet another wake up call showing that most companies and organizations are simply not able to detect an active data breach after the initial intrusion. The dwell time for these targeted data breaches is pathetically long and measured in months. Synthesizing common outrage, the Washington Post declared, “This unforgivable failure of stewardship should lead to firings for incompetence.” How would you like to be in that hot seat? Public enemy…
Researchers from Proofpoint have detected a campaign of millions of messages directed at organizations in the US and UK. The campaign employs a straightforward voice message lure with a LNK attachment – an unusual but not unheard of method of malware delivery. The use of LNK files to deliver malware in phishing emails is unusual but not unheard of [1], and this campaign caught the eye of at least one other security researcher [2]. In some versions of Windows the “wav.lnk” file was represented with a Windows audio file (WAV) icon, while in others a generic file icon was displayed.…