Author: Guy Gilam

Introducing Cybellum’s System of Systems: Cybersecurity Management at the Full Device Level

Product and device security teams often find themselves fighting an uphill battle in their attempts to step up their cybersecurity strategies. Ensuring security in the increasingly complex ecosystem of their connected devices has never been more challenging. Faced with a rapidly evolving threat landscape and increased regulation, teams are working hard to achieve cybersecurity maturity, […]

2022 Medical Device Cybersecurity Trends and Predictions

Is it Finally Prime Time for Medical Device Cybersecurity?

If you want to see where industry priorities lie — the general consensus is that you should follow the money. Well, between 2020 and 2025, the Healthcare industry is projected to spend $125B on cybersecurity. There are many reasons driving the attention that medical device security is receiving. New regulations such as the FDA premarket […]

Latest Mazda Infotainment Crash Shows How Fragile Car Security Really Is

Originally published on BleepingComputer, March 30th, 2022 Another day, another crash in automotive device software. This time, the bug was found in the infotainment system of older model Mazdas from 2014-2017. Drivers reported that their HD radio receivers crashed when connecting to a local radio station. The radio and its display, bluetooth capabilities, built-in maps, and […]

Licensing: The Double-Edged Sword of Open Source Software

Open-source software libraries are the backbone of modern software development and a critical piece of the software supply chain. Engineers don’t need to recreate existing functionality; instead, development efforts can be accelerated using open-source software (OSS) libraries. These days, almost 98% of applications use open-source libraries. Using open-source libraries does bring unique risks. Beyond security […]

Supply Chain Shortages Create a Cybersecurity Nightmare

Originally published on HelpNet Security, February 16th, 2022

The Definitive Guide to Software Bill-of-Materials (SBOM)

In 2020, the SolarWinds supply chain attack penetrated deep into the Federal government’s infrastructure and into some of the largest and most tech-savvy organizations. The compromise gave attackers unprecedented access to some of the best-protected data in the world. It highlighted that no matter how big or well funded an organization is, cyber-attacks can still […]

NUCLEUS:13 Vulnerabilities Hit Siemens Nucleus TCP/IP Stack

NUCLEUS:13 is the latest in a long line of TCP/IP stack vulnerabilities that includes NAME:WRECK, Ripple20 and many others. The vulnerabilities have been discovered in the Nucleus TCP/IP stack owned by Siemens, and used in billions of devices.

NTIA’s Minimum Elements of a Software Bill of Materials (SBOM): a Guide

After many years of hard work, the NTIA (National Telecommunications and Information Administration) published an important document in July 2021: The Minimum Elements for a Software Bill of Materials (SBOM). True to its name, the document details a list of the elements a minimal SBOM should include.

Why Device Manufacturers Should Lose Sleep Over The Log4j Vulnerability

Incident response teams across the world are scrambling to patch their systems against the latest Log4Shell vulnerability. This newly discovered zero-day vulnerability in the highly popular open-source Apache Log4j logging library enables attackers to gain full control of affected systems. Systems and services that use the Java logging library, Apache Log4j versions 2.0 – 2.14.1 […]

VSOC Vulnerability Management Fundamentals

The risk of a connected vehicle being cyberattacked is the highest it has ever been, due to new systems’ public digital blueprint and entry points, and the growing sophistication of attackers. A VSOC (Vehicle SOC) is a key component in managing these risks, as it identifies vulnerabilities and takes action to dispose of them. Let’s […]

Subscribe to our blog to stay updated