Product and device security teams often find themselves fighting an uphill battle in their attempts to step up their cybersecurity strategies. Ensuring security in the increasingly complex ecosystem of their connected devices has never been more challenging. Faced with a rapidly evolving threat landscape and increased regulation, teams are working hard to achieve cybersecurity maturity, […]
If you want to see where industry priorities lie — the general consensus is that you should follow the money. Well, between 2020 and 2025, the Healthcare industry is projected to spend $125B on cybersecurity. There are many reasons driving the attention that medical device security is receiving. New regulations such as the FDA premarket […]
Originally published on BleepingComputer, March 30th, 2022 Another day, another crash in automotive device software. This time, the bug was found in the infotainment system of older model Mazdas from 2014-2017. Drivers reported that their HD radio receivers crashed when connecting to a local radio station. The radio and its display, bluetooth capabilities, built-in maps, and […]
Open-source software libraries are the backbone of modern software development and a critical piece of the software supply chain. Engineers don’t need to recreate existing functionality; instead, development efforts can be accelerated using open-source software (OSS) libraries. These days, almost 98% of applications use open-source libraries. Using open-source libraries does bring unique risks. Beyond security […]
Originally published on HelpNet Security, February 16th, 2022
In 2020, the SolarWinds supply chain attack penetrated deep into the Federal government’s infrastructure and into some of the largest and most tech-savvy organizations. The compromise gave attackers unprecedented access to some of the best-protected data in the world. It highlighted that no matter how big or well funded an organization is, cyber-attacks can still […]
NUCLEUS:13 is the latest in a long line of TCP/IP stack vulnerabilities that includes NAME:WRECK, Ripple20 and many others. The vulnerabilities have been discovered in the Nucleus TCP/IP stack owned by Siemens, and used in billions of devices.
After many years of hard work, the NTIA (National Telecommunications and Information Administration) published an important document in July 2021: The Minimum Elements for a Software Bill of Materials (SBOM). True to its name, the document details a list of the elements a minimal SBOM should include.
Incident response teams across the world are scrambling to patch their systems against the latest Log4Shell vulnerability. This newly discovered zero-day vulnerability in the highly popular open-source Apache Log4j logging library enables attackers to gain full control of affected systems. Systems and services that use the Java logging library, Apache Log4j versions 2.0 – 2.14.1 […]
The risk of a connected vehicle being cyberattacked is the highest it has ever been, due to new systems’ public digital blueprint and entry points, and the growing sophistication of attackers. A VSOC (Vehicle SOC) is a key component in managing these risks, as it identifies vulnerabilities and takes action to dispose of them. Let’s […]