The Cybellum BLOG

VEX – Protecting the Software Supply Chain from Hidden Threats

The SolarWinds hack of 2020 allowed attackers to dig deep into many major businesses and government agencies. This high-profile attack called into question supply chain security, and the implicit trust enterprises place in suppliers of software and devices. This post explores the challenges of protecting the supply chain, and how the new Vulnerability Exploitability Exchange […]

Context-Aware Analysis: Prioritizing the Vulnerabilities that Matter the Most

These days, product security teams face incredible challenges when it comes to their vulnerability management program. Embedded software is more prevalent, made up of open-source software (OSS), commercial software and sometimes also proprietary code, and it is far more complex.

Finding the Weakest Link in The Supply Chain

Originally published on Forbes, April 29th, 2021 As awareness regarding the widespread devastation caused by supply chain attacks increases, one thing is becoming clear: An organization’s cybersecurity defenses are only as strong as its weakest link. Successful supply chain attacks are considered especially dangerous because of their high potential for widespread contagion. With just one […]

New Supply Chain Threats – Name:Wreck TCP/IP Vulnerabilities Exposed

Newly discovered supply-chain vulnerabilities in common communication stacks can be exploited to take full remote control of connected devices, putting at risk millions of devices around the globe. Security researchers from Forescout and JSOF Research Labs have discovered nine vulnerabilities in four widely-used TCP/IP stacks affecting Domain Name Systems (DNS) implementations. Dubbed NAME:WRECK due to […]

Busting Code Analysis Myths – Binary Analysis vs. Source Code Analysis

Despite being around for years (maybe even decades), the practice of automated code reviews to identify security vulnerabilities and other flaws still leave product security professionals with many misconceptions. Source code analysis provides complete coverage, some say. Binary analysis is inaccurate, others cry.

The Cyber Digital Twin Revolution

Originally published on Forbes, February 25th, 2021 In the space of just a few short years, many of the machines around us have become smarter than we are. Technology and progress wait for no one, and the widespread adoption of IoT has injected intelligent, autonomous capabilities into everything from vending machines and robots to refrigerators […]

Launching the World’s First Cyber Digital Twins Platform to Protect Vehicles from Cyber Threats

When people think of potential cybersecurity risks, they think of their personal devices – like phones, laptops or game consoles. Today’s car needs to be thought of as an even more vulnerable and potentially more dangerous form of these devices.

Heavy On Connectivity, Light On Security: The Challenges Of Vehicle Manufacturers

Originally published on Forbes, January 15th, 2021 We sure have come a long way since the days of Henry Ford’s Model-T automobile. Today’s cars go faster, go for longer distances and come in more colors than Henry ever could have imagined. Perhaps most importantly, the development of car safety features, like seatbelts and airbags, alongside antilock […]

What are Cyber Digital Twins – Definition & Use Cases

As IoT devices become hyper-connected and software driven, there’s a growing risk that cyber vulnerabilities introduced through accidental errors, lack of secure-coding practices, or insecure open source software, may be exploited by malicious entities. This is where Cyber Digital Twins come into play, helping product security teams keep their products and customers safe and secure.

Subscribe to our blog to stay updated

READY TO TAKE PRODUCT SECURITY TO THE NEXT LEVEL?

Book a demo