The Cybellum BLOG

New Supply Chain Threats – Name:Wreck TCP/IP Vulnerabilities Exposed

Newly discovered supply-chain vulnerabilities in common communication stacks can be exploited to take full remote control of connected devices, putting at risk millions of devices around the globe. Security researchers from Forescout and JSOF Research Labs have discovered nine vulnerabilities in four widely-used TCP/IP stacks affecting Domain Name Systems (DNS) implementations. Dubbed NAME:WRECK due to […]

Busting Code Analysis Myths – Binary Analysis vs. Source Code Analysis

Despite being around for years (maybe even decades), the practice of automated code reviews to identify security vulnerabilities and other flaws still leave product security professionals with many misconceptions. Source code analysis provides complete coverage, some say. Binary analysis is inaccurate, others cry.

The Cyber Digital Twin Revolution

Originally published on Forbes, February 25th, 2021 In the space of just a few short years, many of the machines around us have become smarter than we are. Technology and progress wait for no one, and the widespread adoption of IoT has injected intelligent, autonomous capabilities into everything from vending machines and robots to refrigerators […]

Launching the World’s First Cyber Digital Twins Platform to Protect Vehicles from Cyber Threats

When people think of potential cybersecurity risks, they think of their personal devices – like phones, laptops or game consoles. Today’s car needs to be thought of as an even more vulnerable and potentially more dangerous form of these devices.

Heavy On Connectivity, Light On Security: The Challenges Of Vehicle Manufacturers

Originally published on Forbes, January 15th, 2021 We sure have come a long way since the days of Henry Ford’s Model-T automobile. Today’s cars go faster, go for longer distances and come in more colors than Henry ever could have imagined. Perhaps most importantly, the development of car safety features, like seatbelts and airbags, alongside antilock […]

What are Cyber Digital Twins – Definition & Use Cases

As IoT devices become hyper-connected and software driven, there’s a growing risk that cyber vulnerabilities introduced through accidental errors, lack of secure-coding practices, or insecure open source software, may be exploited by malicious entities. This is where Cyber Digital Twins come into play, helping product security teams keep their products and customers safe and secure.

What Does the Solarwinds Attack Signal to OEM Supply-Chains?

This week, major US government agencies, including all five branches of the US military, the Pentagon, 425 of the US Fortune500 companies and other organizations across Europe, Asia and the Middle-East, discovered their IT networks had been breached by hackers looking to steal sensitive data (the identity of the intruders is still not clear).

The Inevitable Digital Transformation of Automotive Security

Writing good software is hard. Making it secure is even harder. It requires knowhow, an awareness of common programming flaws and discipline; checking input sizes; managing memory allocation and deallocation; addressing string formatting; avoiding dangling pointers – the list goes on and on. More often than not, writing secure code stands in contrast to developers’ […]

Ripple20 and What it Means to Your Product Security

Writing good code is hard. Making it secure is harder. Doing so with 3rd party components is a nightmare. That’s what R&D organizations realize as they embrace software supply chains to speed up innovation and development.

Subscribe to our blog to stay updated

READY TO TAKE PRODUCT SECURITY TO THE NEXT LEVEL?

Book a demo