In the wake of the WannaCry and Petya/NotPetya attacks, it is not surprising that notorious cyber gangs are finding new ways to use the NSA’s EternalBlue exploit to support their criminal activities, said Chris Wysopal (@WeldPond), co-Founder and chief technology officer at security firm Veracode.
“Over the past year, we’ve seen a significant shift concerning cybersecurity regulation and putting the responsibility for cyberattacks on organisations where inadequate cybersecurity processes were in place. Whether GDPR or the New York State Department of Financial Services Cybersecurity Regulation, the onus is now being placed on firms to maintain a minimum standard of cybersecurity and to face severe consequences if they suffer a cyberattack as a result of not meeting it." Read more from Paul Farrington (@pfarrington_tm), Manager, EMEA Solution Architects at Veracode.
It’s an experience every computer or smart phone user has had. After downloading new software or an app, a window pops up with a legal agreement. At the bottom is an “I agree” button. One click, and it’s gone. Most users have no clue what they’ve agreed to. That single action can empower software developers to extract reams of personal information – such as contacts, location, and other private data – from the devices. They can then market the information. Even as privacy erodes in the digital era, little outcry arises over the digital tracking and profiling of consumers. Only slight murmurs are heard on Capitol Hill.
The HPE Application Lifecycle Manager Flaw Synchronizer plug-in enables to remove security vulnerabilities at an early stage. Furthermore, it is now also possible to insert Jenkins into Veracode’s Application Security Platform for application scans.
Over 10 years ago, the first iPhone burst on the scene and changed mobile computing forever. But it had a flaw: The baseband (the part that manages all the radios) on the installed Infineon chip could be exploited to run the phone on networks other than AT&T -- which was, at the time, the exclusive provider. Fast-forward to 2017 and that same chip was recently found in various Nissan Leafs built between 2011 and 2015.
Just as commercial companies must protect loss of customer data under EU GDPR or face huge fines, now electricity, water, energy, banking, financial markets, transport and health infrastructure providers will also face the same fines (£17 million or up to four percent of annual turnover) if they fail to protect critical infrastructure from loss of services due to cyber-attacks.
Cyberattacks are accelerating worldwide and the U.S. health care system is dangerously unprepared to defend itself, or its patients. In the past two months, thousands of computers of the nation’s No. 3 pharmaceutical company, Merck, seized up amid a global cyberattack, cutting into production of medicines. The same rogue digital worm crippled a hospital system north of Pittsburgh, Pennsylvania. From insulin pumps and defibrillators, and on to expensive CT scanners and MRI machines, medical devices are increasingly connected to networks. Patient medical records are online. When networks go down, physicians say it is like operating in the dark.
With the fake news scourge and bots running rampant online, Chris Wysopal (@WeldPond), chief technology officer at Veracode, said the security community can use its expertise to help.
The surge in far-flung and destructive cyber attacks is not good for national security, but for an increasing number of hackers and researchers, it is great for job security. Twenty or even 10 years ago, career options for technology tinkerers were mostly limited to security firms, handfuls of jobs inside mainstream companies, and in government agencies. But as tech has taken over the world, the opportunities in the security field have exploded.
If you had to select one symbol of cybersecurity industry, you’d be hard pressed to find a better choice than the pair of conferences, Black Hat Briefings (Black Hat) and DEF CON. The duo is known affectionately as Hacker Summer Camp by many conference goers. Much has changed since the first Black Hat in 1997 and DEF CON in 1993. Not only have the crowds swelled, but so has the very nature of digital technology.
Twenty-five years is a very long time in the world of technology. Just look at how much computers have changed since 1992, the year when Microsoft proudly launched Windows 3.1 on a 1.44MB floppy disk. Yet, some things have lingered from those early days of the internet and now put the systems we depend on at risk.
A senator who's been pushing US government agencies to adopt better cybersecurity hygiene is calling out the Department of Homeland Security for not using a standard technology that would protect people who receive emails from DHS from fraud, spam, and phishing attempts.
Veracode's Colin Domoney (@colindomoney) discusses how to build a successful application security team based on his own experiences.
International consumer goods giant Reckitt Benckiser has revealed last week's assault on its network may take a £100 million (A$171 million) bite out of the company's revenue.
Since elections there are attempts to manipulate them. Was even bribed in ancient Rome and violent intimidation to influence elections, digitization opens up completely new ways of political manipulators - they also make use of eager, as the cyber attacks before the presidential elections in the United States and France. Are our elections in Germany also endangered in September 2017? Julian Totzek Hallhuber (@d3v_rand0m), Solution Architect at application security specialists Veracode, shows some curious cases of policy-hacking and goes closer to the dangers for our forthcoming election one.
A new, highly virulent strain of malicious software that is crippling computers globally appears to have been sown in Ukraine, where it badly hobbled much of the government and private sector on the eve of a holiday celebrating a post-Soviet constitution. The fresh cyber-assault Tuesday leveraged the same intrusion tool as a similar attack in May and proved again just how disruptive to daily life sophisticated cyber-assaults can be in this age of heavy reliance on computers.
Meet the sequel to WannaCry, the wide-ranging ransomware attack that crippled businesses around the globe last month. On Tuesday, another widespread ransomware attack began halting unprepared businesses in their tracks. The new attack uses the same method of propagation as WannaCry: A leaked hacking tool called Eternal Blue, which has been linked to the U.S. National Security Agency.
A massive cyber attack which has hit a number of institutions in Ukraine appears to be spreading across Europe. A number of firms, banks and government offices in Ukraine began to report attacks earlier today caused by ransomware named "Petya." London-based advertising giant WPP has reported problems with its IT systems caused by a "suspected cyber attack," as did Danish shipping group Maersk.
Firms around the globe are reporting that they have been hit by a major cyber-attack. Veteran security expert Chris Wysopal (@WeldPond) of Veracode (@Veracode) said the malware seemed to be spreading via some of the same Windows code loopholes exploited by Wannacry. Many firms did not patch those holes because Wannacry was tackled so quickly, he added.
As companies increasingly adopt agile development methods, many are looking for ways to improve their application security. One of the first questions they must address is how to measure progress, experts say.
NEW YORK (AP) -- The Latest on a widespread cyberattack that is affecting companies and government systems (all times local), featuring commentary from Veracode Co-founder and Chief Technology Officer Chris Wysopal (@WeldPond).
Is DevOps sustainable? That's the question addressed in two recent reports. DevOps is a cultural change; it means banding together different teams within the software value chain and getting them to work in sync. There may be a positive push as the effort is first announced, with executives and professionals rallying around this new collaborative initiative. But what happens after the consultants leave, and the hoopla dies down? Will everyone continue to work together as one happy, aligned family?
Brash. Controversial. A guard against rising digital threats around the globe. Google’s Project Zero is securing the Internet on its own terms. Is that a problem?