A flaw that was discovered in Pivotal’s Spring Framework in September 2017 has only come to light now that users have had a chance to update.
A DevSecOps strategy won’t work if developers haven’t bought into the movement. CA Veracode held a virtual summit on Assembling the Pieces of the DevSecOps Puzzle yesterday to talk about the importance of developer security training in a DevOps environment.
Meltdown and Specter rang in the year 2018 with a bang, affecting billions of devices. CA Veracode's Julian Totzek-Hallhuber explains in this blog post why it is high time to put security at least on the same level as functionality.
If you make security early in development, you can reduce safety risks and long-term development costs quite significantly. The EU Commission is on its way with a number of initiatives that take security from the start.
Corporate IT systems with known vulnerabilities are often missed or overlooked. In the case of Equifax, a known vulnerability led to hundreds of millions of dollars in losses. Here are the top-5 ways that vulnerabilities hide inside your company.
Somewhere along the road to DevOps nirvana that so many organizations have been attempting to follow, security got left behind. You see, a big driver of the need for DevOps is the speed with which organizations crank out software. It turns out it's really easy for software development to run off the rails, turning what should be innovation into unnecessary fiascos that can cost millions to fix, or worse yet, cause irreparable damage to a company's reputation.
New software also brings with it new threats to the overall security of an organisation, so understanding the potential risks and vulnerabilities software introduces is essential if businesses want to keep hackers at bay
The U.S. Securities and Exchange Commission introduced new SEC cybersecurity disclosure rules to prevent insider trading related to data breaches and other security incidents.
Attacks by cybercriminals can be costly for businesses if they want to avoid losing their data. The most recent example is Uber, the globally operating U. S. driver service agent, who has been the victim of a Ransomware attack: Data from 57 million customers and drivers were hacked, including names, addresses and driver's license numbers. Over paid $100,000 to the hackers and concealed the incident, but is now exposed to the serious charge of covering up a criminal offence. This latest case shows once again the importance of advanced data protection to prevent cyber attacks. Julian Totzek-Hallhuber, Solution Architect at CA Veracode, gives five tips on how companies can easily and effectively protect themselves against Ransomware attacks.
A machine that automatically finds new vulnerabilities in any software - this is what a team led by Fabian Yamaguchi from Berlin is working on. Can anyone become a hacker?
Hint: hit them where it hurts the most – their own personal reputation and livelihood.
This is a guest article by Julian Totzek-Hallhuber, Solution Architect, CA Veracode. The Aztec Empire, the Roman Empire or the British Empire - if one had asked contemporary witnesses, these cultures seemed untouchable and would last forever. External influences and socio-cultural developments have only made them examples of transience in the course of history. Today, the world looks completely different, but some developments in the shadow of technological progress have the potential to revolutionize our society from the ground up. The advantage is that we are able to recognize early warnings and take countermeasures. When Europeans entered the new world, it was the beginning of the end of the indigenous tribes and advanced cultures of a whole continent. Such a scenario, which in the long run can wipe out entire civilizations, is of course unthinkable nowadays, since today's cultures are consolidated and embedded in the global community. Accordingly, such upheavals today have far more far-reaching consequences, affecting much larger regions and sometimes the whole world. Three scenarios in particular are now able to change the course of the world from the ground up.
With recent news that the NHS’s lost of thousands of patient records and documentation and are now failing cyber security tests.
The culture connection gets real as experts agree that secure software development requires a new mindset across the board.
Developers tend to get thrown under the bus when it comes to application security, but recent data shows that developers do, in fact, care about security. Take mitigation for example. Developers don’t try to rig the system by rejecting findings as false positives or as mitigated by design. Developers documented mitigations for just 14.4 percent of all flaws found by CA Veracode’s platform in the past year.
Much has changed in software security over the last year. Nation state-directed attacks demonstrated the significant danger posed by software vulnerabilities and raised the pressure on developers to secure their software. Attackers used exploits leaked from the National Security Agency (NSA), for example, to spread ransomware, including the costly WannaCry and NotPetya attacks.
Chris Wysopal, CTO for the CA Veracode portfolio of security testing tools CA Technologies acquired last year, said the survey results make it clear many organizations are still wrestling with the concept of DevSecOps. Many of them may be far along the path to building a culture around DevOps, but more often than not, security teams haven’t been included in those processes, says Wysopal.
It has been reported by that Schneider Electric SE has disclosed that hackers exploited a flaw in its software in a watershed hack discovered last month that halted plant operations at an industrial facility.
When discussing the lack of women in technology fields, the conversation generally starts around basic questions: What is it about tech fields that discourages women from participating, and what can people in the field do to attain a better balance?
It’s being reported that a hacker or hacker group might have stolen healthcare data for more than half of Norway’s population, according to reports in local press. The attack took place on January 8 and came to light this week when Health South-East RHF, a healthcare organization that manages hospitals in Norway’s southeast region, announced a security breach on its website.
Schneider Electric accidentally puts malware online that could shut down power plants. Nation state authored malware has been mistakenly put online that could enable hackers to compromise safety systems at power plants.
It’s amazing when you watch a lightbulb moment happen – especially when you’ve spent a great deal of your professional live devoted to it. Read more from CA Veracode's Chris Wysopal (@WeldPond).
Security researchers have discovered a flaw in the AMD PSP (Platform Security Processor), which could enable hackers to execute code in a security module that stores data such as passwords, certificates, and encryption keys.
Developers aren't choosing to ignore security issues - they don't have the skills or resources to create secure code due to a critical deficit in developer security training, especially how to manage vulnerable components effectively.
Chances that a fix to a major microchip security flaw may slow down or crash some computer systems are leading some businesses to hold off installing software patches, fearing the cure may be worse than the original problem.