Vulnerabilities

Security cameras by the firm Axios were just one of potentially thousands of connected devices that harbor a software hole dubbed Devils Ivy. (Graphic courtesy of Axios.)

Security Camera Flaw could lurk in Thousands of Devices

In-brief: a vulnerability dubbed “Devil’s Ivy” affects hundreds of cameras by the firm Axios and – likely – thousands of other devices made by some of the world’s top technology brands. It’s another example of widespread software supply chain security risks.

A view of Kiev at night. NATO has said it will assist the government of Ukraine as it fends off persistent cyber attacks by Russian-based hacking groups.

After Petya, NATO will provide Cybersecurity Help to Ukraine

In-brief: NATO said it was extending support to Ukraine to help confront a rash of cyber attacks from Russian affiliated hacking forces. 

Heartbleed’s Heartburn: Why a 5 Year Old Vulnerability Continues to Bite

Heartbleed’s Heartburn: Why a 5 Year Old Vulnerability Continues to Bite

In-brief: more than three years after it was first discovered, the Heartbleed vulnerability in OpenSSL continues to plague organizations worldwide. Why has it been so hard to fix? In this Industry Perspective, Patrick Carey of the firm Black Duck talks about some of the complicating factors that make vulnerabilities like Heartbleed so hard to eradicate. 

Program code on dark background (selective focus)

Podcast: Michael Daniel on Cyber Diplomacy in the Age of Trump

In-brief: In an interview with The Security Ledger, former Obama Cybersecurity Advisor Michael Daniel weighs in on the changing US-Israel relationship, promoting cyber security talent in the U.S. and the future of the intelligence community’s ‘vulnerability equities’ program. 

Petya Malware is about wreaking Havoc, not collecting Ransom | The Register

Petya Malware is about wreaking Havoc, not collecting Ransom | The Register

In-brief: On Tuesday, a ransomware infection spread across Europe and even affected companies and systems as far away as the United States and Brazil. Iain Thomson at The Register breaks down the malware used in the attack, dubbed NotPetya because it disguises itself as the Petya ransomware, although in the end it seems it was designed to wreak havoc, not collect money.