Researchers at CyberX say they have found a way to sneak sensitive data off of industrial control system networks using radio frequency communications. The attack could be used to compromise so-called “air gapped” networks that are not connected to the Internet.
The hack of Uber and the loss of information on 57 million customers is just the latest security incident stemming from what our guest Elizabeth Lawler calls “DevOps secrets” – valuable credentials, APIs and other sensitive information that often end up exposed to the public as a result of lax continuous development operations. In this Spotlight Edition* of The Security Ledger Podcast, sponsored by CyberArk, we talk with Elizabeth about how to contain DevOps secrets and secure the secret super user lurking in modern organizations: highly privileged application code. Podcast: Play in new window | DownloadSubscribe: Android | RSS
China is doing a better job finding and disclosing information on software security holes…except when those vulnerabilities are high risk and might be used in targeted attacks. That, according to a report out Thursday by the firm Recorded Future.
In this, our 70th episode of The Security Ledger podcast, we speak withXu Zou of the Internet of Things security startup Zingbox about the challenges of securing medical devices and clinical networks from cyber attack. Also: we take a look at the turmoil that has erupted around the OWASP Top 10, a list of common application security foibles. And finally: open source management vendor Black Duck Software announced that it was being acquired for more than half a billion dollars. We sit down with Black Duck CEO Lou Shipley to talk about the software supply chain and to hear what’s next for his company.
Bleeping Computer reported that a new proposal submitted to the Internet Engineering Task Force (IETF) defines a secure framework for delivering firmware updates to Internet of Things (IoT) devices. Insecure software updates for embedded devices (aka ‘firmware’) have been a frequent source of security lapses on mobile and embedded devices like Internet connected webcams. Filed on October 30, the “IoT Firmware Update Architecture,” establishes security requirements for device makers to implement when designing firmware update mechanisms for connected devices. A familiar list of features The proposed rules include features that have long been recommended by security experts to permit safe handling of software updates. Among them the use of cryptographically signed updates and public key cryptography to provide end-to-end security and verify firmware images, as well as the ability to work with low-power and resource constrained IoT devices. Firmware has been the source of widespread security issues. For example, low-cost […]