I can honestly say that although referred to by the media as Shellshocked, I am neither shocked nor awed. I can’t say that I am a fan of the latest glorification of bugs like Heartbleed and Shellshock in a fashion similar to tropical storms, but if it gets more people to pay attention to the exponential growth of our reliance on software I can’t say I am too worked up about it either. One thing that is unarguable is that this just happens to be the latest (and if you are reading this before you have patched stop right now, patch, and then come back to finish).
I love watching TED Talks. To me, they are 15 well-spent minutes watching experts around the world provide great insights into things I thought I knew well. Some I had never imagined or topics on which I want to gain a deeper perspective.
Author Attribution: This post was written by a guest blogger: Mark Miller, Founder and Curator of Trusted Software Alliance. In a “50-in-50” interview on the Trusted Software Alliance site, Gary McGraw talked about the concept of ‘moving left’, or ‘shifting left’ when it comes to application security in the software life cycle. Traditional development leaves […]
The use of DevOps methodology and a structured process for integrating security into the development process is becoming more prevalent as large enterprises are seeing the benefits of a strategic alliance between development teams and operations. Instead of throwing the pig over the fence and hoping it turns into bacon by the time it touches […]
Apple fixes OS X flaw that allowed Java apps to run with plugin disabled. Apple released several security updates for its OS X operating system, as well as a new version of its malware removal tool. Source: http://threatpost.com/en_us/blogs/apple-fixes-os-x-flaw-allowed-javaapps-run-plugin-disabled-031513
Researchers have discovered a backdoor in some TP-Link routers that has the router download and execute a file when a specific URL is called. Source: http://www.h-online.com/security/news/item/Treacherous-backdoor-found-in-TPLink-routers-1822720.html
Android is home to 96% of new mobile malware. F-Secure’s latest Mobile Threat Report found that Android accounted for 96% of new mobile threats. Source: http://www.h-online.com/security/news/item/Report-Android-is-hometo-96-of-new-mobile-malware-1818594.html
The H – (International) PostgreSQL updates to close denial-of-service hole. The developers of PostgreSQL released updates to several versions of their products to address a misdeclared function that could allow a SQL command to crash PostgreSQL, among other issues. Source: http://www.h-online.com/security/news/item/PostgreSQL-updates-to-close-denial-of-service-hole-1799938.html
IDG News Service – (International) Barracuda moves to shutter backdoor access to its network gear. Barracuda Networks issued an update to close a vulnerability in its network security appliances that allowed unauthorized access through remote support backdoors. Source: http://www.computerworld.com/s/article/9236574/Barracuda_moves_to_shutter_backdoor_access_to_its_network_gear
Help Net Security – (National) Aerospace and defense firms targeted with clever spear phishing. A new spearphishing campaign is targeting directors, vice presidents, and other top management of companies in the aerospace and defense industry and the U.S. government via a malicious .PDF file, which, once opened, creates a permanent backdoor and exfiltrates data from […]