I have been ranting about Software Bills of Material or SBoM for a while. This week I have two examples of why this is important – even critical. The first story is about a TCP/IP network stack and the vulnerability is called Amnesia:33. It impacts four open source libraries – uIP, FNET, picoTCP and Nut/Net. […]
Continue reading → [DISPLAY_ACURAX_ICONS]France Says it is Going Ahead with Digital Tax France has been complaining that U.S. companies (mostly) have not been paying their fair share of French taxes since they are not selling widgets that delivered in France, so they came up with this digital tax, a 3% tax on digital services delivered in France. They […]
Continue reading → [DISPLAY_ACURAX_ICONS]You would think that in 2020 we wouldn’t have to tell people not to use default passwords. You would certainly think that we wouldn’t have to tell government IT folks not to do that. But if you thought that, apparently, you would have thought wrong. We are still telling end users to change the password […]
Continue reading → [DISPLAY_ACURAX_ICONS]More than three-fourths of mobile banking vulnerabilities can be exploited without physical access to the phone. A new report from Positive Technologies has a number of sobering facts: 100 percent of mobile banking apps contain code vulnerabilities due to a lack of code obfuscation. NONE of the mobile banking apps tested had an acceptable level […]
Continue reading → [DISPLAY_ACURAX_ICONS]Akamai Sees Largest DDoS Attack Ever Cloudflare says that one of its customers was hit with a 1.44 terabit per second denial of service attack. A second attack topped 500 megabits per second. The used a variety of amplification techniques that required some custom coding on Akamai’s part to control, but the client was able […]
Continue reading → [DISPLAY_ACURAX_ICONS]Git, the software used by millions of software developers to manage their source code – the crown jewels of most corporations – is vulnerable to two different attacks. The first bug would allow a malicious attacker to overwrite code in folders where they should not be. The second bug allows an attacker to read arbitrary […]
Continue reading → [DISPLAY_ACURAX_ICONS]