720-891-1663

Most Third Party Libraries Never Updated After Included in a Codebase

Okay, you are probably tired of hearing me rant about software supply chain but it is a huge source of hacks. Big hacks like SolarWinds and Microsoft Exchange, but mostly small hacks that we never figure out what the source is. Reseachers looked at what developers actually do. The analyzed 13 million scans of 86,000 […]

Continue reading → [DISPLAY_ACURAX_ICONS]

Security News Bites for the Week Ending Aug 24, 2018

FBI Asks Google for Information on ALL People Near Certain Crimes Now that we know that Google tracks you even if you ask nicely for it not to, this news from BBC becomes more interesting. The FBI issued a search warrant to Google for information on all people within a 100 acre block around a […]

Continue reading → [DISPLAY_ACURAX_ICONS]

News Bites for Friday June 22, 2018

Latest Cost Estimates For Equifax Breach is $439 Million According to recent (March) tax filings, costs related to their breach are now $439 million, making the Equifax breach the costliest in US history.  Assuming insurance does pay, it would cover, at most, $125 million, leaving Equifax to write a check for $300  million plus.  Given […]

Continue reading → [DISPLAY_ACURAX_ICONS]

Software Supply Chain Attacks are Real

For those of you who have been reading my blog for some time, you know that I have written about the software supply chain security problem.  In a nutshell, the problem is that programmers rarely write code from zero anymore.  Instead teams write pieces of code and integrate it.  Then there is limited testing due […]

Continue reading → [DISPLAY_ACURAX_ICONS]

Russian AV Software Banned While FBI Uses Russian Fingerprint Software

Gene Kaspersky’s anti-virus software has been banned from being used by the Federal government mostly because an NSA software developer went “off the reservation”, took some classified software home and loaded it on a personally owned PC running Kaspersky’s AV software configured by the developer to share potentially malicious software with Kaspersky, thereby compromising an […]

Continue reading → [DISPLAY_ACURAX_ICONS]

Equifax, Trans Union and the Software Supply Chain

One more time, Equifax is in the news – but they are not alone! Users thought that Equifax had been hacked again because when customers went to a particular help page on their web site, they were redirected to a page directing them to download a malicious, fake, Adobe Flash update. Hopefully, no one is […]

Continue reading → [DISPLAY_ACURAX_ICONS]