I have been talking a lot about supply chain risk lately and there is a good reason. From open source products with backdoors like Webmin or Rubygems to NotPetya a few years ago which shut down many companies around the world to the recent attacks against SolarWinds or Centreon, supply chain attacks are running rampant. […]
Continue reading → [DISPLAY_ACURAX_ICONS]Companies like Microsoft, Lenovo, GE, Nintendo and many others have created publicly visible repositories on places like Github. Some of these buckets are empty and some may legitimately be intended to be public. But those that contain access credentials – userids, passwords and API keys – likely are NOT intended to be public. Some of […]
Continue reading → [DISPLAY_ACURAX_ICONS]More than three-fourths of mobile banking vulnerabilities can be exploited without physical access to the phone. A new report from Positive Technologies has a number of sobering facts: 100 percent of mobile banking apps contain code vulnerabilities due to a lack of code obfuscation. NONE of the mobile banking apps tested had an acceptable level […]
Continue reading → [DISPLAY_ACURAX_ICONS]Akamai Sees Largest DDoS Attack Ever Cloudflare says that one of its customers was hit with a 1.44 terabit per second denial of service attack. A second attack topped 500 megabits per second. The used a variety of amplification techniques that required some custom coding on Akamai’s part to control, but the client was able […]
Continue reading → [DISPLAY_ACURAX_ICONS]In late 2015 Juniper announced that it had found two backdoors in the router and firewall appliances that it sells. Backdoors are unauthorized ways to get into these systems in a way that bypasses security. Kind of like going around to the back of the house and finding the kitchen door unlocked when no one […]
Continue reading → [DISPLAY_ACURAX_ICONS]For those of you who have been reading my blog for some time, you know that I have written about the software supply chain security problem. In a nutshell, the problem is that programmers rarely write code from zero anymore. Instead teams write pieces of code and integrate it. Then there is limited testing due […]
Continue reading → [DISPLAY_ACURAX_ICONS]