In open source news this week: Heartbleed still hurts, Honda shuts down a car plant due to WannaCry, the Girl Scouts are offering cybersecurity badges and more.
Open Source Insight: NotPetya Strikes, Patching Is Vital for Risk ManagementBlack Duck by Synopsys
News about NotPetya is rebounding around the world this week as malware experts quickly determined that the resemblence to Petya is superficial. The consensus is now that NotPetya is a wiper, designed to inflict permanent damage, not ransomware as initially reported. Following closely on the heels of WannaCry incidents, NotPetya hit 64 countries by June 28, but with no kill switch available this time. Global cyberattacks such as these highlight the importance of cybersecurity everywhere, staying up to date on patches and ensuring that backups are up-to-date.
Open Source Insight: Top Picks for Black Hat, GDPR & Open Source Webinar, ...Black Duck by Synopsys
Vulnerability of the week is CVE-2017-7526, but news abounds on GDPR and Open Source, Medical Device security, container security tools, Black Hat USA & more.
Open Source Insight: Balancing Agility and Open Source Security for DevOpsBlack Duck by Synopsys
Lots of DevOps news this week, including why automation is critical for securing code, as well as balancing agility with security needs. Learn how to manage security in GitHub projects with CoPilot from Black Duck Software. Pre-GDPR, Carphone Warehouse gets hit with £400k fine over a 2015 hack. And why you should think like your attackers when developing your cybersecurity portfolio.
Read on for this week’s cybersecurity and open source security news in Open Source Insight!
Open Source Insight: Big Data Breaches, Costly Cyberattacks, Vuln Detection f...Black Duck by Synopsys
This week’s Open Source Insight features a powerful visualization tool displaying the world’s biggest data breaches at name brands such as Ebay, Equifax, Anthem, and Target. The White House and British Foreign Office have condemned a cyber-attack launched by the Russian military on Ukraine and hint at reprisals. Black Duck brings open source vulnerability detection to Kubernetes, and Synopsys will host Elevate, an evening thought leadership event at Embedded World 2018 featuring an elite group of international cyber security experts leading a discussion about IoT and embedded systems security threats and solutions.
Read on for all the open source security and cybersecurity news you need to know this week.
Open Source Insight: Equifax, Apache Struts, & CVE-2017-5638 VulnerabilityBlack Duck by Synopsys
It’s an all Equifax breach/Apache Struts/ CVE-2017-5638 issue of Open Source Insight this week as we examine how an unpatched open source flaw and an apparent lack of diligence exposed sensitive data for over 140 million US consumers. We look at what happened, how you can see if you’ve been affected by the breach, and discuss whether you should replace Struts with another framework.
Open Source Insight: Happy Birthday Open Source and Application Security for ...Black Duck by Synopsys
Opinions differ on exactly when, but open source turned twenty this year. Most security breaches in 2017 were preventable (you hear that, Equifax?), and it’s time to take a look back to prevent similar breaches in 2018. iPhone source code gets leaked (for a short time). And keeping medical devices, voting machines, automobiles, and critical infrastructure safe in a world of increasing application risk.
Read on for open source security and cybersecurity in Open Source Insight for February 9th, 2018.
It’s our second all-Equifax “Open Source Insight,” as the Equifax breach unfortunately still leads the cybersecurity and open source security news cycle this week. As the Equifax breach has shown, open source security risks are a daunting reality. But that breach should never have happened — a known, fixable open source vulnerability not being remediated.
Open source software — such as Apache Struts — comprises 80 to 90 percent of the code in modern applications, yet most organizations lack any visibility into the open source they are using. In response, Black Duck, the global leader in automated solutions for securing and managing open source software, announced this week the availability of a free-use tool that enables organizations to determine if they are at risk from the Apache Struts vulnerability that was exploited in the recent, high-profile Equifax breach.
Open Source Insight:GitHub Finds 4M Flaws, IAST Magic Quadrant, 2018 Open So...Black Duck by Synopsys
A big news week for Synopsys and Black Duck as Gartner releases the 2018 Gartner Magic Quadrant for Application Security Testing and the 2018 Open Source Rookies of the Year are announced. More on these stories and the hottest open source security and cybersecurity news in this week’s Open Source Insight!
Open Source Insight: NotPetya Strikes, Patching Is Vital for Risk ManagementBlack Duck by Synopsys
News about NotPetya is rebounding around the world this week as malware experts quickly determined that the resemblence to Petya is superficial. The consensus is now that NotPetya is a wiper, designed to inflict permanent damage, not ransomware as initially reported. Following closely on the heels of WannaCry incidents, NotPetya hit 64 countries by June 28, but with no kill switch available this time. Global cyberattacks such as these highlight the importance of cybersecurity everywhere, staying up to date on patches and ensuring that backups are up-to-date.
Open Source Insight: Top Picks for Black Hat, GDPR & Open Source Webinar, ...Black Duck by Synopsys
Vulnerability of the week is CVE-2017-7526, but news abounds on GDPR and Open Source, Medical Device security, container security tools, Black Hat USA & more.
Open Source Insight: Balancing Agility and Open Source Security for DevOpsBlack Duck by Synopsys
Lots of DevOps news this week, including why automation is critical for securing code, as well as balancing agility with security needs. Learn how to manage security in GitHub projects with CoPilot from Black Duck Software. Pre-GDPR, Carphone Warehouse gets hit with £400k fine over a 2015 hack. And why you should think like your attackers when developing your cybersecurity portfolio.
Read on for this week’s cybersecurity and open source security news in Open Source Insight!
Open Source Insight: Big Data Breaches, Costly Cyberattacks, Vuln Detection f...Black Duck by Synopsys
This week’s Open Source Insight features a powerful visualization tool displaying the world’s biggest data breaches at name brands such as Ebay, Equifax, Anthem, and Target. The White House and British Foreign Office have condemned a cyber-attack launched by the Russian military on Ukraine and hint at reprisals. Black Duck brings open source vulnerability detection to Kubernetes, and Synopsys will host Elevate, an evening thought leadership event at Embedded World 2018 featuring an elite group of international cyber security experts leading a discussion about IoT and embedded systems security threats and solutions.
Read on for all the open source security and cybersecurity news you need to know this week.
Open Source Insight: Equifax, Apache Struts, & CVE-2017-5638 VulnerabilityBlack Duck by Synopsys
It’s an all Equifax breach/Apache Struts/ CVE-2017-5638 issue of Open Source Insight this week as we examine how an unpatched open source flaw and an apparent lack of diligence exposed sensitive data for over 140 million US consumers. We look at what happened, how you can see if you’ve been affected by the breach, and discuss whether you should replace Struts with another framework.
Open Source Insight: Happy Birthday Open Source and Application Security for ...Black Duck by Synopsys
Opinions differ on exactly when, but open source turned twenty this year. Most security breaches in 2017 were preventable (you hear that, Equifax?), and it’s time to take a look back to prevent similar breaches in 2018. iPhone source code gets leaked (for a short time). And keeping medical devices, voting machines, automobiles, and critical infrastructure safe in a world of increasing application risk.
Read on for open source security and cybersecurity in Open Source Insight for February 9th, 2018.
It’s our second all-Equifax “Open Source Insight,” as the Equifax breach unfortunately still leads the cybersecurity and open source security news cycle this week. As the Equifax breach has shown, open source security risks are a daunting reality. But that breach should never have happened — a known, fixable open source vulnerability not being remediated.
Open source software — such as Apache Struts — comprises 80 to 90 percent of the code in modern applications, yet most organizations lack any visibility into the open source they are using. In response, Black Duck, the global leader in automated solutions for securing and managing open source software, announced this week the availability of a free-use tool that enables organizations to determine if they are at risk from the Apache Struts vulnerability that was exploited in the recent, high-profile Equifax breach.
Open Source Insight:GitHub Finds 4M Flaws, IAST Magic Quadrant, 2018 Open So...Black Duck by Synopsys
A big news week for Synopsys and Black Duck as Gartner releases the 2018 Gartner Magic Quadrant for Application Security Testing and the 2018 Open Source Rookies of the Year are announced. More on these stories and the hottest open source security and cybersecurity news in this week’s Open Source Insight!
Open Source Insight: AppSec for DevOps, Open Source vs Proprietary, Malicious...Black Duck by Synopsys
Welcome to the March 2nd edition of Open Source Insight from Black Duck by Synopsys! We look at places you’d never expect to find GDPR data, as well as answers to your most-frequently-asked GDPR questions. Synopsys Principal Scientist Sammy Migues explores why enterprises must have a software security program while Black Duck Technology Evangelist, Tim Mackey, takes a look at building application security into the heart of DevOps. Plus, a report that may give you nightmares on the malicious possibilities of AI. All the cybersecurity and open source security news fit to print lies ahead for your reading pleasure…
Open Source Insight: Amazon Servers Exposed Open Source & the Public Sector...Black Duck by Synopsys
This issue of Open Source Insight looks at how data leaks on Amazon servers may have exposed the personal information of 198 million American voters and 14 million Verizon customers. Is the federal cybersecurity infrastructure keeping up with threats?
Why do some many companies have problems keeping their software up to date? Are vulnerability tools up to snuff?
All this and more open source security and cybersecurity news…
An important part of RSAC 2020 focused on Business-Critical Application Security and we're seeing a transformational shift in technology. The enterprise architecture we used to know is changing. Cloud application development is accelerating and diversifying where many organizations have virtual machines, containers, and now serverless applications running in the cloud, transforming code into infrastructure. Microservices make a lot of sense for scale and development agility, but if everything is talking to everything else via APIs, it’s likely that there are many (and I mean many) application vulnerabilities. Additionally, API security is new, so processes are likely immature, and API security sits somewhere between application developers, DevOps, and cybersecurity, leading to organizational and skills challenges. We will organize this chaos from RSAC and discuss Security in The API Ecosystem.
Security is morphing to a hybrid model for distributed policy enforcement across cloud-based environments. At the same time, organizations want central policy management for the whole environment.
You will learn more about what I found interesting at RSAC:
1. “Emerging Privacy Issues”
2. “The Human Factor”
3. “Cloud Security”
4. “Advancements in Machine Learning”
5. “Security in App Development”
6. “Trends from the Innovation Sandbox”
7. “New Standards and Regulations”
8. “Security for The API Economy”
Intrusion detection and anomaly detection system using sequential pattern miningeSAT Journals
Abstract
Nowadays the security methods from password protected access up to firewalls which are used to secure the data as well as the networks from attackers. Several times these types of security methods are not enough to protect data. We can consider the use of Intrusion Detection Systems (IDS) is the one way to secure the data on critical systems. Most of the research work is going on the effectiveness and exactness of the intrusion detection, but these attempts are for the detection of the intrusions at the operating system and network level only. It is unable to detect the unexpected behavior of systems due to malicious transactions in databases. The method used for spotting any interferes on the information in the form of database known as database intrusion detection. It relies on enlisting the execution of a transaction. After that, if the recognized pattern is aside from those regular patterns actual is considered as an intrusion. But the identified problem with this process is that the accuracy algorithm which is used may not identify entire patterns. This type of challenges can affect in two ways. 1) Missing of the database with regular patterns. 2) The detection process neglects some new patterns. Therefore we proposed sequential data mining method by using new Modified Apriori Algorithm. The algorithm upturns the accurateness and rate of pattern detection by the process. The Apriori algorithm with modifications is used in the proposed model.
Keywords — Anomaly Detection, Modified Apriori Algorithm, Misuse detection, Sequential Pattern Mining
[CB20] Cleaning up the mess: discovery, monitoring, analysis, and notificatio...CODE BLUE
Tons of insecure IoT devices are out there and ready to be compromised to join next IoT botnet or misused in even more serious threats. Since many of them are unmanaged, the situation does not seem to improve naturally in a short term. This talk will focus on series of efforts on discovery, monitoring, analysis, and notification of these devices trying to clean up "the mess".
Open Source Insight: IoT, Medical Devices, Connected Cars All Vulnerable to ...Black Duck by Synopsys
Key cybersecurity and open source insight this week: The Internet of Things (IoT), pacemakers, and driverless/semi-autonomous vehicles (aka connected cars).
"The State of IoT Security" Keynote by Shawn Henry at Inform[ED] IoT SecurityCableLabs
Join Shawn Henry as he discusses his vision of IoT Security. What will be the impact of insecured IoT devices for consumers in the home, smart cities and other industrial and critical infrastructures? Looking forward five years, what is the landscape to consider?
Shawn Henry
President, CrowdStrike Services & CSO
https://www.cablelabs.com/informed/
The Threat Landscape in the Era of Directed Attacks - Webinar Kaspersky
These slides are an excerpt from a live Kaspersky Lab's webinar broadcast on 6th may 2014.
To get access to the full version of the webinar please visit http://ow.ly/whfar
More info is available at http://business.kaspersky.com/threat-landscape-in-the-era-of-targeted-attacks/
We at Kaspersky Lab believe that the online world should be free from attacks and state-sponsored espionage. And we've been standing by this belief for over 20 years, catching all kinds of cyberthreats, regardless of their origin.
Learn more about our principles of fighting cyberthreats and transparency from this brochure or on our web-site: https://www.kaspersky.com/about/transparency
BSidesLV 2018 - Katie Nickels and John Wunder - ATT&CKing the Status QuoKatie Nickels
Katie and John from the MITRE ATT&CK team present "ATT&CKing the Status Quo: Improving Threat Intelligence and Cyber Defense with MITRE ATT&CK" at BSidesLV 2018.
This is a quick review of the State of CyberSecurity industry in 2015, using insights and data from leader companies in the industry like Check Point Software Technologies, Cisco, Akamai, NowSecure, OpenDNS, Skyhigh Networks and more. The scope of the report is focused in four sectors: Mobile, Internet of Things, Cloud Security and Network Security.
La seguridad cibernética es claramente un tema de creciente importancia en estos días. La presentación invitará a reflexionar sobre la semántica de las palabras que usamos al hablar sobre seguridad cibernética, y lo guiará a través del mapa de perspectivas y metodologías hacia su propio camino para estar seguros y protegidos en el entorno digital. La charla se ajusta tanto para los líderes empresariales como técnicos.
Software piracy by users is generally believed to harm both software firms through lower profits and buying customers through higher prices . Thus, it is thought that perfect and cost less technological protection would benefit both firms and consumers. The model developed here suggests that in some circumstances, even with significant piracy, not protecting can be the best policy, both raising firm profits and lowering selling prices. Key to the analysis is joining the presence of a positive network security with the fact that piracy increases the total number of program users. The network security exists because consumers have an incentive to economize on post purchase learning and customization costs. Mrs. D. Seema Dev Aksatha | M. Blessing Marshal ""Software Piracy Protection"" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-3 | Issue-3 , April 2019,
URL: https://www.ijtsrd.com/papers/ijtsrd21705.pdf
Paper URL: https://www.ijtsrd.com/computer-science/computer-security/21705/software-piracy-protection/mrs-d-seema-dev-aksatha
Presentation from NRF Protect 2019: Retail's Loss Prevention and Cyber Risk Event.
Molly Pro & Harley Rohrbacher, Intelligence Analysts, NCFTA
Adam Hunt, CTO and Chief Data Scientist, RiskIQ
DJ Murphy, Editor-in-Chief, Security Portfolio, Reed Exhibitions
Open Source Insight: CVE–2017-9805, Equifax Breach & Wacky Open Source LicensesBlack Duck by Synopsys
Our vulnerability of the week is CVE-2017-9805, which resides in Apache Struts’ REST plugin, a must-have in almost all Struts enterprise deployments. Attackers can exploit the bug via HTTP requests or via any other socket connection, with a public exploit published on Thursday. Happily, on Monday the Apache Struts team released Apache Struts v2.5.13, which includes a fix for CVE-2017-9805. As always, the byword of the week is “patch and update.”
Also looming large in this week’s news is the massive cyber-break-in at Equifax, where highly sensitive personal and financial information for around 143 million U.S. consumers (the editor apparently being among those affected) was compromised.
Open Source Insight: OWASP Top 10, Red Hat OpenShift News, & Gmail Phishing ScamBlack Duck by Synopsys
On Wednesday, a worm started spreading around Gmail that suggested to users a friend or colleague was trying to share a Google Doc. Google has already disabled the offending accounts (only 0.1 percent were affected), and that it was able to stop the worm within an hour. We should take this as a wake-up that we're all potentially vulnerable to attack.
This week’s open source and open source security news includes stories on the eternal “open source good / bad” debate; 5 reasons why enterprises should be using open source; news from Red Hat Summit; and what CISOs need to known about cybersecurity.
CVE Numbers from the NVD: 1590 entries for April 2017; 50 entries currently for the month of May; a total of 5,238 reports to date for 2017.
Open Source Insight: AppSec for DevOps, Open Source vs Proprietary, Malicious...Black Duck by Synopsys
Welcome to the March 2nd edition of Open Source Insight from Black Duck by Synopsys! We look at places you’d never expect to find GDPR data, as well as answers to your most-frequently-asked GDPR questions. Synopsys Principal Scientist Sammy Migues explores why enterprises must have a software security program while Black Duck Technology Evangelist, Tim Mackey, takes a look at building application security into the heart of DevOps. Plus, a report that may give you nightmares on the malicious possibilities of AI. All the cybersecurity and open source security news fit to print lies ahead for your reading pleasure…
Open Source Insight: Amazon Servers Exposed Open Source & the Public Sector...Black Duck by Synopsys
This issue of Open Source Insight looks at how data leaks on Amazon servers may have exposed the personal information of 198 million American voters and 14 million Verizon customers. Is the federal cybersecurity infrastructure keeping up with threats?
Why do some many companies have problems keeping their software up to date? Are vulnerability tools up to snuff?
All this and more open source security and cybersecurity news…
An important part of RSAC 2020 focused on Business-Critical Application Security and we're seeing a transformational shift in technology. The enterprise architecture we used to know is changing. Cloud application development is accelerating and diversifying where many organizations have virtual machines, containers, and now serverless applications running in the cloud, transforming code into infrastructure. Microservices make a lot of sense for scale and development agility, but if everything is talking to everything else via APIs, it’s likely that there are many (and I mean many) application vulnerabilities. Additionally, API security is new, so processes are likely immature, and API security sits somewhere between application developers, DevOps, and cybersecurity, leading to organizational and skills challenges. We will organize this chaos from RSAC and discuss Security in The API Ecosystem.
Security is morphing to a hybrid model for distributed policy enforcement across cloud-based environments. At the same time, organizations want central policy management for the whole environment.
You will learn more about what I found interesting at RSAC:
1. “Emerging Privacy Issues”
2. “The Human Factor”
3. “Cloud Security”
4. “Advancements in Machine Learning”
5. “Security in App Development”
6. “Trends from the Innovation Sandbox”
7. “New Standards and Regulations”
8. “Security for The API Economy”
Intrusion detection and anomaly detection system using sequential pattern miningeSAT Journals
Abstract
Nowadays the security methods from password protected access up to firewalls which are used to secure the data as well as the networks from attackers. Several times these types of security methods are not enough to protect data. We can consider the use of Intrusion Detection Systems (IDS) is the one way to secure the data on critical systems. Most of the research work is going on the effectiveness and exactness of the intrusion detection, but these attempts are for the detection of the intrusions at the operating system and network level only. It is unable to detect the unexpected behavior of systems due to malicious transactions in databases. The method used for spotting any interferes on the information in the form of database known as database intrusion detection. It relies on enlisting the execution of a transaction. After that, if the recognized pattern is aside from those regular patterns actual is considered as an intrusion. But the identified problem with this process is that the accuracy algorithm which is used may not identify entire patterns. This type of challenges can affect in two ways. 1) Missing of the database with regular patterns. 2) The detection process neglects some new patterns. Therefore we proposed sequential data mining method by using new Modified Apriori Algorithm. The algorithm upturns the accurateness and rate of pattern detection by the process. The Apriori algorithm with modifications is used in the proposed model.
Keywords — Anomaly Detection, Modified Apriori Algorithm, Misuse detection, Sequential Pattern Mining
[CB20] Cleaning up the mess: discovery, monitoring, analysis, and notificatio...CODE BLUE
Tons of insecure IoT devices are out there and ready to be compromised to join next IoT botnet or misused in even more serious threats. Since many of them are unmanaged, the situation does not seem to improve naturally in a short term. This talk will focus on series of efforts on discovery, monitoring, analysis, and notification of these devices trying to clean up "the mess".
Open Source Insight: IoT, Medical Devices, Connected Cars All Vulnerable to ...Black Duck by Synopsys
Key cybersecurity and open source insight this week: The Internet of Things (IoT), pacemakers, and driverless/semi-autonomous vehicles (aka connected cars).
"The State of IoT Security" Keynote by Shawn Henry at Inform[ED] IoT SecurityCableLabs
Join Shawn Henry as he discusses his vision of IoT Security. What will be the impact of insecured IoT devices for consumers in the home, smart cities and other industrial and critical infrastructures? Looking forward five years, what is the landscape to consider?
Shawn Henry
President, CrowdStrike Services & CSO
https://www.cablelabs.com/informed/
The Threat Landscape in the Era of Directed Attacks - Webinar Kaspersky
These slides are an excerpt from a live Kaspersky Lab's webinar broadcast on 6th may 2014.
To get access to the full version of the webinar please visit http://ow.ly/whfar
More info is available at http://business.kaspersky.com/threat-landscape-in-the-era-of-targeted-attacks/
We at Kaspersky Lab believe that the online world should be free from attacks and state-sponsored espionage. And we've been standing by this belief for over 20 years, catching all kinds of cyberthreats, regardless of their origin.
Learn more about our principles of fighting cyberthreats and transparency from this brochure or on our web-site: https://www.kaspersky.com/about/transparency
BSidesLV 2018 - Katie Nickels and John Wunder - ATT&CKing the Status QuoKatie Nickels
Katie and John from the MITRE ATT&CK team present "ATT&CKing the Status Quo: Improving Threat Intelligence and Cyber Defense with MITRE ATT&CK" at BSidesLV 2018.
This is a quick review of the State of CyberSecurity industry in 2015, using insights and data from leader companies in the industry like Check Point Software Technologies, Cisco, Akamai, NowSecure, OpenDNS, Skyhigh Networks and more. The scope of the report is focused in four sectors: Mobile, Internet of Things, Cloud Security and Network Security.
La seguridad cibernética es claramente un tema de creciente importancia en estos días. La presentación invitará a reflexionar sobre la semántica de las palabras que usamos al hablar sobre seguridad cibernética, y lo guiará a través del mapa de perspectivas y metodologías hacia su propio camino para estar seguros y protegidos en el entorno digital. La charla se ajusta tanto para los líderes empresariales como técnicos.
Software piracy by users is generally believed to harm both software firms through lower profits and buying customers through higher prices . Thus, it is thought that perfect and cost less technological protection would benefit both firms and consumers. The model developed here suggests that in some circumstances, even with significant piracy, not protecting can be the best policy, both raising firm profits and lowering selling prices. Key to the analysis is joining the presence of a positive network security with the fact that piracy increases the total number of program users. The network security exists because consumers have an incentive to economize on post purchase learning and customization costs. Mrs. D. Seema Dev Aksatha | M. Blessing Marshal ""Software Piracy Protection"" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-3 | Issue-3 , April 2019,
URL: https://www.ijtsrd.com/papers/ijtsrd21705.pdf
Paper URL: https://www.ijtsrd.com/computer-science/computer-security/21705/software-piracy-protection/mrs-d-seema-dev-aksatha
Presentation from NRF Protect 2019: Retail's Loss Prevention and Cyber Risk Event.
Molly Pro & Harley Rohrbacher, Intelligence Analysts, NCFTA
Adam Hunt, CTO and Chief Data Scientist, RiskIQ
DJ Murphy, Editor-in-Chief, Security Portfolio, Reed Exhibitions
Open Source Insight: CVE–2017-9805, Equifax Breach & Wacky Open Source LicensesBlack Duck by Synopsys
Our vulnerability of the week is CVE-2017-9805, which resides in Apache Struts’ REST plugin, a must-have in almost all Struts enterprise deployments. Attackers can exploit the bug via HTTP requests or via any other socket connection, with a public exploit published on Thursday. Happily, on Monday the Apache Struts team released Apache Struts v2.5.13, which includes a fix for CVE-2017-9805. As always, the byword of the week is “patch and update.”
Also looming large in this week’s news is the massive cyber-break-in at Equifax, where highly sensitive personal and financial information for around 143 million U.S. consumers (the editor apparently being among those affected) was compromised.
Open Source Insight: OWASP Top 10, Red Hat OpenShift News, & Gmail Phishing ScamBlack Duck by Synopsys
On Wednesday, a worm started spreading around Gmail that suggested to users a friend or colleague was trying to share a Google Doc. Google has already disabled the offending accounts (only 0.1 percent were affected), and that it was able to stop the worm within an hour. We should take this as a wake-up that we're all potentially vulnerable to attack.
This week’s open source and open source security news includes stories on the eternal “open source good / bad” debate; 5 reasons why enterprises should be using open source; news from Red Hat Summit; and what CISOs need to known about cybersecurity.
CVE Numbers from the NVD: 1590 entries for April 2017; 50 entries currently for the month of May; a total of 5,238 reports to date for 2017.
Open Source Insight: Drupageddon, Heartbleed Problems & Open Source 360 Surve...Black Duck by Synopsys
Open source insight this week on CVE-2014-3704, aka “Drupageddon” and CVE-2014-0160, the everlasting Heartbleed, plus results of our Open Source 360 Survey.
Open Source Insight: Hospital, Medical Devices, Banking, and Automotive Cyber...Black Duck by Synopsys
A wide spectrum of cybersecurity and open source security news in this week’s Open Source Insight, including the need for hospitals to ramp up their cybersecurity efforts; the need to include open source security in any plan to secure medical devices; a major data breach at Italian bank Unicredit; two Black Duck executives share their views on open source security in video interviews; and why the automotive industry many be close to an iPhone moment.
Open Source Insight: Security Breaches and Cryptocurrency Dominating NewsBlack Duck by Synopsys
This week in Open Source Insight we examine blockchain security and the cryptocurrency boom. Plus, take an in depth look at open source software in tech contracts with a legal expert from Tech Contracts Academy, Adobe Flash Player continues to be a security concern, the Open Source Initiative turns 20, and step by step instructions for migrating to Docker on Black Duck Hub. Cybersecurity and security breach news also dominates this week, as Synopsys examines security breaches in 2017 and how they were preventable.
Open Source Insight: Struts in VMware, Law Firm Cybersecurity, Hospital Data ...Black Duck by Synopsys
The need for cybersecurity vigilance is the overarching theme of this week’s news, as Google OSS-Fuzz finds more than 1,000 bugs, with 264 of them flagged as potential security bugs. The vuln that just keeps on strutting has impacted VMware products. Thousands of patient records are leaked in a New York Hospital data breach. More hospital data breaches may be imminent in the NHS Ransomware attacks announced today.
Open Source Insight: You Can’t Beat Hackers and the Pentagon Moves into Open...Black Duck by Synopsys
We take a deep dive into security researchers Charlie Miller and Chris Valasek’s keynote at last week’s FLIGHT 2017 conference. What is “Hidden Cobra” and is it targeting US aerospace, telecommunications and finance industries? Both banks and the Pentagon are making big moves into open source. And why it’s smart to assume that every application is an on-premise application.
The best of November’s application security and open security news (so far) follows in this week’s edition of Open Source Insight.
Open Source Insight: Paraskevidekatriaphobia, Web APIs, Jeep Hacking, More ...Black Duck by Synopsys
On this Friday the 13th, the paraskevidekatriaphobia edition of Open Source Insight delves into scary software exploits like jeep hacking and data breaches. October is Cybersecurity Awareness Month, but how aware and cybersecure are the businesses holding our personal data? Black Duck joins forces with Google to clean up software supply chains. If it’s not one thing it’s two things for Equifax. Ten steps you need to take now to comply with GDPR. And Black Duck’s new Hub plugin to Visual Studio IDE.
Open Source Insight: CVE-2017-2636 Vuln of the Week & UK National Cyber Secur...Black Duck by Synopsys
Seldom a month goes by where the NVD entries don’t break 1,000, and March 2017 is no exception. The vulnerability of the week is CVE-2017-2636, a serious security flaw in Linux kernel that appears to have been around since 2009. More on that story follows.
Open Source Insight: HBO, Voting Machines & Car Washes Hacked & Black Hat /...Black Duck by Synopsys
While there’s been plenty of attention focused on possible hacks with vehicles, a group of security researchers recently found vulnerabilities in internet-connected, drive-through car washes. Voting machines are hacked in less than 90 minutes at DEFCON. Is Shodan the world’s scariest search engine? How did HBO get hacked? And Black Duck reports record revenue and record revenue growth for the first half of 2017.
Open Source Insight: Securing Software Stacks, Election Security, FDA Pacema...Black Duck by Synopsys
This week in open source, hidden threats are learning in otherwise secure software stacks, open source software won't ensure election security, machine learning and open source. Plus three reasons cybersecurity may never catch up to cybercrime, 465k pacemakers are recalled and software teams have something to learn from building radar detectors.
Open Source Insight: Global Response to COSRI 2017 Open Source Security and R...Black Duck by Synopsys
Many Black Duck-related news stories in this week’s edition of Open Source Insight, thanks to the release of our 2017 Open Source Security and Risk Analysis detailing significant cross-industry risks related to open source vulnerabilities and license compliance challenges.
Black Duck conducts hundreds of open source code audits annually, primarily related to merger and acquisition transactions. For the 2017 analysis, our Center for Open Source Research & Innovation (COSRI) analyzed over 1,000 applications and found both high levels of open source usage — 96% of the apps examined contained open source — and significant risk to open source security vulnerabilities — more than 60% of the apps contained open source security vulnerabilities. All security professionals concerned about vulnerabilities and license compliance will want to review the report, which can be downloaded from the Black Duck website.
Emphasizing the need to stay on top of software security vulnerabilities is the NVD CVE listing for the month of April 2017, which now exceeds 900 entries, including CVE-2016-4899, a high to critical flaw where the datamover module in the Linux version of NovaBACKUP DataCenter before 09.06.03.0353 is vulnerable to remote command execution via unspecified attack vectors.
On to this week’s top open source and open source security news…
Impact of counterfeits on electronics companiesNEW Momentum
Outsourcing and globalization have numerous benefits, but there is a downside—the proliferation of counterfeits and sales through unauthorized channels. This paper demonstrates the impact of counterfeits on electronics companies and gives solutions for finding the violators as well as a four-step roadmap for recovering revenue lost to counterfeits.
Impact of counterfeits on electronics companiesNEW Momentum
Outsourcing and globalization have numerous benefits, but there is a downside—the proliferation of counterfeits and sales through unauthorized channels. This paper demonstrates the impact of counterfeits on electronics companies and gives solutions for finding the violators as well as a four-step roadmap for recovering revenue lost to counterfeits.
Open Source Insight: Samba Vulnerability, Connected Car Risks, and Are You R...Black Duck by Synopsys
Open source insight into the Samba vulnerability, four risks in connected cars, and how the General Data Protection Regulation (GDPR) may impact you. Plus much more - read on.
TECHNICAL WHITE PAPER▶ Symantec Website Security Threat ReportSymantec
The biggest story in 2014 was, of course, the Heartbleed bug, which shook the foundations of Internet security. This wasn’t about criminals being clever; it was about the inherent vulnerabilities of human-built software, and it reminded everyone of the need for vigilance, better implementation, and more diligent website security.
Of course, while Heartbleed hit the headlines, criminals were still hard at work making their own opportunities for exploitation, theft and disruption. 2014 saw criminals grow more professional, sophisticated, and aggressive in their tactics to the detriment of businesses and individuals alike.
This week we have news on the upcoming Red Hat Summit, an updated OWASP Top 10, technical due diligence, World IP Day and more. We continue to see coverage of our 2017 Open Source Security and Risk Analysis, outlining risks related to not maintaining open source components and license compliance.
Similar to Open Source Insight: Heartbleed Results in £100,000 fine, WannaCry Hits Japan, Malware Targets Restaurants (20)
Flight WEST 2018 Presentation - A Buyer Investor Playbook for Successfully Na...Black Duck by Synopsys
Anthony Decicco, shareholder, GTC Law Group presented at FLIGHT West 2018. His session description included:
A buyer and investor focused discussion of key open source software-related issues and deal points. Understanding the key legal and technical risks, as well as strategies for mitigating them, will help you to focus due diligence, speed and smooth negotiations and get better deal terms, increasing overall value and avoiding post-transaction surprises.
For more information, please visit us at www.blackducksoftware.com
FLIGHT WEST 2018 Presentation - Continuous Monitoring of Open Source Componen...Black Duck by Synopsys
Basma Shahadat, Lead Research Engineer presented at Black Duck Flight West 2018. Security checking in the early stages of the SDLC is critical. This session will demonstrate how Proofpoint is taking proactive steps to reduce risk by integrating Black Duck into Proofpoint’s continuous integration pipeline to detect open source vulnerabilities during the product build. For more information, please visit us at https://www.blackducksoftware.com/
FLIGHT WEST 2018 Presentation - Integrating Security into Your Development an...Black Duck by Synopsys
Utsav Sanghani, Product Manager, Integrations and Alliance at Synopsys presented on how to "Black Duck your Code Faster with Black Duck Integrations." For more information, please visit www.blackducksoftware.com
Black Duck On-Demand-Audits von über 1.100
kommerziellen Anwendungen im Jahr 2017
verdeutlichen die ständigen Herausforderungen, vor
denen Unternehmen stehen, um Open Source effektiv
zu erkennen und zu sichern.
FLIGHT Amsterdam Presentation - Open Source, IP and Trade Secrets: An Impossi...Black Duck by Synopsys
At Flight Amsterdam, Fenna Douwenga, Associate, Bird & Bird provided practical tips on open source licenses, intellectual property rights, and trade secrets. During the presentation Fenna reviewed, everlasting conflict between patents, copyright and open source and how it can be overcome. Additionally, the new European Trade Secrets Directive was discussed and how some of the requirements therein may for instance conflict with the GNU General Public license. Furthermore, a quick outline of the influence of Brexit on licenses closed under UK law was given and how potential problems can be prevented.
FLIGHT Amsterdam Presentation - Data Breaches and the Law: A Practical GuideBlack Duck by Synopsys
Flight Amsterdam Presentation by Daniel Hedley and Georgie Collins, Partners, Irwin Mitchell looked at the intersection of the GDPR and open source software management and the laws which govern how organisations must respond to data breaches (including GDPR and NISD), how to prepare for a data breach, and what to do if the worst happens.
FLIGHT Amsterdam Presentation - Don’t Let Open Source Software Kill Your DealBlack Duck by Synopsys
Flight Amsterdam presentation by Anthony Decicco, Shareholder, GTC Law Group
Open source software is increasingly centric to transactions, whether licensing, mergers, acquisitions, financing, insurance, offerings or loans, and the deal landscape is changing with the prevalence of representation and warranty insurance, heightened focus on security vulnerabilities and increasing litigation. As such, it is important to understand and re-visit key open source software-related issues and deal points to accelerate your deal, avoid unnecessary due diligence and realize the most value from your open source software-related compliance efforts.
Open Source Insight: Securing IoT, Atlanta Ransomware Attack, Congress on Cyb...Black Duck by Synopsys
The Black Duck blog and Open Source Insight become part of the Synopsys Software Integrity blog in early April. You’ll still get the latest open source security and license compliance news, insights, and opinions you’ve come to expect, plus the latest software security trends, news, tips, best practices, and thought leadership every week. Don’t delay, subscribe today! Now on to this week’s open source security and cybersecurity news.
2018 is the Open Source Rookies report’s 10th anniversary, brought to you by Black Duck by Synopsys. This infographic shows the impressive number of projects started in 2017 and the distribution across the world and a wide range of categories. Narrowing them down was hard! The open source community continues to produce innovative and influential open source projects.
Open Source Insight: Who Owns Linux? TRITON Attack, App Security Testing, Fut...Black Duck by Synopsys
We look at the three reasons you must attend the FLIGHT Amsterdam conference; how to build outstanding projects in the open source community; and why isn’t every app being security tested? Plus, in-depth into the TRITON attack; why 2018 is the year of open source; how open source is driving both IoT and AI and a webinar on the 2018 Open Source Rookies of the Year.
Open Source Insight is your weekly news resource for open source security and cybersecurity news!
Open Source Insight: SCA for DevOps, DHS Security, Securing Open Source for G...Black Duck by Synopsys
It’s an acronym-filled issue of Open Source Insight, as we look at the question of SCA (software composition analysis) and how it fits into the DevOps environment. The DHS (Department of Homeland Security) has concerning security gaps, according to its OIG (Office of Inspector General). Can the CVE (Common Vulnerabilities and Exposures) gap be closed? The GDPR (General Data Protection Regulation) is bearing down on us like a freight train, and it’s past time to include open source security into your GDPR plans.
Plus, an intro to the Open Hub community, looking at security for blockchain apps, and best practices for open source security in container environments are all featured in this week’s cybersecurity and open source security news.
Principal engineer at MITRE, Bob Martin, examines the potential security issues introduced by the Internet of Things and proactive measures you can take to address those issues.
Open Source Insight:IoT Security, Tech Due Diligence, and Software Security ...Black Duck by Synopsys
A grab-bag of open source security and cybersecurity news is in this week’s edition of Open Source Insight. Is “many eyeballs” not enough? Some security researchers think Linus’ Law doesn’t work anymore. Black Duck by Synopsys kicks off a new video series with MITRE IoT expert, Bob Martin. Learn how open source tech due diligence helped one company close a deal securely. Should “Privacy Day” be renamed to “Lack of Privacy” day? Plus, an eye-catching infographic on how too little software security training is putting many companies at risk.
Open Source Insight:Banking and Open Source, 2018 CISO Report, GDPR LoomingBlack Duck by Synopsys
Cybercriminals are expected to extend their threat deeper into ransomware and IoT. In a just-released report, Synopsys examines the four “tribes” of CISOs, and the characteristics of each. A link to the complimentary report is below. And with the GDPR going into force in just four months, businesses are scrambling for compliance.
All these cybersecurity stories and more in the January 19th edition of Open Source Insight.
Open Source Insight: Meltdown, Spectre Security Flaws “Impact Everything”Black Duck by Synopsys
Welcome to 2018, with two major security flaws revealed that makes any computer device that has chips from Intel, AMD and ARM at risk. One security flaw, dubbed Meltdown, impacts Intel semiconductors, enabling enabling bad guys to steal passwords. The other security flaw, Spectre, impacts chips from all three companies. During an interview with CNBC covered by Reuters, Intel’s chief executive noted that “Phones, PCs, everything are going to have some impact, but it’ll vary from product to product.”
In other cybersecurity news, we look at 10 open source technologies you need to know about, cybersecurity predictions for 2018, and an interesting white paper published by the University of Michigan on identifying cybersecurity threats in connected vehicles.
Open Source Insight:2017 Top 10 IT Security Stories, Breaches, and Predictio...Black Duck by Synopsys
We’re winding up 2017 with the leading security stories of the year, as well as what 2018 might bring in terms of open source and cybersecurity. Several Black Duck and Synopsys’ bloggers weigh in with articles ranging from the need of SCA (software composition analysis), through how developers can navigate the sometimes stormy seas of software security, to addressing the issues of open source in tech contracts.
From Black Duck Software and Synopsys, we wish you a happy holiday season and will see you again in 2018!
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.
Let's dive deeper into the world of ODC! Ricardo Alves (OutSystems) will join us to tell all about the new Data Fabric. After that, Sezen de Bruijn (OutSystems) will get into the details on how to best design a sturdy architecture within ODC.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
Open Source Insight: Heartbleed Results in £100,000 fine, WannaCry Hits Japan, Malware Targets Restaurants
1. Open Source Insight:
Heartbleed Results in £100,000 fine,
WannaCry Hits Japan, Malware Targets Restaurants
By Fred Bals, Senior Content Writer & Editor
2. Cybersecurity News This Week
The patch for CVE-2014-0160, better known as
Heartbleed, has been available since 2014, however
some applications continue to include vulnerable
versions of OpenSSL (versions 1.0.1-1.0.1f), making
Heartbleed still one of the most dangerous
vulnerabilities in the wild, as one local authority in the
UK learned.
In other cybersecurity and open source news: Honda
shuts down a car plant due to WannaCry. The
potential risks of open source are broader than just
license compliance. Girl Scouts to offer cybersecurity
badges. And even restaurants aren’t safe from malware.
3. • Honda Halts Japan Car Plant After WannaCry Virus Hits Computer
Network
• GDPR, OpenSSL, Heartbleed and a Cascade of Security Breaches
• Hackers, Beware! Girl Scouts To Offer Cybersecurity Badges
• Why The Last Thing Open Source Needs Is More Corporate
Oversight
• 3 Examples of Why Permissive Licenses Deserve a Little Respect
• Black Duck Selected as a 2017 US-Ireland Top 50 Company
• Fileless Malware Targeting US Restaurants Went Undetected by
Most AV
• A Cyberattack ‘the World Isn’t Ready For’
Open Source News
4. Honda Halts Japan Car Plant After WannaCry Virus
Hits Computer Network
via Reuters: Honda discovered on Sunday that the virus had
affected networks across Japan, North America, Europe, China and
other regions, a spokeswoman said, despite efforts to secure its
systems in mid-May when the virus caused widespread disruption at
plants, hospitals and shops worldwide.
5. via Black Duck blog (Fred Bals): Even
though Heartbleed was discovered over
three years ago, and IT staff at the council
flagged the need to update the software, a
patch issued for the software was never
applied. Gloucester City Council “did not
have sufficient processes in place to ensure
its systems had been updated while changes
to suppliers were made,” said the entity
imposing the £100,000 fine, UK's Information
Commissioner's Office (ICO).
GDPR, OpenSSL, Heartbleed and a
Cascade of Security Breaches
6. via USA TODAY: Girl Scouts of the USA and Palo
Alto Networks have announced a collaboration
to introduce a series of 18 cybersecurity badges
for girls K-12. The badges, which will help
Scouts explore opportunities in STEM (science,
technology, engineering and math) while
building leadership skills, will be available to
earn beginning in September 2018.
Hackers, Beware! Girl Scouts To Offer
Cybersecurity Badges
7. Why The Last Thing Open Source Needs Is
More Corporate Oversight
via TechRepublic: According
to a new Black Duck survey,
developers can't get enough of
open source, ramping up open
source adoption by 60% last
year. Why the uptick? A
whopping 84% cited superior
cost savings, ease-of-access,
and no vendor lock-in.
8. via ZDnet: Released on Thursday, the survey,
made up of 819 US and EMEA software
developers, IT professionals, security experts,
and systems architects, says that in the last year
there has been a significant uptake in the use of
open-source software with almost 60 percent of
respondents saying their organizations make
use of open-source community-based
development.
Open-source Software Management
Fails to Meet Security Concerns
9. 3 Examples of Why Permissive
Licenses Deserve a Little Respect
via Black Duck blog (Phil Odence): To the extent that tech
companies manage open source risks, their primary focus tends to
be on reciprocal licenses and the GPL in particular. As I've
discussed earlier, the potential risks of open source are broader
than just license compliance. Additionally, there are other licenses
to consider beyond the GPL. Even permissive licenses deserve a
little respect.
10. viaTechBuzzIreland: Black Duck Software
has been named a US-Ireland Top 50
Company by The Irish Echo, the USA’s
largest and most widely read Irish American
weekly. Black Duck was presented with the
award honoring 50 major companies with
operations in the US and Ireland during the
New York/New Belfast Investment
Conference at Pier A, Harbor House in New
York City.
Black Duck Selected as a 2017 US-Ireland
Top 50 Company
11. Fileless Malware Targeting US Restaurants
Went Undetected by Most AV
via Ars Technica: Researchers have detected a brazen attack on
restaurants across the United States that uses a relatively new
technique to keep its malware undetected by virtually all antivirus
products on the market.
12. via NY Times: “I don’t pursue every attacker,
just the ones that piss me off. This pissed me off
and, more importantly, it pissed my wife off,
which is the real litmus test.”
A Cyberattack
‘the World Isn’t Ready For’
13. Subscribe
Stay up to date on open source security and cybersecurity –
subscribe to our blog today.