Open source insight into the Samba vulnerability, four risks in connected cars, and how the General Data Protection Regulation (GDPR) may impact you. Plus much more - read on.
Open Source Insight: Artifex Ruling, NY Cybersecurity Regs, PATCH Act, & Wan...Black Duck by Synopsys
This week’s news is dominated by fall-out and reaction from last week’s WannaCrypt/WannaCry attacks, of course, but other open source and cybersecurity stories you won’t want to miss, including an important open source ruling that confirms the enforceability of dual licensing, what New York’s new cybersecurity regulations mean for Financial Services and
the PATCH Act and the creation of a vulnerabilities equities process
Open Source Insight: GDPR Best Practices, Struts RCE Vulns, SAST, DAST & Equ...Black Duck by Synopsys
COSRI research director Chris Fearon makes the case that Equifax was either unaware of or slow to respond to reports of known critical vulnerabilities in their system, and as a result had not upgraded to safer versions. That opinion was later proven out by Congressional hearings into the breach, as Fred Bals relates in his blog on whether SAST and DAST fell down on the job for Equifax. Black Duck VP and General Counsel, Matt Jacobs partners with Irwin Mitchell’s Dan Headley to review what GDPR will mean for open source code. Is open source more dangerous than Windows? And Larry Ellison claims Oracle could have saved Equifax from much heartache in this week’s open source security and cybersecurity news wrap.
As telcos go digital, cybersecurity risks intensify by pwcMert Akın
globalaviationairospace.com
Cyber security for telecommunications companies
The rewards and risks of the cloud, devices, and data
The fastest growing sources of security incidents, increase over 2013
Security strategies for evolving technologies
Strategic initiatives to improve cybersecurity
An assessment of UK cyber resilience across the commercial sector. The report highlights information disclosure, as used by hackers to construct attack intelligence.
Open Source Insight: Artifex Ruling, NY Cybersecurity Regs, PATCH Act, & Wan...Black Duck by Synopsys
This week’s news is dominated by fall-out and reaction from last week’s WannaCrypt/WannaCry attacks, of course, but other open source and cybersecurity stories you won’t want to miss, including an important open source ruling that confirms the enforceability of dual licensing, what New York’s new cybersecurity regulations mean for Financial Services and
the PATCH Act and the creation of a vulnerabilities equities process
Open Source Insight: GDPR Best Practices, Struts RCE Vulns, SAST, DAST & Equ...Black Duck by Synopsys
COSRI research director Chris Fearon makes the case that Equifax was either unaware of or slow to respond to reports of known critical vulnerabilities in their system, and as a result had not upgraded to safer versions. That opinion was later proven out by Congressional hearings into the breach, as Fred Bals relates in his blog on whether SAST and DAST fell down on the job for Equifax. Black Duck VP and General Counsel, Matt Jacobs partners with Irwin Mitchell’s Dan Headley to review what GDPR will mean for open source code. Is open source more dangerous than Windows? And Larry Ellison claims Oracle could have saved Equifax from much heartache in this week’s open source security and cybersecurity news wrap.
As telcos go digital, cybersecurity risks intensify by pwcMert Akın
globalaviationairospace.com
Cyber security for telecommunications companies
The rewards and risks of the cloud, devices, and data
The fastest growing sources of security incidents, increase over 2013
Security strategies for evolving technologies
Strategic initiatives to improve cybersecurity
An assessment of UK cyber resilience across the commercial sector. The report highlights information disclosure, as used by hackers to construct attack intelligence.
How to protect privacy sensitive data that is collected to control the corona...Ulf Mattsson
In Singapore, the Government launched an app using short-distance Bluetooth signals to connect one phone using the app with another user who is close by. It stores detailed records on a user's phone for 21 days decrypt the data if there is a public health risk related to an individual's movements.
China used a similar method to track a person's health status and to control movement in cities with high numbers of coronavirus cases. Individuals had to use the app and share their status to be able to access public transportation.
The keys to addressing privacy concerns about high-tech surveillance by the state is de-identifying the data and giving individuals control over their own data. Personal details that may reveal your identity such as a user's name should not be collected or should be protected with access to be granted for only specific health purposes, and data should be deleted after its specific use is no longer needed.
We will discuss how to protect privacy sensitive data that is collected to control the coronavirus outbreak.
100+ Cyber Security Interview Questions and Answers in 2022Temok IT Services
Top 100 Cyber Security Interview Questions and Answers in 2022 According to the IBM Report, data breaches cost measured businesses $4.24 million per incident on average, the highest in the 17 years of history. However, the demand for cyber security professionals exceeded and created exciting job opportunities.
An important part of RSAC 2020 focused on Business-Critical Application Security and we're seeing a transformational shift in technology. The enterprise architecture we used to know is changing. Cloud application development is accelerating and diversifying where many organizations have virtual machines, containers, and now serverless applications running in the cloud, transforming code into infrastructure. Microservices make a lot of sense for scale and development agility, but if everything is talking to everything else via APIs, it’s likely that there are many (and I mean many) application vulnerabilities. Additionally, API security is new, so processes are likely immature, and API security sits somewhere between application developers, DevOps, and cybersecurity, leading to organizational and skills challenges. We will organize this chaos from RSAC and discuss Security in The API Ecosystem.
Security is morphing to a hybrid model for distributed policy enforcement across cloud-based environments. At the same time, organizations want central policy management for the whole environment.
You will learn more about what I found interesting at RSAC:
1. “Emerging Privacy Issues”
2. “The Human Factor”
3. “Cloud Security”
4. “Advancements in Machine Learning”
5. “Security in App Development”
6. “Trends from the Innovation Sandbox”
7. “New Standards and Regulations”
8. “Security for The API Economy”
Digital businesses are difficult to launch and run even without the challenge of security. And yet, digital business strategies are also being used by hackers to systematically go after lucrative targets. Following up on our release of the 2015 NTT Group Global Threat Intelligence Report, this executive summary highlights key findings from the report that affect today’s digital businesses.
This report analyzes the worldwide markets for Cyber Security in US$ million by the following product segments ' Application Security, Content Security, Data Security, Endpoint Security, Network Security, Identity & Access Management, Risk & Compliance Management, Security Operations, and Consulting Services. The report provides separate comprehensive analytics for the US, Canada, Japan, Europe, Asia-Pacific, Latin America, and Rest of World. Annual estimates and forecasts are provided for the period 2009 through 2017. Also, a six-year historic analysis is provided for these markets. The report profiles 127 companies including many key and niche players such as Aladdin Knowledge Systems Ltd., AVG Technologies, BitDefender
[CB20] It is a World Wide Web, but All Politics is Local: Planning to Survive...CODE BLUE
Since the birth of the World Wide Web in 1989, despite the fact that the key function of the Internet is to communicate, share and distribute information without borders, countries have varied in their understanding and policies on how the Internet should work in their jurisdiction; some have codified laws bolstering Internet sovereignty or built firewalls to control online information flows. At the 25th anniversary of the Internet in 2014, the Pew Research Center invited over 1400 technology industry leaders and academics to reflect on the impact of the Internet over the next ten years. The top Internet threat these experts named was that nation-states could increasingly block, filter, segment and Balkanize the Internet for geopolitical, economic, social and security reasons.
In 2020, six years after that Pew report, amidst a global pandemic, growing populist partisanship in many countries, and heightened geopolitical tensions between the world’s largest economies, the splintering of Internet communities seems even more imminent than before, as governments seek to limit the sometimes harmful power of social media speech and Internet companies' encroachments on personal privacy. Is the global trend towards segmentation and Balkanization of the Internet forthcoming? What are its implications for business operations globally in terms of cost, planning, continuity, and liabilities ? How will cyber threats evolve as businesses adjust their operations to adapt to a more-segmented Internet? This talk will address these issues by identifying and characterizing the evidence of the segmentation and Balkanization of the Internet and by providing broad cyber threat and risk profiles for each region and practical mitigation measures to improve business resilience.
Grift horse money stealing trojan takes 10m android users for a rideRoen Branham
Watch the full episode on Youtube: https://youtu.be/M5Gsjwsnxtg
More than 10 million Android users have been saddled with a malware called GriftHorse that’s trojanizing various applications and secretly subscribing victims to premium mobile services – a type of billing fraud that researchers categorize as “fleeceware.”
Zimperium uncovered more than 130 GriftHorse apps being distributed through both Google Play and third-party application stores, across all categories. Some of them have basic functionality, and some of them do nothing, researchers said. In either case, once installed, they lead to victims being billed for premium services – but phone-owners are usually none the wiser until they take a look at their mobile bills.
Open Source Insight: Who Owns Linux? TRITON Attack, App Security Testing, Fut...Black Duck by Synopsys
We look at the three reasons you must attend the FLIGHT Amsterdam conference; how to build outstanding projects in the open source community; and why isn’t every app being security tested? Plus, in-depth into the TRITON attack; why 2018 is the year of open source; how open source is driving both IoT and AI and a webinar on the 2018 Open Source Rookies of the Year.
Open Source Insight is your weekly news resource for open source security and cybersecurity news!
Open Source Insight:2017 Top 10 IT Security Stories, Breaches, and Predictio...Black Duck by Synopsys
We’re winding up 2017 with the leading security stories of the year, as well as what 2018 might bring in terms of open source and cybersecurity. Several Black Duck and Synopsys’ bloggers weigh in with articles ranging from the need of SCA (software composition analysis), through how developers can navigate the sometimes stormy seas of software security, to addressing the issues of open source in tech contracts.
From Black Duck Software and Synopsys, we wish you a happy holiday season and will see you again in 2018!
How to protect privacy sensitive data that is collected to control the corona...Ulf Mattsson
In Singapore, the Government launched an app using short-distance Bluetooth signals to connect one phone using the app with another user who is close by. It stores detailed records on a user's phone for 21 days decrypt the data if there is a public health risk related to an individual's movements.
China used a similar method to track a person's health status and to control movement in cities with high numbers of coronavirus cases. Individuals had to use the app and share their status to be able to access public transportation.
The keys to addressing privacy concerns about high-tech surveillance by the state is de-identifying the data and giving individuals control over their own data. Personal details that may reveal your identity such as a user's name should not be collected or should be protected with access to be granted for only specific health purposes, and data should be deleted after its specific use is no longer needed.
We will discuss how to protect privacy sensitive data that is collected to control the coronavirus outbreak.
100+ Cyber Security Interview Questions and Answers in 2022Temok IT Services
Top 100 Cyber Security Interview Questions and Answers in 2022 According to the IBM Report, data breaches cost measured businesses $4.24 million per incident on average, the highest in the 17 years of history. However, the demand for cyber security professionals exceeded and created exciting job opportunities.
An important part of RSAC 2020 focused on Business-Critical Application Security and we're seeing a transformational shift in technology. The enterprise architecture we used to know is changing. Cloud application development is accelerating and diversifying where many organizations have virtual machines, containers, and now serverless applications running in the cloud, transforming code into infrastructure. Microservices make a lot of sense for scale and development agility, but if everything is talking to everything else via APIs, it’s likely that there are many (and I mean many) application vulnerabilities. Additionally, API security is new, so processes are likely immature, and API security sits somewhere between application developers, DevOps, and cybersecurity, leading to organizational and skills challenges. We will organize this chaos from RSAC and discuss Security in The API Ecosystem.
Security is morphing to a hybrid model for distributed policy enforcement across cloud-based environments. At the same time, organizations want central policy management for the whole environment.
You will learn more about what I found interesting at RSAC:
1. “Emerging Privacy Issues”
2. “The Human Factor”
3. “Cloud Security”
4. “Advancements in Machine Learning”
5. “Security in App Development”
6. “Trends from the Innovation Sandbox”
7. “New Standards and Regulations”
8. “Security for The API Economy”
Digital businesses are difficult to launch and run even without the challenge of security. And yet, digital business strategies are also being used by hackers to systematically go after lucrative targets. Following up on our release of the 2015 NTT Group Global Threat Intelligence Report, this executive summary highlights key findings from the report that affect today’s digital businesses.
This report analyzes the worldwide markets for Cyber Security in US$ million by the following product segments ' Application Security, Content Security, Data Security, Endpoint Security, Network Security, Identity & Access Management, Risk & Compliance Management, Security Operations, and Consulting Services. The report provides separate comprehensive analytics for the US, Canada, Japan, Europe, Asia-Pacific, Latin America, and Rest of World. Annual estimates and forecasts are provided for the period 2009 through 2017. Also, a six-year historic analysis is provided for these markets. The report profiles 127 companies including many key and niche players such as Aladdin Knowledge Systems Ltd., AVG Technologies, BitDefender
[CB20] It is a World Wide Web, but All Politics is Local: Planning to Survive...CODE BLUE
Since the birth of the World Wide Web in 1989, despite the fact that the key function of the Internet is to communicate, share and distribute information without borders, countries have varied in their understanding and policies on how the Internet should work in their jurisdiction; some have codified laws bolstering Internet sovereignty or built firewalls to control online information flows. At the 25th anniversary of the Internet in 2014, the Pew Research Center invited over 1400 technology industry leaders and academics to reflect on the impact of the Internet over the next ten years. The top Internet threat these experts named was that nation-states could increasingly block, filter, segment and Balkanize the Internet for geopolitical, economic, social and security reasons.
In 2020, six years after that Pew report, amidst a global pandemic, growing populist partisanship in many countries, and heightened geopolitical tensions between the world’s largest economies, the splintering of Internet communities seems even more imminent than before, as governments seek to limit the sometimes harmful power of social media speech and Internet companies' encroachments on personal privacy. Is the global trend towards segmentation and Balkanization of the Internet forthcoming? What are its implications for business operations globally in terms of cost, planning, continuity, and liabilities ? How will cyber threats evolve as businesses adjust their operations to adapt to a more-segmented Internet? This talk will address these issues by identifying and characterizing the evidence of the segmentation and Balkanization of the Internet and by providing broad cyber threat and risk profiles for each region and practical mitigation measures to improve business resilience.
Grift horse money stealing trojan takes 10m android users for a rideRoen Branham
Watch the full episode on Youtube: https://youtu.be/M5Gsjwsnxtg
More than 10 million Android users have been saddled with a malware called GriftHorse that’s trojanizing various applications and secretly subscribing victims to premium mobile services – a type of billing fraud that researchers categorize as “fleeceware.”
Zimperium uncovered more than 130 GriftHorse apps being distributed through both Google Play and third-party application stores, across all categories. Some of them have basic functionality, and some of them do nothing, researchers said. In either case, once installed, they lead to victims being billed for premium services – but phone-owners are usually none the wiser until they take a look at their mobile bills.
Open Source Insight: Who Owns Linux? TRITON Attack, App Security Testing, Fut...Black Duck by Synopsys
We look at the three reasons you must attend the FLIGHT Amsterdam conference; how to build outstanding projects in the open source community; and why isn’t every app being security tested? Plus, in-depth into the TRITON attack; why 2018 is the year of open source; how open source is driving both IoT and AI and a webinar on the 2018 Open Source Rookies of the Year.
Open Source Insight is your weekly news resource for open source security and cybersecurity news!
Open Source Insight:2017 Top 10 IT Security Stories, Breaches, and Predictio...Black Duck by Synopsys
We’re winding up 2017 with the leading security stories of the year, as well as what 2018 might bring in terms of open source and cybersecurity. Several Black Duck and Synopsys’ bloggers weigh in with articles ranging from the need of SCA (software composition analysis), through how developers can navigate the sometimes stormy seas of software security, to addressing the issues of open source in tech contracts.
From Black Duck Software and Synopsys, we wish you a happy holiday season and will see you again in 2018!
Open Source Insight: Amazon Servers Exposed Open Source & the Public Sector...Black Duck by Synopsys
This issue of Open Source Insight looks at how data leaks on Amazon servers may have exposed the personal information of 198 million American voters and 14 million Verizon customers. Is the federal cybersecurity infrastructure keeping up with threats?
Why do some many companies have problems keeping their software up to date? Are vulnerability tools up to snuff?
All this and more open source security and cybersecurity news…
Open Source Insight: OWASP Top 10, Red Hat OpenShift News, & Gmail Phishing ScamBlack Duck by Synopsys
On Wednesday, a worm started spreading around Gmail that suggested to users a friend or colleague was trying to share a Google Doc. Google has already disabled the offending accounts (only 0.1 percent were affected), and that it was able to stop the worm within an hour. We should take this as a wake-up that we're all potentially vulnerable to attack.
This week’s open source and open source security news includes stories on the eternal “open source good / bad” debate; 5 reasons why enterprises should be using open source; news from Red Hat Summit; and what CISOs need to known about cybersecurity.
CVE Numbers from the NVD: 1590 entries for April 2017; 50 entries currently for the month of May; a total of 5,238 reports to date for 2017.
Open Source Insight: Security Breaches and Cryptocurrency Dominating NewsBlack Duck by Synopsys
This week in Open Source Insight we examine blockchain security and the cryptocurrency boom. Plus, take an in depth look at open source software in tech contracts with a legal expert from Tech Contracts Academy, Adobe Flash Player continues to be a security concern, the Open Source Initiative turns 20, and step by step instructions for migrating to Docker on Black Duck Hub. Cybersecurity and security breach news also dominates this week, as Synopsys examines security breaches in 2017 and how they were preventable.
Open Source Insight: Struts in VMware, Law Firm Cybersecurity, Hospital Data ...Black Duck by Synopsys
The need for cybersecurity vigilance is the overarching theme of this week’s news, as Google OSS-Fuzz finds more than 1,000 bugs, with 264 of them flagged as potential security bugs. The vuln that just keeps on strutting has impacted VMware products. Thousands of patient records are leaked in a New York Hospital data breach. More hospital data breaches may be imminent in the NHS Ransomware attacks announced today.
Open Source Insight:Container Tech, Data Centre Security & 2018's Biggest Se...Black Duck by Synopsys
Black Duck senior technology evangelist Tim Mackey talks containers this week at DevSecCon and elaborates on his presentation, “When Good Containers Go Bad,” with IT Pro, Cloud Pro and Data Centre News. Black Duck VP of Security Strategy Mike Pittenger shares his thoughts on the biggest security threat we face in 2018. Artifex and Hancom settle their long-running open source licensing dispute, and the hidden costs of open source security.
Read all the hottest open source security and cybersecurity news in this week’s Open Source Insight.
Open Source Insight: Happy Birthday Open Source and Application Security for ...Black Duck by Synopsys
Opinions differ on exactly when, but open source turned twenty this year. Most security breaches in 2017 were preventable (you hear that, Equifax?), and it’s time to take a look back to prevent similar breaches in 2018. iPhone source code gets leaked (for a short time). And keeping medical devices, voting machines, automobiles, and critical infrastructure safe in a world of increasing application risk.
Read on for open source security and cybersecurity in Open Source Insight for February 9th, 2018.
Open Source Insight: CVE–2017-9805, Equifax Breach & Wacky Open Source LicensesBlack Duck by Synopsys
Our vulnerability of the week is CVE-2017-9805, which resides in Apache Struts’ REST plugin, a must-have in almost all Struts enterprise deployments. Attackers can exploit the bug via HTTP requests or via any other socket connection, with a public exploit published on Thursday. Happily, on Monday the Apache Struts team released Apache Struts v2.5.13, which includes a fix for CVE-2017-9805. As always, the byword of the week is “patch and update.”
Also looming large in this week’s news is the massive cyber-break-in at Equifax, where highly sensitive personal and financial information for around 143 million U.S. consumers (the editor apparently being among those affected) was compromised.
Open Source Insight: Securing IoT, Atlanta Ransomware Attack, Congress on Cyb...Black Duck by Synopsys
The Black Duck blog and Open Source Insight become part of the Synopsys Software Integrity blog in early April. You’ll still get the latest open source security and license compliance news, insights, and opinions you’ve come to expect, plus the latest software security trends, news, tips, best practices, and thought leadership every week. Don’t delay, subscribe today! Now on to this week’s open source security and cybersecurity news.
Open Source Insight: Black Duck Announces OpsSight for DevOps Open Source Sec...Black Duck by Synopsys
Continuing a month of major announcements, Black Duck launched its new product, OpsSight — comprehensive, automated open source container security for production environments — at its FLIGHT 2017 user conference in Boston this week. Targeting the production phase of the software development life cycle, the initial release of OpsSight is optimized for Red Hat’s OpenShift Container Platform.
If you missed FLIGHT 2017, you can read all the news about OpsSight below, as well as stories on FLIGHT keynoters Charlie Miller and Chris Valasek’s presentation on why IoT insecurity is here to stay; the top 5 cybersecurity mistakes you need to avoid; the SEC prepares new cybersecurity guidelines; and security for the connected car
Open Source Insight: AppSec for DevOps, Open Source vs Proprietary, Malicious...Black Duck by Synopsys
Welcome to the March 2nd edition of Open Source Insight from Black Duck by Synopsys! We look at places you’d never expect to find GDPR data, as well as answers to your most-frequently-asked GDPR questions. Synopsys Principal Scientist Sammy Migues explores why enterprises must have a software security program while Black Duck Technology Evangelist, Tim Mackey, takes a look at building application security into the heart of DevOps. Plus, a report that may give you nightmares on the malicious possibilities of AI. All the cybersecurity and open source security news fit to print lies ahead for your reading pleasure…
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA RegulationPECB
This session discusses the top cyber threats for 2020 world-wide, where our presenters will discuss the top security priorities in their states for cybersecurity, followed by a Q/A session at the end of the presentation.
What topics are hot for Chief Security Officers in 2020? Which cyber threats are demanding the most attention for top government cybersecurity leaders? What projects are the U.S. states of Washington and Illinois applying resources to address security priorities? Where next with privacy legislation and implementation of regulations likes the California Consumer Privacy Act (CCPA)?
The webinar covers:
• Top security predictions for 2020 from global security vendors – along with CISO reactions and feedback
• Security trends (in specific areas such as ransomware) seen at the end of 2019 and in the first weeks of 2020
• CISO project priorities from Washington State and the State of Illinois
• Panel discussion of privacy actions and CCPA implementation nationwide
Date: February 19, 2019
Recorded webinar: https://youtu.be/QN35YHEA_4E
Open Source Insight:IoT Security, Tech Due Diligence, and Software Security ...Black Duck by Synopsys
A grab-bag of open source security and cybersecurity news is in this week’s edition of Open Source Insight. Is “many eyeballs” not enough? Some security researchers think Linus’ Law doesn’t work anymore. Black Duck by Synopsys kicks off a new video series with MITRE IoT expert, Bob Martin. Learn how open source tech due diligence helped one company close a deal securely. Should “Privacy Day” be renamed to “Lack of Privacy” day? Plus, an eye-catching infographic on how too little software security training is putting many companies at risk.
Open Source Governance in Highly Regulated Companiesiasaglobal
Open source governance is part of IT governance and focuses on the specific issues related to the acquisition, use and management of OSS, and ensuring it is done in alignment with a company?s stated objectives, policies and risk profile. And as open source becomes more common, the need for governance increases dramatically. Without proper controls and processes to ensure compliance and reduce exposure, organizations will be at risk from technical and operational, regulatory, security, legal and brand factors.
Open Source has the potential to deliver faster development cycles and better security than traditional proprietary approaches to software. However, turning the potential of Open Source into reality can be difficult. Recent security issues like Heartbleed, Shellshock and the Panama Papers highlighted some of the challenges users of Open Source can face. This talk will explore how we can address them.
Open Source Insight: Paraskevidekatriaphobia, Web APIs, Jeep Hacking, More ...Black Duck by Synopsys
On this Friday the 13th, the paraskevidekatriaphobia edition of Open Source Insight delves into scary software exploits like jeep hacking and data breaches. October is Cybersecurity Awareness Month, but how aware and cybersecure are the businesses holding our personal data? Black Duck joins forces with Google to clean up software supply chains. If it’s not one thing it’s two things for Equifax. Ten steps you need to take now to comply with GDPR. And Black Duck’s new Hub plugin to Visual Studio IDE.
Open Source Insight: Global Response to COSRI 2017 Open Source Security and R...Black Duck by Synopsys
Many Black Duck-related news stories in this week’s edition of Open Source Insight, thanks to the release of our 2017 Open Source Security and Risk Analysis detailing significant cross-industry risks related to open source vulnerabilities and license compliance challenges.
Black Duck conducts hundreds of open source code audits annually, primarily related to merger and acquisition transactions. For the 2017 analysis, our Center for Open Source Research & Innovation (COSRI) analyzed over 1,000 applications and found both high levels of open source usage — 96% of the apps examined contained open source — and significant risk to open source security vulnerabilities — more than 60% of the apps contained open source security vulnerabilities. All security professionals concerned about vulnerabilities and license compliance will want to review the report, which can be downloaded from the Black Duck website.
Emphasizing the need to stay on top of software security vulnerabilities is the NVD CVE listing for the month of April 2017, which now exceeds 900 entries, including CVE-2016-4899, a high to critical flaw where the datamover module in the Linux version of NovaBACKUP DataCenter before 09.06.03.0353 is vulnerable to remote command execution via unspecified attack vectors.
On to this week’s top open source and open source security news…
Open Source Insight: Top Picks for Black Hat, GDPR & Open Source Webinar, ...Black Duck by Synopsys
Vulnerability of the week is CVE-2017-7526, but news abounds on GDPR and Open Source, Medical Device security, container security tools, Black Hat USA & more.
Similar to Open Source Insight: Samba Vulnerability, Connected Car Risks, and Are You Ready for GDPR? (20)
Flight WEST 2018 Presentation - A Buyer Investor Playbook for Successfully Na...Black Duck by Synopsys
Anthony Decicco, shareholder, GTC Law Group presented at FLIGHT West 2018. His session description included:
A buyer and investor focused discussion of key open source software-related issues and deal points. Understanding the key legal and technical risks, as well as strategies for mitigating them, will help you to focus due diligence, speed and smooth negotiations and get better deal terms, increasing overall value and avoiding post-transaction surprises.
For more information, please visit us at www.blackducksoftware.com
FLIGHT WEST 2018 Presentation - Continuous Monitoring of Open Source Componen...Black Duck by Synopsys
Basma Shahadat, Lead Research Engineer presented at Black Duck Flight West 2018. Security checking in the early stages of the SDLC is critical. This session will demonstrate how Proofpoint is taking proactive steps to reduce risk by integrating Black Duck into Proofpoint’s continuous integration pipeline to detect open source vulnerabilities during the product build. For more information, please visit us at https://www.blackducksoftware.com/
FLIGHT WEST 2018 Presentation - Integrating Security into Your Development an...Black Duck by Synopsys
Utsav Sanghani, Product Manager, Integrations and Alliance at Synopsys presented on how to "Black Duck your Code Faster with Black Duck Integrations." For more information, please visit www.blackducksoftware.com
Black Duck On-Demand-Audits von über 1.100
kommerziellen Anwendungen im Jahr 2017
verdeutlichen die ständigen Herausforderungen, vor
denen Unternehmen stehen, um Open Source effektiv
zu erkennen und zu sichern.
FLIGHT Amsterdam Presentation - Open Source, IP and Trade Secrets: An Impossi...Black Duck by Synopsys
At Flight Amsterdam, Fenna Douwenga, Associate, Bird & Bird provided practical tips on open source licenses, intellectual property rights, and trade secrets. During the presentation Fenna reviewed, everlasting conflict between patents, copyright and open source and how it can be overcome. Additionally, the new European Trade Secrets Directive was discussed and how some of the requirements therein may for instance conflict with the GNU General Public license. Furthermore, a quick outline of the influence of Brexit on licenses closed under UK law was given and how potential problems can be prevented.
FLIGHT Amsterdam Presentation - Data Breaches and the Law: A Practical GuideBlack Duck by Synopsys
Flight Amsterdam Presentation by Daniel Hedley and Georgie Collins, Partners, Irwin Mitchell looked at the intersection of the GDPR and open source software management and the laws which govern how organisations must respond to data breaches (including GDPR and NISD), how to prepare for a data breach, and what to do if the worst happens.
FLIGHT Amsterdam Presentation - Don’t Let Open Source Software Kill Your DealBlack Duck by Synopsys
Flight Amsterdam presentation by Anthony Decicco, Shareholder, GTC Law Group
Open source software is increasingly centric to transactions, whether licensing, mergers, acquisitions, financing, insurance, offerings or loans, and the deal landscape is changing with the prevalence of representation and warranty insurance, heightened focus on security vulnerabilities and increasing litigation. As such, it is important to understand and re-visit key open source software-related issues and deal points to accelerate your deal, avoid unnecessary due diligence and realize the most value from your open source software-related compliance efforts.
Open Source Insight:GitHub Finds 4M Flaws, IAST Magic Quadrant, 2018 Open So...Black Duck by Synopsys
A big news week for Synopsys and Black Duck as Gartner releases the 2018 Gartner Magic Quadrant for Application Security Testing and the 2018 Open Source Rookies of the Year are announced. More on these stories and the hottest open source security and cybersecurity news in this week’s Open Source Insight!
2018 is the Open Source Rookies report’s 10th anniversary, brought to you by Black Duck by Synopsys. This infographic shows the impressive number of projects started in 2017 and the distribution across the world and a wide range of categories. Narrowing them down was hard! The open source community continues to produce innovative and influential open source projects.
Open Source Insight: SCA for DevOps, DHS Security, Securing Open Source for G...Black Duck by Synopsys
It’s an acronym-filled issue of Open Source Insight, as we look at the question of SCA (software composition analysis) and how it fits into the DevOps environment. The DHS (Department of Homeland Security) has concerning security gaps, according to its OIG (Office of Inspector General). Can the CVE (Common Vulnerabilities and Exposures) gap be closed? The GDPR (General Data Protection Regulation) is bearing down on us like a freight train, and it’s past time to include open source security into your GDPR plans.
Plus, an intro to the Open Hub community, looking at security for blockchain apps, and best practices for open source security in container environments are all featured in this week’s cybersecurity and open source security news.
Open Source Insight: Big Data Breaches, Costly Cyberattacks, Vuln Detection f...Black Duck by Synopsys
This week’s Open Source Insight features a powerful visualization tool displaying the world’s biggest data breaches at name brands such as Ebay, Equifax, Anthem, and Target. The White House and British Foreign Office have condemned a cyber-attack launched by the Russian military on Ukraine and hint at reprisals. Black Duck brings open source vulnerability detection to Kubernetes, and Synopsys will host Elevate, an evening thought leadership event at Embedded World 2018 featuring an elite group of international cyber security experts leading a discussion about IoT and embedded systems security threats and solutions.
Read on for all the open source security and cybersecurity news you need to know this week.
Principal engineer at MITRE, Bob Martin, examines the potential security issues introduced by the Internet of Things and proactive measures you can take to address those issues.
Open Source Insight:Banking and Open Source, 2018 CISO Report, GDPR LoomingBlack Duck by Synopsys
Cybercriminals are expected to extend their threat deeper into ransomware and IoT. In a just-released report, Synopsys examines the four “tribes” of CISOs, and the characteristics of each. A link to the complimentary report is below. And with the GDPR going into force in just four months, businesses are scrambling for compliance.
All these cybersecurity stories and more in the January 19th edition of Open Source Insight.
Open Source Insight: Balancing Agility and Open Source Security for DevOpsBlack Duck by Synopsys
Lots of DevOps news this week, including why automation is critical for securing code, as well as balancing agility with security needs. Learn how to manage security in GitHub projects with CoPilot from Black Duck Software. Pre-GDPR, Carphone Warehouse gets hit with £400k fine over a 2015 hack. And why you should think like your attackers when developing your cybersecurity portfolio.
Read on for this week’s cybersecurity and open source security news in Open Source Insight!
Open Source Insight: Meltdown, Spectre Security Flaws “Impact Everything”Black Duck by Synopsys
Welcome to 2018, with two major security flaws revealed that makes any computer device that has chips from Intel, AMD and ARM at risk. One security flaw, dubbed Meltdown, impacts Intel semiconductors, enabling enabling bad guys to steal passwords. The other security flaw, Spectre, impacts chips from all three companies. During an interview with CNBC covered by Reuters, Intel’s chief executive noted that “Phones, PCs, everything are going to have some impact, but it’ll vary from product to product.”
In other cybersecurity news, we look at 10 open source technologies you need to know about, cybersecurity predictions for 2018, and an interesting white paper published by the University of Michigan on identifying cybersecurity threats in connected vehicles.
Open Source Insight: Black Duck Now Part of Synopsys, Tackling Container Secu...Black Duck by Synopsys
Black Duck is now a part of Synopsys, with the acquisition complete this week. Dr. Andreas Kuehlmann, General Manager of the Synopsys Software Integrity Group provides some background of how Synopsys and Black Duck joining forces will enhance the company’s efforts in the software security market by broadening our product offering and strengthening the Software Integrity Platform.
Tim Mackey, technical evangelist for Black Duck, tackles the tricky issue of container security. Mike Pittenger, vice president of security strategy for Black Duck, discusses open source security, the Equifax breach, OpenSSL and Heartbleed, and why a “software parts list” will become increasing important to organisations wanting to stay secure.
This week’s open source security and cybersecurity news follows in Open Source Insight.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Securing your Kubernetes cluster_ a step-by-step guide to success !
Open Source Insight: Samba Vulnerability, Connected Car Risks, and Are You Ready for GDPR?
1. Open Source Insight:
Samba Vulnerability, Connected Car Risks,
and Are You Ready for GDPR?
By Fred Bals, Senior Content Writer & Editor
2. Threat of the week is the newly discovered remote code execution
vulnerability CVE-2017-7494. Chris Fearon, Research Director at Black
Duck, advises:
Samba is an open source SMB/CIFS implementation that allows
interoperability between Linux and Windows hosts via file and print
sharing. A remote code execution vulnerability has been
discovered in versions 3.5.0 onwards which may allow an attacker
to upload and execute code as the root user.
Threat of the Week
3. More on the Samba Vulnerability
Patches are already available from the Samba project, and from
most major Linux distributions.
• The Samba project have provided patches for versions 4.4 onwards, and a
workaround for older versions and installations that cannot be upgraded
(see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7494).
• Red Hat have patched the vulnerability in RHEL 7, RHEL 6, and RHEL 5 ELS
(see https://rhn.redhat.com/errata/RHSA-2017-1270.html).
• The Debian project have patched the vulnerability in Debian 8, Debian 7, and in
the “unstable” branch
(see https://security-tracker.debian.org/tracker/CVE-2017-7494).
4. • How open source software will drive the
future of auto innovations
• 4 Risks in Connected Cars
• Google, IBM and Lyft launch open source
project Istio
• Last week: 'OpenVPN client is secure!' This
week: 'Unpatched bug in OpenVPN server'
• GDPR compliance by May 2018 deadline 'not a
priority' for two in five businesses, survey
finds
Open Source News
5. More Open Source News
• GDPR Deadline: Does “Appropriate Security”
Include Open Source Risk?
• Are You Ready for the EU GDPR? What Companies
Outside the European Union Need to Know
• Microsoft uses open source software to create
Windows
• Why Understanding And Control Should Be Key
Parts Of Your Cybersecurity Portfolio
• 7-Year-Old Samba Flaw Lets Hackers Access
Thousands of Linux PCs Remotely
6. via VentureBeat: Today’s cloud is powered
by open source software: 78 percent of
businesses run open source software in
some form. With the convergence of
automobiles and the cloud (supporting
autonomous systems and connectivity), it’s
quite clear this open source paradigm that
took over the cloud will take over the
automobile.
How open source software will drive
the future of auto innovations
7. via Black Duck blog (Mike Pittenger): “Car hacking”
is certainly a fun subject to talk about (and even
more fun to watch). But it’s also a serious topic as
the volume of code increases in modern
automobiles. The trend started in the 1977
Oldsmobile Toronado, in which a small amount of
code managed electronic spark timing. As the chart
shows, a high-end car today can include over 100
million lines of code. This software provides
convenience (driver assistance), entertainment
(infotainment systems), safety (blind spot detection,
collision avoidance), and vehicle management
benefits.
4 Risks in Connected Cars
8. Google, IBM and Lyft launch
open source project Istio
via ZDNet: Google, IBM, and Lyft on
Wednesday announced the first public release
of Istio, an open source service that gives
developers a vendor-neutral way to connect,
secure, manage and monitor networks of
different microservices on cloud platforms.
According to the companies, Istio was created
to address the inherent challenges that come
with integrating application-based
microservices in distributed systems, namely
compliance and security.
9. via The Register: French security outfit
Sysdream has gone public with a vulnerability in
the admin interface for OpenVPN's server. The
server's mistake is that it doesn't escape the
carriage return/line feed (CR/LF) character
combination. “Exploiting these vulnerabilities,
we were able to steal a session from a victim and
then access the application (OpenVPN-AS) with
his rights.” the post says, adding that there are
serious consequences if the victim is an
administrator account.”
Last week: 'OpenVPN client is secure!' This week:
'Unpatched bug in OpenVPN server'
10. GDPR compliance by May 2018 deadline 'not
a priority' for two in five businesses, survey
finds
via Out-Law.com: The General Data Protection Regulation
(GDPR) will apply from 25 May 2018 and place a raft of new
requirements on organisations over the way they process personal
data. Businesses face potential fines of up to 4% of their annual
global turnover, or €20 million, whichever is highest, if they fail to
comply with the new rules.
Despite this, however, 42% of IT decision makers at large
companies based in the UK, France, Germany and the US, surveyed
by Varonis Systems, said they do not view compliance with the
GDPR by 25 May 2018 "as a priority".
11. Data protection law expert Marc Dautlich of Pinsent Masons, the law
firm behind Out-Law.com, said: "An increasing number of
businesses, outside just the usual sectors, increasingly report – in
their annual accounts, and in other channels – on the importance of
their data assets. Similarly, an increasing number apparently fret
about cyber risk as a significant issue on their risk registers, as they
continue, or in some cases begin, their 'digital' projects."
"In this context, strategic thinkers in these businesses will be looking
at surveys like this one and ask themselves how they can most
effectively position their businesses to take most advantage of their
data assets, including, in some cases, how they can derive
competitive advantage by complying with GDPR," he said.
More on GDPR Compliance
12. GDPR Deadline: Does “Appropriate
Security” Include Open Source Risk?
via Black Duck blog (Fred Bals): Of note is the regulation’s Article
32: organizations will be required to “ensure a level of security
appropriate to the risk,” including establishing processes for
regularly assessing and testing security practices.
“Security appropriate to the risk” is a key phrase. Many
organizations don’t pay sufficient attention to the additional
security exposures created by vulnerable open source
components, and may not even be aware these exposures
exist. Yet today’s software is built on a core of open source, and
open source use is pervasive across every industry vertical.
13. 96% of the 1,000+ applications scanned in
Black Duck’s latest Open Source Security
and Risk Analysis (OSSRA) were found to
have open source in their code, with nearly
70% of those applications
having vulnerabilities in the open source
components used.
Would a failure to secure against a widely-
publicized open source vulnerability
disclosed years before become a violation of
the requirement for appropriate security if a
hack exploiting that vulnerability was used to
steal personal data? Very possibly. I for one,
GPDR & Open Source Risk
14. via CIO Review: Typically, a law is not applicable
beyond the borders of its nation of origin. For
example, the Health Insurance Portability
Accountability Act (HIPAA) and The Gramm-
Leach-Bliley Act (GLBA) are limited to the scope
of the United States. Likewise, the laws set forth
by the Canadian Privacy Commission do not
protect those outside of Canada. However, there
is soon to be an exception to the rule with the
enactment of the European Union General Data
Protection Regulation (EU GDPR).
Are You Ready for the EU GDPR? What
Companies Outside the European Union Need
to Know
15. Microsoft uses open source
software to create Windows
via ZDNet: Windows will almost certainly never be open
source, but virtually all Microsoft Windows engineers are now
using the open-source program Git to build Windows on.
In 2017, Microsoft open-sourced Git Virtual File System
(GVFS), under the MIT License. GVFS enabled Microsoft's
product teams to scale the Git client to deal with its
monstrously large source code repos.
Since then, Microsoft started porting all -- and I mean all -- the
Windows code to Git and GVFS. The work is now largely done
and Microsoft is enjoying the fruits of its open-source labor
in creating the largest Git repo on the planet.
16. via Forbes: Nowhere in tech is the old
adage of knowledge is power more
pertinent than in relation to security.
Threats thrive when companies have little
transparency into their own operations,
when intruders can move laterally from
one system, or one network, to another,
without being detected because the
business lacks controls and the ability to
see its technology in its entirety.
Why Understanding And Control Should
Be Key Parts Of
Your Cybersecurity Portfolio
17. 7-Year-Old Samba Flaw Lets Hackers
Access Thousands of Linux PCs
Remotely
via The Hacker News: A 7-year-old critical
remote code execution vulnerability has
been discovered in Samba networking
software that could allow a remote attacker
to take control of an affected Linux and Unix
machines.
Samba is open-source software (re-
implementation of SMB networking protocol)
that runs on the majority of operating
systems available today, including Windows,
Linux, UNIX, IBM System 390, and OpenVMS.
18. 7-Year-Old Samba Flaw Lets Hackers
Access Thousands of Linux PCs Remotely
Samba allows non-Windows operating systems, like GNU/Linux
or Mac OS X, to share network shared folders, files, and printers
with Windows operating system.
The newly discovered remote code execution vulnerability (CVE-
2017-7494) affects all versions newer than Samba 3.5.0 that was
released on March 1, 2010.
More details about the Samba vulnerability in this blog post by
Christopher Fearon - Research Director
19. Subscribe
Stay up to date on open source security and cybersecurity –
subscribe to our blog today.