Software - Cyber Security Informer

On Software Liabilities

Schneier on Security

FEBRUARY 8, 2024

Over on Lawfare, Jim Dempsey published a really interesting proposal for software liability: “Standard for Software Liability: Focus on the Product for Liability, Focus on the Process for Safe Harbor.” I have long been a fan of software liability as a policy mechanism for improving cybersecurity. Full paper here.

Software

Software Government Cybersecurity

Education in Secure Software Development

Schneier on Security

AUGUST 1, 2024

The Linux Foundation and OpenSSF released a report on the state of education in secure software development. …many developers lack the essential knowledge and skills to effectively implement secure software development.

Education

Education Software

Supply Chain Attack against Courtroom Software

Schneier on Security

MAY 30, 2024

No word on how this backdoor was installed: A software maker serving more than 10,000 courtrooms throughout the world hosted an application update containing a hidden backdoor that maintained persistent communication with a malicious website, researchers reported Thursday, in the latest episode of a supply-chain attack.

Software

Providing Security Updates to Automobile Software

Schneier on Security

JULY 30, 2024

Auto manufacturers are just starting to realize the problems of supporting the software in older models: Today’s phones are able to receive updates six to eight years after their purchase date. That means the car software hitting the road today needs to work—and maybe even improve—beyond 2036. Consider a car company.

Software

Software Manufacturing Cybersecurity

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption.

Software

Securing Open-Source Software

Schneier on Security

JULY 27, 2022

Good essay arguing that open-source software is a critical national-security asset and needs to be treated as such: Open source is at least as important to the economy, public services, and national security as proprietary code, but it lacks the same standards and safeguards.

Software

Software Cybersecurity

On the Insecurity of Software Bloat

Schneier on Security

FEBRUARY 15, 2024

Good essay on software bloat and the insecurities it causes. The world ships too much code, most of it by third parties, sometimes unintended, most of it uninspected. Because of this, there is a huge attack surface full of mediocre code.

Software

Software Marketing Cybersecurity

Using Google Search to Find Software Can Be Risky

Krebs on Security

JANUARY 25, 2024

Google continues to struggle with cybercriminals running malicious ads on its search platform to trick people into downloading booby-trapped copies of popular free software applications. And by most accounts, the threat from bad ads leading to backdoored software has subsided significantly compared to a year ago. com , filezillasoft[.]com

Software

Software Advertising Malware Accountability

Russian Software Company Pretending to Be American

Schneier on Security

NOVEMBER 16, 2022

According to company documents publicly filed in Russia and reviewed by Reuters, Pushwoosh is headquartered in the Siberian town of Novosibirsk, where it is registered as a software company that also carries out data processing. It employs around 40 people and reported revenue of 143,270,000 rubles ($2.4 mln) last year. What does the code do?

Software

Software Media Government

Enhance Innovation and Governance Through the Cloud Development Maturity Model

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows.

Government

The Software-Defined Car

Schneier on Security

JUNE 5, 2023

Developers are starting to talk about the software-defined car. The behavior of new cars is increasingly defined by software, too. But keep in mind that, of course, the more software there is in the car, the more risk is there for vulnerabilities, no question about this,” Anhalt said. They’re highly secure.

Software

Software Engineering Internet Internet

On IoT Devices and Software Liability

Schneier on Security

JANUARY 12, 2024

New law journal article : Smart Device Manufacturer Liability and Redress for Third-Party Cyberattack Victims Abstract: Smart devices are used to facilitate cyberattacks against both their users and third parties.

IoT

IoT Software Manufacturing Internet

GUEST ESSAY: Where we stand on mitigating software risks associated with fly-by-wire jetliners

The Last Watchdog

AUGUST 29, 2023

Related: Pushing the fly-by-wire envelope This is especially true because systems are more interconnected and use more complex commercial software than ever before, meaning a vulnerability in one system could lead to a malicious actor gaining access to more important systems. Risks delineated Still, there have been many other incidents since.

Software

Software Risk Artificial Intelligence Engineering

Best Antivirus Software for Small Businesses in 2024

Tech Republic Security

OCTOBER 30, 2024

Bitdefender is our overall pick for the best antivirus software for small businesses, while Norton offers 24/7 support, and ESET provides scalability.

Small Business

Small Business Antivirus Software

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity.

Software

Black Hat Fireside Chat: Why grasping the context of code is a recipe for keeping software secure

The Last Watchdog

AUGUST 19, 2024

President Biden’s call for the mainstreaming of Software Bill of Materials (SBOMs) is a major step forward. He drew a vivid parallel between food safety and software security. The post Black Hat Fireside Chat: Why grasping the context of code is a recipe for keeping software secure first appeared on The Last Watchdog.

Software

Software Internet Internet Accountability

Software Makers Encouraged to Stop Using C/C++ by 2026

Tech Republic Security

NOVEMBER 4, 2024

The Cybersecurity and Infrastructure Security Agency and Federal Bureau of Investigation assert that C, C++, and other memory-unsafe languages contribute to potential security breaches.

Software

Software Cybersecurity Passwords

The 6 Best Free Antivirus Software Providers for Mac in 2024

Tech Republic Security

NOVEMBER 19, 2024

Learn about the extra features and functionality offered by the best free antivirus software providers for Mac in 2024. Security-conscious Mac users may need more protection than their built-in tools provide.

Antivirus

Antivirus Software

NSA on Supply Chain Security

Schneier on Security

NOVEMBER 4, 2022

The NSA (together with CISA) has published a long report on supply-chain security: “ Securing the Software Supply Chain: Recommended Practices Guide for Suppliers. But the supplier also holds a critical responsibility in ensuring the security and integrity of our software.

Software

Software Risk

Making Software Pirates Pay: An E-Commerce Playbook

Advertiser: Revenera

Vendors large and small have been using software intelligence to understand who is using unlicensed versions of their software so they can develop data-driven strategies to identify and convert unpaid users, generating new license revenue. An E-Commerce Conversion Playbook.

Software

AIs Discovering Vulnerabilities

Schneier on Security

NOVEMBER 5, 2024

This is what I said in a recent interview: Let’s stick with software. Imagine that we have an AI that finds software vulnerabilities. But the defenders can use the same AIs to find software vulnerabilities and then patch them. And, eventually, those software vulnerabilities will be a thing of the past.

Software

Software Artificial Intelligence

Software firm Blue Yonder providing services to US and UK stores, including Starbucks, hit by ransomware attack

Security Affairs

NOVEMBER 26, 2024

Blue Yonder, a supply chain software provider, suffered a ransomware attack, impacting operations for clients like Starbucks and grocery stores. ” reads the statement published by the supply chain management software provider. grocery chain Sainsbury. ” reported CNN. Blue Yonder Group , Inc.

Software

Software Ransomware Retail Manufacturing

New SteelFox Trojan mimics software activators, stealing sensitive data and mining cryptocurrency

SecureList

NOVEMBER 6, 2024

It spreads via forums posts, torrent trackers and blogs, imitating popular software like Foxit PDF Editor and AutoCAD. These posts refer to the SteelFox dropper as an efficient way to activate a legitimate software product for free. Instead, it operates on a larger scale, infecting everyone who stumbles upon the compromised software.

Software

Software Cryptocurrency Malware DNS

xz Utils Backdoor

Schneier on Security

APRIL 2, 2024

modified the way the software functions. The following year, JiaT75 submitted a patch over the xz Utils mailing list, and, almost immediately, a never-before-seen participant named Jigar Kumar joined the discussion and argued that Lasse Collin, the longtime maintainer of xz Utils, hadn’t been updating the software often or fast enough.

Social Engineering

Social Engineering Engineering Software Encryption

How to Generate Revenue Using Software Intelligence

Advertiser: Revenera

Did you know there are people who already use and love your software, but aren't paying for it? Add More Opportunities to Your Pipeline. Compliance analytics allow you to quantify unlicensed use of your products and accelerate your revenue recovery efforts.

Software

Backdoor in XZ Utils That Almost Happened

Schneier on Security

APRIL 11, 2024

There’s an important moral to the story of the attack and its discovery : The security of the global internet depends on countless obscure pieces of software written and maintained by even more obscure unpaid, distractible, and sometimes vulnerable volunteers. The modularity they provide makes software projects tractable.

Software

Software Engineering Internet Internet

Improving C++

Schneier on Security

MARCH 15, 2024

His conclusion: We need to improve software security and software safety across the industry, especially by improving programming language safety in C and C++, and in C++ a 98% improvement in the four most common problem areas is achievable in the medium term.

Software

Software Cybersecurity

This Secure Software Could Help Business Owners Go Remote Full Time

Tech Republic Security

DECEMBER 5, 2024

With AnyViewer, savvy business owners can securely connect to remote devices without worrying about security.

Software

The CrowdStrike Outage and Market-Driven Brittleness

Schneier on Security

JULY 25, 2024

As we experienced last week, a single problem in a small piece of software can take large swaths of the internet and global economy offline. Each piece of software depends on dozens of others, typically written by other engineering teams sometimes years earlier on the other side of the planet. These failures can take many forms.

Marketing

Marketing Software Internet Internet

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it.

Risk

Arresting IT Administrators

Schneier on Security

DECEMBER 27, 2022

Prosecutors said the five IT officials of the public administration department had failed to check the security of the system and update it with the most recent antivirus software. The next step would be to arrest managers at software companies for not releasing patches fast enough. And maybe programmers for writing buggy code.

Antivirus

Antivirus Software

3CX Breach Was a Double Supply Chain Compromise

Krebs on Security

APRIL 20, 2023

We learned some remarkable new details this week about the recent supply-chain attack on VoIP software provider 3CX. “This is the first time Mandiant has seen a software supply chain attack lead to another software supply chain attack,” reads the April 20 Mandiant report.

Malware

Malware Software Technology Accountability

NSO Group Spies on People on Behalf of Governments

Schneier on Security

NOVEMBER 27, 2024

Legal documents released in ongoing US litigation between NSO Group and WhatsApp have revealed for the first time that the Israeli cyberweapons maker and not its government customers is the party that “installs and extracts” information from mobile phones targeted by the company’s hacking software.

Government

Government Spyware Mobile Hacking

Hacking Automobile Keyless Entry Systems

Schneier on Security

OCTOBER 17, 2022

A fraudulent tool—marketed as an automotive diagnostic solution, was used to replace the original software of the vehicles, allowing the doors to be opened and the ignition to be started without the actual key fob. The article doesn’t say how the hacking tool got installed into cars.

Hacking

Hacking Manufacturing Marketing Software

7 Tips for Developing an In-Application Messaging Strategy

Advertiser: Revenera

Software vendors are always looking for new ways to convert prospects to customers; and if you're selling your software online, driving and converting shopping cart traffic is crucial to driving new revenue. You will learn how to: Identify unpaid users of your software. Alert these users of their unlicensed status.

eCommerce

New UFEI Rootkit

Schneier on Security

JULY 28, 2022

As the software that bridges a PC’s device firmware with its operating system, the UEFI—short for Unified Extensible Firmware Interface—is an OS in its own right. Because it’s the first thing to run when a computer is turned on, it influences the OS, security apps, and all other software that follows.

Firmware

Firmware Software Malware

Car Thieves Hacking the CAN Bus

Schneier on Security

APRIL 11, 2023

Car thieves are injecting malicious software into a car’s network through wires in the headlights (or taillights) that fool the car into believing that the electronic key is nearby. News articles.

Hacking

Hacking Software Malware

Crashing iPhones with a Flipper Zero

Schneier on Security

NOVEMBER 6, 2023

The capabilities generally required expensive SDRs—short for software-defined radios—that, unlike traditional hardware-defined radios, use firmware and processors to digitally re-create radio signal transmissions and receptions.

Firmware

Firmware Hacking Software

The 6 Best Antivirus Software Providers for Mac in 2024

Tech Republic Security

OCTOBER 21, 2024

Macs may need additional antivirus protection in a business environment or high-risk use case. Bitdefender is the best overall Mac antivirus provider when it comes to protection, usability, and performance.

Antivirus

Antivirus Software Risk

Monetization Monitor: Monetization Models and Pricing 2020

Advertiser: Revenera

Customers demand—and suppliers offer—a diverse mix of monetization models for Software and Digital Services related to IoT Devices. Approximately a third (34%) of respondents in this year’s annual software and IoT monetization survey still rely on homegrown solutions.

IoT

Global Microsoft Meltdown Tied to Bad Crowdstrike Update

Krebs on Security

JULY 19, 2024

A faulty software update from cybersecurity vendor Crowdstrike crippled countless Microsoft Windows computers across the globe today, disrupting everything from airline travel and financial institutions to hospitals and businesses online. sys” and then restarting the machine.

Artificial Intelligence

Artificial Intelligence Media Software Cybersecurity

Ted Chiang on the Risks of AI

Schneier on Security

MAY 12, 2023

as a semi-autonomous software program that solves problems that humans ask it to solve, the question is then: how do we prevent that software from assisting corporations in ways that make people’s lives worse? Yet such software could easily still cause as much harm as McKinsey has. If you think of A.I. researchers.

Risk

Risk Software Technology Marketing

Pro-Ukraine ‘Protestware’ Pushes Antiwar Ads, Geo-Targeted Malware

Krebs on Security

MARCH 17, 2022

Holden said the real trouble starts when protestware is included in code packages that get automatically fetched by a myriad of third-party software products. Holden said some of the code projects tracked by the Russian research group are maintained by Ukrainian software developers. ” .” ”

Malware

Malware Internet Internet Software

FBI Advising People to Avoid Public Charging Stations

Schneier on Security

APRIL 12, 2023

Bad actors have figured out ways to use public USB ports to introduce malware and monitoring software onto devices that access these ports. Carry your own charger and USB cord and use an electrical outlet instead. How much of a risk is this, really? I am unconvinced, although I do carry a USB condom for charging stations I find suspicious.

Malware

Malware Software Risk

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. All of these stats beg the question, “Do you know what’s in your software?”

Cybersecurity

On Software Liabilities

Education in Secure Software Development

Trending Sources

Supply Chain Attack against Courtroom Software

Providing Security Updates to Automobile Software

The Cloud Development Environment Adoption Report

Securing Open-Source Software

On the Insecurity of Software Bloat

Using Google Search to Find Software Can Be Risky

Russian Software Company Pretending to Be American

Enhance Innovation and Governance Through the Cloud Development Maturity Model

The Software-Defined Car

On IoT Devices and Software Liability

GUEST ESSAY: Where we stand on mitigating software risks associated with fly-by-wire jetliners

Best Antivirus Software for Small Businesses in 2024

Optimizing The Modern Developer Experience with Coder

Black Hat Fireside Chat: Why grasping the context of code is a recipe for keeping software secure

Software Makers Encouraged to Stop Using C/C++ by 2026

The 6 Best Free Antivirus Software Providers for Mac in 2024

NSA on Supply Chain Security

Making Software Pirates Pay: An E-Commerce Playbook

AIs Discovering Vulnerabilities

Software firm Blue Yonder providing services to US and UK stores, including Starbucks, hit by ransomware attack

New SteelFox Trojan mimics software activators, stealing sensitive data and mining cryptocurrency

xz Utils Backdoor

How to Generate Revenue Using Software Intelligence

Backdoor in XZ Utils That Almost Happened

Improving C++

This Secure Software Could Help Business Owners Go Remote Full Time

The CrowdStrike Outage and Market-Driven Brittleness

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

Arresting IT Administrators

3CX Breach Was a Double Supply Chain Compromise

NSO Group Spies on People on Behalf of Governments

Hacking Automobile Keyless Entry Systems

7 Tips for Developing an In-Application Messaging Strategy

New UFEI Rootkit

Car Thieves Hacking the CAN Bus

Crashing iPhones with a Flipper Zero

The 6 Best Antivirus Software Providers for Mac in 2024

Monetization Monitor: Monetization Models and Pricing 2020

Global Microsoft Meltdown Tied to Bad Crowdstrike Update

Ted Chiang on the Risks of AI

Pro-Ukraine ‘Protestware’ Pushes Antiwar Ads, Geo-Targeted Malware

FBI Advising People to Avoid Public Charging Stations

Software Composition Analysis: The New Armor for Your Cybersecurity

Stay Connected