<iframe src="//www.googletagmanager.com/ns.html?id=GTM-MDM5X7" height="0" width="0" style="display:none;visibility:hidden">

Application and Cybersecurity Blog

Dyn DDoS Attack Raises Concerns about IoT Security

Posted by Ed Adams on October 24, 2016 at 8:54 AM

DNS service provider Dyn was attacked several times on Friday via a DDoS (distributed denial of service) – hackers basically flooded their systems with so much traffic that nothing could get through. This impacted Dyn clients such as Twitter, Netflix, The NY Times, Spotify, and others. This was a sophisticated, highly distributed attack involving tens of millions of endpoints, using bots that co-opted insecure IoT (Internet of Things) devices like IP-enabled cameras and smart-home devices. Those bots hijack IoT devices via malware and use the devices to blast the Dyn servers with bogus traffic, clogging the pipes.

Read More

Topics: application security, internet of things, embedded security, cybersecurity news

How to Not Get Hacked on Social Media

Posted by Christine Schulz on October 19, 2016 at 8:19 AM

As the Digital Marketing Manager, I often find myself on social media every day. I keep our company accounts updated, and I’m always browsing around for the latest news.

Prior to starting at Security Innovation, I worked a great deal in the agency space. I remember one instance when a client contacted me and asked whether I had posted anything to their account recently...turns out, their Facebook page admin (an employee) had their account hacked and the hacker used the company page she was connected with to start posting some spam messages on their behalf. After investigating, I realized very few clients actually had security measures in place for any of their online accounts. These are were some large, well known businesses. What should they have done to better protect their brand reputation and information in their accounts? And if they don't protect their personal accounts, what happens to their business?

Read More

Topics: security awareness, online security safety

Ransomware...It Could Happen to You

Posted by Jen McNeill on October 17, 2016 at 7:00 AM

Today, I want to talk about a recent form of malware that has been causing major trouble: Ransomware.

That’s right- RANSOMware. It is exactly how it sounds:

A type of malicious software that restricts access to a victim’s infected computer while demanding that the victim pay money to the operators of the malicious software before that software is removed and access is regained.

Read More

Topics: security awareness, online security safety

What I Learned Working in the Cybersecurity Industry

Posted by Christine Schulz on October 10, 2016 at 10:37 AM

One year ago, if you asked me how much I thought about securing my information online, I would probably have said very little. I was in the majority of users who believed "It won't happen to me. I know what a spam email looks like. I pay attention to my accounts. I'm careful in protecting my information." It never cross my mind that someone could potentially tamper with my Nest thermostats. I'd probably have my phone automatically connect to any public WiFi. Two factor authentication or passcodes on my phone? Not worth the extra inconvenience.

Read More

Topics: security awareness, online security safety

Google Awards $1.2 Million in Bounties Just for XSS Bugs

Posted by Danny Harris on October 7, 2016 at 7:24 PM

Google paid over $1.2 M in bug bounties to security researchers for reporting cross-site scripting (XSS) bugs in Google applications during the past 2 years. This fact is mentioned matter-of-factly in a blog article discussing a newly-released security tool.

Read More

Topics: application security, information security

Building a Better Security Community for Women (and Everyone Else)

Posted by Nora Sandler on October 5, 2016 at 1:44 PM

Week 1 of National Cyber Security Awareness Month has a focus on educating and getting people involved in cybersecurity - including careers.

You've probably noticed there aren't a lot of women in information security. This is presumably for the same reasons there aren't many women in technology in general: it's partly a pipeline problem and partly because women get frustrated with the unfriendly culture and leave. Some progressive organizations, like WISP and TiaraCon, are working to change this, and even Facebook's CISO has talked about the need to make women feel more welcome. At Security Innovation, we're trying to do our part by running web security hackathons for women, to help them build their security skills and get newcomers excited about the field.

Read More

Topics: security engineering, developer guidance, application security, information security

What Do I Do if My Account Has Been Hacked?

Posted by Christine Schulz on October 3, 2016 at 11:39 AM

The moment you realize one of your online accounts has been hacked can send a number of emotions raging through your head. Unfortunately, when it comes to online security, many of us don't think about it seriously until after it's too late. And even if we do everything in our power to create strong passwords and store data safely, there are many factors out of the end-user’s control such as vulnerabilities in the software itself that could result in a data breach. However, if you act quickly and rationally, you can mitigate the damage caused by a hack.

Read More

Topics: security awareness, online security safety

What the Tesla Autopilot Crash Tells Us About the Need for V2V Security

Posted by Jonathan Petit on September 29, 2016 at 4:09 PM

Tesla Motors recently issued an over-the-air software update to make its Autopilot system rely more on radar than cameras. This update was in response to a highly publicized crash in May 2016 in which a 40-year-old man was killed when his Tesla crashed into a turning tractor trailer. Tesla wrote in a blog post that Autopilot didn't detect "the white side of the tractor trailer against a brightly lit sky, so the brake was not applied." Without more information about the accident I can only speculate, but let me try to reflect on the problem and how security plays a role. The cause of the accident was that the camera did not detect the object because of natural/non-malicious blinding. I define blinding as the action of affecting the camera in a way that objects are not detected, either partial or full blinding. So, what does it say about the robustness of the system against blinding attacks? It says that Tesla's Autopilot apparently does not prioritize safety or does not do sensor fusion correctly, if at all.

Read More

Topics: internet of things, automotive, embedded security

Mitigating Common Password Attacks

Posted by Serge Truth on September 27, 2016 at 10:47 AM

Multiple options are available for mitigating automated password guessing attacks and choosing the most appropriate one(s) requires understanding the trade-offs between security and usability of each. Regardless, the goal is to implement a set of controls to effectively prevent all types of password guessing attacks from being successful. The solution typically entails a combination of strong password requirements, accounts lockouts, throttling authentication attempts, logging, and multi-factor authentication (MFA).

Read More

Topics: developer guidance, application security, application risk & compliance, online security safety, password security

Feds' Automated Vehicle Guidance Stresses Cybersecurity by Design

Posted by Gene Carter on September 23, 2016 at 3:45 PM

The National Highway Traffic Safety Administration (NHTSA), part of the US Department of Transportation recently issued their much anticipated Federal Automated Vehicles Policy. This 116-page document is guidance, not mandatory rulemaking to "guide manufacturers and other entities in the safe design, development, testing, and deployment of HAVs [Highly Automated Vehicles]."

Read More

Topics: internet of things, automotive, embedded security, cybersecurity news

Sign Up for Blog Alerts!

Win a Hackathon