<iframe src="//www.googletagmanager.com/ns.html?id=GTM-MDM5X7" height="0" width="0" style="display:none;visibility:hidden">

Application and Cybersecurity Blog

Feds' Automated Vehicle Guidance Stresses Cybersecurity by Design

Posted by Gene Carter on September 23, 2016 at 3:45 PM

The National Highway Traffic Safety Administration (NHTSA), part of the US Department of Transportation recently issued their much anticipated Federal Automated Vehicles Policy. This 116-page document is guidance, not mandatory rulemaking to "guide manufacturers and other entities in the safe design, development, testing, and deployment of HAVs [Highly Automated Vehicles]."

Read More

Topics: internet of things, automotive, embedded security, cybersecurity news

Three Account Security Features Everyone Needs Enabled

Posted by Christine Schulz on September 23, 2016 at 12:26 PM

Yahoo confirmed on Thursday that data associated with at least 500 million user accounts have been stolen from a 2014 data breach - what many are calling one of the largest cybersecurity breaches in history. What information did these hackers get? Yahoo tells us "the account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt), and in some cases, encrypted or unencrypted security questions and answers."

Read More

Topics: security awareness, privacy, password security, cybersecurity news

Why I was Asked to a White House Meeting

Posted by William Whyte on September 7, 2016 at 2:29 PM

I was asked to meet with the some of the staff from the Office of Management and Budget (OMB) this week. To be clear, the OMB is a White House department but sadly the meeting wasn't in the White House itself -- it was a couple of blocks west. 

The OMB's job is to run a cost/benefit analysis on any new regulations to make sure they're worth doing. Since February, the OMB has been analyzing the Department of Transportation's proposed mandate for Vehicle to Vehicle (V2V) Communications using a technology known as Dedicated Short Range Communications (DSRC).

Read More

Topics: internet of things, automotive, embedded security, cybersecurity news

C'Mon Dad...You Should Know Better

Posted by Jen McNeill on September 2, 2016 at 12:26 PM

Hey Dad: sorry for what I am about to share!
…but please keep your plane tickets to visit next month and babysit!
-Jen

Read More

Topics: security awareness, online security safety

Happy Birthday World Wide Web! Will the Next 25 Years be as Risky?

Posted by Ed Adams on August 23, 2016 at 3:59 PM

Happy 25th birthday to the world wide web! It's difficult to imagine the first public website was launched just 25 years ago in 1991. For most people, it's hard to think about our lives without the internet.

Internet use has grown substantially over the years, with estimates of over 3.5 billion users around the world in 2016, up from 2.2 billion the year before.1 And while many are now embracing the convenience of the internet, concerns about internet security are greater than ever. Security needs to be thought about as technology and the internet continue to advance and grow over the next 25 years.

Read More

Topics: application security, internet of things, embedded security, quantum computing, cybersecurity news

QuadRooter: The 4-Headed Monster That Threatens 900 Million Android Users

Posted by Dinesh Shetty on August 15, 2016 at 12:35 PM
As the name implies, QuadRooter is a collection of four exploits in Qualcomm's popular graphics and media chipset, which is in more than 900 million mobile devices globally. When used in combination with malware, the exploit gives an attacker root access, i.e., the "keys to the kingdom." All data, services, and hardware on the device are free to take or control – want to listen to phone conversations, read someone’s mail, track a device via GPS, or wipe an unsuspecting user's phone? All possible with QuadRooter.
Read More

Topics: internet of things, mobile security, cybersecurity news

A CISO's Guide to Application Security

Posted by Danny Harris on August 11, 2016 at 8:53 AM

CISO Executive Summary

Application security differs in a number of ways from IT security, Network Security, and Information Security, so standard solutions from those domains don’t necessarily address the challenges of Application security.  It is a very knowledge-dependent discipline, and defense in depth is rarely achieved with technology solutions alone. 

Read More

Topics: application security, application risk & compliance, owasp, sdlc

Bug Bounty Hunter Programs - Is Your Organization Equipped?

Posted by Joe Basirico on August 9, 2016 at 8:14 AM

With Apple's recent announcement about starting its first Bug Bounty Program this September, it raises the issue of why they waited so long and why they did finally did decide to create one. 

Bug Bounty Hunter (BBH) programs are relatively simple in theory - security professionals or hackers who find security holes receive compensation based on the criteria defined in the program. A well-managed program can be a valuable component of a mature software development lifecycle; however, a poorly-organized one can generate a lot of headaches and effectively paralyze an entire security team as they sift through the findings.

Read More

Topics: application security, sdlc

4 Ways to Reduce the Cost of PCI Compliance

Posted by Alan Pearson on August 5, 2016 at 8:02 AM

All organizations that process credit card data are required to be PCI compliant and abide by PCI DSS security standards. However, many organizations treat PCI compliance as an expensive, stressful, and time-consuming annual event. Often departments have fixed budgets, which is why it's important to reduce costs whenever possible while still being able to maintain compliance requirements.

Read More

Topics: application security, application risk & compliance, pci-dss

Jailbreaking your iPhone: Worth the Security Risk?

Posted by Dinesh Shetty on August 1, 2016 at 7:53 AM

In the wake of Pangu releasing the latest iPhone jailbreak, the industry will continue to debate on whether jailbreaking your iPhone is worth the security risk.

With a jailbroken iPhone, you can get past many of the locked down features to customize your iPhone in nearly any way you can imagine. However, this luxury comes with a risk that makes all the information on your phone a likely target for cyber criminals. So, if jailbreaking is such a big security risk, why do it in the first place?

Read More

Topics: internet of things, mobile security, embedded security