Topic: vulnerabilities

CA Technologies acquires SourceClear for its DevSecOps portfolio

CA Technologies announced its acquisition of software composition analysis specialists SourceClear early this week with aims to incorporate SourceClear’s SaaS-based SCA tool and proprietary vulnerability database with their Veracode cloud platform. “We are excited about what this acquisition means for our customers in terms of increased support for SCA in DevSecOps environments and the ability … continue reading

SD Times news digest: Netflix bug bounty program, InfluxData’s Apache Arrow support, and GitHub’s security alerts

Netflix is launching a public bug bounty program in order to improve the security of their solutions as well as strengthen their relationship with the security community. The program will be available through Bugcrowd. “Netflix’s goal is to deliver joy to our 117+ million members around the world, and it’s the security team’s job to … continue reading

Synopsys acquires Black Duck Software

Synopsys officially announced the acquisition of Black Duck Software this week. The companies first entered into an agreement that would enable Synopsys to acquire Black Duck early last month. According to Synopsys, the acquisition of Black Duck will help provide its customers with visibility into open source software. Black Duck provides automated solutions that detect … continue reading

Report: The top 8 emerging technology domains, and their threats

With great technology comes great risks. As new technology continues to emerge in this digital day and age, Carnegie Mellon University’s Software Engineering Institute (SEI) is taking a deeper look on the impact they will have. The institute has released its 2017 Emerging Technology Domains Risk report detailing future threats and vulnerabilities. “To support the … continue reading

Researchers: SAP Point-of-Sale systems vulnerable to attack

There are many ways hackers can exploit vulnerabilities to get the information they want. Flaws in Point-of-Sale (PoS) systems is on this list, and ERPScan researchers recently found that PoS software distributed by German vendor SAP is missing crucial checks that leave it vulnerable to unauthorized access and modification. A video demonstration by the research team shows a … continue reading

bug, pexels

Bugcrowd’s secret $250K bug bounty, Kony AppPlatform V8, and Git v2.14 — SD Times news digest: August 8, 2017

Bugcrowd is launching a bug bounty program for a secret customer, and the reward is the highest payout on the market today, in line with Microsoft’s recently increased max bug bounty payout of $250,000. The payout for this secret customer is $250,000, and according to the CEO of Bugcrowd, Casey Ellis, “High rewards like this … continue reading

Have I been Pwned? PyTorch v0.2.0, and new vulnerability data from Netsparker — SD Times news digest: August 7, 2017

Troy Hunt, a Microsoft regional director and security guru, released 320 million freely downloadable “Pwned Passwords” to shed light on how many real-world passwords have been exposed in data breaches. The service was created after NIST released guidance recommending that user-provided passwords be checked against existing data breaches. “My hope is that an easily accessible … continue reading

U.S. legislation for IoT vulnerabilities, Realm Academy, and Facebook’s video chat device — SD Times news digest: August 2, 2017

This week, a bipartisan group of U.S. senators announced plans to introduce legislation addressing vulnerabilities in IoT devices, which experts say is a threat to global security, according to a Reuters report. According to the report, the bill would require IoT vendors to provide their internet-connected equipment to the government as a way to make sure products … continue reading

Synopsys calls for removal, replacement of OWASP Top 10-A7

This year, the Open Web Application Security Project (OWASP) released its Top 10 2017 project for public review. There were two vulnerability updates to this year’s 14th release of OWASP, and although they were added to raise awareness on security risks in applications, one company is calling a movement for removal and replacement of one … continue reading

What is the WannaCry ransomware, and why should organizations be concerned?

There’s a new ransomware attack that has affected several organizations globally, and although it’s slow-moving, security experts are urging companies to keep their antivirus programs up-to-date, as well as their software. The ransomware — dubbed WannaCry (WanaCrypt0r 2.0/WCry) — has hit Britain’s National Health Service, some of Spain’s big companies, and has spread across Russia, … continue reading

OWASP adds unprotected APIs, insufficient attack protection to Top Ten 2017 release

The Open Web Application Security Project (OWASP) released its Top 10 2017 project for public comment. This is the 14th year OWASP is raising awareness of security risks with its list, and it contains two major vulnerability updates, example attack scenarios, and a list of free and open resources for security-conscious developers. When Jeff Williams, OWASP … continue reading

Apple iOS 10.3: APFS implementation, developer improvements, and security updates

Apple has announced iOS 10.3 with the highly requested “Find my AirPods” feature, new Apple File System (APFS) implementation, and a number of developer improvements. Other enhancements include bug fixes and touch ID authentication for its Numbers, Pages, and Keynote productivity apps. The latest version of the mobile operating system went through seven beta versions … continue reading

HTML Snippets Powered By : XYZScripts.com

Get access to this and other exclusive articles for FREE!

There's no charge and it only takes a few seconds.

Sign up now!