UK Financial Institutions Can’t Bank on Security

Earlier this week, the Bank of England warned the UK financial sector that they are unprepared for cyber-attacks with a spokesperson stating that a major attack would disrupt “everyday” life. As a portion of any country’s critical infrastructure, the financial sector is a target for cyber-criminals and terrorists.

The financial sector boasts some of the most mature security programs in the business world, yet gaps that an attacker can exploit still remain. Vulnerabilities in mobile or web applications used and purchased by financial institutions pose a threat to financial service organizations’ infrastructure.

What the Bell Canada Breach Tells us About Legacy Sites and Third-Party Risk

We’re only a fraction of the way into 2014 and the data breach headlines keep coming. The latest in the list of cyber-attack casualties is Bell Canada, which was affected by a breach that impacted tens of thousands of its customers. On February 2nd, Bell Canada confirmed it had been hacked by hacktivist group “NullCrew”.

From a security perspective, it was interesting to note that the hackers did not have to rely on sophisticated, cutting-edge attacks to extract sensitive customer data.

Cybercriminals Aimed at Supply Chain to Reach Their True “Target”

So far the Target breach has caused 15.3 million credit cards to be reissued, costing millions of dollars to credit card companies. The full scope of the breach is not yet fully understood or known, but new details are coming out almost daily. For example, an article in the Wall Street Journal recently disclosed that the cyber-criminals were able to access Target’s systems through a third-party. There has been very little discussion regarding who the vendor is; instead it is Target’s name that is being discussed in relation to one of the largest tech breaches ever.

Flightless Birds and The Future Of Critical Infrastructure

The world of industrial control systems has been an island unto itself -but no more. The question now is whether the environment can adapt before real damage is done.

Two weeks ago, I had the privilege to attend The S4 Conference, one of the world’s premiere gatherings of experts in the security and integrity of industrial control and SCADA (supervisory control and data acquisition) systems. This is the technology that runs everything from assembly lines to natural gas pipelines to nuclear power plants. I had Dodos on the brain the whole time.

Strategies for Rapid Adoption of a Security Programme within a Large Enterprise

A large-scale deployment of the Veracode static code analysis tool across a large enterprise presents a number of unique challenges such as understanding your application estate, prioritising your applications for scanning, and communicating with your application owners. This blog post provides some guidance based on my experience at delivering several hundred scanned applications in a 14-month time frame.

How Angry is That Bird?

The news regarding the NSA and its British counterpart discussed how the Angry Birds app was targeted as a means to collect personal information about app users. Presumably the agencies were collecting data that the app was already accessing as part of its normal operations. What data is being accessed and should it concern us?

We performed a behavioral analysis on Angry Birds for Android with our mobile application reputation service. Here’s what we found.

6 Ways to Become a More Secure Developer in 2014

Every December security companies pull out their list of predictions for the coming year. These predictions are generally bland, and either cite the specific problem the company addresses as the big trend for the next year, or recycles predictions from previous years.

Rather than add to the noise, the Security Research Team at Veracode created a list of resolutions for 2014 that developers could use to help make their code more secure.

Cross-Site Request Forgery Attacks and Prevention Methods

Ranked at number eight on the 2013 OWASP Top Ten, Cross Site Request Forgery (CSRF) remains a major concern. CSRF manipulates a web application vulnerability which allows an attacker to trick the end user into performing unwanted and possibly sensitive actions.

Mobile Myth: iOS is Safer Than Android

It’s easy to be lulled into a false sense of security when you’re using an iphone, but is iOS really the better smartphone operating system when it comes to malware?

According to F-Secure Labs’ latest Mobile Threat Report, malware authors continue to concentrate on the Android platform with 252 new threat families and variant families.  The report also shows that 81% of discovered threats are profit motivated. So what does this mean? Most bad guys are still looking for cash with their malware!

Fake Weather Channel App Serving up Malware

Top weather app in Google Play ‘Weather Channel VDO‘ looks to be serving more than the forecast. Capabilities include accessing device and carrier information, and examining account and file system. This app is performing Trojan like-capabilities, downloading a 466 kB file from an IP address listed as a known virus site. Findings also include an association with known adware.

Learn more about Veracode’s mobile application reputation service.

1 5 6 7 8 9 68