XebiaLabs launches new DevOps risk and compliance capability for software releases

XebiaLabs launched the chain of custody, security and compliance risk assessment tracking for software releases available for enterprise software delivery. Organizations struggle to track application release status information and understand security and compliance risks across many different applications, teams, and environments. When risk assessment, security testing, and compliance checks aren’t built into the Continuous Integration/Continuous Delivery (CI/CD) pipeline, releases fail and cause delays, security vulnerabilities threaten production, and IT governance violations result in expensive fines. … More

Wind River introduces its next-generation software framework for connected and autonomous cars

Wind River released enhancements to the Wind River Chassis portfolio of safe and secure automotive software. The latest updates to the Chassis portfolio include the integration with Wind River Titanium Cloud virtualization software that delivers reliability and latency to support the requirements of the world’s most demanding computing and communications networks. Autonomous driving, like other emerging computing applications, will usher in the need to process high volumes of data at faster speeds while avoiding the … More

Inside Secure debuts software-only solution for HDCP 2.3

Inside Secure now offers the software-only High-Bandwidth Digital Content Protection (HDCP) 2.3 solution. HDCP is a method of protecting digital entertainment content such has HD movies, pay-per-view TV or music on home and personal networks including devices such as PCs, tablets, smartphones and gaming devices. This new solution provides a simplified and secure approach to anti-piracy efforts and eliminates the need for today’s most popular content providers to store encryption keys or HDCP specs on … More

Most popular home routers lack basic software security features

It’s no secret that too many Internet of Things devices lack adequate security. But is it too much to expect that out home routers – the devices that “provide” us with a working Internet connection – implement the most basic software security hardening features? Apparently, it is, even though some of them are easy to adopt, have no downsides, and are standard practices in the desktop and mobile software markets. The analysis Parker Thompson and … More

EU launches bug bounties on free and open source software

After setting up a bug bounty program for VLC Media Player in late 2017, the European Commission (EC) has announced the launch of 14 new ones that will cover other free and open source software used by European Union institutions. The list of target software is as follows: Filezilla (FTP app) Apache Kafka (stream-processing software platform) Notepad++ (text/source code editor) PuTTY (terminal emulator, network file transfer app) VLC Media Player FLUX TL (the Transportation Layer … More

OPAQ awarded patent for software-defined network segmentation

OPAQ has received a patent from the United States Patent & Trademark Office for its software-defined network segmentation technology that monitors connection requests on endpoint devices and enforces security policies to prevent lateral attacks on corporate networks (Patent # 10,122,760). The patented approach is part of the OPAQ Cloud, a platform-as-a-service that enables managed service providers to deliver Fortune 100-grade security to midsize enterprises. With this technology, OPAQ can offer enforcement of security policies at … More

Vulnerability discovered in safety controller configuration software

Gjoko Krstic, an Applied Risk researcher, has discovered a vulnerability in Pilz PNOZmulti Configurator software that allows a local attacker to read sensitive data in clear-text. The software is used to configure safety controllers, providing the user with the ability to modify elements such as IP addresses, download and upload project files and run other setup functions. The tool can be found on engineering workstations which are used to configure safety controllers. The software is … More

Software AG Cloud offers open suite of cloud services

Software AG unveiled its next-generation Software AG Cloud, an open, enterprise-grade cloud platform for building, testing, deploying and managing everything from simple apps to complex, cloud-enabled enterprise and IoT applications. Software AG Cloud is a one-stop shop for “all things cloud” and provides customers and partners with subscription-based access to Software AG’s enterprise applications and middleware technology. Dr. Wolfram Jost, Chief Technology Officer, Software AG noted: “Software AG Cloud is a reliable and scalable cloud … More

For recent big data software vulnerabilities, botnets and coin mining are just the beginning

The phrase “with great power comes great responsibility” was excellent advice when Ben Parker said it to his nephew Peter, aka Spiderman. It is even more applicable to any organization using open source software to manage their big data analysis. This is especially true since, in 2018, significant vulnerabilities were identified and disclosed for both Hadoop and Spark, allowing unauthenticated remote code execution via their REST APIs. Many enterprises have adopted big data processing components … More

High risk vulnerability discovered in Sauter CASE Suite building automation software

Applied Risk researcher, Gjoko Krstic, has identified a security vulnerability in the Sauter CASE Suite, a software package used to handle building automation projects with energy-efficient strategies and methods. The Sauter CASE Suite is a building management software that is used for project engineering and control functions of building management systems within both office and industrial environments. The application suffers from an XML External Entity (XXE) vulnerability, which can be used to cause a Denial … More