Should you trust your security software?

The complaint that security is broken isn’t new and even industry insiders are joining the chorus. Companies spent an estimated $75 billion last year on security products and yet cyber attacks and data breaches are still a common occurrence. Now, we’re finding that security tools themselves have vulnerabilities that are putting organizations at risk. Given that vulnerabilities in software are the root cause of most attacks and security tools are inherently intrusive in order to … More

GM recalls 3.6 million cars due to potentially fatal software defect

Last Friday, General Motors has announced that the owners of some 3.64 million of its vehicles will have to come in for a re-flash of their sensing and diagnostic module (SDM) software. Apparently, a software bug tied to the diagnostic “oscillation test” routine in the SDM software makes it so that frontal airbags and seat belt pretensioners will not deploy “in certain rare circumstances when a crash is preceded by a specific event impacting vehicle … More

Micro Focus merger with HPE’s Software Business Segment worth $8.8 billion

Micro Focus announced today its intent to merge with HPE’s Software Business Segment in a transaction valued at approximately $8.8 billion. The merger is subject to customary closing conditions, including anti-trust clearances and shareholder approval and is expected to close in Q3 2017. The proposed merger brings together two well established enterprise software vendors with highly complementary portfolios. With revenues of approximately $4.5 billion, it creates one of the world’s largest pure-play infrastructure software companies … More

Beware of browser hijacker that comes bundled with legitimate software

Lavians, a “small software vendor team,” is packaging its offerings with a variant of browser-hijacking malware Bing.vc. The company sells and offers for free different types of software (drivers and other kinds of utilities) on their own website, but also on popular download sites. Unfortunately, most of them come bundled with the aforementioned malware, which installs itself into Internet Explorer, Firefox, and Chrome without the user’s consent. Ad-injectors and browser hijackers are definitely a nuisance, … More

ThreadFix: Software vulnerability aggregation and management system

ThreadFix is a software vulnerability aggregation and management system that helps organizations aggregate vulnerability data, generate virtual patches, and interact with software defect tracking systems. A view of the application portfolio Application security programs tend to involve a number of technologies and activities, and application security teams struggle managing these testing activities and all the data they are generating. “We built ThreadFix so that application security teams can create a consolidated view of their applications … More

Global security software market up 3.7% in 2015

Worldwide security software revenue totaled $22.1 billion in 2015, a 3.7 percent increase in from 2014, according to Gartner. SIEM remained the fastest-growing segment in 2015, with 15.8 percent growth, while consumer security software showed the sharpest decline at 5.9 percent year on year. In 2015, the top five vendors together accounted for 37.6 percent of the security software revenue market share, down 3.1 percentage points from 2014. These vendors also displayed a collective decline … More

How MDM software exposes your personal data

Bitglass tracked the personal mobile devices of several willing employee volunteers with mobile device management (MDM) software to understand how MDM could be misused and to assess the true extent of access employers have to personal data and user behavior. Researchers configured the MDM software to route mobile data traffic through a corporate proxy and installed corporate-issued certificates on employee devices to decrypt SSL traffic. This, a common configuration in enterprise MDM deployments for inspecting … More

Mozilla will fund code audits for open source software

The Mozilla Foundation has set up the Secure Open Source (SOS) Fund, whose aim is to help open source software projects get rid their code of vulnerabilities. “The Fund is part of the Mozilla Open Source Support program (MOSS) and has been allocated $500,000 in initial funding, which will cover audits of some widely-used open source libraries and programs,” Chris Riley, Mozilla’s Head of Public Policy, explained. “But we hope this is only the beginning. … More

It takes 248 days for IT businesses to fix their software vulnerabilities

Compiled using data collected from tens of thousands of websites, a new WhiteHat Security report reveals that the majority of web applications exhibit, on average, two or more serious vulnerabilities per application for every industry at any given point in time. The report’s findings are based on the aggregated vulnerability scanning and remediation data from web applications that use the WhiteHat Sentinel service for application security testing. The research shows that no industry has mastered … More

Improving software security through a data-driven security model

The current software security models, policies, mechanisms, and means of assurance are a relic of the times when software began being developed, and have not evolved along with it, says Google researcher Úlfar Erlingsson. Practical security of computer users has, therefore, worsened, even as a plethora of computer security mechanisms have been introduced time and time again. Erlingsson proposes a new data-driven software security model to improve user and system security. “When deciding whether software … More