Two Iranians charged with hacking, stealing US missile design software

Two Iranians are accused of hacking of a US software company and the theft of missile design software restricted from export from the US without a license. Mohammed Reza Rezakhah, 39 and Mohammed Saeed Ajily, 35, have been charged with a criminal conspiracy relating to computer fraud and abuse, unauthorized access to, and theft of information from, computers, wire fraud, exporting a defense article without a license, and violating sanctions against Iran. According to the … More

AI technologies will be in almost every new software product by 2020

Market hype and growing interest in artificial intelligence (AI) are pushing established software vendors to introduce AI into their product strategy, creating considerable confusion in the process, according to Gartner. Analysts predict that by 2020, AI technologies will be virtually pervasive in almost every new software product and service. “As AI accelerates up the Hype Cycle, many software providers are looking to stake their claim in the biggest gold rush in recent years,” said Jim … More

DevSecOps: Build a bridge between fast and secure software development

Despite the pervasive belief that security and development teams have conflicting priorities, initiatives such as creating DevOps environments and focusing on product innovation have the two teams aligned toward a common goal of creating secure software. In fact, according to new research conducted by Enterprise Strategy Group (ESG), 58 percent of survey respondents stated their organization is taking a collaborative approach to securing applications. Growing need for DevSecOps The research aims to determine security and … More

Introducing security into software through APIs

Application programming interfaces (APIs) can make life easier for software developers, allowing them to concentrate on what they do best and preventing them from being forced to fiddle with things they know little about. Identity and Access Management APIs APIs are also a great way to implement/enhance the information security aspects of a product. One good example of this are IAM (Identity and Access Management) APIs. “An API receives so much data that it can … More

4 vectors transforming the security software market

The security software market is undergoing a transformation due to four key developments, according to Gartner. The use of advanced analytics, expanded ecosystems, adoption of SaaS and managed services, and the prospect of punitive regulations are causing enterprises to rethink their security and risk management software requirements and investments. “The overall security market is undergoing a period of disruption due to the rapid transition to cloud-based digital business and technology models that are changing how … More

Healthcare industry continues to struggle with software security

67% of medical device manufacturers and 56% of healthcare delivery organizations (HDOs) believe an attack on a medical device built or in use by their organizations is likely to occur over the next 12 months. According to the results of a recent survey, roughly one third of device makers and HDOs are aware of potential adverse effects to patients due to an insecure medical device, but despite the risk only 17 percent of device makers … More

Software security assurance: Everybody’s invited

As more and more things in this world of ours run on software, software security assurance – i.e. confidence that software is free from vulnerabilities (either intentional or not) and functions as intended – is becoming more important than ever. The Software Assurance Forum for Excellence in Code (SAFECode) is a non-profit organization that aims to increase that confidence and the trust users have in information and communications technology products and services. SAFECode’s work to … More

WannaCry is a painful reminder of why enterprises must stay current on software updates

WannaCry is a wake-up call for the excessive numbers of companies needlessly dragging their feet over Windows 10 migrations. Certainly since Friday, we’ve seen an upswing in interest from companies hoping – suddenly – to accelerate the migration process, or automate their patching processes. No doubt about it, the attacks gave a vivid illustration of something we have been saying for some time: stay current on your software updates. By running a very out-of-date operating … More

US intelligence chiefs don’t trust Kaspersky Lab software

The big question in Thursday’s intelligence hearing on worldwide threats before the US Senate Intelligence Committee was whether the Russian government interfered with US elections. The respondents – CIA director Michael Pompeo, NSA director Michael Rogers, Defense Intelligence Agency director Vincent Stewart, Director of National Intelligence Dan Coats, National Geospatial-Intelligence Agency Robert Cardillo, and Acting Director of the FBI Andrew McCabe (who replaced the recently fired James Comey at the head of the Bureau) – … More

Critical RCE flaw in ATM security software found

Researchers from Positive Technologies have unearthed a critical vulnerability (CVE-2017-6968) in Checker ATM Security by Spanish corporate group GMV Innovating Solutions. The software and the flaw Checker ATM Security is a specialized security solution aimed at keeping ATMs safe from logical attacks. It does so by enforcing application whitelisting, full hard disk encryption, providing ACL-based control of process execution and resource access, enforcing security policies, restricting attempts to connect peripheral devices, and so on. The … More