Malware posing as Siemens PLC software is hitting industrial environments

What kind of malware is hitting industrial control systems, and how worried should we and the operators of theses systems actually be? These are question that Ben Miller, Director of the Dragos Threat Operations Center, has took it upon himself to answer, by sifting through data regarding ICS incidents collected over the last 13+ years and available from public datasets. The results of the analysis Miller’s analysis revealed that targeted ICS intrusions are rare. But, … More

Software development teams embrace DevSecOps automation

Mature development organizations ensure automated security is woven into their DevOps practice, early, everywhere, and at scale, according to Sonatype. The adoption of DevOps around the world is evidenced by 67% of survey respondents describing their practices as very mature or of improving maturity. Where traditional development and operations teams see security teams and policies slowing them down (47%), DevOps teams have discovered new ways to integrate security at the speed of development. Only 28% … More

Week in review: WhatsApp flaw, lip motion passwords, reinventing software patching

Here’s an overview of some of last week’s most interesting news, podcasts and articles: Vulnerability in WhatsApp and Telegram allowed complete account takeover The vulnerability allows an attacker to send the victim malicious code, hidden within an innocent looking image. As soon as the user clicks on the image, the attacker can gain full access to the victim’s WhatsApp or Telegram storage data, thus giving full access to the victim’s account. Leaked: Personal info on … More

Reinventing software patching, curing big security holes

Today’s security updates are too big, too risky and too late. It is common for enterprises to thoroughly test security updates and install them several months after they have been released, which leaves them open to inexpensive attacks. In this podcast recorded at BSidesLjubljana 0x7E1, Mitja Kolsek, CEO of Acros Security and co-founder at 0patch, illustrates how this problem is getting a solution: micropatching – hot patching in a microsurgical manner, with patches so tiny … More

IoT goods, software and digital services to be evaluated for privacy and security

Consumer Reports, a US non-profit group whose extensive reviews of consumer goods have helped the public make informed and better choices for many decades, has announced that it will start evaluating products and services for privacy and data security. “We think it’s unfair and unrealistic to expect consumers to constantly play defense when the products and services they use aren’t engineered with basic privacy and security protections built in,” the group noted. Why an IoT … More

New macOS ransomware masquerades as software cracking tools

New crypto ransomware dubbed Filecoder (aka Findzip) is stalking macOS users, ESET researchers warn. Masquerading as an application for cracking/patching legal copies of Adobe Premiere Pro and Microsoft Office for Mac (and possibly other pricy software), the malware is distributed via BitTorrent distribution sites. Not a masterpiece, but still destructive Users who download a ZIP file (application bundle) containing the ransomware and run it, will be faced with a window and a “Start” button which … More

RansomFree protection software gets key upgrades

Today, at RSA Conference 2017 in San Francisco, Cybereason launched the latest version of RansomFree, the free, anti-ransomware protection software, which works on PCs running Windows 7, 8 and 10, Windows 2010 R2 and Windows 2008 R2. Designed for use by consumers and small businesses, RansomFree detects and stops more than 99 percent of ransomware variants from encrypting files. Cybereason also announced that more than 100,000 installations of RansomFree have taken place since the … More

Redefining the role of security in software development

Software is becoming increasingly important for market success, driving an ever greater need for speed in the development process. The rapid adoption of DevOps is testimony to this shift, with agile development no longer making the grade for many companies. Accelerating time-to-market is of increasing importance for developers, with over a quarter of British and German development operations managers stating that meeting budget and delivery schedules is their top concern in a recent survey conducted … More

Zcash mining software covertly installed on victims’ machines

Software “mining” the recently established Zcash (ZEC) cryptocurrency is being foisted upon unsuspecting users, Kaspersky Lab warns. The actual software is not illegal, and not technically malware – it is meant to be used by individuals who are willing to dedicate their machine(s) and pay for the increased electricity usage that accompanies cryptocurrency mining. Unfortunately, there are unscrupulous individuals looking to get the coins without the cost, and they have been installing the software on … More

SMBs will spend $564 billion on IT hardware, software, and services

IDC forecasts SMBs will spend $564 billion on IT hardware, software, and services, including business services, in 2016. This amount is expected to increase at a compound annual growth rate (CAGR) of 4.2%, reaching $668 billion in 2020. “The Third Platform has disrupted traditional IT markets and how large organizations deliver IT services. For SMBs, the result has been largely positive: a stronger ability to compete with larger firms, more easily enter new markets, more … More