Search results for: software

Inside Secure debuts software-only solution for HDCP 2.3

Inside Secure now offers the software-only High-Bandwidth Digital Content Protection (HDCP) 2.3 solution. HDCP is a method of protecting digital entertainment content such has HD movies, pay-per-view TV or music on home and personal networks including devices such as PCs, tablets, smartphones and gaming devices. This new solution provides a simplified and secure approach to anti-piracy efforts and eliminates the need for today’s most popular content providers to store encryption keys or HDCP specs on … More


Most popular home routers lack basic software security features

It’s no secret that too many Internet of Things devices lack adequate security. But is it too much to expect that out home routers – the devices that “provide” us with a working Internet connection – implement the most basic software security hardening features? Apparently, it is, even though some of them are easy to adopt, have no downsides, and are standard practices in the desktop and mobile software markets. The analysis Parker Thompson and … More

bug bounties

EU launches bug bounties on free and open source software

After setting up a bug bounty program for VLC Media Player in late 2017, the European Commission (EC) has announced the launch of 14 new ones that will cover other free and open source software used by European Union institutions. The list of target software is as follows: Filezilla (FTP app) Apache Kafka (stream-processing software platform) Notepad++ (text/source code editor) PuTTY (terminal emulator, network file transfer app) VLC Media Player FLUX TL (the Transportation Layer … More

OPAQ awarded patent for software-defined network segmentation

OPAQ has received a patent from the United States Patent & Trademark Office for its software-defined network segmentation technology that monitors connection requests on endpoint devices and enforces security policies to prevent lateral attacks on corporate networks (Patent # 10,122,760). The patented approach is part of the OPAQ Cloud, a platform-as-a-service that enables managed service providers to deliver Fortune 100-grade security to midsize enterprises. With this technology, OPAQ can offer enforcement of security policies at … More

Pliz PNOZmulti Configurator

Vulnerability discovered in safety controller configuration software

Gjoko Krstic, an Applied Risk researcher, has discovered a vulnerability in Pilz PNOZmulti Configurator software that allows a local attacker to read sensitive data in clear-text. The software is used to configure safety controllers, providing the user with the ability to modify elements such as IP addresses, download and upload project files and run other setup functions. The tool can be found on engineering workstations which are used to configure safety controllers. The software is … More

Software AG Cloud offers open suite of cloud services

Software AG unveiled its next-generation Software AG Cloud, an open, enterprise-grade cloud platform for building, testing, deploying and managing everything from simple apps to complex, cloud-enabled enterprise and IoT applications. Software AG Cloud is a one-stop shop for “all things cloud” and provides customers and partners with subscription-based access to Software AG’s enterprise applications and middleware technology. Dr. Wolfram Jost, Chief Technology Officer, Software AG noted: “Software AG Cloud is a reliable and scalable cloud … More


For recent big data software vulnerabilities, botnets and coin mining are just the beginning

The phrase “with great power comes great responsibility” was excellent advice when Ben Parker said it to his nephew Peter, aka Spiderman. It is even more applicable to any organization using open source software to manage their big data analysis. This is especially true since, in 2018, significant vulnerabilities were identified and disclosed for both Hadoop and Spark, allowing unauthenticated remote code execution via their REST APIs. Many enterprises have adopted big data processing components … More


High risk vulnerability discovered in Sauter CASE Suite building automation software

Applied Risk researcher, Gjoko Krstic, has identified a security vulnerability in the Sauter CASE Suite, a software package used to handle building automation projects with energy-efficient strategies and methods. The Sauter CASE Suite is a building management software that is used for project engineering and control functions of building management systems within both office and industrial environments. The application suffers from an XML External Entity (XXE) vulnerability, which can be used to cause a Denial … More

Test IO introduces Bug Fix Confirmation, leveraging network of software testers to verify bug fixes

Test IO released a new product to help software teams verify that bugs are fixed in real-world conditions before software is released. Bug Fix Confirmation leverages test IO’s network of software testers to ensure that identified bugs are fixed so software releases go out on schedule. Verifying resolution of bugs is a standard step in the software development cycle and a bottleneck in release processes. It is troublesome for companies whose development teams have prioritized … More

IKARUS Security Software partners with PolySwarm to advance early malware detection

PolySwarm partners with IKARUS Security Software to advance its early malware detection capabilities. IKARUS will assist PolySwarm in its efforts to expand its network of antivirus vendors and developers by uploading IKARUS’ engine into Polyswarm’s marketplace. “The way PolySwarm compensates security companies for successfully detecting potential threats will pave the way to a new era in threat detection,” said Mario Bono, head of the malware lab at IKARUS. “The ability to access a vast stream … More

LookingGlass Cyber Solutions software platform manages third party cyber risks

LookingGlass Cyber Solutions released its Third Party Risk Monitoring offering. Built on the ScoutPrime platform, the LookingGlass subscription service offering leverages the threat data along with a team of expert security and intelligence analysts to mitigate risks, provide visibility into potential vendor exposure, and reduce time to action with negligible false positives. Beyond the digitized walls of every company is a world of vendors, suppliers, providers, and subsidiaries, all connected to a company’s network or … More

First release of StarlingX open source edge cloud software now available

StarlingX — the open source edge computing and IoT cloud platform optimized for low latency and high performance applications — is available in its first release. The project was established in May as a pilot project supported by the OpenStack Foundation (OSF) and builds on code contributed by Wind River and Intel Corporation. StarlingX delivers services to help fill the gaps in the open source edge cloud ecosystem to meet requirements of edge use cases … More