Open Source Insight: Securing IoT, Atlanta Ransomware Attack, Congress on Cybersecurity
Download as PPTX, PDF•1 like•956 views
The document discusses recent cybersecurity issues, including the Atlanta ransomware attack and the need for improved security in IoT and automotive devices. It highlights the challenges of securing IoT devices and the significant risks associated with emerging technologies like 5G. The report also emphasizes the ongoing need for cybersecurity awareness and legislative attention from Congress.
Open Source Insight: Securing IoT, Atlanta Ransomware Attack, Congress on Cybersecurity
- 1. Open Source Insight: Securing IoT, Atlanta Ransomware Attack, Congress on Cybersecurity By Fred Bals, Senior Content Strategist
- 2. The Black Duck blog and Open Source Insight become part of the Synopsys Software Integrity blog in early April. You’ll still get the latest open source security and license compliance news, insights, and opinions you’ve come to expect, plus the latest software security trends, news, tips, best practices, and thought leadership every week. Don’t delay, subscribe today! Now on to this week’s open source security and cybersecurity news. Cybersecurity News This Week
- 3. • What you should know about the recent Atlanta ransomware attack • Innovation may be outpacing security in cars • Comment: securing IoT devices before (and after) they ship • Mozilla's radical open-source move helped rewrite rules of tech • Synopsys on source code security sensitivities • Digging deeper into the GitHub security alerts numbers Open Source News Stories
- 4. • Black Duck On-Demand and Synopsys: running the walk • U.K. threatens to force IoT security by design • Report to Congress on cybersecurity • Cybersecurity agency warns of ‘extremely dangerous’ risks of 5G technology • Drupal issues highly critical patch: over 1M sites vulnerable Open Source News Stories
- 5. What you should know about the recent Atlanta ransomware attack via Synopsys Software Integrity: The city of Atlanta has become one of the latest victims of a ransomware attack. The attack is believed to be the result of the SamSam malware that has compromised various healthcare, government, and educational systems over the past several years.
- 6. Innovation may be outpacing security in cars via EE News: As the UK government’s car cybersec guidelines recognize, innovation may be outpacing security in cars. Automotive OEMs therefore need to adopt a security strategy that goes beyond the obvious.
- 7. Comment: securing IoT devices before (and after) they ship via Electronics Weekly: “When it comes to IoT devices, you need to consider a security architecture risk analysis, to find weaknesses that might occur as the result of business logic or component interactions," writes Art Dahnert of Synopsys.
- 8. Mozilla's radical open-source move helped rewrite rules of tech via CNET: A gamble 20 years ago unleashed the source code for the browser that became Firefox. The approach is now core to Facebook, Google and everyone else.
- 9. Synopsys on source code security sensitivities via Computer Weekly: Senior security strategist at Synopsys Taylor Armerding further suggests that a 2016 Forrester Research study commissioned by Synopsys set a baseline example of five hours of work to fix a defect in the coding/development stage. But, he reminds us, finding and fixing that same defect in the final testing phase would take five to seven times longer.
- 10. Digging deeper into the GitHub security alerts numbers via Black Duck blog: The GitHub numbers are interesting; specifically the numbers 450,000 resolved vulnerabilities out of 4,000,000 discovered. We know that the National Vulnerability Database (NVD) doesn’t contain anywhere near that many disclosures, so how are they arriving at that number? GitHub is likely taking the number of vulnerabilities and applying it to all the forks and versions within GitHub using that code. That makes their metric an interesting one, as I said, but masks the real problem — knowing which code has been patched in which fork. Consumers of open source projects may themselves create a fork, and that fork could very easily be outside of GitHub’s visibility.
- 11. via Black Duck blog: As outlined previously, the Synopsys culture is extraordinarily well-aligned with the critical elements of our audit business: Maintaining trust through integrity, being hyper-responsive through execution and leading the market with superior services and tools. And all that with the same passion that drives my team every day. To be fair, those initial impressions were based on Synopsys’s “talking the talk.” However, a few months of “walking the walk” have only reinforced my conviction that we have a great home. Actually, these months have felt more like running the walk! Black Duck On-Demand and Synopsys: running the walk
- 12. via Synopsys Software Integrity: Securing the Internet of Things (IoT) seems like an endless reality version of “Mission Impossible”— really impossible. Many have tried—with lists of best practices and standards, exhortations, and warnings—but none has succeeded. Still, the U.K. government, in a policy paper titled Secure by Design released earlier this month, says it is also going to try, with a 13-point Code of Practice that it will force all IoT stakeholders to follow if they don’t do it voluntarily. U.K. threatens to force IoT security by design
- 13. via USNI News: Cybersecurity has been gaining attention as a national issue for the past decade. During this time, the country has witnessed cyber incidents affecting both public and private sector systems and data. These incidents have included attacks in which data was stolen, altered, or access to it was disrupted or denied. The frequency of these attacks, and their effects on the U.S. economy, national security, and people’s lives have driven cybersecurity issues to the forefront of congressional policy conversations. This report provides an overview of selected cybersecurity concepts and a discussion of cybersecurity issues that are likely to be of interest during the 115th Congress. Report to Congress on cybersecurity
- 14. via EURACTIV: Superfast 5G mobile networks come with “extremely dangerous” cybersecurity risks, the EU cybersecurity agency ENISA has warned. 5G is expected to become available to European consumers by 2025. Cybersecurity agency warns of ‘extremely dangerous’ risks of 5G technology
- 15. via Threatpost: Drupal released a patch for a “highly critical” flaw in versions 6, 7 and 8 of its CMS platform that could allow an attacker to take control of an affected site simply by visiting it. Drupal also warned an unprivileged and untrusted attacker could modify or delete data hosted on affected CMS platforms. Drupal issues highly critical patch: over 1M sites vulnerable