Top Picks for Black Hat, GDPR & Open Source Webinar, UN Cybersecurity Report

Top Picks for Black Hat, GDPR & Open Source Webinar, UN Cybersecurity Report

Our vulnerability of the week is CVE-2017-7526, which resides in the Libgcrypt cryptographic library used by GnuPG. Exploiting the vulnerability, security researchers were able to successfully extract the secret RSA-1024 key to decrypt data. Libgcrypt has released a fix for the issue in Libgcrypt version 1.7.8. Debian and Ubuntu have already updated their library with the latest version of Libgcrypt.

On to this week’s open source security and cybersecurity news…

Could Your Medical Device Catch a Cold?

via InfoSecurity Group: Mike Pittenger, Black Duck VP of Security Strategy, looks at the potential risks of unknown and unsecure open source components leading to vulnerabilities in pacemakers and other medical devices and systems.

GDPR and Open Source: Best Practices for Security and Data Protection

Webinar July 25: Dan Hedley, Partner, IT and Commercial from Irwin Mitchell, will provide guidance on the General Data Protection Regulation (GDPR) and why a comprehensive approach to open source security management is essential for GDPR observance. In addition, we’ll review open source management best practices in the context of other industry-specific developments like the Network and Information Services Directive and the Electronic Identification Regulation.

Register Now - Webinar: GDPR and Open Source: Best Practices for Security and Data Protection

UN Report Shows the Whole World Needs a Cybersecurity Upgrade

via Inc.: The Global Cybersecurity Index, a UN report released this week, shows that despite global awareness of the proliferation of cybercrime and cyber-spying, many nations — including some of the world's most developed  suffer from severe deficiencies when it comes to cybersecurity. Furthermore, the study shows, there is a huge range of preparedness when it comes to the cybersecurity capabilities of the world's most powerful nations.

Global Cybersecurity Index (GCI) 2017

via International Telecommunications Union (ITU): The information and communication technologies (ICT) networks, devices and services are increasingly critical for day-to-day life. In 2016, almost half the world used the Internet (3.5 billion users) and according to one estimate, there will be over 12 billion machine-to-machine devices connected to the Internet by 2020. Yet, just as in the real world, the cyber world is exposed to a variety of security threats that can cause immense damage.

Container Security Needs Appropriate Tools

via Security Insider (German): To easily verify container content, you might want to use container scanners, such as those offered by OpenSCAP or Black Duck. Such scans should be used as standard in production environments, and they are perfectly suited to approaches such as DevOps.

Oracle Debuts Three New Open-Source Container Tools

via eWeek: Oracle is expanding its container efforts with the official public debut of three new open-source utilities designed to help improve application container security and performance. The tools include the Smith secure container builder, Crashcart container debugging tool and the Railcar container runtime.

IT Departments Lagging in Preparing for GDPR Privacy Rules: Study

ITPro Windows: The seven-page Spiceworks study, "GDPR: The Impact on IT," revealed that only 40 percent of businesses in the United Kingdom (U.K.) and 28 percent of companies in the rest of the EU have begun to prepare for the GDPR rules, which were designed to streamline and codify uniform data privacy laws across Europe to protect all of the citizens of the EU.

Baidu’s Apollo Platform Becomes the ‘Android of the Autonomous Driving Industry’

via TechCruch: Baidu now claims one of the largest partner ecosystems for an autonomous driving platform in the world: Its Apollo autonomous driving program now counts over 50 partners, including FAW Group, one of the major Chinese carmakers that will work with Baidu on commercialization of the tech. Other partners include Chinese auto companies Chery, Changan and Great Wall Motors, as well as Bosch, Continental, Nvidia, Microsoft Cloud, Velodyne, TomTom, UCAR and Grab Taxi.

Security Researchers' Tops Picks at Black Hat USA 2017

via Black Duck blog (Alex Berg): Black Hat USA 2017 is fast approaching, so we asked our security researchers, Chris Jess and Neil Rankin, which sessions they're excited to attend and why. Black Hat's focus on information security provides great resources to the research and development communities, but the sheer volume of trainings and briefings may be overwhelming. If you're struggling to figure out which talks to attend at Black Hat USA, check out Chris and Neil's selections.

Sorry we missed you! We close comments for older posts, but we still want to hear from you. Tweet @black_duck_sw to continue the discussion.


Devil’s Ivy, Bad Taste, & New SambaCry Vulnerability

| Jul 21, 2017

We have two CVEs of the week this week, CVE-2017-9765, better-known as “Devil’s Ivy,” and CVE-2017-11421, dubbed “Bad Taste” by its discoverer. Devil’s Ivy results in remote code execution, and was found in an open source third-party code library from gSOAP. When exploited, it allows an attacker

| MORE >

Black Duck Teams with Google, Connected Cars, FinTech Compliance

| Jul 14, 2017

Black Duck and Google partner so that open source vulnerability management can be integrated directly with build and deployment activities in the cloud. Connected car news includes BMW adding on to its connected car services; concerns on how code vulnerabilities might lead to driving dangers; and

| MORE >