Black Hat Picks, GDPR/Open Source Webinar, UN Cybersecurity

Top Picks for Black Hat, GDPR & Open Source Webinar, UN Cybersecurity Report

Our vulnerability of the week is CVE-2017-7526, which resides in the Libgcrypt cryptographic library used by GnuPG. Exploiting the vulnerability, security researchers were able to successfully extract the secret RSA-1024 key to decrypt data. Libgcrypt has released a fix for the issue in Libgcrypt version 1.7.8. Debian and Ubuntu have already updated their library with the latest version of Libgcrypt.

On to this week’s open source security and cybersecurity news…

Could Your Medical Device Catch a Cold?

via InfoSecurity Group: Mike Pittenger, Black Duck VP of Security Strategy, looks at the potential risks of unknown and unsecure open source components leading to vulnerabilities in pacemakers and other medical devices and systems.

GDPR and Open Source: Best Practices for Security and Data Protection

Webinar July 25: Dan Hedley, Partner, IT and Commercial from Irwin Mitchell, will provide guidance on the General Data Protection Regulation (GDPR) and why a comprehensive approach to open source security management is essential for GDPR observance. In addition, we’ll review open source management best practices in the context of other industry-specific developments like the Network and Information Services Directive and the Electronic Identification Regulation.

Register Now - Webinar: GDPR and Open Source: Best Practices for Security and Data Protection

UN Report Shows the Whole World Needs a Cybersecurity Upgrade

via Inc.: The Global Cybersecurity Index, a UN report released this week, shows that despite global awareness of the proliferation of cybercrime and cyber-spying, many nations — including some of the world's most developed  suffer from severe deficiencies when it comes to cybersecurity. Furthermore, the study shows, there is a huge range of preparedness when it comes to the cybersecurity capabilities of the world's most powerful nations.

Global Cybersecurity Index (GCI) 2017

via International Telecommunications Union (ITU): The information and communication technologies (ICT) networks, devices and services are increasingly critical for day-to-day life. In 2016, almost half the world used the Internet (3.5 billion users) and according to one estimate, there will be over 12 billion machine-to-machine devices connected to the Internet by 2020. Yet, just as in the real world, the cyber world is exposed to a variety of security threats that can cause immense damage.

Container Security Needs Appropriate Tools

via Security Insider (German): To easily verify container content, you might want to use container scanners, such as those offered by OpenSCAP or Black Duck. Such scans should be used as standard in production environments, and they are perfectly suited to approaches such as DevOps.

Oracle Debuts Three New Open-Source Container Tools

via eWeek: Oracle is expanding its container efforts with the official public debut of three new open-source utilities designed to help improve application container security and performance. The tools include the Smith secure container builder, Crashcart container debugging tool and the Railcar container runtime.

IT Departments Lagging in Preparing for GDPR Privacy Rules: Study

ITPro Windows: The seven-page Spiceworks study, "GDPR: The Impact on IT," revealed that only 40 percent of businesses in the United Kingdom (U.K.) and 28 percent of companies in the rest of the EU have begun to prepare for the GDPR rules, which were designed to streamline and codify uniform data privacy laws across Europe to protect all of the citizens of the EU.

Baidu’s Apollo Platform Becomes the ‘Android of the Autonomous Driving Industry’

via TechCruch: Baidu now claims one of the largest partner ecosystems for an autonomous driving platform in the world: Its Apollo autonomous driving program now counts over 50 partners, including FAW Group, one of the major Chinese carmakers that will work with Baidu on commercialization of the tech. Other partners include Chinese auto companies Chery, Changan and Great Wall Motors, as well as Bosch, Continental, Nvidia, Microsoft Cloud, Velodyne, TomTom, UCAR and Grab Taxi.

Security Researchers' Tops Picks at Black Hat USA 2017

via Black Duck blog (Alex Berg): Black Hat USA 2017 is fast approaching, so we asked our security researchers, Chris Jess and Neil Rankin, which sessions they're excited to attend and why. Black Hat's focus on information security provides great resources to the research and development communities, but the sheer volume of trainings and briefings may be overwhelming. If you're struggling to figure out which talks to attend at Black Hat USA, check out Chris and Neil's selections.

Sorry we missed you! We close comments for older posts, but we still want to hear from you. Tweet @black_duck_sw to continue the discussion.


Equifax, Apache Struts, & CVE-2017-5638 Vulnerability

| Sep 15, 2017

It’s an all Equifax breach/Apache Struts/ CVE-2017-5638 issue of Open Source Insight this week as we examine how an unpatched open source flaw and an apparent lack of diligence exposed sensitive data for over 140 million US consumers. We look at what happened, how you can see if you’ve been

| MORE >

CVE–2017-9805, Equifax Breach & Wacky Open Source Licenses

| Sep 8, 2017

Our vulnerability of the week is CVE-2017-9805, which resides in Apache Struts’ REST plugin, a must-have in almost all Struts enterprise deployments. Attackers can exploit the bug via HTTP requests or via any other socket connection, with a public exploit published on Thursday. Happily, on Monday

| MORE >

Securing Software Stacks, Election Security, FDA Pacemaker Recall

| Sep 1, 2017

News is slight as the US prepares to bore into the Labor Day weekend and the unofficial end of Summer 2017. Yet our crack staff of editors has scoured the Webbernets to produce the best in cybersecurity and open source security news for your reading pleasure. Enjoy, and if you celebrate Labor Day,

| MORE >