HBO, Voting Machines & Car Washes Hacked & Black Hat / DEFCON News

Blog-Aug 4.jpg

While there’s been plenty of attention focused on possible hacks with vehicles, a group of security researchers recently found vulnerabilities in internet-connected, drive-through car washes. Voting machines are hacked in less than 90 minutes at DEFCON. Is Shodan the world’s scariest search engine? How did HBO get hacked? And Black Duck reports record revenue and record revenue growth for the first half of 2017.

All that and more cybersecurity and open source security news in this week’s edition of Open Source Insight.

Open Source Is Powering the Digital Enterprise

via CIO: This drive to meet business needs for innovation has in-part led to a surge in the adoption of enterprise-grade open source technology. A 2016 survey by North Bridge & Black Duck on the “Future of Open Source” reported respondents see open source “as an engine for innovation, with 90% reporting they rely on open source for improved efficiency, innovation and interoperability.”

You Now Have a Legitimate Reason to Fear Car Washes

via According to the researchers, hackers are able to remotely take control of car wash systems and physically attack vehicles. They can, for example, open and close the bay doors on a car wash, trapping vehicles inside, or strike them with the doors, damaging them and possibly injuring occupants inside the vehicles.

Read More About the Internet of Things

Black Duck Reports Record Revenues and Revenue Growth As Well As Significant Increase in New Customers for First Half of 2017

via Black Duck Software: The company said new and add-on revenue from subscriptions to Black Duck Hub, its flagship open source security solution, grew by 77 percent in the first half of 2017 and subscription renewal rates for Hub were in the mid-90-percent range.

Black Duck had a 64 percent increase in new customers during 2016, and the company said it nearly matched the 2016 new-customer total in the first half of 2017. Notable customers added to the portfolio since January include HPE, Carbon Black, Exact Group BV, and Copper Leaf.

CEO Lou Shipley said the company expects overall revenue growth for 2017 will exceed 30 percent in 2017, up 50 percent from 2016.

To Fix Voting Machines, Hackers Tear Them Apart

via WIRED: Over three days, attendees probed, deconstructed and, yes, even broke the equipment in an effort to understand how it works and how it could be compromised by attackers. Their findings were impressive, but more importantly, they represented a first step toward familiarizing the security community with voting machines and creating momentum for developing necessary defenses.

To Protect Voting, Use Open-Source Software

via New York Times: The National Association of Voting Officials is leading a movement to encourage election officials to stop the purchase of insecure systems and begin to use software based on open-source systems that can guard our votes against manipulation. But there’s resistance to this obvious solution. Microsoft and companies that bob along in its wake don’t want their proprietary voting systems replaced by open-source software balloting systems, have aggressively lobbied against them.

3 Key Cybersecurity Trends and Takeaways From Black Hat and DEFCON 2017

via GeekWire: IoT insecurity was the biggest theme from this year’s DEF CON and Black Hat conferences. Researchers at both shows gave many talks about IoT security problems, or about hardware and software hacking techniques related to IoT.

The Hacker Search Engine “Shodan” Is The World’s Scariest Search Engine

via Tech Worm: It is surprising what people have found on Shodan – from traffic lights, security cameras, home automation devices and heating systems to control systems for a water park, a gas station and even located command and control systems for nuclear power plants. While its abilities might awe you right now, it also shows how little security is enabled in such devices. A quick search of the term “default password” will direct you to printers, servers and other devices that use “admin” as their username and “1234” as their password. Imagine finding and accessing your own machine in one such search to realize the seriousness of the problem.

Why Is There No Silver Bullet In Cybersecurity?

via Forbes: In the past two years, companies all over the world spent $157 billion on information security products. For comparison, the total expenses of the state government of New York amounted to $150.7 billion in 2016.

How Did HBO Get Hacked? A Cyber Security Expert Has Two Theories

via Digital Trends: Hackers recently absconded with 1.5 terabytes of data from HBO, and have since leaked unaired episodes of Ballers, Room 104, andGame of Thrones. HBO says it has been looking into the hack since it was discovered, but few conclusive details are known. So Digital Trends sought answers; we asked a cybersecurity expert exactly how the HBO hack could have happened.

OTA Updates Driving Connected Car Revolution?

via Black Duck blog (Rob Hawkins): Minimizing recalls, which overall totaled more than $900M for General Motors (GM) alone in 2016, would be a significant cost saving opportunity. One remedy for software related recalls is Over the Air (OTA) updates, which would eliminate the need to bring vehicles into dealerships for software updates and allow data driven improvements to minimize maintenance. According to IHS Markit, OTA updates could save the global automotive industry more than $35B by 2022.

Q&A with Black Duck’s Mike Pittenger on Risk-Ranking Open Source Vulnerabilities

via Black Duck Blog (Haidee LeClair): Earlier this year VP of Security Strategy Mike Pittenger presented a webinar on risk-ranking open source vulnerabilities, and how that process can increase security effectiveness while maintaining developers' agility. During the webinar Mike got some great questions that I followed up on to share the answers with you.
Sorry we missed you! We close comments for older posts, but we still want to hear from you. Tweet @black_duck_sw to continue the discussion.


Paraskevidekatriaphobia, Web APIs, Jeep Hacking, More Equifax Woes

| Oct 13, 2017

On this Friday the 13th, the paraskevidekatriaphobia edition of Open Source Insight delves into scary software exploits like jeep hacking and data breaches. October is Cybersecurity Awareness Month, but how aware and cybersecure are the businesses holding our personal data? Black Duck joins forces

| MORE >

GDPR Best Practices, Struts RCE Vulns, SAST, DAST & Equifax

| Oct 6, 2017

COSRI research director Chris Fearon makes the case that Equifax was either unaware of or slow to respond to reports of known critical vulnerabilities in their system, and as a result had not upgraded to safer versions. That opinion was later proven out by Congressional hearings into the breach,

| MORE >

Did SAST and DAST Fail Equifax?

| Oct 4, 2017

On March 8, 2017, the U.S. Department of Homeland Security, Computer Emergency Readiness Team (“U.S. CERT”) sent Equifax and many others a notice of the need to patch a particular vulnerability in certain versions of software…. Equifax used that software, which is called “Apache Struts,” in its

| MORE >