Heartbleed Results in £100,000 fine and WannaCry Hits Japan

Heartbleed Results in £100,000 fine and WannaCry Hits Japan

The patch for CVE-2014-0160, better known as Heartbleed, has been available since 2014, however some applications continue to include vulnerable versions of OpenSSL (versions 1.0.1-1.0.1f), making Heartbleed still one of the most dangerous vulnerabilities in the wild, as one local authority in the UK learned.

In other cybersecurity and open source news: Honda shuts down a car plant due to WannaCry. The potential risks of open source are broader than just license compliance. Girl Scouts to offer cybersecurity badges. And even restaurants aren’t safe from malware.

Honda Halts Japan Car Plant After WannaCry Virus Hits Computer Network

via Reuters: Honda discovered on Sunday that the virus had affected networks across Japan, North America, Europe, China and other regions, a spokeswoman said, despite efforts to secure its systems in mid-May when the virus caused widespread disruption at plants, hospitals and shops worldwide.

GDPR, OpenSSL, Heartbleed and a Cascade of Security Breaches

via Black Duck blog (Fred Bals): Even though Heartbleed was discovered over three years ago, and IT staff at the council flagged the need to update the software, a patch issued for the software was never applied. Gloucester City Council “did not have sufficient processes in place to ensure its systems had been updated while changes to suppliers were made,” said the entity imposing the £100,000 fine, UK's Information Commissioner's Office (ICO).

Find out what's hidden in your code - try Security Checker today.

Hackers, Beware! Girl Scouts To Offer Cybersecurity Badges

via USA TODAY: Girl Scouts of the USA and Palo Alto Networks have announced a collaboration to introduce a series of 18 cybersecurity badges for girls K-12. The badges, which will help Scouts explore opportunities in STEM (science, technology, engineering and math) while building leadership skills, will be available to earn beginning in September 2018.

Why The Last Thing Open Source Needs Is More Corporate Oversight

via TechRepublic: According to a new Black Duck survey, developers can't get enough of open source, ramping up open source adoption by 60% last year. Why the uptick? A whopping 84% cited superior cost savings, ease-of-access, and no vendor lock-in.

3 Examples of Why Permissive Licenses Deserve a Little Respect 

via Black Duck blog (Phil Odence): To the extent that tech companies manage open source risks, their primary focus tends to be on reciprocal licenses and the GPL in particular. As I've discussed earlier, the potential risks of open source are broader than just license compliance. Additionally, there are other licenses to consider beyond the GPL. Even permissive licenses deserve a little respect.

Black Duck Selected as a 2017 US-Ireland Top 50 Company

viaTechBuzzIreland: Black Duck Software has been named a US-Ireland Top 50 Company by The Irish Echo, the USA’s largest and most widely read Irish American weekly. Black Duck was presented with the award honoring 50 major companies with operations in the US and Ireland during the New York/New Belfast Investment Conference at Pier A, Harbor House in New York City.

Fileless Malware Targeting US Restaurants Went Undetected by Most AV

via Ars Technica: Researchers have detected a brazen attack on restaurants across the United States that uses a relatively new technique to keep its malware undetected by virtually all antivirus products on the market.

A Cyberattack ‘the World Isn’t Ready For’

via NY Times: “I don’t pursue every attacker, just the ones that piss me off. This pissed me off and, more importantly, it pissed my wife off, which is the real litmus test.”
Sorry we missed you! We close comments for older posts, but we still want to hear from you. Tweet @black_duck_sw to continue the discussion.


Equifax, Apache Struts, & CVE-2017-5638 Vulnerability

| Sep 15, 2017

It’s an all Equifax breach/Apache Struts/ CVE-2017-5638 issue of Open Source Insight this week as we examine how an unpatched open source flaw and an apparent lack of diligence exposed sensitive data for over 140 million US consumers. We look at what happened, how you can see if you’ve been

| MORE >

CVE–2017-9805, Equifax Breach & Wacky Open Source Licenses

| Sep 8, 2017

Our vulnerability of the week is CVE-2017-9805, which resides in Apache Struts’ REST plugin, a must-have in almost all Struts enterprise deployments. Attackers can exploit the bug via HTTP requests or via any other socket connection, with a public exploit published on Thursday. Happily, on Monday

| MORE >

Securing Software Stacks, Election Security, FDA Pacemaker Recall

| Sep 1, 2017

News is slight as the US prepares to bore into the Labor Day weekend and the unofficial end of Summer 2017. Yet our crack staff of editors has scoured the Webbernets to produce the best in cybersecurity and open source security news for your reading pleasure. Enjoy, and if you celebrate Labor Day,

| MORE >