Securing Software Stacks, Election Security, FDA Pacemaker Recall

Securing Software Stacks, Election Security, FDA Pacemaker Recall

News is slight as the US prepares to bore into the Labor Day weekend and the unofficial end of Summer 2017. Yet our crack staff of editors has scoured the Webbernets to produce the best in cybersecurity and open source security news for your reading pleasure. Enjoy, and if you celebrate Labor Day, have a great holiday weekend!

The Hidden Threat Lurking in an Otherwise Secure Software Stack

via The ServerSide: Summary: Is there a hidden threat buried in your software stack? Is there a hidden threat embedded within your Docker container? It's certainly not a prospect that lives outside of the realm of possibility, especially if you're not 100% sure as to exactly how the various open source components that make up your software stack or your container image were derived. "One of the aspects of open source is that it can be forked," said Tim Mackey, the Technical Evangelist for Black Duck Software.

Open Source Software Won't Ensure Election Security

via LawFare: The technology behind elections is hard to get right. Elections require security. They also require transparency: anyone should be able to observe enough of the election process, from distribution of ballots, to the counting and canvassing of votes, to verify that the reported winners really won. But if people vote on computers or votes are tallied by computers, key steps of the election are not transparent and additional measures are needed to confirm the results.

If Machine Learning is the question, open source is the answer. Right?

 via The Register: from Google’s TensorFlow to Microsoft’s Cognitive Toolkit, the world is awash in open source ML/AI code... none of which seems to be solving the gaping void between AI hype and production deployment reality. By Gartner’s estimates a mere 15 per cent of organisations actually get into production with ML/AI.

FDA Recalls 465K Pacemakers Tied to MedSec Research

 via Threatpost: The United States Federal Drug Administration is recalling 465,000 pacemakers that attackers can gain unauthorized access to issue commands, change settings and maliciously disrupt. Affected are four models manufactured by Abbott Laboratories.

Learn Your 4 Options for Vulnerability Remediation

Three Reasons Why The Cybersecurity Industry May Never Catch Up To Cybercrime

 via Forbes: Is the cybersecurity industry keeping up with cybercrime? Absolutely not. Cyberwarfare is at an all-time high, and cybersecurity is just unable—unequipped—to keep up. We’re seeing a convergence of three major vectors—devices, data, and a shortage of talent—coming to a head. That’s causing an explosion of what I’ll refer to as “cybercrime opportunity.” 

Firmware Update to Address Cybersecurity Vulnerabilities Identified in Abbott's (formerly St. Jude Medical's) Implantable Cardiac Pacemakers: FDA Safety Communication

 via FDA: On August 23, 2017, the FDA approved a firmware update that is now available and is intended as a recall, specifically a corrective action,  to reduce the risk of patient harm due to potential exploitation of cybersecurity vulnerabilities for certain Abbott (formerly St. Jude Medical) pacemakers. "Firmware" is a specific type of software embedded in the hardware of a medical device (e.g. a component in the pacemaker).

What Software Teams Can Learn from Building Radar Detectors

via Black Duck blog (Mike Pittenger): Twenty years ago, a software parts list would have seemed ludicrous. All software was built from scratch, and every code base was unique. Today, however, a software bill of materials is critical to organizations, for many of the same reasons they are required in radar detectors.

0 Comments
Sorry we missed you! We close comments for older posts, but we still want to hear from you. Tweet @black_duck_sw to continue the discussion.
0 Comments

MORE BY THIS AUTHOR

Equifax, Apache Struts, & CVE-2017-5638 Vulnerability

| Sep 15, 2017

It’s an all Equifax breach/Apache Struts/ CVE-2017-5638 issue of Open Source Insight this week as we examine how an unpatched open source flaw and an apparent lack of diligence exposed sensitive data for over 140 million US consumers. We look at what happened, how you can see if you’ve been

| MORE >

CVE–2017-9805, Equifax Breach & Wacky Open Source Licenses

| Sep 8, 2017

Our vulnerability of the week is CVE-2017-9805, which resides in Apache Struts’ REST plugin, a must-have in almost all Struts enterprise deployments. Attackers can exploit the bug via HTTP requests or via any other socket connection, with a public exploit published on Thursday. Happily, on Monday

| MORE >