It’s the age-old question: when does convenience undermine security? In the healthcare sector, the answer can literally spell the difference between life and death. As the Internet of Medical Things (IoMT) grows, wireless attacks abound. While not any harder to launch than against traditional IoT devices, these attacks are drastically more high-stakes and can use the Bluetooth and related...

BLE, CANBUS Enhancements, new protocols in beSTORMBeSTORM 13.2 launches a few highly requested enhancements along with several protocol additions. These additions will help expand the implementation of black box fuzzing during application development. International compliance regulations are beginning to require fuzz testing security certification within testing labs on telecommunication and...

What is Chaos Testing?Application chaos testing does its best to counteract Murphy’s Law, where anything that can go wrong will go wrong, and at the worst possible time.Chaos testing and engineering is a proactive test methodology that identifies system errors prone to misuse before they can cause damage and security concerns for an application. This style of testing was developed and made...

Online banking is nearly universal in 2023. No more long lines at the credit union, late-night ATM trips, or waiting for a check to be cashed. Digital banking has revolutionized the financial industry and the way we do business as a whole. However, it has also indelibly increased the risk of cyberattacks, social engineering scams, and online compromise to the financial community. Here are some of...

Black Box Fuzzers Black box fuzzers attack code vulnerabilities the same way a real-world cybercriminal would so you can find code weaknesses before they are exploited. A form of dynamic application security testing (DAST), this tool attacks from outside the application code, using a wide range of malformed or partial code data injections to find unexpected code input errors. This can uncover...

PCI-DSS has long been the standard for securing payment card-related information. Meeting this bar was the bare minimum requirement for showing that an organization had sufficient controls to keep this data secure. With changes to PCI-DSS already being released and required by 2024, organizations developing and running applications to collect or process payment card-related data need to get...

By 2024, it’s predicted there’ll be more than 400 million connected vehicles in use around the world. In Automotive Industries magazine, Aviram Jenik discusses the implications for cybersecurity and looks at how rigorous testing and standard protocols can elevate the safety of these fast-evolving vehicles. Originally published in Automotive Industries. Excerpt:“Industry regulators are meeting the...

What is Black Box Fuzzing and why do you need it?Black box fuzzers attack code vulnerabilities the same way a malicious actor would. Black box fuzzing is a type of dynamic application security testing (DAST) that uses one of the widest ranges of attacks to find unexpected code input errors. The goal is to uncover conditions that can trigger crashes or contribute to new and unknown security...

Keeping your organization protected from web application vulnerabilities doesn't have to be complicated. There are some best secure coding practices that you can follow to ensure that you're protecting your customers and preventing cyber criminals from damaging your company. ...

In the last decade, there have been 633 automotive cybersecurity incidents. Yet, this year at Black Hat, the automobile industry was able to breathe a momentary sigh of relief when a connected vehicle was presented as a hacking challenge, and no one succeeded. This stood in stark contrast to 2015 when researchers demonstrated the real danger of automotive cyber-attacks by hijacking a jeep remotely...

The COVID-19 pandemic left its indelible mark across our society. Our work, recreation, healthcare, and even grocery shopping became remote, digital, and reliant on the internet. The eruption of new apps and Internet of Things (IoT) devices proved a tempting target for cyber attackers; that brought security issues new and old to the fore.IoT Devices are EverywhereIoT device use was expanding even...

Boost Your Security Posture Without Breaking Your BudgetHeadlines scream about a new cyberattack every few days, and organizations worldwide scramble to buff their cybersecurity posture. Welcome to the era of high-stakes hacking, and high-profile breaches. No one wants to be the next big news story, but robust cybersecurity comes at a price.You can do everything with a big enough budget. But that...

According to Juniper Research, 206 million vehicles will have embedded connectivity by 2025 — with 30 million vehicles utilizing 5G connectivity. The connected car now contains units for communication, in-voice assistant, geolocation sensors and cloud-platforms that connect vehicles to mobility services. To ensure that these hyper-connected vehicles remain secure, a standard known as ISO SAE 21434...

In our fast-paced digital world, the pressure is on to release new apps, features and enhancements as quickly and as often as possible. But how do you manage constant code changes without introducing security vulnerabilities?And how do you address the elephant in the room that comes with increased usage of cloud apps in the wake of the disruption caused by COVID-19? New applications open new doors...

When a network or device is compromised, it is critical to respond as quickly as possible in order to minimize the risk to your business. To have an almost instantaneous incident response, you have to do two things: you have to detect the incident immediately and you have to respond immediately. Here we’ll show how combining automated detection with network access control (NAC) can improve...

This article was originally published on Techaeris on August 07, 2020.For centuries, the automotive industry has benefited from the rapid development of technology. From the introduction of Ford’s Model A back in 1903 till in recent times, when cars are being equipped with assistive sensors helping the driver park safely, with the evolution of multimedia systems, or the computerized engine systems...

Developing software today requires a keen sensitivity to creating secure code. Even NIST admits that "Few software development life cycle (SDLC) models explicitly address software security in detail, so secure software development practices usually need to be added to each SDLC model to ensure the software being developed is well secured."This is why NIST developed the secure software development...

While fuzzing may sound like just another buzzword in the cybersec landscape, it has continued to gain popularity over the last several years and shows no signs of going away. Development teams know that unless their developers all just came down from Mount Olympus, there are likely to be security holes in their applications - and they need tools that can be used by anyone to simulate real attacks...

In a recent cyber-attack, a metallurgy company became infected with ransomware. The firm shut down for a week to deal with the infection; the final costs for the system backup and production downtime came to over 50 million euros ($54 million). This follows a Kaspersky report, “The State of Industrial Cybersecurity” that shows 70% of companies expect an attack on their Operational Technology/...

It’s easy to forget how dramatically the delivery of tech tools has changed over the decades. These days, few of us depend on a long list of desktop apps to do our work. Instead, we spend our working day logged into several web apps - simultaneously.Likewise, we can miss just how complex and interconnected the web app ecosystem is. Think you’re just using a single web app provided by a single...