Posts Tagged ‘Veracode’
Friday, March 8th, 2013
Many of the high profile security breaches are caused not by digital means alone. Hackers fool people into providing access information that let’s them in a system, and often, it’s difficult to close the back doors they install.
These cever social engineers find ways to manipulate people into giving up personal information.
In its infographic (see below) “Hacking the Mind,” Veracode details the most common types of human hacking, including phishing, hoaxes and shoulder surfing.
Most people have seen these social engineering attempts in their spam folders (emails that claim to be from a secret admirer) and our Twitter feeds.
Emails from fake secret admirers and tweets from fake friends with links to funny pictures have become commonplace, but cyber thieves are getting more creative, digging further into personal lives via social networks, and capitalizing on the emotions of their targets.
One example, cited in Chris Hadnagy’s book Social Engineering: The Art Of Human Hacking, describes a CEO that was duped through a charity scam by hackers who learned of an ill family member via his Facebook page.
The social engineers sent the CEO an email asking him to donate to a cancer research fund, however a PDF attached to the email was actually malware that took over the CEO’s computer when he opened it.
“Social engineering will, remain at the forefront of security awareness education for the foreseeable future because it preys on weaknesses in human behavior, making it very difficult to prevent,” said Chris Eng, Vice President of Research at Veracode.
“These criminals don’t bother with developing and planning a sophisticated technical hack because they can just trick someone into giving them access they need.”
While hacker strategies and malware are becoming increasingly complex, one of the most popular methods of accessing private accounts like banking, remains one of the most simple in concept. The art of manipulating people into unwittingly surrendering private data is nothing new.
Veracode recommends enterprise organizations implement annual security awareness training to put a spotlight on what risks are out there and to reinforce policies that will help protect businesses and individuals from falling prey to these types of scams.
Infographic by Veracode Application Security
Tags: charity scam, email, infographic, ploys, social engineering, twitter, Veracode
Posted in infographic, Internet/New Media, Security | No Comments »
Monday, June 4th, 2012
 Once, a few years ago, someone managed to hack passwords for my Twitter and Facebook accounts while I was on a free WiFi network during a business trip. Since then, I generally use a virtual private network such as Hotspot Shield when I’m not on a secure network.
But there are other precautions you might want to use while on free WiFi. Here, from Veracode, is an infographic showing the dangers and some precautions for free WiFi networks.
Tags: Free Wi-fi friend or foe infographic, Hotspot Shield, security precautions, Veracode, VPNs
Posted in Best Practices, Internet/New Media, IT, Security, Tech life/Culture | No Comments »
Tuesday, April 24th, 2012
We’re always amazed when large, technologically sophisticated companies experience massive security leaks that end up costing them substantial amounts of money. But a new report suggests why they remain vulnerable despite putting significant cybersecurity measures in place.
Veracode’s annual “State of Software Security Report” reveals that 84 percent of web applications from public companies were deemed unacceptable when measured against the OWASP Top 10, a widely used industry standard list of critical and most frequently exploited web application vulnerabilities.
Non-web applications such as backend operational systems and desktop commercial applications in use at public companies also showed a poor performance with a 63 percent failure rate when measured against the CWE/SANS Top 25 – an industry standard list of critical non-web application vulnerabilities.
Unlike previous Veracode State of Software Security reports, this feature supplement hones in particularly on the vulnerabilities in the software applications of publicly traded companies, following new SEC guidance issued in the US last year relating to disclosure of cybersecurity risks in company filings.
Regulators looking at company cybersecurity
“Companies – particularly public ones – are beginning to be measured by regulators and investors on the strength of their cybersecurity solution and ability to protect intellectual property and customer data. This is a fundamental shift,” said Chris Wysopal, founder, CISO and CTO, Veracode.
“Companies can put all of the other cybersecurity controls in place but if there are application weaknesses, hackers have the will and time to find and exploit them. The issue simply can not be neglected anymore.”
He adds, “Over the last year some of the most prominent breaches that were carried out against the most preeminent names in business took advantage of weaknesses in software applications to infiltrate traditional perimeter defence security controls. This should be a wake up call. Particularly in public company disclosures, the issue needs to be discussed in much more detail.”
Public companies fare no better than companies at large on software security or developer knowledge: Despite public companies having greater compliance requirements and usually more funding, only 16 percent of public company web applications passed initial testing compared to 14 percent for all companies at large – as measured by compliance against the OWASP Top 10 industry standard.
Performance worse for public firms
The performance for non-web applications is worse for public companies, with 38 percent passing against the CWE/SANS industry standard opposed to 42 percent from all companies.
Reliance on third-party applications is widespread, but formal risk assessments are not: With many applications being bought as commercial-off-the-shelf applications, custom developed outsourced projects or software-as-a-service, managing the risks inherited from third parties is an important factor.
However, only one in five public companies has performed a formal verification on a third-party application, suggesting they are operating under a false sense of security or making an assumption that software procured from third-parties is secure upon entry.
New vulnerabilities being introduced
Flat prevalence rates since 2012: With the two most frequently exploited vulnerability types – XSS and SQL injections – showing a statistically flat incidence rate from the first quarter of 2010 to the fourth quarter of 2011, the results suggest that new vulnerabilities are being introduced at the same rate as known vulnerabilities are being remediated.
Many companies defining custom policy chose to measure applications against PCI: Over 40 percent of public companies who defined a custom policy chose to measure their application against PCI or the OWASP Top 10 standard which underpins PCI. The main focus is on vulnerabilities that are most frequently exploited such as SQL Injection and Cross-site scripting.
Tags: "State of Software Security" report, commercial apps, cybersecurity risks, desktop, public companies, software vulnerabilities, Veracode, web apps
Posted in Best Practices, Business advice, Internet/New Media, IT, Security, Studies, surveys, reports | No Comments »
Thursday, March 29th, 2012
Veracode Inc., which sells cloud-based application security testing, has created an infographic on Social Media Basics.
This infographic examines various types of targeted attacks and focuses on malware’s history of infecting Twitter and Facebook.
To minimize risks, the image summarizes advice such as being aware of trending topics as a popular lure, protecting passwords and being wary of Facebook spam. In a related webinar, Veracode addresses the ubiquity of social media applications and the challenges facing enterprise infosecurity organizations in how they manage usage across the workforce. The webinar is available on-demand athttp://veracode.com/social-media-security.
“This infographic reinforces that enterprises must balance the allure of social media with risks for viruses and attacks,” said Connie Stack, vice president of corporate marketing, Veracode. “While it may not be realistic to have your workforce avoid all forms of social media, it’s important to educate employees on social media safety and best practices to reduce a company’s risk from costly losses and data theft.”
Tags: apps, social media hacks, social media security basics, Veracode
Posted in Facebook, infographic, Internet/New Media, LinkedIn, Security, social media, Twitter | No Comments »
Tuesday, November 15th, 2011
Veracode, Inc., provider of the world’s only independent, cloud-based application risk management platform, has created an infographic, “Google vs. Facebook on Privacy and Security,” that takes a look at how the two firms stack up against each otehr when it comes to handling privacy and security concerns.
Infographic by Veracode Application Security
Tags: facebook, Google, privacy, Security, Veracode
Posted in Facebook, Google, infographic, Internet/New Media, Security, Uncategorized | No Comments »
|
|
|
