ForAllSecure

How Much Testing is Enough? Understanding Test Results with bncov and Coverage Analysis.

ForAllSecure

A frequently asked question in software testing is “Is that enough testing, or should we do more?” Whether you’re writing unit tests for your programs or finding bugs in closed-source third-party software, knowing what code you have and have not covered is an important piece of information.

Top 5 Takeaways From the “ForAllSecure Makes Software Security Autonomous” Livestream

ForAllSecure

In February 2019, Dr. David Brumley, ForAllSecure CEO, and Zach Walker, DIU project manager, discussed how Mayhem, ForAllSecure’s behavior testing solution, has helped secure the Department of Defense’s most critical platforms.

Onward to the Next Chapter in ForAllSecure’s Journey

ForAllSecure

Welcome back to the second installment of the ForAllSecure Journey series. In my previous post , we took a look back at ForAllSecure’s history. In today’s piece, I’d like to share not only my vision for the future, but also an exciting announcement

52

A Reflection on ForAllSecure's Journey in Bootstrapping Behavior Testing Technology

ForAllSecure

Software security is a global challenge that is slated to grow worse.

Top 10 industries for monetizing data: Is yours one of them?

Find out which industries, use cases, and business applications are the best opportunities for data monetization. Understand what data is being monetized, who wants it, and why. Use data you already own to create new revenue sources. Download the eBook today!

Innovators under 35

ForAllSecure

I am truly honored to share that I have been named to MIT Technology Review’s prestigious annual list of Innovators Under 35 as a Pioneer. The award, first given by the magazine in 1999, celebrates young innovators who are poised to be leaders in their fields.

Case Study: LEGIT_00004

ForAllSecure

LEGIT_00004 was a challenge from Defcon CTF that implemented a file system in memory. The intended bug was a tricky memory leak that the challenge author didn't expect Mayhem to get. However, Mayhem found an unintended null-byte overwrite bug that it leveraged to gain arbitrary code execution.

Mayhem Wins DARPA CGC

ForAllSecure

Mayhem is a fully autonomous system for finding and fixing computer security vulnerabilities.On Thursday, August 4, 2016, Mayhem competed in the historical DARPA Cyber Grand Challenge against other computers in a fully automatic hacking contest.and won.

Applying Cyber Grand Challenge Technology to Real Software

ForAllSecure

I first heard about Mayhem when I read that researchers at my university, Carnegie Mellon, had reported 1200 crashes in Debian , just by running their binary analysis system on Debian programs for 15 minutes at a time. When I learned that the technology developed by those researchers was spun out as a startup, ForAllSecure, I knew I had to get involved

Why CGC Matters to Me

ForAllSecure

By David Brumley. In 2008 I started as a new assistant professor at CMU. I sat down, thought hard about what I had learned from graduate school, and tried to figure out what to do next. My advisor in graduate school was Dawn Song , one of the top scholars in computer security. She would go on to win a MacArthur "Genius" Award in 2010. She's a hard act to follow. I was constantly reminded of this because, by some weird twist of fate, I was given her office when she moved from CMU to Berkeley.

The Key to Strategic HR: Process Automation

Do you want to automate your HR processes, but don’t know where to start? In this eBook, PeopleDoc explores which processes benefit the most from automation, and how an HR Service Delivery platform can help get things off the ground.

Security Flaw Exposed Valid Airline Boarding Passes

Data Breach Today

Equifax Negotiates Potential $700 Million Breach Settlement

Data Breach Today

Deal Prepped With Feds and State Attorneys General Includes Victim Compensation Credit reporting giant Equifax has negotiated a proposed settlement that could reach $700 million to resolve federal and state probes into its massive 2017 data breach, as well as a nationwide class action lawsuit.

FTC Reportedly Approves $5 Billion Facebook Fine

Data Breach Today

Settlement Stems From Cambridge Analytica Incident After a long privacy investigation, the U.S. Federal Trade Commission voted to levy a $5 billion fine against Facebook, according to the Washington Post and the Wall Street Journal

QuickBooks Cloud Hosting Firm iNSYNQ Hit in Ransomware Attack

Krebs on Security

Cloud hosting provider iNSYNQ says it is trying to recover from a ransomware attack that shut down its network and has left customers unable to access their accounting data for the past three days.

Embedded BI and Analytics: Best Practices to Monetize Your Data

Speaker: Azmat Tanauli, Senior Director of Product Strategy at Birst

By creating innovative analytics products and expanding into new markets, more and more companies are discovering new potential revenue streams. Join Azmat Tanauli, Senior Director of Product Strategy at Birst, as he walks you through how data that you're likely already collecting can be transformed into revenue!

US Cyber Command Warns of Outlook Vulnerability Exploits

Data Breach Today

Researchers Say Attackers Could Have Ties to Iranian-Backed APT Group The U.S. Cyber Command has issued a warning that attackers are attempting to exploit an older vulnerability in Microsoft Outlook to plant remote access Trojans or other types of malware within government networks.

Groups 277

Despite BlueKeep Warnings, Many Organizations Fail to Patch

Data Breach Today

More US Cities Battered by Ransomware

Data Breach Today

Infected City Fires IT Manager; New Victims in Florida, Georgia More U.S. cities and other governmental units reportedly have been hit by ransomware in an unrelenting wave that has proved profitable for hackers. Here's a roundup of the latest incidents

Phishing Scheme Targets Amex Cardholders

Data Breach Today

Researchers Say Campaign Uses Email Hyperlink Splits to Evade URL Filters Researchers have uncovered a new type of phishing campaign that is targeting American Express card users.

Payment Fraud: Criminals Enroll Stolen Cards on Apple Pay

Data Breach Today

Fraud Fighters Also See Spikes in ATM Malware, Card Enrollment as a Service Fraudsters continue to get new tricks up their sleeves.

231
231

Patient Record Snooping Incident Leads to GDPR Fine

Data Breach Today

GDPR 204

MongoDB Database Exposed 188 Million Records: Researchers

Data Breach Today

Data Apparently Originated in a GitHub Repository Security researchers have found yet another unsecured database that left personal data exposed to the internet.

Data 238

Moving From Vulnerability Management to Vulnerability Response

Data Breach Today

Syra Arif of ServiceNow on Essential Steps Shifting from vulnerability management to vulnerability response is becoming increasingly important, says Syra Arif of ServiceNow, who describes three essential steps

241
241

British Airways Faces Record-Setting $230 Million GDPR Fine

Data Breach Today

GDPR 242

UpGuard: Unsecured Amazon S3 Buckets Exposed 1TB of Data

Data Breach Today

Cloud-Based Databases Belonged to IT Firm Attunity Several unsecured Amazon S3 buckets belonging to IT services firm Attunity left at least 1TB of data, including files from companies such as Netflix, TD Bank and Ford, exposed to the internet, UpGuard researchers disclosed.

Cloud 254

Second Florida City Pays Up Following Ransomware Attack

Data Breach Today

After Struggling With Recovery, City Negotiates a Ransom Payment A second small city in Florida is paying off cybercriminals to recover from a ransomware attack that crippled the municipality's local network. How much did Lake City agree to pay, and how much of that was covered by insurance

Phishing Campaign Tied to Amazon Prime Day

Data Breach Today

Fraudsters Use Phishing Kit Called 16Shop, McAfee Reports In the run-up to Amazon Prime Day, some of the company's customers were being targeted by a phishing kit called 16Shop, according to McAfee researchers. The campaign is similar to an earlier attack that focused on Apple users

Party Like a Russian, Carder’s Edition

Krebs on Security

“It takes a certain kind of man with a certain reputation.

Video 207

Tesla Vulnerability: A Bounty Hunter's Tale

Data Breach Today

The latest edition of the ISMG Security Report describes the accidental discovery of a Tesla software vulnerability. Also featured: an analysis of the latest ransomware trends and insights from former federal advisers Richard Clarke and Robert Knake on cyber resilience

Unsecured Database Leaves 8.4TB of Email Metadata Exposed

Data Breach Today

Shanghai Jiao Tong University Has Since Locked-Down Elasticsearch Server A security researcher found an unsecured database belonging to the Shanghai Jiao Tong University in China that contained 8.4TB of email metadata.

Who’s Behind the GandCrab Ransomware?

Krebs on Security

The crooks behind an affiliate program that paid cybercriminals to install the destructive and wildly successful GandCrab ransomware strain announced on May 31, 2019 they were terminating the program after allegedly having earned more than $2 billion in extortion payouts from victims.

Ransomware: As GandCrab Retires, Sodinokibi Rises

Data Breach Today

Ransom Payments to Crypto-Locking Malware Extortionists Are Surging With the GandCrab ransomware-as-service gang promising to retire - and free decryptors now aiding victims - rival Sodinokibi has already stepped into the void, security experts warn.

Instagram Shows Kids' Contact Details in Plain Sight

Data Breach Today

Sharing Email Address, Phone Numbers May Be Risky, Experts Say Tens of thousands of minors on Instagram expose their email addresses and phone numbers, which child-safety and privacy experts say is worrisome.

Ex-Equifax CIO Gets 4-Month Prison Term for Insider Trading

Data Breach Today

Researchers Disclose Vulnerability in Siemens' ICS Software

Data Breach Today

Patch Issued in Light of Concerns Over Stuxnet-Like Attack Against Industrial Systems Researchers at the security firm Tenable uncovered a vulnerability in a Siemens software platform used to manage industrial control systems, and Siemens has issued a patch.

Leak Confirms Google Speakers Often Record Without Warning

Data Breach Today

The Cost of 'Smart Home AI Assistants': Humans Review Audio of What People Say George Orwell's "1984" posited a world in which Big Brother monitored us constantly via "telescreens." But thanks to our "smart" AI home assistants - from Google, Amazon and others - we're increasingly installing the monitoring equipment ourselves, and it may "hear" much more than we realize

IT 215

Facebook Takes Down Pages Loaded With Malware

Data Breach Today

Campaign Targeted Those Interested in Libyan Politics Malicious actors are increasingly using social media platforms to spread malware to unsuspecting victims.

BEC Scams Cost U.S. Companies $300 Million Per Month: Study

Data Breach Today

Treasury Department Says an Average of 1,100 Businesses Scammed Each Month Business email compromise scams are surging, and they're costing U.S. companies a total of more than $300 million a month, according to a recently released analysis by the U.S. Treasury Department.

Study 184

Privileged Attack Vectors: Key Defenses

Data Breach Today

Access 252