ForAllSecure

ForAllSecure Uncovers Critical Vulnerabilities in Das U-Boot

ForAllSecure

Introduction. This summer, I utilized ForAllSecure Mayhem, a next-generation fuzz testing solution, to analyze software that are heavily used. I felt these types of components in particular deserve more scrutiny from a security perspective.

Beginning Fuzz Cycle Automation: Improving Testing and Fuzz Development with Coverage Analysis

ForAllSecure

In my previous post , we covered using bncov to do open-ended coverage analysis tasks to inform our testing.

80

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Uncovering vulnerabilities in Cryptographic libraries: Mayhem, Matrixssl, and WolfSSL

ForAllSecure

Introduction. As part of a recent initiative at ForAllSecure to analyze more open source software with Mayhem, a next-generation fuzzing solution, we decided to investigate some cryptographic libraries. ForAllSecure Vulnerability Disclosures

Autonomy and the Death of CVEs? IS the Manual Process of Reporting Bugs Holding Back the Advent of Automated Tools?

ForAllSecure

How many potholes did you encounter on your way into work today? How many of them did you report to the city? Fuzzing Automation Autonomous Security

Top 10 industries for monetizing data: Is yours one of them?

Find out which industries, use cases, and business applications are the best opportunities for data monetization. Understand what data is being monetized, who wants it, and why. Use data you already own to create new revenue sources. Download the eBook today!

Software Is Infrastructure

ForAllSecure

The realization that software is becoming an essential component of our everyday lives was reflected yet again in this year’s. Black Hat. Even more solutions are being touted to deal with the ever-growing exposure of software to malicious threats.

52

Security Ledger Podcast: Security Automation is (and Isn't) the future of InfoSec

ForAllSecure

Every so often, a technology comes along that seems to perfectly capture the zeitgeist : representing all that is both promising and troubling about the future

Why I'm not Sold on Machine Learning in Autonomous Security: Some Hard Realities on the Limitations of Machine Learning in Autonomous netsec

ForAllSecure

Tell me if you’ve heard this: there is a new advanced network intrusion device that uses modern, super-smart Machine Learning (ML) to root out known and unknown intrusions. The IDS device is so smart, it learns what’s normal on your network and does not immediately inform you when it sees an anomaly.

IT 52

ForAllSecure Uncovers Vulnerability in Netflix DIAL Software

ForAllSecure

Introduction. This month, as interns at ForAllSecure, we participated in a contest to test the beta version of Mayhem on various open source projects.

New to Autonomous Security? The Components, The Reality, and What You Can Do Today.

ForAllSecure

Privacy without borders: Reality or Fantasy?

Imagine a world in which every country shared a vision and a common set of principles to protect and regulate the use of personal data. It would make international business far simpler, provide citizens in every country with the same privacy rights.

Key Takeaways from ForAllSecure’s, “Achieving Development Speed and Code Quality with Behavior Testing” Webinar

ForAllSecure

Security and speed are often perceived to be mutually exclusive, repelling away from each other like identical poles of a magnet. Dr. David Brumley, CEO of ForAllSecure and professor at CMU, posits that they don’t have to be.

How Much Testing is Enough? Understanding Test Results with bncov and Coverage Analysis.

ForAllSecure

A frequently asked question in software testing is “Is that enough testing, or should we do more?” Whether you’re writing unit tests for your programs or finding bugs in closed-source third-party software, knowing what code you have and have not covered is an important piece of information.

IT 52

Top 5 Takeaways From the “ForAllSecure Makes Software Security Autonomous” Livestream

ForAllSecure

In February 2019, Dr. David Brumley, ForAllSecure CEO, and Zach Walker, DIU project manager, discussed how Mayhem, ForAllSecure’s behavior testing solution, has helped secure the Department of Defense’s most critical platforms.

Onward to the Next Chapter in ForAllSecure’s Journey

ForAllSecure

Welcome back to the second installment of the ForAllSecure Journey series. In my previous post , we took a look back at ForAllSecure’s history. In today’s piece, I’d like to share not only my vision for the future, but also an exciting announcement

52

The Key to Strategic HR: Process Automation

Do you want to automate your HR processes, but don’t know where to start? In this eBook, PeopleDoc explores which processes benefit the most from automation, and how an HR Service Delivery platform can help get things off the ground.

A Reflection on ForAllSecure's Journey in Bootstrapping Behavior Testing Technology

ForAllSecure

Software security is a global challenge that is slated to grow worse.

DevOps Chat Podcast: $2M DARPA Award Sparks Behavior Testing with ForAllSecure's Mayhem Solution

ForAllSecure

Secure software depends on people finding vulnerabilities and deploying fixes before they are exploited in the wild. This has led to a world of security researchers and bug bounties directed at finding new vulnerabilities

The CyberWire Daily Podcast ep. 389 with Guest Speaker David Brumley

ForAllSecure

The CyberWire Daily podcast delivers the day's cyber security news into a concise format. The CyberWire Daily includes interviews with a wide spectrum of experts from industry, academia, and research organizations all over the world

Open Source Security Podcast Ep. 151-- The DARPA Cyber Grand Challenge with David Brumley

ForAllSecure

Open Source Security Podcast helps listeners better understand security topics of the day. Hosted by Kurt Seifried and Josh Bressers, the pair covers a wide range of topics including IoT, application security, operational security, cloud, devops, and security news of the day

IoT 40

Embedded BI and Analytics: Best Practices to Monetize Your Data

Speaker: Azmat Tanauli, Senior Director of Product Strategy at Birst

By creating innovative analytics products and expanding into new markets, more and more companies are discovering new potential revenue streams. Join Azmat Tanauli, Senior Director of Product Strategy at Birst, as he walks you through how data that you're likely already collecting can be transformed into revenue!

Innovators under 35

ForAllSecure

I am truly honored to share that I have been named to MIT Technology Review’s prestigious annual list of Innovators Under 35 as a Pioneer. The award, first given by the magazine in 1999, celebrates young innovators who are poised to be leaders in their fields.

52

Why ForAllSecure is on MIT Technology Review’s 2017 List of Smartest Companies

ForAllSecure

I am honored to share that ForAllSecure has been named to MIT Technology Review’s 2017 list of 50 Smartest Companies. According to the MIT Tech Review team, to make the list, a company must exhibit technological leadership and business acumen, which set them apart from competitors.

52

Why CGC Matters to Me

ForAllSecure

By David Brumley. In 2008 I started as a new assistant professor at CMU. I sat down, thought hard about what I had learned from graduate school, and tried to figure out what to do next. My advisor in graduate school was Dawn Song , one of the top scholars in computer security. She would go on to win a MacArthur "Genius" Award in 2010. She's a hard act to follow. I was constantly reminded of this because, by some weird twist of fate, I was given her office when she moved from CMU to Berkeley.

Case Study: LEGIT_00004

ForAllSecure

LEGIT_00004 was a challenge from Defcon CTF that implemented a file system in memory. The intended bug was a tricky memory leak that the challenge author didn't expect Mayhem to get. However, Mayhem found an unintended null-byte overwrite bug that it leveraged to gain arbitrary code execution.

IT 52

Mayhem Wins DARPA CGC

ForAllSecure

Mayhem is a fully autonomous system for finding and fixing computer security vulnerabilities.On Thursday, August 4, 2016, Mayhem competed in the historical DARPA Cyber Grand Challenge against other computers in a fully automatic hacking contest.and won.

Applying Cyber Grand Challenge Technology to Real Software

ForAllSecure

I first heard about Mayhem when I read that researchers at my university, Carnegie Mellon, had reported 1200 crashes in Debian , just by running their binary analysis system on Debian programs for 15 minutes at a time. When I learned that the technology developed by those researchers was spun out as a startup, ForAllSecure, I knew I had to get involved

40

Does Your Domain Have a Registry Lock?

Krebs on Security

If you’re running a business online, few things can be as disruptive or destructive to your brand as someone stealing your company’s domain name and doing whatever they wish with it.

Hackers Target European Energy Firm: Researchers

Data Breach Today

Report Says Group Tied to Iran Could Be Involved Hackers who may have ties to Iran have recently turned their attention to the European energy sector, using open source tools to target one firm's network as part of an cyberespionage operation, according to the security firm Recorded Future

Apple Addresses iPhone 11 Location Privacy Concern

Krebs on Security

Apple is rolling out a new update to its iOS operating system that addresses the location privacy issue on iPhone 11 devices that was first detailed here last month. Beta versions of iOS 13.3.1

Patch Tuesday, January 2020 Edition

Krebs on Security

Microsoft today released updates to plug 50 security holes in various flavors of Windows and related software. The patch batch includes a fix for a flaw in Windows 10 and server equivalents of this operating system that prompted an unprecedented public warning from the U.S. National Security Agency.

Alarming Trend: More Ransomware Gangs Exfiltrating Data

Data Breach Today

Criminals Increasingly Leak Stolen Data to Force Bitcoin Payoff As if ransomware wasn't already bad enough, more gangs are now exfiltrating data from victims before leaving systems crypto-locked.

Tricky Phish Angles for Persistence, Not Passwords

Krebs on Security

Late last year saw the re-emergence of a nasty phishing tactic that allows the attacker to gain full access to a user’s data stored in the cloud without actually stealing the account password.

The Hidden Cost of Ransomware: Wholesale Password Theft

Krebs on Security

Organizations in the throes of cleaning up after a ransomware outbreak typically will change passwords for all user accounts that have access to any email systems, servers and desktop workstations within their network.

Sale of 4 Million Stolen Cards Tied to Breaches at 4 Restaurant Chains

Krebs on Security

On Nov. 23, one of the cybercrime underground’s largest bazaars for buying and selling stolen payment card data announced the immediate availability of some four million freshly-hacked debit and credit cards.

Sales 284

Phishing for Apples, Bobbing for Links

Krebs on Security

Anyone searching for a primer on how to spot clever phishing links need look no further than those targeting customers of Apple , whose brand by many measures remains among the most-targeted.

Hidden Cam Above Bluetooth Pump Skimmer

Krebs on Security

Tiny hidden spy cameras are a common sight at ATMs that have been tampered with by crooks who specialize in retrofitting the machines with card skimmers. But until this past week I’d never heard of hidden cameras being used at gas pumps in tandem with Bluetooth-based card skimming devices.

Sales 281

It’s Way Too Easy to Get a.gov Domain Name

Krebs on Security

Many readers probably believe they can trust links and emails coming from U.S. federal government domain names, or else assume there are at least more stringent verification requirements involved in obtaining a.gov domain versus a commercial one ending in.com or.org.

IT 278

110 Nursing Homes Cut Off from Health Records in Ransomware Attack

Krebs on Security

A ransomware outbreak has besieged a Wisconsin based IT company that provides cloud data hosting, security and access management to more than 100 nursing homes across the United States.

Vulnerabilities Found in Some GE Healthcare Devices

Data Breach Today

Regulators Issue Alerts; Patches on the Way Federal regulators are warning healthcare providers about six vulnerabilities in some of GE Healthcare's medical device systems that could allow attackers to remotely take control of the gear. The company is working on patches

176
176