- All Products
- Software Integrity
- Semiconductor IP
- Verification
- Design
- Silicon Engineering
- All Services
- Professional Services
- Support
- Community
- About Us
< All Products
< All Products
< All Products
< All Products
< All Products
< All Products
< overview
All Products
+ Software Integrity + Semiconductor IP + Verification + Design + Silicon Engineering + Optical Solutions< Software Integrity
< Software Integrity
< Software Integrity
< Software Integrity
< Software Integrity
< Software Integrity
Blog
< overview
Software Integrity
+ Application Security Testing + Training & Support + Software Security Services + Resources + Program Development Blog< Semiconductor IP
< Semiconductor IP
Memories & Libraries
Logic Libraries Memory Compliers Duet Packages HPC Design Kit Embedded Test & Repair Non-Volatile Memory< Semiconductor IP
< Semiconductor IP
Processor Solutions
ARC Processors Embedded Vision Processors Development Tools Operating Systems Ecosystems ASIP Tools< Semiconductor IP
< Semiconductor IP
< Semiconductor IP
< Semiconductor IP
< Semiconductor IP
< overview
< Verification
< Verification
< overview
< Design
< Design
< Design
< overview
< Silicon Engineering
< overview
< main menu
< Solutions
< Solutions
Industry Solutions
Automotive Cloud Computing Financial Services Industrial Controls Systems Healthcare Mobile Devices< Solutions
< overview
< All Services
< All Services
< Professional Services
< overview
< Support
< Support
< Support
< main menu
< Community
Community
Community Overview< Community
< Community
< Community
Interoperability
ARC Access HAPS Connect HSPICE Integrator In-Sync System-Level Catalyst TAP-in VC Apps Access< Community
< Community
< overview
< About Us
< About Us
< About Us
< About Us
< About Us
Code Review
Gamers, warring over turf, may have launched the Mirai botnet, according to research by KrebsonSecurity. On Wednesday, Brian Krebs published a long and detailed article explain his month’s long investigation into the author of the Mirai botnet which was used to darken the internet for much of North America for several hours in October. The […]
A brand of popular LED badges can allow software to expose the PC used to program it to remote attacks. According to NewsHub a vulnerability in the software used to program the devices on your PC “It may be for the purposes of downloading ransomware, which essentially encrypts your hard drive unless you pay the […]
Microsoft’s Patch Tuesday will continue, but the bulletins explaining the updates will end in February. The bulletins, which have been part of Microsoft’s patch disclosures since at least 1998, are being replaced with a searchable database. According to ComputerWorld Microsoft dubbed the “Security Updates Guide “SUG.” The documents stored on the SUG are specific to […]
A researcher has disclosed that, thanks to a reflected cross-site scripting vulnerability, it is possible to steal and decrypt passwords from McDonald’s users. Using an Angular expression injection vulnerability, researcher Tijme Gommers was able to attack mcdonalds.com to obtain useful user credentials such as username, password, etc. “I would say that storing the password in […]
Amid media speculation that the popular app WhatsApp may contain a backdoor, security experts disagreed. The Guardian reported on Friday that a cryptography researcher had discovered a backdoor in WhatsApp’s messaging service that could “allow Facebook and others to intercept and read encrypted messages.” The claim is based on research by Tobias Boelter, a cryptography […]
A second cyber attack on the Ukrainian power grid in December 2016 has been traced to agents connected with Russia among others. Marina Krotofil, a security researcher for Honeywell Industrial Cyber Security Labs said at the S4x17 conference in Miami this week, said Russian criminal hackers were behind a brief power outage at the Pivnichna […]
The year-end CVE totals don’t tell the whole story, but they do capture some of what happened in 2016. The Common Vulnerability Enumeration (CVE), organized through the MITRE organization, is an efficient way to talk about specific vulnerabilities. It provides a description of the problem, the versions of software affected, and also assigns a score […]
On Friday, DHS Secretary Jeh Johnson elevated the voting infrastructure in the United States to the level of critical infrastructure, meaning that future attacks on future elections could immediately receive federal assistance. This designation means polling places, centralized vote tabulations, storage facilities, and technology systems used would be prioritized for cyber assistance from DHS. There […]
Increasingly the personal data collected by smart devices is becoming important to law enforcement and insurance companies alike. Police in Bentonville, Arkansas have issued a warrant to Amazon regarding the death of a man in a friend’s hot tub. The suspect in the case, James Andrew Bates, says he left his friend, Victor Collins, soaking […]
The FDA has released its final PostMarket Medical Device Guidance. The FDA found, to no surprise, that the best way to combat these threats is for manufacturers to consider cybersecurity throughout the total product lifecycle of a device. Manufacturers should, among other things, do the following: • Have a way to monitor and detect cybersecurity […]
About
Code Review focuses on the news and trends affecting software security, from the latest hacks to regulations by industry and government.
Categories
- Automotive (30)
- Aviation (3)
- Bug Bounty (1)
- Container (1)
- Denial of Service (5)
- Enterprise (11)
- Financial (12)
- Fuzzing (3)
- Government (6)
- Industrial Control (11)
- Internet of Things (16)
- Medical Devices (13)
- Mobile (6)
- Networking (21)
- open source (6)
- Podcast (1)
- Ransomware (2)
- SCA (3)
- Security (85)
- static analysis (4)
- supply chain (3)
- telecom (1)
- Zero Day (1)
Archives