Featured
05/02/2024
Demo: A free tool for generating an SBOM
If software were a plate of food, its “bill of materials” would let eaters know which ingredients are fresh, and which ones have reached their sell-by date.
Naomi Buckwalter, director of product security at Contrast Security, recently demo’d the company’s free tool—software composition analysis (SCA)—for generating the ingredient list known as a software bill of materials, or SBOM.
05/02/2024
Demo: A free tool for generating an SBOM
If software were a plate of food, its “bill of materials” would let eaters know which ingredients are fresh, and which ones have reached their sell-by date.
Naomi Buckwalter, director of product security at Contrast Security, recently demo’d the company’s free tool—software composition analysis (SCA)—for generating the ingredient list known as a software bill of materials, or SBOM.
05/02/2024
Global cybersecurity agencies issue alert on threat to OT systems from pro-Russia hacktivist activity
Commenting on the fact sheet, Tom Kellermann, senior vice president of cyber strategy at Contrast Security, wrote in an emailed statement “These are not hacktivists. Rather, they are cyber militias, and their attacks are geared to poisoning the U.S. water supply. Water utilities have never been sufficiently funded for cybersecurity, and now they are on the front lines.”
He added that the U.S. government must endow cybersecurity grants to these critical infrastructures, “as we face a clear and present danger.”
05/02/2024
Pro-Russia hackers target OT weaknesses in critical infrastructure
Tom Kellermann, senior vice president of cyber strategy at Contrast Security, said those responsible for the spate of critical infrastructure attacks should not be described as “hacktivists."
“Rather, they are cyber militias, and their attacks are geared to poisoning the U.S. water supply,” he said.
“Water utilities have never been sufficiently funded for cybersecurity, and now they are on the front lines. The U.S. government must endow cybersecurity grants to these critical infrastructures, as we face a clear and present danger.”
05/02/2024
Ukrainian National Sentenced for Role in REvil Ransomware Operation
Contrast Security Senior Vice President of Cyber Strategy, Tom Kellermann, stated: “The FBI, in conjunction with Cyber Command, the Secret Service and like-minded countries, have truly engaged in significant disruptive actions against these groups. REvil was top of the list.”
04/30/2024
Change Healthcare, compromised by stolen credentials, did not have MFA turned on
“This underscores pure negligence on the part of UnitedHealth,” Tom Kellerman, SVP of cyber strategy at Contrast Security, said via email. “Negligence in cybersecurity led to systemic breaches across the U.S. healthcare industry. The long-term effects of this massive breach will be felt for years to come.”
[The story also ran in Healthcare Dive.]
04/29/2024
Cyber Spies Hit Cisco Firewalls in Zero-Day Exploits
Tom Kellermann, Contrast Security senior vice president of cyber strategy, said that cybersecurity companies are “increasingly targeted by nation states for the purposes of island hopping.” He said it’s important to “remember that all cybersecurity companies develop software and in many cases they are not rigorous with their DevSecOps. This has been a banner year for zero days and thus runtime security must be implemented to mitigate the exposure.”
04/25/2024
5 ways Runtime Security cuts through exploding software complexity
Software complexity is exploding. Modern applications and application programming interfaces (APIs) comprise hundreds of repositories, frameworks, components, platforms, containers, services and connections. The rapidly increasing use of third-party, open-source libraries and AI-generated code is aggravating the challenge.
04/24/2024
Vintage Microsoft flaw resurfaces, threat actors attack with golden GooseEgg
State-linked actors are using a custom tool for post exploitation activity of a vulnerability in Windows Print Spooler, which could result in credential theft and backdoor installs.
04/24/2024
People on the Move
04/23/2024
State-Sponsored Russian Hackers Linked to Breach of Texas Water Treatment Plant
Leading cybersecurity firm Mandiant believes that a notorious group of Russian hackers is behind a recent rash of attacks on water utilities in several countries, including the United States. On January 18 the group was able to induce a tank overflow at a Texas water treatment plant, and has made similar incursions in France and Poland.
04/23/2024
Contrast Security Welcomes Shay Mowlem as Chief Marketing Officer to Drive Global Expansion
Contrast Security announces the appointment of Shay Mowlem as Chief Marketing Officer (CMO), tasked with leading the company's global marketing endeavors. With a focus on Contrast's groundbreaking Runtime Security platform, Mowlem brings a wealth of experience from esteemed enterprise software companies, setting the stage for heightened strategic direction and accelerated growth.
04/23/2024
Leveraging AI to Bolster Cloud Security for APIs and Microservices
Runtime Application Self-Protection (RASP): Employing Runtime Application Self-Protection (RASP) solutions like Contrast Security or Veracode involves embedding security policies into API runtime environments to enforce measures against common threats like injection attacks and data exposure.