Vulnerability of the week is CVE-2017-7526, but news abounds on GDPR and Open Source, Medical Device security, container security tools, Black Hat USA & more.
Open Source Insight: Top Picks for Black Hat, GDPR & Open Source Webinar, UN Cybersecurity Report
1. Open Source Insight:
Top Picks for Black Hat,
GDPR & Open Source Webinar,
UN Cybersecurity Report
By Fred Bals | Senior Content Writer/Editor
2. Cybersecurity News This Week
Our vulnerability of the week is CVE-2017-7526, which resides in the
Libgcrypt cryptographic library used by GnuPG. Exploiting the vulnerability,
security researchers were able to successfully extract the secret RSA-1024
key to decrypt data. Libgcrypt has released a fix for the issue in Libgcrypt
version 1.7.8. Debian and Ubuntu have already updated their library with the
latest version of Libgcrypt.
3. • Could Your Medical Device Catch a Cold?
• GDPR and Open Source: Best Practices for Security and Data
Protection
• UN Report Shows the Whole World Needs a Cybersecurity Upgrade
• Global Cybersecurity Index (GCI) 2017
• Container Security Needs Appropriate Tools
• Oracle Debuts Three New Open-Source Container Tools
• IT Departments Lagging in Preparing for GDPR Privacy Rules: Study
• Baidu’s Apollo Platform Becomes the ‘Android of the Autonomous
Driving Industry’
• Security Researchers' Tops Picks at Black Hat USA 2017
Open Source News
4. Could Your Medical Device Catch a Cold?
via InfoSecurity Group: Mike
Pittenger, Black Duck VP of Security
Strategy, looks at the potential risks
of unknown and unsecure open
source components leading to
vulnerabilities in pacemakers and
other medical devices and systems.
5. Webinar July 25: Dan Hedley, Partner, IT and
Commercial from Irwin Mitchell, will provide guidance on
the General Data Protection Regulation (GDPR) and
why a comprehensive approach to open source security
management is essential for GDPR observance. In
addition, we’ll review open source management best
practices in the context of other industry-specific
developments like the Network and Information Services
Directive and the Electronic Identification Regulation.
GDPR and Open Source: Best Practices
for Security and Data Protection
6. UN Report Shows the Whole World Needs a Cybersecurity
Upgrade
via Inc.: The Global Cybersecurity Index, a UN report released this
week, shows that despite global awareness of the proliferation of
cybercrime and cyber-spying, many nations — including some of
the world's most developed — suffer from severe deficiencies
when it comes to cybersecurity. Furthermore, the study shows,
there is a huge range of preparedness when it comes to the
cybersecurity capabilities of the world's most powerful nations.
7. via International Telecommunications Union (ITU):
The information and communication technologies (ICT)
networks, devices and services are increasingly critical
for day-to-day life. In 2016, almost half the world used
the Internet (3.5 billion users) and according to one
estimate, there will be over 12 billion machine-to-
machine devices connected to the Internet by 2020. Yet,
just as in the real world, the cyber world is exposed to a
variety of security threats that can cause immense
damage.
Global Cybersecurity Index (GCI) 2017
8. Container Security Needs Appropriate Tools
via Security Insider (German): To
easily verify container content, you
might want to use container
scanners, such as those offered by
OpenSCAP or Black Duck. Such
scans should be used as standard in
production environments, and they
are perfectly suited to approaches
such as DevOps.
9. via eWeek: Oracle is expanding its container
efforts with the official public debut of three new
open-source utilities designed to help improve
application container security and performance.
The tools include the Smith secure container
builder, Crashcart container debugging tool and
the Railcar container runtime.
Oracle Debuts Three New Open-Source
Container Tools
10. IT Departments Lagging in Preparing for
GDPR Privacy Rules: Study
ITPro Windows: The seven-page
Spiceworks study, "GDPR: The Impact on
IT," revealed that only 40 percent of
businesses in the United Kingdom (U.K.)
and 28 percent of companies in the rest of
the EU have begun to prepare for the
GDPR rules, which were designed to
streamline and codify uniform data privacy
laws across Europe to protect all of the
citizens of the EU.
11. via TechCruch: Baidu now claims one of the largest
partner ecosystems for an autonomous driving platform
in the world: Its Apollo autonomous driving program now
counts over 50 partners, including FAW Group, one of
the major Chinese carmakers that will work with Baidu on
commercialization of the tech. Other partners include
Chinese auto companies Chery, Changan and Great
Wall Motors, as well as Bosch, Continental, Nvidia,
Microsoft Cloud, Velodyne, TomTom, UCAR and Grab
Taxi.
Baidu’s Apollo Platform Becomes the ‘Android of the
Autonomous Driving Industry’
12. Security Researchers' Tops Picks at Black Hat USA 2017
via Black Duck blog (Alex Berg): Black Hat USA 2017 is fast
approaching, so we asked our security researchers, Chris Jess and Neil
Rankin, which sessions they're excited to attend and why. Black Hat's
focus on information security provides great resources to the research
and development communities, but the sheer volume of trainings and
briefings may be overwhelming. If you're struggling to figure out which
talks to attend at Black Hat USA, check out Chris and Neil's selections.
13. Subscribe
Stay up to date on open source security and cybersecurity –
subscribe to our blog today.