💡 “Security concerns often come dead last… Trying to fix your security concerns after the fact is a huge issue.” Hear from Mitch Souders Senior Software Engineer at RunSafe Security Inc. on how teams can prioritize security in embedded software. Read the full interview: https://bit.ly/4gNVaBU
TrustInSoft’s Post
More Relevant Posts
-
Patterns: The core technique was stolen OAuth/refresh tokens from the Salesloft Drift integration, which let attackers bypass MFA and directly query/export Salesforce objects (Accounts, Contacts, Cases, etc.). Google Cloud+2 KYND+2 The FBI flagged extortion attempts by “ShinyHunters” following some thefts, sometimes weeks/months after initial access. Cybersecurity Dive A raft of lawsuits (at least 14 by late September) names Salesforce, with plaintiffs including TransUnion, Allianz Life, Farmers, Workday, Pandora—though both Salesforce and Google maintain the platform itself wasn’t exploited; rather, compromised third-party tokens + social engineering were key. SFGATE
Strategic Manager | SaaS | Customer Adoption, Expansion & Renewals | Hunter | Public Sector | Federal Revenue & Capture Leader | AI | Built $100M+ Pipelines
To my LinkedIn colleagues, here is September's Report. If you have these technologies in your infrastructure, feel free to DM me for a FREE pilot of Secure64 Software Corporation
To view or add a comment, sign in
-
Most companies rely on SMS for two-factor authentication. But what happens when the “standard” solution isn’t the most secure — or sustainable? We recently made a big change: we replaced SMS authentication with email. The result? ⚙️ Fewer login issues ⚙️ Stronger security ⚙️ Lower costs It wasn’t a simple decision, but it’s one that’s made authentication simpler, faster, and safer for our global users. Watch Carlos Muñoz, one of our senior software engineers, break down why we made the switch — and read the full story on the Buffer Blog. Link in the comments 🔗
To view or add a comment, sign in
-
Another fact, If your password generation maxes out at 32 characters, you're building for the past. Our API enables generation up to 256 characters. Why? Because our target customers are the large organizations that can't afford to be cracked. We build the infrastructure for the highest possible entropy, even if their current system can only handle 64 chars. We don't build to current standards; we build to future-proof perfection. That's the SecurePassPro difference.
To view or add a comment, sign in
-
Software verification tests your recovery capability (before it’s too late) — by confirming your code, configurations, and environments actually work when systems fail. It’s how you find the gaps that would break your recovery plan: ⚠️ Build scripts that reference internal servers ⚠️ Missing dependencies ⚠️ Outdated configs ⚠️ Documentation that doesn’t match production Verification catches those before they catch you. Because real resilience isn’t what you say — it’s what you can show. ➡️ See how software verification transforms your recovery plan into certified resilience. #SoftwareVerification #SoftwareResilience #BusinessContinuity #CyberResilience #Codekeeper
To view or add a comment, sign in
-
Ever wondered how one can utilize bitwise operations to solve a problem? In my latest Lessons from Leetcode article, I break down the binary system-driven solution to the "Find the Difference" problem. Check out my article here: https://lnkd.in/eEvXeccV
To view or add a comment, sign in
-
Stop OS Command Injection — Don’t Let Unsafe Shell Calls Cost You the Server . OS Command Injection happens when apps build shell commands using untrusted input. The result? Attackers can run unintended commands on your servers — leading to data theft, persistence, and lateral movement. Fixes are practical: stop shelling out when possible, use safe process APIs (pass program + args), whitelist inputs, run services with least privilege, and sandbox any required execution. Add logging for process creation and alerts for unusual behavior. Small engineering changes here prevent catastrophic compromises. If your app still builds shell strings with user data — make that a sprint priority. Hashtags: #AppSec #DevSecOps #SecurityTesting #RCEPrevention #OWASP
To view or add a comment, sign in
-
This is a great podcast I came across again from David Crawford, CISSP, PMP, Chris Lavergne and Pete Tseronis from CGI about securing firmware. They really understand the nature of the problem and what is necessary to properly identify, mitigate and/or remediate the risks associated with firmware. What else comes through in this podcast is that many of the techniques required to gain visibility into firmware were for many years relegated to ONLY firmware. Unpacking binaries, identifying components, finding secrets, looking for configuration files you can take advantage of, etc. What has become obvious in recent years is that these same techniques can be and are being applied to all compiled code. There is an illusion that we have had all this visibility into the software that we procure, install and update; when in reality we as an industry basically have been blind to these issues since the first day someone put source code through a compiler. Ironically, firmware is not the final frontier of software assurance, it was the catalyst to expose the issues across the entire software supply chain. Stumbling along with surface level visibility used to be the only option, now it is a choice. https://lnkd.in/gafstAWq
Securing the forgotten risk vector: firmware
https://www.youtube.com/
To view or add a comment, sign in
-
Returning to a topic that isn’t discussed enough. Since October is Cybersecurity Awareness Month - might be time to consider the threats in your environments that aren’t all that obvious. Basic blocking and tackling and good system hygiene matters as much today as any other time. But you can’t fix, upgrade, remediate or mitigate risks and exposures you don’t know you have.
This is a great podcast I came across again from David Crawford, CISSP, PMP, Chris Lavergne and Pete Tseronis from CGI about securing firmware. They really understand the nature of the problem and what is necessary to properly identify, mitigate and/or remediate the risks associated with firmware. What else comes through in this podcast is that many of the techniques required to gain visibility into firmware were for many years relegated to ONLY firmware. Unpacking binaries, identifying components, finding secrets, looking for configuration files you can take advantage of, etc. What has become obvious in recent years is that these same techniques can be and are being applied to all compiled code. There is an illusion that we have had all this visibility into the software that we procure, install and update; when in reality we as an industry basically have been blind to these issues since the first day someone put source code through a compiler. Ironically, firmware is not the final frontier of software assurance, it was the catalyst to expose the issues across the entire software supply chain. Stumbling along with surface level visibility used to be the only option, now it is a choice. https://lnkd.in/gafstAWq
Securing the forgotten risk vector: firmware
https://www.youtube.com/
To view or add a comment, sign in
-
🚀 Day 2 of Socket Launch Week: Socket now brings all the core security checks together, static analysis, secrets detection, container scanning, and CVE vulnerability scanning into one simple platform. Modern software teams juggle separate tools for static analysis, secrets detection, container scanning, and dependency checks, each with its own setup, configs, and reports. That fragmentation creates noise, slows developers down, and blinds security teams to the bigger picture. Socket Basics unifies all of these in a single platform that provides a comprehensive view of your application’s risk without the tool fatigue. Stay tuned, more big updates are coming tomorrow. Read the blog in the comments below!
To view or add a comment, sign in
-
-
Timing issues in real-time systems don’t always leave a clear trail. A system can pass functional tests but fail in the field due to missed deadlines, interrupt conflicts, or priority inversions that don’t appear in logs. NightTrace makes those hidden behaviors visible. Its synchronized event timeline shows how applications, the OS, and hardware interrupts interact under actual runtime conditions. Developers can spot delays, trace blocked threads, and correlate events down to the microsecond, all with minimal system impact. For defense-grade, time-critical environments, that level of visibility is the difference between guessing and knowing. https://bit.ly/42qs3i4
To view or add a comment, sign in
Don't wait to patch! Take care of security from the start. 🔥