Two weeks of training and 18 courses available at SANS Virginia Beach - Aug. 19-30. Save $350 thru 6/26.

SANS Security Insights

Women Influence in InfoSec Is on the Rise (and That's a Good Thing)

If ever there was a year for women in InfoSec, it is 2019.

By Deb Radcliff, Creative Director,SANS Analyst Program

In May 2019 , when 125 women in IT security took their message to Washington during the third annual event coordinated by the EWF (Executive Women's Forum on Information Security, Risk Management & Privacy), I got to thinking: What influence do women truly have in InfoSec, and how does that influence impact the decision-making and policy-making processes?

Risks to Travel Apps Revealed in New Study

By Deb Radcliff, Creative Director, SANS Analyst Program

Those airline apps that make travel so convenient are also endangering sensitive customer data, according to a new study from Pradeo Lab that tested 50 airline security apps.

The report calls out numerous vulnerabilities that exposed data not only on networks, but also on users' actual devices.

Poisoning the Computing Supply Chain: Our New, Dark Reality

By Deb Radcliff, Creative Director, SANS Analyst Program

As a cybercrime writer for more than 25 years, I've asked some dumb questions, especially in my early days. Looking back now, however, those questions don't seem so stupid after all.

For example, in 2000, I asked a group of Cisco engineers, "Why don't we just change IP since that trust model is the source of most our problems?" They were incredulous, saying that IP would never change. But isn't that what IPV6 is?

But the most chilling stupid question I ever asked was, "What happens if my auto update turns out to be malicious?" For conjecturing this idea in my Hack of the Month column for Computerworld, I nearly got shouted off my pedestal as a columnist. "Updates will always be secure. They come from the vendors," my readers said.

Weaponized Vulnerabilities on the Rise

The term "weaponizing vulnerabilities" means to find and use vulnerabilities as part of the attack package.

By Deb Radcliff,Creative Director,SANS Analyst Program

The weaponization of common vulnerabilities found in pervasive systems is happening more often and faster than in the past, according to a RiskSense report published April 23. In the study, RiskSense reports a steep uptick in the number of weaponized exploits against flaws in the Adobe family of products, even as the number of actual vulnerabilities declined.

737 MAX: What's Software Got to Do with It?

By Deb Radcliff,Creative Director, SANS Analyst Program

A lot of folks would turn to the developers behind the 737 MAX nosedive prevention software as the primary reason for the catastrophic malfunction that led to the deaths of hundreds of people.

That answer would be much too simple and mostly inaccurate.