March 1st kicks off Women's History Month in the U.S., which was launched in 1987 as a celebration of women’s contributions to history, culture, and society. To celebrate, we're highlighting women who were pioneers in the field of cybersecurity.  Their contributions in the areas of coding, analysis, pattern matching, and computing laid the foundation for today's cyber defenses. These ladies were rocking code before the internet was invented ..read more

Q1 CMD+CTRL UPDATE: 2 NEW COURSES AND 9 NEW LABS Security Innovation is proud to add two new courses and nine new labs to the CMD+CTRL training catalog for Q1 2024. Concentrating primarily on AI Privacy and Risk, .NET Programming, Secure Android Development, Secure Coding labs based on CWE Top 25 vulnerabilities, and Host Vulnerability Scanning. All new content will be available to learners on February 14, 2024 ..read more

This is a 2-part series where we'll explore vulnerabilities in systems that use Trusted Platform Modules (TPMs) for disk encryption, exposing the risks of unverified initramfs images and bus sniffing attacks. In this article, we'll look at how disk encryption uses the initramfs and you'll see why using PCR 9 is so important for properly securing a system ..read more

  In my previous post, I explained how TPM disk encryption works and how simply including PCR 9 fixes a relatively major security hole in many setups. This time I'm looking at a hardware attack, bus sniffing. This attack also works against Windows BitLocker, although the solution can't be implemented on Windows unless you happen to work at Microsoft ..read more

Mobile development is under pressure to incorporate more rigorous security measures into apps, while the demand for continuous development is unrelenting. Although DevSecOps typically addresses enterprise, web, and cloud application development, it can work for mobile app development, too ..read more

Q4 CMD+CTRL UPDATE: 3 NEW COURSES AND 10 NEW LABS Security Innovation is proud to add thirteen new courses and labs to the CMD+CTRL training catalog for Q4 2023. Concentrating primarily on alternative development methods, the next generation of Web Application Firewall, Secure Coding labs based on CWE Top 25 vulnerabilities, and MITRE ATT&CK® Enterprise Techniques and Mitigations; all new content will be available to learners on October 17, 2023 ..read more

Four Steps to Help You Tackle AppSec Training—and Succeed Teams across the SDLC are grappling with resource constraints, accumulated technical debt, skills gaps, and tight deadlines. Even though developers are on the front lines in preventing vulnerabilities, designing and implementing security training programs to stay ahead of threats can be challenging ..read more

How to Rock Cybersecurity Awareness Month 2023 marks 20 years of Cybersecurity Awareness Month! Cybersecurity Awareness Month was launched by the National Cybersecurity Alliance and the U.S. Department of Homeland Security (DHS) in October 2004 to communicate the importance of cybersecurity and help consumers stay safe online ..read more

The old-school phone whistling is back! Well, almost, but this audio below isn’t that far off.   On July 13th, we discovered an interesting vulnerability. A particular webpage was tracking digital radio chatter and it would display a running log of what its station was hearing ..read more

How to Rock Cybersecurity Awareness Month 2023 marks 20 years of Cybersecurity Awareness Month! Cybersecurity Awareness Month (CSAM) was launched by the National Cybersecurity Alliance and the U.S. Department of Homeland Security (DHS) in October 2004 to communicate the importance of cybersecurity and help consumers stay safe online ..read more