In the News

WhatsApp, security and spyware: what happened

The infection could take root with a simple call through WhatsApp. To make matters worse, victims may not know their phones were infected because the malware allowed attackers to erase call histories. This delivery was “particularly scary,” said security researcher John Dickson of the Denim Group, because it infected devices without any user action. “Normally a […]

Cisco SSH vulnerability sparks debate over backdoors

Dan Cornell, CTO of Denim Group, an application security consultancy, noted that shipping devices with default SSH key pairs “might be a major issue, but it isn’t surprising. Stuff like this happens all the time.” Cornell said in order for the Cisco SSH key pair to be considered a backdoor it would have had to […]

Listen Up: Understand just what your smart devices are learning from you

“Digital assistants such as Alexa and Siri have a broad set of capabilities, including the ability to listen passively. People should be a bit more cautious about digital assistants, managing them like the powerful computing devices they are,” Dickson said. Because these devices are so connected and processing our data, it’s a must that basic […]

To DevSecOps or not to DevSecOps?

Would your organization benefit from introducing DevSecOps? Dan Cornell, CTO of application security company Denim Group, believes that most organizations would. With one caveat, though: they must realize that the transition is, first and foremost, cultural rather than technological. Breaking down barriers between DevOps teams and security teams helps to align incentives and accelerate the rate at which […]

DevSecOps Definition: New Challenges, New To-Do’s

Dan Cornell, CTO of Denim Group, an application security company, calls known vulnerabilities “silent killers.” “You can’t expect every organization to have the level of inspection to proactively catch subtle and complicated vulnerabilities,” said Cornell. “But the ‘silent killers’ are the more mundane vulnerabilities like cross-site scripting and SQL injection, which have existed and been […]

RSA 2019: Tracking the state of cybersecurity

As with any complex technology, it can be difficult to parse vendor claims from deliverables, said John Dickson, a principal at the Denim Group, an enterprise application security consultancy. “The lack of familiarity with AI is so large that vendors can make any preposterous claim and no one can push back because they don’t know […]