RunSafe Founder and CEO Joe Saunders discusses strategies for exploit prevention in medical device software in Healthcare IT Today.

The post Beyond Patching: Securing Medical Devices Postmarket appeared first on RunSafe Security.

RunSafe Security CEO Joe Saunders provided critical insights in a recent analysis of the Salt Typhoon cyberattacks, which have compromised U.S. telecommunications networks and posed significant supply chain risks. He highlighted how the group exploits memory-based vulnerabilities in telecom equipment, a tactic frequently used by advanced threat actors.

Saunders emphasized the need for organizations to engage telecom providers directly, urging them to eliminate these vulnerabilities and adopt proactive defenses. His comments align with the U.S. government’s broader push for stronger cybersecurity measures, particularly in critical infrastructure sectors.

For businesses and CISOs, Saunders’ advice underscores the importance of collaboration and resilience-building strategies to mitigate evolving cyber risks.

The post Salt Typhoon poses a serious supply chain risk to most organizations appeared first on RunSafe Security.

The hearing, titled “Design vs. Default: Analyzing Shifts in Cybersecurity,” brought together industry leaders, including representatives from Google and Fortinet, to discuss the evolving challenges in cybersecurity.

During his remarks, Shane emphasized the urgency of addressing existing vulnerabilities in both IT and OT systems. “Secure by Design is making a lot of waves, but we can’t lose sight of the fact that there is software today that is not secure,” he stated. “We have to do something about the software that is deployed today and ensure it includes operational technology systems as well.”

Explore more about RunSafe Security’s commitment to creating resilient systems and Shane Fry’s impactful insights.

The post RunSafe CTO Shane Fry Speaks on Cybersecurity at Homeland Security Hearing appeared first on RunSafe Security.

The post RunSafe Security’s Strategic Approach to Securing Embedded Devices Across Industries appeared first on RunSafe Security.

The guide also emphasizes segmenting OT networks to shield them from more vulnerable IT networks, a strategy supported by RunSafe’s solutions that bolster network resilience and reduce risks from interconnectivity. Additionally, the guide underscores the need for a security-aware workforce, with personnel trained to detect and respond to cyber threats. RunSafe Security’s technologies enhance this principle by creating secure software environments, enabling OT teams to build stronger defenses and respond proactively, ensuring the protection of critical infrastructure from emerging cyber threats.

The post Securing Critical Infrastructure: Key Principles for Operational Technology Cybersecurity appeared first on RunSafe Security.

The article discusses the recent U.S. regulatory efforts to limit foreign access to the automotive supply chain and the broader challenges of keeping vehicle software updated to mitigate vulnerabilities. Joe Saunders, co-founder and CTO of RunSafe Security, underscores the need for code scanning and software composition analysis (SCA) to identify and address risks early. He emphasizes that creating a Software Bill of Materials (SBOM) at build time is crucial for ensuring software integrity, while holistic approaches to application security are essential for building truly secure, trustworthy vehicle software. Emerging standards like UN WP.29 and ISO/SAE 21434 offer guidelines, but the automotive industry still requires more specific security frameworks.

The post Connected car security: Software complexity creates bumps in the road appeared first on RunSafe Security.

Shane highlights the growing concern from government agencies like the NSA and CISA, as well as EU regulations pushing for secure-by-design principles and the use of Software Bills of Materials (SBOMs). However, the transition to memory-safe languages faces challenges such as limited ecosystem support, a shortage of skilled developers, and the time-intensive process of migration.

To address the issue now, Shane advocates for implementing Runtime Application Self Protection (RASP) in ICS environments. RASP can harden software binaries without rewriting code, actively defending systems from memory safety exploits while introducing minimal overhead.

Read the full article here

The post Memory safety vulnerabilities continue to plague ICS: Here’s what to do about it appeared first on RunSafe Security.

Shane Fry, CTO at RunSafe Security, and industry experts weighed in on the issue in CSO Magazine. Read the article here.

Key Takeaways:

• CISA and FBI have issued an alert urging tech manufacturers to address cross-site scripting (XSS) vulnerabilities, a persistent web security issue that has plagued the industry for nearly 30 years.
• XSS vulnerabilities continue to be a problem due to human error, prioritization of functionality over security, coding complexity, and the use of older frameworks lacking built-in protections.
• AI models trained on existing code repositories may inadvertently perpetuate and spread XSS vulnerabilities in newly generated code, potentially exacerbating the problem in future software development.

The post Perspectives on XSS Vulnerabilities with RunSafe’s CTO appeared first on RunSafe Security.

“A lot of software running in space is in low-level languages,” Shane said. “We need solutions that can help prevent against memory-corruption vulnerabilities where an adversary can use an external interface or a sensor or a wireless communications interface and takeover that space system. And that’s a scary thought.”

Listen to the conversation here.

Key Takeaways:

• The Spacecraft Cybersecurity Act would require NASA to secure a cybersecurity protection plan from manufacturers applying to use federal dollars to build NASA spacecrafts.
• Manufacturers need solutions to protect spacecraft systems that don’t add weight while still preventing against memory-corruption vulnerabilities and remote takeover.

The post RunSafe CTO Discusses The Spacecraft Cybersecurity Act appeared first on RunSafe Security.

RunSafe Founder & CEO Joseph M. Saunders discusses the implications of the proposed bans in Security Today and how vehicle manufacturers can verify the integrity of their software supply chain.

Key Takeaways:

• The Biden Administration is planning to restrict Chinese and Russian software/hardware in new cars sold in the US, citing national security concerns.
• The bans would take effect in 2027 for software and 2030 for hardware.
• U.S. vehicle manufacturers to know the pedigree of its software supply chain is to use Software Bills of Materials (SBOMs).

The post RunSafe CEO on Proposed Ban on Vehicle Software Originating within China or Russia appeared first on RunSafe Security.

Doug Britton, CSO of RunSafe Security, explores the attack’s impact on OT networks, noting potential disruptions and device malfunctions. Joe Saunders, CEO, discusses the risks of hackers manipulating network routing and accessing sensitive data, underscoring China’s deep infiltration into critical systems.

Key Takeaways:

• Salt Typhoon exposes vulnerabilities in broadband and OT networks.
• Urgent need to address network routing and firmware risks.
• Enhancing security measures is crucial to countering advanced cyber threats.

Stay informed on how these attacks affect your infrastructure and the steps to bolster your defenses.

The post RunSafe Expert Insights on China’s Salt Typhoon Attack appeared first on RunSafe Security.

The post RunSafe Security Secures $12M Series B to Boost Cyber Defense Capabilities appeared first on RunSafe Security.

The post House China hawks look to curb Transportation Department’s LiDAR purchases appeared first on RunSafe Security.

Shane Fry, Chief Technology Officer at RunSafe Security, highlighted that many companies treat SBOMs as a “checkbox exercise,” generating them without fully analyzing the risks within their software supply chains. He also pointed out that a large number of organizations create SBOMs but refuse to share them with customers, preventing proper use to secure critical infrastructure.

Fry emphasized that SBOMs, when properly utilized, offer critical visibility into vulnerabilities and can significantly improve security. However, without comprehensive analysis and action, they lose their potential to mitigate supply chain risks.

The post RunSafe Security on SBOMs and Supply Chain Security appeared first on RunSafe Security.

The post RunSafe CEO Joe Saunders on Embedded Software Challenges appeared first on RunSafe Security.