The Security Ledger
Vijay Balasubramaniyan of Pindrop joins us to talk about it. And, in our second segment, Sam Bisbee the CSO of the firm ThreatStack joins us to talk about last month's hack of the PEAR open source package manager and why data deserialization attacks are a growing threat to projects that use open source components.
The post Podcast Episode 134:...Related Stories
Despite a litany of high-profile data breaches, federal action on data privacy is unlikely to go anywhere in 2019 as partisanship and lack of technology literacy complicate Congressional action.
The post Waiting for Federal Data Privacy Reform? Don’t Hold Your Breath. appeared first on The Security Ledger.Related Stories
The arrival of functional quantum computers may be closer than you think. I'm joined by Avesta Hojjati, Head of DigiCert Labs and Brian LaMacchia, Distinguished Engineer and Head of the Security and Cryptography Group at Microsoft Research to talk about coming quantum revolution and what it means for security.
The post Podcast Episode 133:...Related Stories
The battle lines were drawn at a hearing in New Hampshire last week for a proposed right to repair law, with supporters calling for economic justice for consumers and opponents warning of crime and injury should the law pass.
The post In Granite State: Industry Groups Paint Dark Picture of Right to Repair appeared first on The Security Ledger...
A virtual Chief Information Security Officer (or vCISO) can be a great resource to a company. But how do you know when your company is ready for one? Rob Black of Fractional CISO shares four telltale signs to watch for.
U.S. government agencies and businesses are largely unprepared for a major cyber attack from state-sponsored actors, and must prepare now, according to a report by key governmental-focused think tanks.
The post Government, Private Sector Unprepared for 21st Century Cyber Warfare appeared first on The Security Ledger.Related Stories
Researchers have discovered a new cyber-espionage campaign targeting the organization representing the exiled Tibetan government.
In this week’s episode of the podcast (#132): in the wake of news of the biggest fine yet for violations of the NERC Critical Infrastructure Protection (CIP) standard, we talk with Willy Lighter and Saurabh Sharma of the firm Virsec about whether the industry’s main security standard even matters in an age of sophisticated, nation-backed...Related Stories
A proposed right to repair law in New Hampshire won't make the Internet of Things one iota less secure. It will benefit consumers and the planet by extending the useful life of a wide range of connected devices, while making it easier to keep them secure throughout their useful life.
A Russian cyber criminal going by the name of "C0rpz" is believed to be the source of a massive trove of over one billion online credentials known as "Collection 1," the firm Recorded Future reports.
The post Russian Cyber Criminal Named as Source of Massive Collection 1 Data Dump appeared first on The Security Ledger.Related Stories
The North American Electric Reliability Corp. (NERC) imposed its stiffest fine to date for violations of Critical Infrastructure Protection (CIP) regulations, citing scores of violations. But who violated the standards and much of what the agency found remains secret.
Researchers say that four more collections of stolen passwords contain more than 2 billion records and hundreds of millions of unique passwords, according to reports.
The post Four More Collections, 700 Million Stolen Passwords Discovered appeared first on The Security Ledger.Related Stories
In this week’s episode (#131): a shareholder lawsuit targeting Yahoo! executives was settled quietly. But it could have big implications for the C-Suite at breached firms. Also: as the US pursues criminal charges against Huawei for corporate espionage, we look at one of the federal government’s most potent tools to stop the transfer of...Related Stories
The Department of Justice (DoJ) filed broad charges against Chinese telecom giant Huawei Technologies Co. Ltd. and its CFO Wanzhou Meng for allegedly stealing trade secrets from U.S. mobile firm T-Mobile and deceiving U.S. stakeholders about its business activity in Iran, among a number of other fraud and conspiracy activities over a 10-year...
Like leather upholstery for your new car, add-ons to your threat intelligence service are hard to resist. But Chris Camacho of Flashpoint* says “buyer beware:” threat intel add-ons may be more trouble than they’re worth. If you’ve ever shopped for a new car, you’re likely familiar with the dizzying number of add-on...
Facebook used a blog post on Friday to describe, in detail, the systems that it uses to secure its vast social network, including custom designed tools and so-called "red team" hacks.
The post Facebook opens up on System that ‘protects Billions’ appeared first on The Security Ledger.Related Stories
The new year isn't bringing good news about Internet of Things security, as a new report sheds light on a flaw that allows bad actors to take unauthorized control of applications used by the IoT devices.
The post Report: IoT Still Wildly Insecure as New ‘Credential Compromise’ Threat Emerges appeared first on The Security Ledger.Related Stories