The Security Ledger

After Equifax: What Makes a Good CSO? Also: App Sec is a Mess. We Talk about Why.

The Security Ledger - Mon, 09/18/2017 - 6:07pm

What makes a good CSO? In the wake of the Equifax breach, we talk about the controversy over that company’s CSO’s music degree. Also: we talk with Signal Sciences about why companies keep getting hacked via application vulnerabilities like the Apache Struts hole that felled Equifax. What makes a good CSO? In the wake of the Equifax...

Read the whole entry... »

Related Stories
Categories: The Security Ledger

Opinion: when they say your major is a problem, what they mean is your gender is a problem

The Security Ledger - Sat, 09/16/2017 - 6:10pm

In-brief: Talking about Susan Mauldin’s music degree is a socially acceptable way for men to vent about a woman who they don’t feel belongs in their workplace – especially not in a senior role. Have you heard the latest scandal about Equifax? Not content to lose sensitive and personally identifying information on 143 million...

Read the whole entry... »

Related Stories
Categories: The Security Ledger

Equifax Executives Depart Amid Growing Backlash

The Security Ledger - Sat, 09/16/2017 - 2:55pm

In-brief: Equifax said on Friday that its Chief Information Officer and Chief Security Officer had “retired” in the wake of a massive data breach that leaked sensitive on some 143 million people.  Equifax said on Friday that two of its senior executives had “retired” in the wake of a massive data breach that leaked...

Read the whole entry... »

Related Stories
Categories: The Security Ledger

Beset by Lawsuits, Scams, Investigations, Equifax names Source of Breach

The Security Ledger - Thu, 09/14/2017 - 6:51pm

In-brief: Beset by a plunging share price, class action lawsuits in dozens of states, pending Congressional hearings and a FTC investigation, Equifax on Wednesday finally settled speculation and named a six month old hole in a common software platform, Apache Struts, as the cause of a massive hack. Beset by a plunging share price, class action...

Read the whole entry... »

Related Stories
Categories: The Security Ledger

Bluetooth Flaw affects Billions of Devices and has a Name: BlueBorne

The Security Ledger - Tue, 09/12/2017 - 5:05pm

In-brief: Dubbed BlueBorne, the flaw could affect billions of devices that use the Bluetooth wireless protocol, enabling remote hacks, the security firm Armis warned.  Billions of wireless, connected devices may be vulnerable to being hacked as the result of a previously undiscovered flaw in Bluetooth, the popular wireless communications...

Read the whole entry... »

Related Stories
Categories: The Security Ledger

Inside the Equifax Hack, Facebook’s Problem with Authoritarianism & ASPertise harnesses Asperger’s Syndrome

The Security Ledger - Mon, 09/11/2017 - 9:08am

In-brief: In this week’s podcast, Security Ledger Editor in Chief Paul Roberts talks with noted security researcher Robert “RSnake” Hansen about the data breach at Equifax and why the company’s response to it was so lacking. Also: Chris Sumner of the Online Privacy Foundation talks about why Facebook is a killer app for...

Read the whole entry... »

Related Stories
Categories: The Security Ledger

Facebook: Russia’s Hand in Disinformation Campaign That Reached Millions

The Security Ledger - Fri, 09/08/2017 - 5:51pm

In-brief: Facebook said thousands of ads that ran on its site in 2015 and 2016 have links to Russian information operations. The ads were designed to foment discord around a range of issues.  In the wake of the 2016 election and reports of widespread, online disinformation campaigns, the social media giant Facebook found itself in the crosshairs...

Read the whole entry... »

Related Stories
Categories: The Security Ledger

Dragonfly: Western energy sector targeted by sophisticated attack group | Symantec Connect Community

The Security Ledger - Thu, 09/07/2017 - 8:50am

The energy sector in Europe and North America is being targeted by a new wave of cyber attacks that could provide attackers with the means to severely disrupt affected operations. The group behind these attacks is known as Dragonfly. The group has been in operation since at least 2011 but has re-emerged over the past two years from a quiet period...

Read the whole entry... »

Related Stories
Categories: The Security Ledger

South Carolina School District Does the Ransomware Two Step | Digital Guardian

The Security Ledger - Thu, 09/07/2017 - 8:49am

One of the convenient fictions of ransomware attacks is that the cybercriminals who operate ransomware schemes have no interest in the data they’re encrypting – they just want to get paid. By this logic, ransomware attacks aren’t data breaches because the data isn’t exfiltrated or stolen – just encrypted and left where it is.And it’s a...

Read the whole entry... »

Related Stories
Categories: The Security Ledger

A Year After Mirai: Insecure Devices are still a Huge Problem

The Security Ledger - Wed, 09/06/2017 - 7:23am

In-brief: A year after Mirai, as many as 100,000 devices, globally, may be running some version of the Mirai malware, while countless others are vulnerable to being enlisted in a Mirai-like attack. Worse: these systems may not be patched for “years,” according to the SANS Internet Storm Center.  As September rolls around we’re...

Read the whole entry... »

Related Stories
Categories: The Security Ledger

A Right to Repair the Internet of Things? Spear Phishing Detection and Nonstop Attacks on DVRs

The Security Ledger - Mon, 09/04/2017 - 12:55pm

In-brief: In the latest Security Ledger podcast we talk about pending right to repair laws and their impact on the Internet of Things. Also:  Facebook’s Internet Defense Prize went to a better method for spear phishing detection. We talk to a member of the winning team. And, Johannes Ullrich of The Internet Storm Center joins us to talk...

Read the whole entry... »

Related Stories
Categories: The Security Ledger

McKinsey: CEOs need IoT Security Plan

The Security Ledger - Thu, 08/31/2017 - 10:07pm

In-brief: Fewer than one in five managers say their company is ready for the challenge of securing the Internet of Things, and  global consulting firm McKinsey says that CEOs need to get a plan, fast.  Fewer than one in five managers say their company is ready for the challenge of securing the Internet of Things, and  global consulting firm...

Read the whole entry... »

Related Stories
Categories: The Security Ledger

A Year Later: FDA approves Software Fix for Security Flaws in Pacemakers

The Security Ledger - Wed, 08/30/2017 - 10:49am

In-brief: The FDA as approved a software update to software security holes in pacemakers made by Abbott. But doctors and patients will have to weigh the risks of apply the patch.  The U.S. Food and Drug Administration has approved a software update for a range of pacemakers and other implantable medical devices that will fix security holes...

Read the whole entry... »

Related Stories
Categories: The Security Ledger

Mirai Victim Dyn Joins Team to Take Down Android Botnet WireX

The Security Ledger - Tue, 08/29/2017 - 1:40pm

In-brief: Managed DNS firm Dyn, a victim of the Mirai botnet, got its revenge: taking part in a coordinated takedown of WireX, a botnet of compromised Android devices, according to an announcement Monday. A group of security firms, including Dyn – a victim of the Mirai botnet – joined forces to take down WireX, a new botnet built on...

Read the whole entry... »

Related Stories
Categories: The Security Ledger

Massachusetts on Front Lines (Again) in Battle for Right to Repair

The Security Ledger - Mon, 08/28/2017 - 2:55pm

In-brief: After legislation in five states stalled in the Spring, states like Massachusetts will be on the front line of renewed efforts to pass pro-consumer laws that create a “right to repair” for cell phones, medical devices and other software-driven products. At stake could be the right of consumers to control Internet of Things...

Read the whole entry... »

Related Stories
Categories: The Security Ledger

Heading to College? Job 1: Lock Down your ‘Directory Information’

The Security Ledger - Sun, 08/27/2017 - 7:14pm

In-brief: Colleges in the U.S. give away personally identifying data on millions of students each year as unregulated “directory information.” Job 1 when arriving on campus: opting out and protecting your data. Editor’s note: This is cross posted from Digital Guardian’s Data Insider blog, where it first appeared and where you can...

Read the whole entry... »

Related Stories
Categories: The Security Ledger

Hacking Warships, Capitol Hill takes a Swing at IoT Security and why CS Grads don’t get Security

The Security Ledger - Fri, 08/25/2017 - 4:44pm

In-brief: on this week’s Security Ledger Podcast, we delve deeper into the question of maritime cyber security, speaking with noted researcher Ruben Santamarta of the firm IOActive about the work he’s done exposing vulnerabilities in the software that runs both commercial and navy vessels. Also: Alan Brill of Kroll joins us to talk about...

Read the whole entry... »

Related Stories
Categories: The Security Ledger

IoT’s Cloud Risk on Display with Flaws in Fuze Collaboration Platform

The Security Ledger - Wed, 08/23/2017 - 1:35pm

In-brief: Rapid7 said it found a number of flaws that leaked data on users of collaboration technology by Fuze. In an increasingly common finding: poorly secured cloud resources, not the handsets, were the problem.  The security firm Rapid7 unveiled a series of security flaws in collaboration technology by the firm Fuze, underscoring the risks...

Read the whole entry... »

Related Stories
Categories: The Security Ledger