The Security Ledger

Podcast Episode 112: what it takes to be a top bug hunter

The Security Ledger - Mon, 09/17/2018 - 4:22pm

In this week’s episode (#112): top bug hunters can earn more than $1 million a year from “bounties” paid for information on exploitable software holes in common platforms and applications. What does it take to be among the best? We talk with Jason Haddix of the firm Bug Crowd to find out. Also: The Internet Society’s Jeff...

Read the whole entry... »

Related Stories
Categories: The Security Ledger

Veeam mishandles Own Data, exposes 440M Customer E-mails

The Security Ledger - Thu, 09/13/2018 - 8:59am

Data-management Veeam found itself in need of some self-help after mismanaging its own data with a misconfigured server that exposed more than 440 million e-mail addresses and other types of customer information. Security researcher Bob Diachenko discovered that a MongoDB server operated by Veeam was left wide open and searchable for some days in...

Read the whole entry... »

Related Stories
Categories: The Security Ledger

Spotlight Podcast: Flashpoint’s Allison Nixon on SIM Swapping and the Looming Online Identity Crisis

The Security Ledger - Wed, 09/12/2018 - 9:37am

Your smart phone does double and triple duty: letting you do banking, buy a cup of coffee, board a plane or access a sensitive online account. But that doesn’t mean that your phone number is equally as trustworthy. In this Spotlight Podcast, we speak with Flashpoint* head of research Allison Nixon about how a recent rash of SIM swapping...

Read the whole entry... »

Related Stories
Categories: The Security Ledger

Podcast Episode 111: Click Here to Kill Everybody and CyberSN on Why Security Talent Walks

The Security Ledger - Mon, 09/10/2018 - 5:00pm

In this week’s podcast (episode #111), sponsored by CyberSN: what happens when the Internet gets physical? Noted author and IBM security guru Bruce Schneier joins us to talk about his new book on Internet of Things risk: Click Here to Kill Everybody. Also: everyone knows that cyber security talent is hard to come by, and even harder to keep....

Read the whole entry... »

Related Stories
Categories: The Security Ledger

Opinion: The Corporate Lessons of Election Hacks

The Security Ledger - Thu, 09/06/2018 - 5:04pm

Recent demonstrations of election hacks are about more than ballots. They also contain important lessons for enterprises,  Security Ledger Editor in Chief Paul Roberts argues in this opinion piece. (Note: this post first appeared on Hitachi Security Systems web site.) Did an 11 year old hack a state election website? Are voting machines easy prey...

Read the whole entry... »

Related Stories
Categories: The Security Ledger

Before Senate Facebook, Twitter Defend Efforts to Stop Fake News

The Security Ledger - Wed, 09/05/2018 - 9:58pm

Facebook and Twitter executives defended recent efforts to stop the use of their platforms by Russia, Iran and other countries to influence U.S. elections. In testimony before the U.S. Senate, Facebook COO Sheryl Sandberg and Twitter Chief Executive Jack Dorsey on Wednesday defended their employers’ recent efforts to thwart influence...

Read the whole entry... »

Related Stories
Categories: The Security Ledger

Collection Management: a Crash-Course

The Security Ledger - Tue, 09/04/2018 - 8:31am

Effective collection management is integral to the success of an intelligence operation. What is it and how does it work? Thomas Hofmann, the Vice President of Intelligence at Flashpoint offers a crash-course in creating an effective collection management program. Collection management is one of the most overlooked and misunderstood aspects of an...

Read the whole entry... »

Related Stories
Categories: The Security Ledger

Automation, Machine Learning Power Future of SIEM

The Security Ledger - Thu, 08/30/2018 - 6:30am

In this interview with The Security Ledger, Amy Blackshaw of RSA talks about how the company’s Netwitness SIEM product is evolving to keep pace with a fast -evolving security market. Job 1: use machine learning and automation to allow customers to make the best use of their human resources.  If you want to understand the challenges facing...

Read the whole entry... »

Related Stories
Categories: The Security Ledger

Voting Machine Maker Defends Refusal of White-Hat Hacker Testing at DEF-CON

The Security Ledger - Wed, 08/29/2018 - 12:12pm

Voting machine maker Election Systems & Software (ES&S) defended its decision not to participate in a white-hat hacking event at this year’s DEF-CON to test the security of voting systems, saying such hack-a-thons could actually jeopardize election security and invite hackers to disrupt electronic voting systems. Not allowing its...

Read the whole entry... »

Related Stories
Categories: The Security Ledger

North Korea’s Lazarus Tied to Cryptojacking Campaign Targeting MacOS

The Security Ledger - Tue, 08/28/2018 - 10:01pm

North Korean state-sponsored hacking group Lazarus is believed to be behind a recent crypto jacking attack on several banks with an unexpected twist–the use of a Trojan that tricked a company employee into downloading malware, according to Kaspersky Lab. Kaspersky researchers made what they call the “unexpected discovery” while...

Read the whole entry... »

Related Stories
Categories: The Security Ledger

Three Decades On: RSA Labs Sets Course for Future

The Security Ledger - Tue, 08/28/2018 - 6:30am

RSA Chief Technology Officer and head of RSA Labs Zulfikar Ramzan says his company, which pioneered commercial applications of public key cryptography, is setting its sites on the future as it looks to embrace the disruptive security solutions of the future.  The joke is that “change is the only constant” in the information security...

Read the whole entry... »

Related Stories
Categories: The Security Ledger

Podcast Episode 110: Why Patching Struts isn’t Enough and Hacking Electricity Demand with IoT?

The Security Ledger - Mon, 08/27/2018 - 11:06pm

In this week’s episode (#110): the second major flaw in Apache Struts 2 in as many years and has put the information security community on alert. But is this vulnerability as serious as the last, which resulted in the hack of the firm Equifax? We talk with an expert from the firm Synopsys.  And: we’ve heard a lot about the risk of cyber...

Read the whole entry... »

Related Stories
Categories: The Security Ledger

McAfee Researchers Exploit Smart Plug to attack Smart TV!

The Security Ledger - Thu, 08/23/2018 - 10:16pm

Researchers from McAfee have demonstrated how a flaw in a Belkin smart switch can be used to access other connected devices on the same network as the switch.  One of the recurrent themes of Internet of Things security might be summarized as “its not the THING, stupid!” In other words: the value of the individual endpoint is...

Read the whole entry... »

Related Stories
Categories: The Security Ledger

Cisco Links Remote Access Tool Remcos to Cybercriminal Underground

The Security Ledger - Thu, 08/23/2018 - 5:40pm

Questions are being raised about whether remote-access and testing tools from a mysterious company called Breaking Security are made and sold by cyber criminals, after the tools have been widely adopted as a turnkey solution for setting up and running botnets, according to Cisco Talos. Security researchers said they’ve observed...

Read the whole entry... »

Related Stories
Categories: The Security Ledger

Spotlight Podcast: Arctic Wolf on Nurturing Talent for the Evolved SOC

The Security Ledger - Wed, 08/22/2018 - 11:16pm

In this Spotlight Podcast, sponsored by Arctic Wolf Networks: sessions at this month’s Black Hat Briefings on on PTSD and substance abuse among security workers are proof that the high pressure, high stakes world of information security can take its toll. So what  does it take to find, train and nurture information security pros? Sam...

Read the whole entry... »

Related Stories
Categories: The Security Ledger