The Security Ledger

Citing Anti Surveillance Laws, German Government Orders Child Smart Watches Destroyed

The Security Ledger - Tue, 11/21/2017 - 2:12pm

Citing that country’s strict laws against unauthorized video and audio recording, Germany’s government has banned smart watches marketed to children and ordered parents to destroy the devices, which it labeled illegal surveillance tools.  The order, addressed to manufacturers, buyers and sellers of the smart watches, is just the...

Read the whole entry... »

Related Stories
Categories: The Security Ledger

Harvard Publishes Guide for Securing Political Campaigns

The Security Ledger - Tue, 11/21/2017 - 9:45am

A new guide from Harvard University’s Kennedy School of Government is offering guidance to political campaigns that wish to keep hackers at bay. The Cybersecurity Campaign Playbook (PDF) counts Robby Mook, Hillary Clinton’s Campaign Manager from the 2016 campaign, and Matt Rhoades, Mitt Romney’s 2012 Campaign Manager as...

Read the whole entry... »

Related Stories
Categories: The Security Ledger

North Korea’s widening Net, pricing the Equifax Hack & Dark Markets in Turmoil

The Security Ledger - Sun, 11/19/2017 - 3:44pm

In this week’s podcast, after a string of reports about North Korea’s growing forays onto sensitive corporate networks, we speak with Adam Meyers of CrowdStrike about the widening net of North Korean offensive hacking and how the Hermit Kingdom is playing the part both of cyber criminal and nation-state actor.  Also: we unpack the...

Read the whole entry... »

Related Stories
Categories: The Security Ledger

China delays notification of software holes targeted in state hacks

The Security Ledger - Thu, 11/16/2017 - 1:58pm

China is doing a better job finding and disclosing information on software security holes…except when those vulnerabilities are high risk and might be used in targeted attacks. That, according to a report out Thursday by the firm Recorded Future. Disclosure of vulnerabilities associated with malicious software used by China-affiliated...

Read the whole entry... »

Related Stories
Categories: The Security Ledger

US Government Warns of Hidden Cobra North Korea Cyber Threat

The Security Ledger - Wed, 11/15/2017 - 12:21pm

A Department of Homeland Security (DHS) Alert released on Tuesday warns the public about a campaign of hacking by the government of North Korea it has code-named “Hidden Cobra.” DHS joined the FBI for a joint Technical Alert about the campaign and its use of a piece of malicious software dubbed FallChill, a remote access trojan (RAT)...

Read the whole entry... »

Related Stories
Categories: The Security Ledger

Cisco Talos finds More Flaws in Foscam Cameras

The Security Ledger - Tue, 11/14/2017 - 12:22am

Cisco Systems is warning the public about a range of new vulnerabilities it has discovered in IP cameras from the firm Foscam, a popular maker of commercial and consumer surveillance cameras, the second trove of software security holes uncovered since June.  Cisco’s Talos group on Monday detailed eight vulnerabilities including remote code...

Read the whole entry... »

Related Stories
Categories: The Security Ledger

Securing Medical Devices, Rethinking OWASP’s Top 10 & BlackDuck CEO Lou Shipley

The Security Ledger - Sun, 11/12/2017 - 11:23pm

In this, our 70th episode of The Security Ledger podcast, we speak withXu Zou of the Internet of Things security startup Zingbox about the challenges of securing medical devices and clinical networks from cyber attack. Also: we take a look at the turmoil that has erupted around the OWASP Top 10, a list of common application security foibles. And...

Read the whole entry... »

Related Stories
Categories: The Security Ledger

Episode 70: securing medical devices, OWASP Top 10 controversy and BlackDuck CEO Lou Shipley

The Security Ledger - Sun, 11/12/2017 - 11:13pm

In this, our 70th episode of The Security Ledger podcast, we speak withXu Zou of the Internet of Things security startup Zingbox about the challenges of securing medical devices and clinical networks from cyber attack. Also: we take a look at the turmoil that has erupted around the OWASP Top 10, a list of common application security foibles. And...

Read the whole entry... »

Related Stories
Categories: The Security Ledger

Exclusive: Eye on Weapons Systems, North Korean Hackers target US Defense Contractors

The Security Ledger - Sat, 11/11/2017 - 12:59pm

North Korean hackers have stepped up their attacks on U.S. defense contractors in an apparent effort to gain intelligence on weapon systems and other assets that might be used against the country in an armed conflict with the United States and its allies, The Security Ledger has learned. Security experts and defense industry personnel interviewed...

Read the whole entry... »

Related Stories
Categories: The Security Ledger

Equifax says breach cost it $87m

The Security Ledger - Thu, 11/09/2017 - 7:18pm

Data broker Equifax said that the data breach that spilled information on some 140 million individuals has cost the company $87 million so far, with more costs likely in the future. The disclosure, made as part of the company’s quarterly filing with the US Securities and Exchange Commission, is the first public disclosure of the direct costs...

Read the whole entry... »

Related Stories
Categories: The Security Ledger

Survey of Enterprises Finds High Anxiety over IoT

The Security Ledger - Wed, 11/08/2017 - 5:59pm

A survey by Forrester and the firm Forescout finds business leaders in a state of high anxiety over the Internet of Things, as more connected devices infiltrate the workplace.  Business leaders are experiencing high anxiety over the connected devices on their networks, claiming that they are unable to identify all the devices in their...

Read the whole entry... »

Related Stories
Categories: The Security Ledger

Experts Propose Standard for IoT Firmware Updates

The Security Ledger - Tue, 11/07/2017 - 9:26am

Bleeping Computer reported that a new proposal submitted to the Internet Engineering Task Force (IETF) defines a secure framework for delivering firmware updates to Internet of Things (IoT) devices. Insecure software updates for embedded devices (aka ‘firmware’) have been a frequent source of security lapses on mobile and embedded...

Read the whole entry... »

Related Stories
Categories: The Security Ledger

Experts Propose Standard for IoT Firmware Updates

The Security Ledger - Tue, 11/07/2017 - 9:26am

Bleeping Computer reported that a new proposal submitted to the Internet Engineering Task Force (IETF) defines a secure framework for delivering firmware updates to Internet of Things (IoT) devices. Insecure software updates for embedded devices (aka ‘firmware’) have been a frequent source of security lapses on mobile and embedded...

Read the whole entry... »

Related Stories
Categories: The Security Ledger

Report details mass digital surveillance, attacks on ASEAN linked to Vietnamese APT group

The Security Ledger - Mon, 11/06/2017 - 6:08pm

The security firm Volexity reported on Monday that it uncovered a massive campaign of digital surveillance and web-based attacks directed at ASEAN and other civil society groups in Vietnam, Cambodia and other countries, including ASEAN, the Association of Southeast Asian Nations. Volexity researchers discovered malicious code lurking on main...

Read the whole entry... »

Related Stories
Categories: The Security Ledger

Report details mass digital surveillance, attacks on ASEAN linked to Vietnamese APT group

The Security Ledger - Mon, 11/06/2017 - 6:08pm

The security firm Volexity reported on Monday that it uncovered a massive campaign of digital surveillance and web-based attacks directed at ASEAN and other civil society groups in Vietnam, Cambodia and other countries, including ASEAN, the Association of Southeast Asian Nations. Volexity researchers discovered malicious code lurking on main...

Read the whole entry... »

Related Stories
Categories: The Security Ledger

Dark Markets do it better, surveying the Phishing underground and dissecting a Fancy Bear attack

The Security Ledger - Sun, 11/05/2017 - 11:59am

In episode 69 of The Security Ledger podcast, we speak with Luca Allodi of The University of Eindhoven in The Netherlands about research on the functioning of dark markets. Also: DUO Security researched the trade in phishing toolkits – you’ll be surprised at what they learned. And we deconstruct a campaign against the citizen...

Read the whole entry... »

Related Stories
Categories: The Security Ledger

Dark Markets do it better, surveying the Phishing underground and dissecting a Fancy Bear attack

The Security Ledger - Sun, 11/05/2017 - 11:59am

In episode 69 of The Security Ledger podcast, we speak with Luca Allodi of The University of Eindhoven in The Netherlands about research on the functioning of dark markets. Also: DUO Security researched the trade in phishing toolkits – you’ll be surprised at what they learned. And we deconstruct a campaign against the citizen...

Read the whole entry... »

Related Stories
Categories: The Security Ledger

AP: Russia hackers had targets worldwide, beyond US election

The Security Ledger - Thu, 11/02/2017 - 5:51pm

The Associated Press is reporting on a trove of data accidentally leaked by the Russian-backed advanced persistent threat (APT) group known as Fancy Bear that suggests the group conducted a years-long campaign against targets in the US, Ukraine, Russia, Georgia and Syria.  The documents, which were discovered by the security firm Secureworks,...

Read the whole entry... »

Related Stories
Categories: The Security Ledger

AP: Russia hackers had targets worldwide, beyond US election

The Security Ledger - Thu, 11/02/2017 - 5:51pm

The Associated Press is reporting on a trove of data accidentally leaked by the Russian-backed advanced persistent threat (APT) group known as Fancy Bear that suggests the group conducted a years-long campaign against targets in the US, Ukraine, Russia, Georgia and Syria.  The documents, which were discovered by the security firm Secureworks,...

Read the whole entry... »

Related Stories
Categories: The Security Ledger

Survey finds Device Makers Security Priorities Often Misplaced

The Security Ledger - Wed, 11/01/2017 - 12:22pm

Low-hanging Internet of Things security fruit may be left unpicked, as connected device makers fret about the predation of sophisticated hackers, but balk at simple security fixes, a Security Ledger and LogMeIn survey finds. You can download the full report here. A survey by LogMeIn and The Security Ledger found that IT professionals working at...

Read the whole entry... »

Related Stories
Categories: The Security Ledger

Pages