The Security Ledger

Podcast Episode 134: The Deep Fake Threat to Authentication and analyzing the PEAR Compromise

The Security Ledger - Tue, 02/19/2019 - 8:23am

Vijay Balasubramaniyan of Pindrop joins us to talk about it. And, in our second segment, Sam Bisbee the CSO of the firm ThreatStack joins us to talk about last month's hack of the PEAR open source package manager and why data deserialization attacks are a growing threat to projects that use open source components.

The post Podcast Episode 134:...

Read the whole entry... »

Related Stories
Categories: The Security Ledger

Waiting for Federal Data Privacy Reform? Don’t Hold Your Breath.

The Security Ledger - Thu, 02/14/2019 - 10:44am

Despite a litany of high-profile data breaches, federal action on data privacy is unlikely to go anywhere in 2019 as partisanship and lack of technology literacy complicate Congressional action.

The post Waiting for Federal Data Privacy Reform? Don’t Hold Your Breath. appeared first on The Security Ledger.

Related Stories
Categories: The Security Ledger

Podcast Episode 133: Quantum Computing’s Security Challenge and Life After Passwords

The Security Ledger - Tue, 02/12/2019 - 10:41pm

The arrival of functional quantum computers may be closer than you think. I'm joined by Avesta Hojjati, Head of DigiCert Labs and Brian LaMacchia, Distinguished Engineer and Head of the Security and Cryptography Group at Microsoft Research to talk about coming quantum revolution and what it means for security.

The post Podcast Episode 133:...

Read the whole entry... »

Related Stories
Categories: The Security Ledger

Four Signs You’re Ready for a Virtual CISO

The Security Ledger - Fri, 02/08/2019 - 10:17am

A virtual Chief Information Security Officer (or vCISO) can be a great resource to a company. But how do you know when your company is ready for one? Rob Black of Fractional CISO shares four telltale signs to watch for.

The post Four Signs You’re Ready for a Virtual CISO appeared first on The Security Ledger.

Related Stories
Categories: The Security Ledger

Government, Private Sector Unprepared for 21st Century Cyber Warfare

The Security Ledger - Thu, 02/07/2019 - 9:25am

U.S. government agencies and businesses are largely unprepared for a major cyber attack from state-sponsored actors, and must prepare now, according to a report by key governmental-focused think tanks.

The post Government, Private Sector Unprepared for 21st Century Cyber Warfare appeared first on The Security Ledger.

Related Stories
Categories: The Security Ledger

Podcast Episode 132: NERC issues a Big Fine – does it matter?

The Security Ledger - Tue, 02/05/2019 - 11:24pm

In this week’s episode of the podcast (#132): in the wake of news of the biggest fine yet for violations of the NERC Critical Infrastructure Protection (CIP) standard, we talk with Willy Lighter and Saurabh Sharma of the firm Virsec about whether the industry’s main security standard even matters in an age of sophisticated, nation-backed...

Read the whole entry... »

Related Stories
Categories: The Security Ledger

Testimony: There’s No Internet of Things Risk in Repair

The Security Ledger - Tue, 02/05/2019 - 9:35am

A proposed right to repair law in New Hampshire won't make the Internet of Things one iota less secure. It will benefit consumers and the planet by extending the useful life of a wide range of connected devices, while making it easier to keep them secure throughout their useful life.

The post Testimony: There’s No Internet of Things Risk in...

Read the whole entry... »

Related Stories
Categories: The Security Ledger

Russian Cyber Criminal Named as Source of Massive Collection 1 Data Dump

The Security Ledger - Mon, 02/04/2019 - 9:25am

A Russian cyber criminal going by the name of "C0rpz" is believed to be the source of a massive trove of over one billion online credentials known as "Collection 1," the firm Recorded Future reports.

The post Russian Cyber Criminal Named as Source of Massive Collection 1 Data Dump appeared first on The Security Ledger.

Related Stories
Categories: The Security Ledger

Secrecy Reigns as NERC Fines Utilities $10M citing Serious Cyber Risks

The Security Ledger - Fri, 02/01/2019 - 2:36pm

The North American Electric Reliability Corp. (NERC) imposed its stiffest fine to date for violations of Critical Infrastructure Protection (CIP) regulations, citing scores of violations. But who violated the standards and much of what the agency found remains secret. 

The post Secrecy Reigns as NERC Fines Utilities $10M citing Serious Cyber...

Read the whole entry... »

Related Stories
Categories: The Security Ledger

Four More Collections, 700 Million Stolen Passwords Discovered

The Security Ledger - Thu, 01/31/2019 - 12:59pm

Researchers say that four more collections of stolen passwords contain more than 2 billion records and hundreds of millions of unique passwords, according to reports.

The post Four More Collections, 700 Million Stolen Passwords Discovered appeared first on The Security Ledger.

Related Stories
Categories: The Security Ledger

Podcast Episode 131: suing Yahoo! Executives…and winning

The Security Ledger - Tue, 01/29/2019 - 6:26pm

In this week’s episode (#131): a shareholder lawsuit targeting Yahoo! executives was settled quietly. But it could have big implications for the C-Suite at breached firms. Also: as the US pursues criminal charges against Huawei for corporate espionage, we look at one of the federal government’s most potent tools to stop the transfer of...

Read the whole entry... »

Related Stories
Categories: The Security Ledger

DoJ Charges Huawei Execs in Broad Indictment Spanning 10 Years of Criminal Activity

The Security Ledger - Tue, 01/29/2019 - 8:08am

The Department of Justice (DoJ) filed broad charges against Chinese telecom giant Huawei Technologies Co. Ltd. and its CFO Wanzhou Meng for allegedly stealing trade secrets from U.S. mobile firm T-Mobile and deceiving U.S. stakeholders about its business activity in Iran, among a number of other fraud and conspiracy activities over a 10-year...

Read the whole entry... »

Related Stories
Categories: The Security Ledger

Buyer Beware: Not All Threat Intel Add-Ons are Equal

The Security Ledger - Mon, 01/28/2019 - 6:00am

Like leather upholstery for your new car, add-ons to your threat intelligence service are hard to resist. But Chris Camacho of Flashpoint* says “buyer beware:” threat intel add-ons may be more trouble than they’re worth. If you’ve ever shopped for a new car, you’re likely familiar with the dizzying number of add-on...

Read the whole entry... »

Related Stories
Categories: The Security Ledger

Facebook opens up on System that ‘protects Billions’

The Security Ledger - Fri, 01/25/2019 - 5:09pm

Facebook used a blog post on Friday to describe, in detail, the systems that it uses to secure its vast social network, including custom designed tools and so-called "red team" hacks.

The post Facebook opens up on System that ‘protects Billions’ appeared first on The Security Ledger.

Related Stories
Categories: The Security Ledger

Report: IoT Still Wildly Insecure as New ‘Credential Compromise’ Threat Emerges

The Security Ledger - Thu, 01/24/2019 - 3:00am

The new year isn't bringing good news about Internet of Things security, as a new report sheds light on a flaw that allows bad actors to take unauthorized control of applications used by the IoT devices.

The post Report: IoT Still Wildly Insecure as New ‘Credential Compromise’ Threat Emerges appeared first on The Security Ledger.

Related Stories
Categories: The Security Ledger