The Security Ledger

NIST Floats IoT Cybersecurity Standards

The Security Ledger - Fri, 02/16/2018 - 4:27pm

There are plenty of standards that can be used to help secure The Internet of Things, but not much evidence that they’re being used, according to NIST, which calls on government and industry to settle on conforming standards for IoT products in a new report.  That National Institute of Standards and Technology (NIST) has unveiled a draft of...

Read the whole entry... »

Related Stories
Categories: The Security Ledger

What the UK Knows: Five Things That Link NotPetya to Russia

The Security Ledger - Thu, 02/15/2018 - 3:47pm

The UK’s Foreign Office Minister Lord Ahmad said that the UK Government believes Russia was responsible for the destructive NotPetya cyber-attack of June 2017. How can they be sure? We look at five, strong clues pointing back to the Kremlin. The government of the United Kingdom has formally attributed the June 2017 NotPetya wiper attacks to...

Read the whole entry... »

Related Stories
Categories: The Security Ledger

Sour Patch: NotPetya’s Cleanup Cost to Mondelez Tops $80 million

The Security Ledger - Wed, 02/14/2018 - 6:57pm

The NotPetya wiper malware took a bite out of candy maker Mondelez International’s 2017 earnings, the company has reported.  Mondelez, which was hit by the outbreak in June, said that it spent $84 million in “incremental costs” to investigate the incident, remove the malware and restore systems infected by the so-called...

Read the whole entry... »

Related Stories
Categories: The Security Ledger

IoT Security’s Known Unknowns | Network World

The Security Ledger - Tue, 02/13/2018 - 10:32pm

As Internet of Things devices proliferate, it’s more important to discover how many and what kind are on your network and figure out how to make them secure. Editor’s Note: this article first appeared on Network World. You can read the article here at Network World Insider.  Judging by all the media attention that The Internet of...

Read the whole entry... »

Related Stories
Categories: The Security Ledger

Episode 83: Who is hacking the Olympics? Octoly’s Influencer Breach and Google plays HTTPS Hardball

The Security Ledger - Mon, 02/12/2018 - 2:44pm

In this week’s Security Ledger Podcast (#83): McAfee Chief Scientist Raj Samani talks to us about that company’s research into a string of targeted attacks on the organizers of the 2018 Winter Olympics in PyeongChang, South Korea. Also: information on 12,000 YouTube stars, Instagram power users and other online influencers was leaked...

Read the whole entry... »

Related Stories
Categories: The Security Ledger

EFF Seeks Right to Jailbreak Alexa, Voice Assistants

The Security Ledger - Fri, 02/09/2018 - 12:25pm

The Electronic Frontier Foundation (EFF) is asking the Library of Congress to give owners of voice assistant devices like Amazon’s Echo, Google Home and other voice assistants the right to “jailbreak” the devices: freeing them from content control features designed to prevent users from running unauthorized code on those...

Read the whole entry... »

Related Stories
Categories: The Security Ledger

Smartphone Users Tracked Even with GPS, WiFi Turned Off

The Security Ledger - Thu, 02/08/2018 - 9:29am

A team of researchers from Princeton has demonstrated that they can track the location of smartphone users even when location services like GPS and WiFi are turned off. The recent military security breach involving the Strava mobile fitness app proved the persistent vulnerabilities of location-based services on mobile devices. However, turning off...

Read the whole entry... »

Related Stories
Categories: The Security Ledger

Consumer Reports: Flaws Make Samsung, Roku TVs Vulnerable

The Security Ledger - Wed, 02/07/2018 - 10:42pm

Consumer Reports warns that smart TVs by Samsung and other vendors are vulnerable to disorienting remote attacks.  There have been countless reports of vulnerabilities in smart television sets in recent years. Now Consumer Reports, the consumer product review magazine, has warned that millions of smart TVs sold under the Roku and Samsung brands...

Read the whole entry... »

Related Stories
Categories: The Security Ledger

Researchers Find More Connected Sex Toys Face Hacking Risk

The Security Ledger - Wed, 02/07/2018 - 4:56pm

Researchers have found that Vibratissimo sex toys manufactured by a German company are vulnerable to attacks that could expose sensitive user information and allow hackers to take remote control of someone’s sex toy. Most people using smart sex toys might like to think their activities are private, but security researchers have proven once...

Read the whole entry... »

Related Stories
Categories: The Security Ledger

For YouTube Stars, Influencers: More Risk of Hacks after Octoly Breach

The Security Ledger - Tue, 02/06/2018 - 1:29pm

Octoly, the Paris-based agency for online “influencers” apologized following the leak of sensitive and personally identifying information on 12,000 clients. But clients were furious they were not informed by the company first and researchers warn that those exposed could face increased risks of both online and offline harm.  The firm...

Read the whole entry... »

Related Stories
Categories: The Security Ledger

Episode 82: the skinny on the Autosploit IoT hacking tool and a GDPR update from the front lines

The Security Ledger - Mon, 02/05/2018 - 11:48am

In this week’s episode of The Security Ledger Podcast (#82), we take a look at Autosploit, the new Internet of Things attack tool that was published on the open source code repository Github last week. Brian Knopf of the firm Neustar joins us to talk about what the new tool might mean for attacks on Internet of Things endpoints in 2018....

Read the whole entry... »

Related Stories
Categories: The Security Ledger

Privacy Meltdown: Strava tricked into Revealing Soldiers’ Names

The Security Ledger - Wed, 01/31/2018 - 7:43pm

Days after Strava fitness heatmaps were shown to reveal the location of military bases, a Norwegian journalist  fooled Strava into revealing the names of some of soldiers and other personnel on those bases.  Strava’s decision to release a heat map visualization of billions of data points recorded from its millions of users is generating...

Read the whole entry... »

Related Stories
Categories: The Security Ledger

The US Military’s IoT Problem Is Much Bigger Than Fitness Trackers

The Security Ledger - Tue, 01/30/2018 - 6:13pm

Forget about tattling fitness trackers. The U.S. military’s bigger problem is that it is falling behind in taking advantage of the Internet of Things, according to experts.  Fitness trackers leaking troop movements aren’t the only – or even the worst problem the Department of Defense (DoD) has to contend with on the Internet of...

Read the whole entry... »

Related Stories
Categories: The Security Ledger

How To Make Your Intelligence Program Ready for Executive Consumption

The Security Ledger - Tue, 01/30/2018 - 3:16pm

In this Industry Perspective, Thomas Hofmann of the firm Flashpoint writes that cyber threat intelligence professionals from the government don’t just bring their skills when they migrate to the private sector – they bring their jargon, also. Communicating effectively with the C-suite, however, demands making threat intelligence ready...

Read the whole entry... »

Related Stories
Categories: The Security Ledger

Episode 81: Hacking IoT with Physics, Poor Grades for Safety Wearables and Peak Ransomware

The Security Ledger - Mon, 01/29/2018 - 4:26pm

In this week’s podcast: researcher Kevin Fu of University of Michigan discusses his work on attacks that use physics to manipulate connected devices. Also: Mark Loveless of DUO discusses his research into how poor implementation of wireless protocols make personal security trackers a privacy risk. And have we seen peak ransomware? Adam Kujawa of...

Read the whole entry... »

Related Stories
Categories: The Security Ledger

Smart Homes May Hide Crypto Mining Schemes

The Security Ledger - Fri, 01/26/2018 - 5:42pm

Loosely attended smart home appliances may be platforms for cryptocurrency mining scams, a researcher with the firm IOActive warns. Is your smart refrigerator or connected dishwasher secretly mining Moreno or Bitcoin on the sly? It’s a possibility that experts at the firm IOActive say homeowners, regulators and device makers need to be...

Read the whole entry... »

Related Stories
Categories: The Security Ledger

The Dutch were spying on Cozy Bear Hackers as they targeted Democrats

The Security Ledger - Fri, 01/26/2018 - 12:05pm

Dutch intelligence is claiming to have observed Russian state-sponsored hackers known as Cozy Bear attacking Democratic Party organizations in the U.S. beginning in 2014.  A shocking report from a Dutch website, de Volkskrant, claims that hackers from that country’s intelligence community penetrated the network of a building used by...

Read the whole entry... »

Related Stories
Categories: The Security Ledger

Researchers Warn of Physics-Based Attacks on Sensors

The Security Ledger - Thu, 01/25/2018 - 4:09pm

Billions of sensors that are already deployed lack protections against attacks that manipulate the physical properties of devices to cause sensors and embedded devices to malfunction, researchers working in the U.S. and China have warned.  In an article in Communications of the ACM, researchers Kevin Fu of the University of Michigan and Wenyuan...

Read the whole entry... »

Related Stories
Categories: The Security Ledger

New Rapidly-Spreading Hide and Seek IoT Botnet Identified by Bitdefender

The Security Ledger - Wed, 01/24/2018 - 2:11pm

BitDefender has identified a new fast-spreading IoT botnet called Hide and Seek that has the potential to perform information theft for espionage or extortion. Bitdefender security researchers have spotted a fast-spreading, shape-shifting new botnet that can hack IoT devices and potentially perform widespread information theft for espionage or...

Read the whole entry... »

Related Stories
Categories: The Security Ledger

Intel: Don’t Install Faulty Spectre, Meltdown Patches

The Security Ledger - Tue, 01/23/2018 - 4:55pm

In-brief: Intel has warned users not to install patches it released for the Spectre and Meltdown vulnerabilities in its processors, asking them to wait until it issues new software, which it’s working on now. Finding out your device has vulnerabilities is bad enough, but finding out the patched issued to fix them are “complete and utter...

Read the whole entry... »

Related Stories
Categories: The Security Ledger

Pages