The Security Ledger

Petya-Bitten Subsidiary will materially impact FedEx

The Security Ledger - Wed, 07/19/2017 - 5:02pm

In-brief: FedEx said its TNT subsidiary was still relying on manual processes more than a week after it was ravaged by the Petya wiper malware. The attack will materially impact the company’s financial performance in 2018, FedEx said in a filing with the SEC.  Federal Express (or FedEx) is the latest US firm to claim that the Petya malware...

Read the whole entry... »

Related Stories
Categories: The Security Ledger

Security Camera Flaw could lurk in Thousands of Devices

The Security Ledger - Tue, 07/18/2017 - 10:13pm

In-brief: a vulnerability dubbed “Devil’s Ivy” affects hundreds of cameras by the firm Axios and – likely – thousands of other devices made by some of the world’s top technology brands. It’s another example of widespread software supply chain security risks. A serious security flaw that affects hundreds of...

Read the whole entry... »

Related Stories
Categories: The Security Ledger

Maybe ignore that South Carolina Election Hacking Story

The Security Ledger - Mon, 07/17/2017 - 11:35pm

In-brief: a story claiming more than 100,000 hack attempts on South Carolina’s election systems raises more questions than it answers about efforts to tamper with the U.S.’s voting systems.  The Wall Street Journal and other publications ran with an ALL CAPS story today on hacking attempts targeting South Carolina’s election...

Read the whole entry... »

Related Stories
Categories: The Security Ledger

With an Eye on IoT Security ARM buys Simulity for $15m

The Security Ledger - Fri, 07/14/2017 - 3:58pm

In-brief: ARM’s purchase of Simulity adds the ability to do over the air updates to embedded SIM chips and highlights ARM’s efforts to build out security and management at IoT scale.  A tiny deal this week by ARM could have a big impact on the security of the Internet of Things. The company, which makes a wide range of low power...

Read the whole entry... »

Related Stories
Categories: The Security Ledger

Will ‘Right to Repair’ imperil IoT Security?

The Security Ledger - Wed, 07/12/2017 - 1:35pm

In-brief: the firm Pen Test Partners notes that there are security arguments against expanding right to repair laws. But do they stand up to scrutiny?  We here at Security Ledger have covered the right to repair movement in the U.S. and abroad, where consumer advocates are looking to strengthen legal protections for customers who want to repair...

Read the whole entry... »

Related Stories
Categories: The Security Ledger

After Petya, NATO will provide Cybersecurity Help to Ukraine

The Security Ledger - Tue, 07/11/2017 - 3:42pm

In-brief: NATO said it was extending support to Ukraine to help confront a rash of cyber attacks from Russian affiliated hacking forces.  The beleaguered government of Ukraine is finally getting help with what have become chronic, disruptive cyber attacks emanating from Russia. NATO, the North Atlantic Treaty Organization, said it will be...

Read the whole entry... »

Related Stories
Categories: The Security Ledger

The Big Dark: Motive, not Means, is what holds back a Crippling Grid Hack

The Security Ledger - Sun, 07/09/2017 - 6:12pm

In-brief: A crippling cyber attack that could damage and destroy equipment needed to keep the lights on in major US cities is already possible. The only thing that’s lacking is a motive to carry out such an attack, according to our guest on this week’s podcast: Joe Weiss, a Managing Partner at Applied Control Solutions, LLC and a...

Read the whole entry... »

Related Stories
Categories: The Security Ledger

Dear SEC: More Companies Warn on Financial Impact from Petya Infection

The Security Ledger - Fri, 07/07/2017 - 6:07pm

In-brief: the Petya outbreak has prompted a string of profit and earnings warnings from major firms, with more likely in the days and weeks ahead, as companies struggle to regain their footing after the damaging wiper attack.  A week ago, writing for Digital Guardian, I noted that the outbreak of the Petya wiper malware was prompting something we...

Read the whole entry... »

Related Stories
Categories: The Security Ledger

Heartbleed’s Heartburn: Why a 5 Year Old Vulnerability Continues to Bite

The Security Ledger - Thu, 07/06/2017 - 10:00am

In-brief: more than three years after it was first discovered, the Heartbleed vulnerability in OpenSSL continues to plague organizations worldwide. Why has it been so hard to fix? In this Industry Perspective, Mike Pittenger of the firm Black Duck talks about some of the complicating factors that make vulnerabilities like Heartbleed so hard to...

Read the whole entry... »

Related Stories
Categories: The Security Ledger

Podcast: Michael Daniel on Cyber Diplomacy in the Age of Trump

The Security Ledger - Wed, 07/05/2017 - 6:38pm

In-brief: In an interview with The Security Ledger, former Obama Cybersecurity Advisor Michael Daniel weighs in on the changing US-Israel relationship, promoting cyber security talent in the U.S. and the future of the intelligence community’s ‘vulnerability equities’ program.  The arrival of the Trump Administration has raised...

Read the whole entry... »

Related Stories
Categories: The Security Ledger

Petya Malware may be an Early Test of Muscular Trump Cyber Doctrine

The Security Ledger - Mon, 07/03/2017 - 12:04pm

In-brief: In the hours before the Petya malware began circulating, two high level Trump Administration officials called for a tougher stand against online actors who sow chaos. The question now is how the Administration will react. Tel-Aviv, Israel– With the Petya “wiper” virus spreading globally, leaving crippled computers and...

Read the whole entry... »

Related Stories
Categories: The Security Ledger

Fired Employee Hacked Smart Water Meters Just to be a Jerk

The Security Ledger - Fri, 06/30/2017 - 10:16am

In-brief: A man in Pennsylvania was just being a jerk when he hacked into base stations owned by his ex-employer that control access to smart water meters and disrupted the business of municipal water utilities across three states. He faces jail time, probation and a fine for his actions. A Pennsylvania man who has been sentenced to one year and...

Read the whole entry... »

Related Stories
Categories: The Security Ledger

Petya Malware is about wreaking Havoc, not collecting Ransom | The Register

The Security Ledger - Wed, 06/28/2017 - 6:25pm

In-brief: On Tuesday, a ransomware infection spread across Europe and even affected companies and systems as far away as the United States and Brazil. Iain Thomson at The Register breaks down the malware used in the attack, dubbed NotPetya because it disguises itself as the Petya ransomware, although in the end it seems it was designed to wreak...

Read the whole entry... »

Related Stories
Categories: The Security Ledger

Is this Cyber War? Ransomware Attack Hits Banks, Transport, Government in Ukraine

The Security Ledger - Tue, 06/27/2017 - 12:33pm

In-brief: Fast spreading ransomware dubbed Petya has crippled parts of Ukraine and hit companies in The Netherlands, Spain. It appears to be spreading using a combination of software exploit and stolen passwords. A fast-spreading attack involving so-called “ransomware” has crippled critical services in Ukraine and appears to be...

Read the whole entry... »

Related Stories
Categories: The Security Ledger

U.K. Parliament Attack Reshines Light on Persistent Vulnerability of Passwords

The Security Ledger - Tue, 06/27/2017 - 11:46am

In-brief: Password security remains a thorn in the side of security experts as once again proven by the cyberattack on U.K. Parliament, which focused on gaining access to members’ e-mail accounts merely by guessing their passwords. The recent cyberattack on U.K.’s Parliament shows once again that passwords— the most basic way users have...

Read the whole entry... »

Related Stories
Categories: The Security Ledger

At Conference: Israel Preaches Peace through Cyber Strength

The Security Ledger - Mon, 06/26/2017 - 6:15pm

In-brief: Five years into a major overhaul, the Israeli government is celebrating its status as the go-to country for cyber security know-how and promoting its own recipe for success to other countries. But how many of them can or will follow suit?   Tel-Aviv, Israel — The specter of Russian hacking of the U.S. election, an epidemic of...

Read the whole entry... »

Related Stories
Categories: The Security Ledger

Kaspersky: Malware Attacks on IoT More Than Double Those in 2016

The Security Ledger - Mon, 06/26/2017 - 5:16pm

In-brief: As of May 2017, Kaspersky Lab researchers have observed more than 7,200 different samples of malware for IoT devices in honeypot activity—more than double the number from last year–demonstrating that IoT devices are becoming increasingly vulnerable on a number of fronts, including passwords, firmware, and telnet/SSH ports. Bad...

Read the whole entry... »

Related Stories
Categories: The Security Ledger

Podcast: The Internet of Things’ Entropy Problem and why it matters

The Security Ledger - Fri, 06/23/2017 - 8:23am

In-brief: Governments may worry about the democratization of strong encryption. But a bigger problem may be that the encryption we think is strong really isn’t, says Richard Moulds of the firm Whitewood. In this podcast, we talk about the.growing difficulty of generating truly random numbers in cloud environments and on the Internet of...

Read the whole entry... »

Related Stories
Categories: The Security Ledger