10 Ways to make Your Remote Work Easy and Secure
Corona Virus has resulted in a rapid shift to work across many industries. But how can companies balance employees need to access sensitive company information with the company's need to maintain strict security controls? In this opinion piece, Rachael...
Episode 179: CISO Eye on the Virus Guy – Assessing COVID’s Cyber Risks
In this episode of the podcast (#179), CISO Kayne McGlandry of IEEE joins us to talk about the cyber risks posed by COVID and why COVID-themed phishing emails shouldn’t be your only concern. The emergence and spread of the...
Risk Recordings Podcast with RSA: Exploring Digital Risk in Digital Transformation
In a new podcast series, Risk Recordings with RSA, we dig into the many ways that digital transformation is changing and magnifying digital risk. We also go into the trenches: speaking with IT executives and experts at the forefront...
Episode 178: Killing Encryption Softly with the EARN IT Act. Also: SMBs Struggle with Identity
In this episode of the Security Ledger Podcast sponsored by LogMeIn and LastPass: the EARN IT Act is slouching its way to passage on Capitol Hill, alarming privacy and civil liberties experts. Andrea Little Limbago of the firm Virtu...
Spotlight Podcast: How DU Telecom Manages Digital Transformation Risk
In this Spotlight* podcast, Sayed Wajahat Ali the Senior Director of Security Risk Management at DU TELECOM in the UAE joins us to talk about how digital transformation is shaking up the once-staid telecommunications industry and how his company...
Episode 177: The Power and Pitfalls of Threat Intelligence
In this week's podcast (#177) we're back from RSA Conference and talking about the growing prominence of cyber threat intelligence services with Eric Olson of the firm LookingGlass Cyber Solutions.
The post Episode 177: The Power and Pitfalls of...
Spotlight Podcast: The Demise of the Password may be closer than you think!
In this Spotlight* podcast, Yaser Masoudnia of LogMeIn and LastPass talks about the continued persistence of the password in enterprise IT environments and how its inevitable demise (and replacement) may be closer than you would think.
The post Spotlight...
Episode 176: Security Alarms in Census II Open Source Audit. Also: The New Face of Insider Threats with Code42
Joe Payne the CEO of Code42 joins us to talk about how the challenge of data breach prevention is changing. And: we do a deep dive on the recent Census II audit of open source.
The post Episode 176:...
As Cyber Attacks Mount, Small Businesses seek Authentication Fix
Small and medium-sized businesses find themselves in the cross hairs of sophisticated hacking groups. Improved identity and access management (IAM) tools are critical to keeping hackers at bay. But what do SMBs want? A LastPass survey of IT leaders...
Spotlight Podcast: How Machine Learning is revolutionizing Application Fuzzing
In this Spotlight episode of the Podcast, sponsored* by ForAllSecure we speak with CEO David Brumley about application "fuzzing" and how advancements in machine learning technology are allowing security researchers to find more and more serious vulnerabilities faster. The...
Episode 175: Campaign Security lags. Also: securing Digital Identities in the age of the DeepFake
In this episode of The Security Ledger Podcast (Episode #175), sponsored by Digicert: its been three years since the hacks made famous during the 2016 election, but online campaigns still struggle with basic security. Andrew Peterson of the firm...
Opinion: AI and Machine Learning will power both Cyber Offense and Defense in 2020
Artificial intelligence and machine learning hold great promise for both defenders and attackers, making it one of the most important security trends to follow in 2020, says Gerald Beuchelt, the CISO of LogMeIn.*
The post Opinion: AI and Machine...
Episode 174: GE’s Very Bad Day – Unpacking the MDHex Vulnerabilities
The U.S. Department of Homeland Security warned of critical vulnerabilities in a range of products by GE. We speak with Elad Luz, the head of research at CyberMDX, which discovered the holes.
The post Episode 174: GE’s Very Bad...
Seven Years Later, Scores of EAS Systems sit Un-patched, Vulnerable
Two years after a false EAS alert about an incoming ICBM sowed terror in Hawaii, and seven years after security researchers warned about insecure, Internet connected Emergency Alert System (EAS) hardware, scores of the devices across the U.S. remain...
Opinion: The Perils and Promise of the Data Decade
We have entered the "Data Decade," says RSA Security CTO Dr. Zulfikar Ramzan. What does that mean? Here are three "Data Decade" trends that will reshape how we talk about, approach, and manage data.
The post Opinion: The Perils...
Palantir, The $20 Billion, Peter Thiel-Backed Big Data Giant, Is Providing A Coronavirus Monitoring Tool To The CDC
Palantir will help the Centers for Disease Control keep on top of ventilator and mask needs to treat coronavirus victims, sources say.
Defense Evasion Dominated 2019 Attack Tactics
Researchers mapped tactics and techniques to the MITRE ATT&CK framework to determine which were most popular last year.
Watering-Holes Target Asian Ethnic Victims with Flash Update Decoy
About 10 compromised websites employ a multi-stage, targeted effort to fingerprint and compromise victims.
OpenWRT is vulnerable to attacks that execute malicious code
Enlarge (credit: OpenWRT)
For almost three years, OpenWRT—the open source operating system that powers home routers and other types of embedded systems—has been vulnerable to remote code-execution attacks because updates were delivered over an unencrypted channel and digital...
Privacy in critical care after telehealth demands jump
As coughs and body aches drive anxious Americans to telemed services in record numbers, relieving the burden on medical facilities stressed to breaking with COVID-19 cases, the subsequent relaxation of privacy requirements puts them at risk of PHI compromises,...
