Saturday, July 20, 2019
The Security Ledger

Robot Account Apocalypse: RPA Risk Exploding with Adoption

Robotic Process Automation is taking over mundane tasks in the workplace. But those bots may pose a serious security risk, according to researchers from the firm CyberArk.  Robotic Process Automation (RPA) may be the Holy Grail for enterprises these...
The Security Ledger

Opinion: We need a way to talk about Cyber Physical Risk

How does a flaw potentially affecting the integrity of printer management application get a “critical” severity rating and one affecting the integrity and operation of anesthesia machines get a “moderate” severity rating? It has to do with our evolving...
The Security Ledger

Episode 153: Hacking Anesthesia Machines and Mayors say No to Ransoms

In this week’s podcast episode (#153): The researcher who discovered serious remote access security flaws in anesthesia machines by GE says such security holes are common. Also: the US Conference of Mayors voted unanimously to swear off paying ransoms...
The Security Ledger

Breath Deeply: DHS warns of Flaw in Hospital Anesthesia Machines

The U.S. Department of Homeland Security on Tuesday warned that a serious and remotely exploitable security hole has been found in two anesthesia devices made by GE Healthcare. DHS issued an ICS Medical Advisory (ICSMA-19-190-01) Tuesday for the GE...
The Security Ledger

Breathe Deeply: DHS warns of Flaw in Hospital Anesthesia Machines

GE learned of a serious vulnerability affecting two brands of anesthesia machines in October. The company on Tuesday advised customers to take steps to protect them from being remotely tampered with. The post Breathe Deeply: DHS warns of Flaw in...
The Security Ledger

Ahead of Black Hat: Fear and Pessimism in Las Vegas

A survey of security professionals who have attended Black Hat reveals fears for From the 2020 Election, U.S. infrastructure The post Ahead of Black Hat: Fear and Pessimism in Las Vegas appeared first on The Security Ledger.Related StoriesPodcast Episode...
The Security Ledger

Episode 152: What the Silex Malware says about IoT Insecurity and Cloud Security CEO Steve Mullaney on Amazon ReInforce

In this week’s podcast episode, #152: we talk with Akamai researcher Larry Cashdollar about his discovery of Silex, a new example of IoT killing malware allegedly authored by a 14 year old. Also: Steve Mullaney, the CEO of the...
The Security Ledger

Podcast Episode 151: Ransoming the City with Cesar Cerrudo of IOActive

In this week’s episode, #151: Cesar Cerrudo, the head of research at the firm IOActive joins us to talk about the recent spate of massive ransomware payouts and why municipal government networks are the favorite target of hackers these...
The Security Ledger

Episode 151: Ransoming the City with Cesar Cerrudo of IOActive

In this week’s episode, #151: Cesar Cerrudo, the head of research at the firm IOActive joins us to talk about the recent spate of massive ransomware payouts and why municipal government networks are the favorite target of hackers these...
The Security Ledger

Firm Uncovers Major Cyber-Espionage Campaign Against Telcos

The security firm Cybereason has uncovered a persistent cyber espionage attack on telecommunications companies worldwide to steal data on high-profile users and then spy on them. The post Firm Uncovers Major Cyber-Espionage Campaign Against Telcos appeared first on The Security...
The Security Ledger

Attack on Tesla Autopilot highlights Bigger Risk of Insecure Sensors

Researchers from the firm Regulus Cyber say that they demonstrated a type of GPS spoofing attack that caused vehicles by Tesla to veer off the road. The impact could be much broader than just Tesla, however. The post Attack...
The Security Ledger

Podcast Episode 150: Microsoft’s Tanya Janca on securing Azure and Armor Scientific’s CTO on Life after Passwords

In this week’s episode, #150: Microsoft cloud evangelist Tanya Janca joins us to talk about securing Azure and the challenges of pushing security left. Also: we continue our series on life after passwords as we speak with Nick Buchanan,...
The Security Ledger

Episode 150: Microsoft’s Tanya Janca on securing Azure and Armor Scientific’s CTO on Life after Passwords

In this week’s episode, #150: Microsoft cloud evangelist Tanya Janca joins us to talk about securing Azure and the challenges of pushing security left. Also: we continue our series on life after passwords as we speak with Nick Buchanan,...
The Security Ledger

Cognitive Bias is the Threat Actor you may never detect

Cognitive bias among workers can undermine security work and lead to critical misinterpretations of data, warns Forcepoint X-Labs research scientist, Dr. Margaret Cunningham. The post Cognitive Bias is the Threat Actor you may never detect appeared first on The...
The Security Ledger

Episode 149: How Real is the Huawei Risk?

In this episode of the podcast we're joined by Priscilla Moriuchi of the firm Recorded Future, which released a report this week analyzing the security risks posed by Huawei, the Chinese telecommunications and technology giant. The post Episode 149:...

Cisco Patches Critical Flaw in Vision Dynamic Signage Director

Cisco this week released a security patch for the Vision Dynamic Signage Director, to address a Critical vulnerability that could allow attackers to execute arbitrary actions on the local system.  Tracked as CVE-2019-1917, the vulnerability was found in the REST...

The Great Hack: the film that goes behind the scenes of the Facebook data scandal

This week, a Netflix documentary on Cambridge Analytica sheds light on one of the most complex scandals of our time. Carole Cadwalladr, who broke the story and appears in the film, looks at the fallout – and finds ‘surveillance...
SecurityWeek

Scotland Yard Twitter and Emails Hacked

London's Metropolitan Police apologised Saturday after its Twitter, emails and news pages were targeted by hackers and began pumping out a series of bizarre messages. read more

Browser Extensions Scraped Data From Millions of People

Slack passwords, NSO spyware, and more of the week's top security news.
ZDNet

Hackers breach FSB contractor, expose Tor deanonymization project and more

SyTech, the hacked company, was working on research projects for the FSB, Russia's intelligence service.