Thursday, June 1, 2023
The Security Ledger

Researcher finds malicious packages lurked on npm for months

Researchers at ReversingLabs said they discovered two npm open source packages that contained malicious code linked to open source malware known as TurkoRat. The post Researcher finds malicious packages lurked on npm for months appeared first on The Security...
The Security Ledger

Researcher: malicious packages lurked on npm for months

Researchers at ReversingLabs said they discovered two npm open source packages that contained malicious code linked to open source malware known as TurkoRat. The post Researcher: malicious packages lurked on npm for months appeared first on The Security Ledger...
The Security Ledger

Episode 250: Window Snyder of Thistle on Making IoT Security Easy

In this episode of the podcast, I speak with Window Snyder, the founder and CEO of Thistle Technologies about the (many) security challenges facing Internet of Things (IoT) devices and her idea for making things better: Thistle’s platform for...
The Security Ledger

The surveys speak: supply chain threats are freaking people out

A bunch of recent surveys of IT and security pros send a clear message: threats and risks from vulnerable software supply chains are real, and they’re starting to freak people out. The post The surveys speak: supply chain threats are...
The Security Ledger

Spotlight: Traceable CSO Richard Bird on Securing the API Economy

In this Spotlight episode of the Security Ledger podcast, I interview Richard Bird, the CSO of the firm Traceable AI about the challenge of securing application programming interfaces (APIs), which are increasingly being abused to steal sensitive data. The post Spotlight: Traceable CSO Richard Bird...
The Security Ledger

Episode 249: Intel Federal CTO Steve Orrin on the CHIPS Act and Supply Chain Security

Paul speaks with Steve Orrin, the Federal CTO at Intel Corp about representing Intel and its technologies to Uncle Sam and the impact of the CHIPS Act a massive new federal investment in semiconductors. The post Episode 249: Intel...
The Security Ledger

Malicious Automation is driving API Security Breaches

Removing the ability to automate against a vulnerable API is a huge step forward, as automation is a key enabler for both the exploitation and the extraction of large amounts of sensitive data. The post Malicious Automation is driving API...
The Security Ledger

Spotlight: Making the Most of Cyber Threat Intelligence with Itsik Kesler of KELA

In this Spotlight episode of the Security Ledger podcast, I interview Itsik Kesler, the CTO of the threat intelligence firm Kela about the evolution of threat intelligence and findings from the company’s latest State of Cybercrime Threat Intelligence report. The post Spotlight: Making...
The Security Ledger

Cyberattacks on Industrial Control Systems Jumped in 2022

Cyberattacks on industrial control systems (ICS) jumped in 2022, with an 87% jump in ransomware attacks and a 35% increase in the number of ransomware groups targeting industrial control and operational technology (OT) systems, according to a report by...
The Security Ledger

Forget the IoT. Meet the IoZ: our Internet of Zombie things

A school that never sleeps? Cameras that go dark? A dead company hacked back to life? Welcome to the growing Internet of Zombie devices that threatens the security of the Internet. The post Forget the IoT. Meet the IoZ:...
The Security Ledger

Beware: Images, Video Shared on Signal Hang Around

A researcher is warning that photos and video files shared in Signal chats may be hanging around on devices, even when they deleted the messages in which the images were shared. The post Beware: Images, Video Shared on Signal...
The Security Ledger

T-Mobile: Leaky API Exposes Data on 37 Million

U.S. Telecommunications giant T-Mobile disclosed on Thursday that hackers obtained data on 37 million customers through a vulnerable API (application program interface). The disclosure was included in an 8-K filing with the U.S. Securities and Exchange Commission. The post...
The Security Ledger

2023 Technologies to Secure Your Hybrid Workspace

For businesses looking to invest in the creation of a safer and more productive modern office environment, here’s a rundown of the top 2023 technologies to secure your hybrid workspace.  The post 2023 Technologies to Secure Your Hybrid Workspace appeared...
The Security Ledger

CES Overlooks New Report That Finds Auto Cyber Is A Dumpster Fire

Automakers swear that the security of their connected vehicles is their top priority. So how come researchers just found dozens of software flaws that could give hackers access to millions of cars? The post CES Overlooks New Report That...
The Security Ledger

New Report Finds Auto Cyber Is A Dumpster Fire

Automakers swear that the security of their connected vehicles is their top priority. So how come researchers just found dozens of software flaws that could give hackers access to millions of cars? The post New Report Finds Auto Cyber...
SC Magazine

We need to refine and secure AI, not turn our backs on the technology 

While the potential poisoning of ChatGPT raises some concerns, we need to take this threat as an opportunity to better refine and secure emerging AI models.
The Hacker News

Active Mirai Botnet Variant Exploiting Zyxel Devices for DDoS Attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a recently patched critical security flaw in Zyxel gear to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. Tracked as CVE-2023-28771 (CVSS score: 9.8), the issue relates to a command injection flaw impacting...
The Hacker News

Urgent WordPress Update Fixes Critical Flaw in Jetpack Plugin on Million of Sites

WordPress has issued an automatic update to address a critical flaw in the Jetpack plugin that’s installed on over five million sites. The vulnerability, which was unearthed during an internal security audit, resides in an API present in the plugin since version 2.0,...
The Register

Dark Pink cyber-spies add info stealers to their arsenal, notch up more victims

Not to be confused with K-Pop sensation BLACKPINK, gang pops military, govt and education orgs Dark Pink, a suspected nation-state-sponsored cyber-espionage group, has expanded its list of targeted organizations, both geographically and by sector, and has carried out at...
The Register

Feds, you’ll need a warrant for that cellphone border search

Here's a story with a twist A federal district judge has ruled that authorities must obtain a warrant to search an American citizen's cellphone at the border, barring exigent circumstances.…