Tuesday, September 25, 2018
The Security Ledger

In Boston Exercise, Election Hackers Bypass Voting Machines

At an exercise in Boston that imagined a cyber attack designed to disrupt an important election in a “swing state,” voting machines were not an issue.  It’s election day in Nolandia, an imaginary, mid-sized U.S. city in a key...
The Security Ledger

Mirai Creators Cooperate with Feds to Avoid Prison

The three 20-something-year-old creators of the Mirai botnet have cooperated with the federal investigators on their case to avoid jail time. The three men–Paras Jha, 22, of Fanwood, New Jersey; Josiah White, 21, of Washington, Pennsylvania; and Dalton Norman, 22,...
The Security Ledger

Kaspersky: Attacks on Smart Devices Rise Threefold in 2018

Attacks against smart devices are surging, with both old and new threats targeting connected devices that remain largely unsecured, according to researchers at Kaspersky Lab. Kaspersky researchers observed three times as many malware samples against smart devices in the...
The Security Ledger

Report: Financial industry in crosshairs of credential-stuffing botnets

Botnets mounting credential-stuffing attacks against the financial industry are on the rise, with a more than 20-percent uptick in a two-month period, a new report from Akamai has found. Bad actors from the United States, Russia and Vietnam are...
The Security Ledger

Podcast Episode 112: what it takes to be a top bug hunter

In this week’s episode (#112): top bug hunters can earn more than $1 million a year from “bounties” paid for information on exploitable software holes in common platforms and applications. What does it take to be among the best?...
The Security Ledger

Veeam mishandles Own Data, exposes 440M Customer E-mails

Data-management Veeam found itself in need of some self-help after mismanaging its own data with a misconfigured server that exposed more than 440 million e-mail addresses and other types of customer information. Security researcher Bob Diachenko discovered that a...
The Security Ledger

Spotlight Podcast: Flashpoint’s Allison Nixon on SIM Swapping and the Looming Online Identity Crisis

Your smart phone does double and triple duty: letting you do banking, buy a cup of coffee, board a plane or access a sensitive online account. But that doesn’t mean that your phone number is equally as trustworthy. In...
The Security Ledger

Podcast Episode 111: Click Here to Kill Everybody and CyberSN on Why Security Talent Walks

In this week’s podcast (episode #111), sponsored by CyberSN: what happens when the Internet gets physical? Noted author and IBM security guru Bruce Schneier joins us to talk about his new book on Internet of Things risk: Click Here...
The Security Ledger

Opinion: The Corporate Lessons of Election Hacks

Recent demonstrations of election hacks are about more than ballots. They also contain important lessons for enterprises,  Security Ledger Editor in Chief Paul Roberts argues in this opinion piece. (Note: this post first appeared on Hitachi Security Systems web...
The Security Ledger

Before Senate Facebook, Twitter Defend Efforts to Stop Fake News

Facebook and Twitter executives defended recent efforts to stop the use of their platforms by Russia, Iran and other countries to influence U.S. elections. In testimony before the U.S. Senate, Facebook COO Sheryl Sandberg and Twitter Chief Executive Jack...
The Security Ledger

Collection Management: a Crash-Course

Effective collection management is integral to the success of an intelligence operation. What is it and how does it work? Thomas Hofmann, the Vice President of Intelligence at Flashpoint offers a crash-course in creating an effective collection management program....
The Security Ledger

Automation, Machine Learning Power Future of SIEM

In this interview with The Security Ledger, Amy Blackshaw of RSA talks about how the company’s Netwitness SIEM product is evolving to keep pace with a fast -evolving security market. Job 1: use machine learning and automation to allow...
The Security Ledger

Video: How Automation and Machine Learning Power Future of SIEM

In this interview with The Security Ledger, Amy Blackshaw of RSA talks about how the company’s Netwitness SIEM product is evolving to keep pace with a fast -evolving security market. Job 1: use machine learning and automation to allow...
The Security Ledger

Voting Machine Maker Defends Refusal of White-Hat Hacker Testing at DEF-CON

Voting machine maker Election Systems & Software (ES&S) defended its decision not to participate in a white-hat hacking event at this year’s DEF-CON to test the security of voting systems, saying such hack-a-thons could actually jeopardize election security and invite...
The Security Ledger

North Korea’s Lazarus Tied to Cryptojacking Campaign Targeting MacOS

North Korean state-sponsored hacking group Lazarus is believed to be behind a recent crypto jacking attack on several banks with an unexpected twist–the use of a Trojan that tricked a company employee into downloading malware, according to Kaspersky Lab....

Breach at US Retailer SHEIN Hits Over Six Million Users

Breach at US Retailer SHEIN Hits Over Six Million UsersUS fashion retailer SHEIN has admitted suffering a major breach affecting the personal information of over six million customers. The women’s clothing company revealed at the end of last week that...
The Register

Bug? Feature? Power users baffled as BitLocker update switch-off continues

Microsoft claims issue confined to older kit Three months on, users continue to report that Microsoft's BitLocker disk encryption technology turns itself off during security updates.…
ZDNet

UK issues first-ever GDPR notice in connection to Facebook data scandal

Canadian firm AggregateIQ, linked to the Facebook & Cambridge Analytica data scandal, is the first to be put on notice.
SecurityWeek

Symantec Completes Internal Accounting Investigation

Symantec announced on Monday that it has completed its internal accounting audit, and while some issues have been uncovered, only one customer transaction has an impact on financial statements. read more

Are Colleges Teaching Real-World Cyber Security Skills?

The cybersecurity skill shortage is a well-recognized industry challenge, but the problem isn’t that there are too few people rather that many of them lack suitable skills and experience. Cybersecurity is a fast-growing profession, and talented graduates are in...