Wednesday, December 11, 2019
The Security Ledger

Passwordless? Imagining the Future of Authentication

The average employee in the workplace has 191 passwords. Will we ever rid ourselves of them and, if so, how? Gerald Beuchelt, the Chief Information Security Officer at LogMeIn talks about how changes in authentication may deliver a passwordless...
The Security Ledger

Episode 170: Cyber Monday is for Hackers

This Cyber Monday may have been the biggest yet - and not just for shoppers and online retailers. Hackers use the year's biggest online shopping day to cover their tracks. Brendon Macareg of Signal Sciences joins us to talk...
The Security Ledger

Episode 169: Ransomware comes to the Enterprise with PureLocker

In this episode of the podcast, sponsored by PureVPN, Michael Kajiloti of the firm Intezer Labs joins us to talk about the origins and makeup of PureLocker, a new family of ransomware designed to target production servers in the...
The Security Ledger

Spotlight Podcast: Two Decades On, Trusted Computing Group tackles IoT Insecurity

In this spotlight edition of the podcast, sponsored by Trusted Computing Group* Steve Hanna joins us to talk about TCG's 20th anniversary and how the group is tooling up to confront the challenge of securing billions of Internet of...
The Security Ledger

Suit against Estée Lauder spotlights 401k Distribution Fraud

A former Estée Lauder employee is suing the company after $99,000 in retirement savings disappeared from her account. Experts say the case raises troubling questions about the security of $5.7 trillion stored in 401k retirement plans. The post Suit...
The Security Ledger

Episode 168: Application Security Debt is growing. Also: Web App Security in the Age of IoT

In this week’s episode of the podcast (#168), sponsored by Signal Sciences, Chris Eng of Veracode joins us to talk about the 10th annual State of Software Security Report and the problem of application security debt. Also, Brendan Macaraeg...
The Security Ledger

Episode 168: Application Security Debt is growing and Securing Web Apps in the Age of IoT

In this week’s episode of the podcast (#168), sponsored by Signal Sciences, Chris Eng of Veracode joins us to talk about the 10th annual State of Software Security Report and the problem of application security debt. Also, Brendan Macaraeg...
The Security Ledger

Spotlight Podcast: RSA CTO Zulfikar Ramzan on confronting Digital Transformation’s Dark Side

In this Spotlight Edition of the podcast we're speaking with RSA Chief Technology Officer Zulfikar Ramzan about how his company is adapting to help its customers confront the dark side of digital transformation initiatives: increased digital risk, including from...
The Security Ledger

Episode 167: Made in America? Trade Tensions highlight Supply Chain Risk

In this episode of the podcast (#167): two stories this week - one from Pittsburgh and one from New York - have highlighted anxiety about Chinese made cameras and other security gear deployed in U.S. government agencies and in...
The Security Ledger

From China with Love: New York Firm sold millions in PRC Surveillance Gear to US Government, Military

A complaint unsealed by the Department of Justice on Thursday alleges a New York firm engineered a years-long scheme to deceive the U.S. government: selling Chinese manufactured cameras and other gear to the U.S. Military, the Department of Energy...
The Security Ledger

Episode 166: But Why, AI? ZestAI’s Quest to make Artificial Intelligence Explainable

In this episode of the podcast (#166): Jay Budzik, the Chief Technology Officer at ZestAI, joins us to talk about that company's push to make artificial intelligence decisions explainable and how his company's technology is helping to root out...
The Security Ledger

Spotlight Podcast: RSA President Rohit Ghai warns Digital Transformation is magnifying Enterprise Risk

In this interview, recorded at the RSA* Charge conference, RSA President Rohit Ghai talks about some of the ways that digital organizations have to adapt to- and address risks introduced by new transformative technologies like machine learning, multi cloud...
The Security Ledger

IT Preps for Post Quantum Crypto (Whatever That Means)

Practical quantum computing isn’t here yet. But a new survey by Digicert suggests that isn't stopping IT pros from prepping for a post-quantum reality...even if they aren’t exactly sure what that means.Related StoriesEpisode 163: Cyber Risk has a Dunning-Kruger...
The Security Ledger

Episode 165: Oh, Canada! Independent Security Researchers Feel the Chill Up North

n this episode of the podcast (#165), we look at the challenges faced by independent security researchers in Canada. We talk with 19 year-old Noah Clements of University of New Brunswick about the blowback he received after reporting a...
The Security Ledger

Spotlight Podcast: Global Audit Finds Small Firms struggle with Password Hygiene

In this Spotlight edition of our podcast sponsored by LastPass* we’re joined by LogMeIn Chief Information Security Officer Gerald Beuchelt to talk about LastPass’s third annual Global Password Security Report, which finds password hygiene improving at large companies, but...
SC Magazine

Pensacola confirms ransomware attack

Pensacola officials confirmed that an ongoing cyberattack that began early Saturday morning is a ransomware attack. While the city did not release any additional details, the Pensacola News Journal said city spokeswoman Kaycee Lagarde confirmed the attack included a ransom, something that...

Trickbot Operators Now Selling Attack Tools to APT Actors

North Korea's Lazarus Group - of Sony breach and WannaCry fame - is among the first customers.
Brian Krebs

The Great $50M African IP Address Heist

A top executive at the nonprofit entity responsible for doling out chunks of Internet addresses to businesses and other organizations in Africa has resigned his post following accusations that he secretly operated several companies which sold tens of millions...

Intel Issues Fix for ‘Plundervolt’ SGX Flaw

Researchers were able to extract AES encryption key using SGX's voltage-tuning function.
TechRepublic

How to stop spam calls right now

Spam calls drive us all crazy. Here are four ways to stop robocalls and other unsolicited phone calls.