Tuesday, August 3, 2021
The Security Ledger

Encore Podcast: Chris Valasek on Hacking The Jeep Cherokee

With Black Hat and DEFCON upon us, we revisit a 2015 interview with Chris Valasek about his wireless, software based hack of a Chrysler Jeep Cherokee. The post Encore Podcast: Chris Valasek on Hacking The Jeep Cherokee appeared first...
The Security Ledger

As Mobile Fraud Rises, The Password Persists

A new study released by Incognia that measures user friction in mobile financial apps yields important results about the fate of the password. The post As Mobile Fraud Rises, The Password Persists appeared first on The Security Ledger with Paul...
The Security Ledger

Spotting Hackers at the Pace of XDR – From Alerts to Incidents

Extended Detection and Response (XDR) technology is gaining traction within enterprises. But how can organizations handle the increased volume of alerts XDR systems produce? Samuel Jones, of cyber AI firm Stellar Cyber, discusses how embracing incident-based systems can reduce...
The Security Ledger

Episode 221: Biden Unmasked APT 40. But Does It Matter?

Andrew Sellers, the Chief Technology Officer at QOMPLX joins us to unpack the revelations this week about APT 40, the Chinese group that the US has accused of a string of attacks aimed at stealing sensitive trade secrets. Also:...
The Security Ledger

Encore Podcast: Is Autonomous Driving Heading for a Crash?

Elon Musk is a big fan of his company’s Fully Self Driving software. But is it safe? In this encore edition of the podcast from 2018, we speak with Beau Woods of The Atlantic Council about the risks of...
The Security Ledger

At Pride Summit: A Warning On Cyber Literacy

Poor cyber literacy is at the root of many of the cybersecurity problems plaguing the U.S. economy, according to Dr. Alissa Abdullah, Deputy CSO at MasterCard. The post At Pride Summit: A Warning On Cyber Literacy appeared first on...
The Security Ledger

Episode 220: Unpacking The Kaseya Attack And Securing Device Identities on the IoT

In this episode of the podcast, sponsored by Trusted Computing Group we dig deep on this week’s ransomware attack on the Kaseya IT management software with Adam Meyers of CrowdStrike and Frank Breedijk of the Dutch Institute of Vulnerability...
The Security Ledger

Episode 219: LGBTQ+Cyber – A Pride Month Conversation On Being Queer In Infosec

In this week’s episode of the podcast (#219) we speak with four cybersecurity professionals about what it means to be Queer in the industry: their various paths to the information security community, finding support among their peers and the...
The Security Ledger

Episode 218: Denial of Sustenance Attacks -The Cyber Risk To Agriculture

Forget about Colonial Pipeline and JBS. A coordinated cyber attack on U.S. agriculture could, in short order, lead to foot shortages and hunger in the U.S. and abroad. And history has shown us that when food gets scarce, things...
The Security Ledger

Episode 217: What Fighting Pirates Teaches Us About Ransomware

Criminal gangs swoop in on unsuspecting merchants to seize their goods. Behind the scenes, rival nations turn a blind eye or offer them safe harbor, in exchange for cooperation. Sound familiar? It should. The post Episode 217: What Fighting...
The Security Ledger

Episode 216: Signed, Sealed and Delivered: The Future of Supply Chain Security

In this episode of the podcast (#216), sponsored by Digicert, we talk with Brian Trzupek, Digicert’s Vice President of Product, about the growing urgency of securing software supply chains, and how digital code signing can help prevent compromises like the...
The Security Ledger

What SolarWinds Tells Us About Securing the Software Development Supply Chain

The recent SolarWinds attack highlights an Achilles heel for enterprises: software updates for critical enterprise applications. Digital signing of code is one solution, but organizations need to modernize their code signing processes to prioritize security and integrity and align...
The Security Ledger

Episode 215-2: Leave the Gun, Take the McFlurry

In part II of our interview with Jeremy O’Sullivan of the IoT startup Kytch. We hear about how what Kytch revealed about Taylor’s soft ice cream hardware put him at odds with the company and its long-time partner: McDonald’s....
The Security Ledger

The SOC Hop Needs to be a Relic of the Past

Overworked, understaffed teams constantly jumping from one fire to the next - exhausted and reactive to events and alerts. The “SOC hop” is not sustainable. The post The SOC Hop Needs to be a Relic of the Past appeared...
The Security Ledger

Episode 215-1: Jeremy O’Sullivan of Kytch On The Tech Serving McDonald’s Ice Cream Monopoly

Jeremy O’Sullivan, co-founder of the IoT analytics company, Kytch brings us the cautionary tale of his company’s travails with the commercial ice cream machine manufacturer, Taylor, whose equipment is used by the likes of Burger King and McDonalds. The...
SecurityWeek

Google Patches High-Risk Android Security Flaws

Google this week pushed out a security-themed Android update with fixes for more than 30 security flaws that expose mobile users to a range of malicious hacker attacks. The latest Android update provides documentation on 33 security bugs, some serious...
SecurityWeek

Mismanagement Driving Cybersecurity Skills Gap: Research

“To some extent, this data supports the theory that the cybersecurity skills shortage is related to mismanagement rather than a dearth of qualified candidates or advanced skills.” read more
Google

Linux Kernel Security Done Right

Posted by Kees Cook, Software Engineer, Google Open Source Security TeamTo borrow from an excellent analogy between the modern computer ecosystem and the US automotive industry of the 1960s, the Linux kernel runs well: when driving down the highway,...

Raccoon Stealer Bundles Malware, Propagates Via Google SEO

An update to the stealer-as-a-service platform hides in pirated software, pilfers crypto-coins and installs a software dropper for downloads of more malware.
SecurityWeek

SAP Customer Survey Reveals False Sense of Security

Many SAP customers have a false sense of security, according to a new report from risk management consultancy Turnkey Consulting and business-critical application security firm Onapsis. The SAP Security Survey Report 2021 is based on information from over 100 SAP...