Tuesday, March 31, 2020
The Security Ledger

10 Ways to make Your Remote Work Easy and Secure

Corona Virus has resulted in a rapid shift to work across many industries. But how can companies balance employees need to access sensitive company information with the company's need to maintain strict security controls? In this opinion piece, Rachael...
The Security Ledger

Episode 179: CISO Eye on the Virus Guy – Assessing COVID’s Cyber Risks

In this episode of the podcast (#179), CISO Kayne McGlandry of IEEE joins us to talk about the cyber risks posed by COVID and why COVID-themed phishing emails shouldn’t be your only concern. The emergence and spread of the...
The Security Ledger

Risk Recordings Podcast with RSA: Exploring Digital Risk in Digital Transformation

In a new podcast series, Risk Recordings with RSA, we dig into the many ways that digital transformation is changing and magnifying digital risk. We also go into the trenches: speaking with IT executives and experts at the forefront...
The Security Ledger

Episode 178: Killing Encryption Softly with the EARN IT Act. Also: SMBs Struggle with Identity

In this episode of the Security Ledger Podcast sponsored by LogMeIn and LastPass: the EARN IT Act is slouching its way to passage on Capitol Hill, alarming privacy and civil liberties experts. Andrea Little Limbago of the firm Virtu...
The Security Ledger

Spotlight Podcast: How DU Telecom Manages Digital Transformation Risk

In this Spotlight* podcast, Sayed Wajahat Ali the Senior Director of Security Risk Management at DU TELECOM in the UAE joins us to talk about how digital transformation is shaking up the once-staid telecommunications industry and how his company...
The Security Ledger

Episode 177: The Power and Pitfalls of Threat Intelligence

In this week's podcast (#177) we're back from RSA Conference and talking about the growing prominence of cyber threat intelligence services with Eric Olson of the firm LookingGlass Cyber Solutions. The post Episode 177: The Power and Pitfalls of...
The Security Ledger

Spotlight Podcast: The Demise of the Password may be closer than you think!

In this Spotlight* podcast, Yaser Masoudnia of LogMeIn and LastPass talks about the continued persistence of the password in enterprise IT environments and how its inevitable demise (and replacement) may be closer than you would think. The post Spotlight...
The Security Ledger

Episode 176: Security Alarms in Census II Open Source Audit. Also: The New Face of Insider Threats with Code42

Joe Payne the CEO of Code42 joins us to talk about how the challenge of data breach prevention is changing. And: we do a deep dive on the recent Census II audit of open source. The post Episode 176:...
The Security Ledger

As Cyber Attacks Mount, Small Businesses seek Authentication Fix

Small and medium-sized businesses find themselves in the cross hairs of sophisticated hacking groups. Improved identity and access management (IAM) tools are critical to keeping hackers at bay. But what do SMBs want? A LastPass survey of IT leaders...
The Security Ledger

Spotlight Podcast: How Machine Learning is revolutionizing Application Fuzzing

In this Spotlight episode of the Podcast, sponsored* by ForAllSecure we speak with CEO David Brumley about application "fuzzing" and how advancements in machine learning technology are allowing security researchers to find more and more serious vulnerabilities faster. The...
The Security Ledger

Episode 175: Campaign Security lags. Also: securing Digital Identities in the age of the DeepFake

In this episode of The Security Ledger Podcast (Episode #175), sponsored by Digicert: its been three years since the hacks made famous during the 2016 election, but online campaigns still struggle with basic security. Andrew Peterson of the firm...
The Security Ledger

Opinion: AI and Machine Learning will power both Cyber Offense and Defense in 2020

Artificial intelligence and machine learning hold great promise for both defenders and attackers, making it one of the most important security trends to follow in 2020, says Gerald Beuchelt, the CISO of LogMeIn.* The post Opinion: AI and Machine...
The Security Ledger

Episode 174: GE’s Very Bad Day – Unpacking the MDHex Vulnerabilities

The U.S. Department of Homeland Security warned of critical vulnerabilities in a range of products by GE. We speak with Elad Luz, the head of research at CyberMDX, which discovered the holes. The post Episode 174: GE’s Very Bad...
The Security Ledger

Seven Years Later, Scores of EAS Systems sit Un-patched, Vulnerable

Two years after a false EAS alert about an incoming ICBM sowed terror in Hawaii, and seven years after security researchers warned about insecure, Internet connected Emergency Alert System (EAS) hardware, scores of the devices across the U.S. remain...
The Security Ledger

Opinion: The Perils and Promise of the Data Decade

We have entered the "Data Decade," says RSA Security CTO Dr. Zulfikar Ramzan. What does that mean? Here are three "Data Decade" trends that will reshape how we talk about, approach, and manage data. The post Opinion: The Perils...

Palantir, The $20 Billion, Peter Thiel-Backed Big Data Giant, Is Providing A Coronavirus Monitoring Tool To The CDC

Palantir will help the Centers for Disease Control keep on top of ventilator and mask needs to treat coronavirus victims, sources say.

Defense Evasion Dominated 2019 Attack Tactics

Researchers mapped tactics and techniques to the MITRE ATT&CK framework to determine which were most popular last year.

Watering-Holes Target Asian Ethnic Victims with Flash Update Decoy

About 10 compromised websites employ a multi-stage, targeted effort to fingerprint and compromise victims.

OpenWRT is vulnerable to attacks that execute malicious code

Enlarge (credit: OpenWRT) For almost three years, OpenWRT—the open source operating system that powers home routers and other types of embedded systems—has been vulnerable to remote code-execution attacks because updates were delivered over an unencrypted channel and digital...
SC Magazine

Privacy in critical care after telehealth demands jump

As coughs and body aches drive anxious Americans to telemed services in record numbers, relieving the burden on medical facilities stressed to breaking with COVID-19 cases, the subsequent relaxation of privacy requirements puts them at risk of PHI compromises,...