Wednesday, May 12, 2021
The Security Ledger

Seeds of Destruction: Cyber Risk Is Growing in Agriculture

In this episode of the podcast (#213): Molly Jahn of DARPA and University of Wisconsin joins us to talk about the growing cyber risk to the Food and Agriculture sector, as industry consolidation and precision agriculture combine to increase...
The Security Ledger

Episode 212: China’s Stolen Data Economy (And Why We Should Care)

In this episode of the podcast (#212), Brandon Hoffman, the CISO of Intel 471 joins us to discuss that company’s latest report that looks at China’s diversified marketplace for stolen data and stolen identities. The post Episode 212: China’s...
The Security Ledger

Deere John: Researcher Warns Ag Giant’s Site Provides a Map to Customers, Equipment

Software vulnerabilities in web sites operated by John Deere could allow a remote attacker to harvest information on the company’s customers including their names, physical addresses and the equipment they own. The revelation suggests the U.S. agriculture sector is...
The Security Ledger

Can Blockchain Solve Data’s Integrity Problem?

The rapid digitalization and automation of business processes makes data integrity critical, as low-quality data risks infecting automated business decision process. Authors Dan Geer and T. Mark Morley suggest that blockchain may offer one solution to the data integrity...
The Security Ledger

Episode 211: Scrapin’ ain’t Hackin’. Or is it?

In just the last two weeks, three of the world’s most prominent social networks have been linked to stories about data leaks. Troves of information on both Facebook and LinkedIn users – hundreds of millions of them – turned...
The Security Ledger

Episode 210: Moving The Goal Posts On Vendor Transparency: A Conversation With Intel’s Suzy Greenberg

In this episode of the podcast, Paul speaks with Intel Vice President Suzy Greenberg about a new survey by the Poneman Institute that shows how customers’ expectations are changing when it comes to vendor transparency about software vulnerabilities. The...
The Security Ledger

Episode 209: Fortinet’s Renee Tarun on Scaling InfoSec To Meet Tomorrow’s Challenges

The information security industry needs both better tools to fight adversaries, and more people to do the fighting, says Fortinet Deputy CISO Renee Tarun in this interview with The Security Ledger Podcast’s Paul Roberts. The post Episode 209: Fortinet’s...
The Security Ledger

Critical Flaws Found In Widely Used Netmask Open Source Library

An IP address parsing flaw in the netmask NPM module affects hundreds of thousands of applications that rely on it. But that may be just the tip of the iceberg, researchers warn. The post Critical Flaws Found In Widely...
The Security Ledger

Critical Flaw Found In Widely Used Netmask Open Source Module

An IP address parsing flaw in the netmask NPM module affects hundreds of thousands of applications that rely on it. But that may be just the tip of the iceberg, researchers warn. The post Critical Flaw Found In Widely...
The Security Ledger

Episode 208: Getting Serious about Hardware Supply Chains with Goldman Sachs’ Michael Mattioli

In this week’s Security Ledger Podcast, sponsored by Trusted Computing Group, we’re talking about securing the hardware supply chain. We’re joined by Michael Mattioli, a Vice President at Goldman Sachs who heads up that organization’s hardware supply chain security...
The Security Ledger

Episode 207: Sara Tatsis of Blackberry on finding and Keeping Women in Cyber

In this week’s episode of the podcast (#207) we speak with Sara Tatsis of the firm Blackberry about her 20 year career at the legendary mobile device maker and the myriad challenges attracting women to- and keeping them in...
The Security Ledger

Episode 207: Sarah Tatsis of BlackBerry on finding and Keeping Women in Cyber

In this week’s episode of the podcast (#207) we speak with Sara Tatsis of the firm Blackberry about her 20 year career at the legendary mobile device maker and the myriad challenges attracting women to- and keeping them in...
The Security Ledger

Encore Edition: Veracode CEO Sam King on Infosec’s Leaky Talent Pipeline

Women are more than 50% of the population, but barely 20% of the information security workforce. Why? In this encore podcast in honor of Women’s History Month, we revisit a 2019 interview with Veracode CEO Sam King to talk...
The Security Ledger

Futility or Fruition?Rethinking Common Approaches To Cybersecurity

The current approaches most organizations take towards security are not good enough, writes Albert Zhichun Li, the Chief Security Scientist at Stellar Cyber. Something has to change. The post Futility or Fruition?Rethinking Common Approaches To Cybersecurity appeared first on The...
The Security Ledger

Episode 206: What Might A Federal Data Privacy Law Mean In the US?

In this episode of the podcast (#206): with movement towards passage of a federal data privacy law stronger than ever, we invite two experts in to the Security Ledger studio to talk about what that might mean for U.S....
The Register

Blessed are the cryptographers, labelling them criminal enablers is just foolish

Preserving privacy is hard. I know because when I tried, I quickly learned not to play with weapons Column  Nearly a decade ago I decided to try my hand as a cryptographer. It went about as well as you...
The Hacker News

Ransomware Gang Leaks Metropolitan Police Data After Failed Negotiations

The cybercrime syndicate behind Babuk ransomware has leaked more personal files belonging to the Metropolitan Police Department (MPD) after negotiations with the DC Police broke down, warning that they intend to publish all data ransom demands are not met. "The...
Security Affairs

NSA and ODNI analyze potential risks to 5G networks

U.S. Intelligence agencies warn of weaknesses in 5G networks that could be exploited by crooks and nation-state actors for intelligence gathering. The U.S. National Security Agency (NSA), along with the DHS Cybersecurity and Infrastructure Security Agency (CISA), and the Office...
The Hacker News

Alert: Hackers Exploit Adobe Reader 0-Day Vulnerability in the Wild

Adobe has released Patch Tuesday updates for the month of May with fixes for multiple vulnerabilities spanning 12 different products, including a zero-day flaw affecting Adobe Reader that's actively exploited in the wild. The list of updated applications includes Adobe Experience Manager,...
The Register

Beijing twirls ban-hammer at 84 more apps it says need to stop slurping excess data

Online lending apps and more given fifteen days to ‘rectify’ behaviour China’s Central Cyberspace Affairs Commission has named 84 apps it says breach local privacy laws and given their developers 15 days to “rectify” their code.…