Saturday, November 17, 2018
The Security Ledger

Report: Small, Stealthy Groups Behind Worst Cybercrimes

A small group of cybercriminals are responsible for the most damaging cyberattacks--often with the help of state sponsorship. Still, low-level criminal activity on the dark web still poses the most widespread and immediate security threat, with cryptocurrency mining, ransomware...
The Security Ledger

Survey Finds Attacks Find Insecure IoT Devices

A survey finds vast differences in security practices linked to IoT devices in the enterprise, with attacks concentrating on insecure IoT endpoints.  The post Survey Finds Attacks Find Insecure IoT Devices appeared first on The Security Ledger.Related StoriesNigerian ISP Hijacks...
The Security Ledger

Survey: Attacks Find Insecure IoT Devices

A survey finds vast differences in security practices linked to IoT devices in the enterprise, with attacks concentrating on insecure IoT endpoints.  The post Survey: Attacks Find Insecure IoT Devices appeared first on The Security Ledger.Related StoriesNigerian ISP Hijacks Google...
The Security Ledger

Nigerian ISP Hijacks Google Traffic, Sends It Through Russia and China

A small Nigerian Internet service provider (ISP) hijacked traffic meant for Google data centers on Monday, re-routing local traffic through China and Russia and making some hosted services temporarily unavailable for users. The post Nigerian ISP Hijacks Google Traffic, Sends...
The Security Ledger

Podcast Episode 120: They Email Ballots, Don’t They?

In this week’s episode (#120): more than 100,000 U.S. voters submitted their ballots in the last presidential election via email in 2016. Despite that: hardly any attention has been paid to the security of email and online voting systems...
The Security Ledger

Bank Attacks Put Password Insecurity Back in the Spotlight

Two separate attacks on banks in the United States and Pakistan revealed this week highlight once again the inherent weakness of a security practice that relies on passwords or knowledge-based credentials to protect critical information. International bank HSBC said...
The Security Ledger

Feds, Facebook Join Forces to Prevent Mid-Term Election Fraud

Federal authorities, social media companies, and the U.S. military are on cybersecurity high alert for fraud, suspicious online activity or other security glitches that could cast a shadow on Tuesday’s critical mid-term elections.Fearing the use of social media and...
The Security Ledger

Podcast Episode 119: EFF on Expanding Researchers Rights and AT&T talks IoT Security Fails

In this episode of the podcast, #119: Electronic Frontier Foundation General Counsel Kurt Opsahl joins us to talk about the Coders’ Rights Project. Also: we speak with Senthil Ramakrishnan, a lead member of AT&T’s IoT Security group about that...
The Security Ledger

Managed Threat Hunting Bridges the Talent Gap

Skilled operators make all the difference in incident response and threat hunting. With talent scarce (and expensive), however, managed threat hunting teams may be worth a look, writes Scott Taschler of the firm Crowdstrike. As we discussed in “Uncovering...
The Security Ledger

Report: China Eyes IoT as Next Front of Cyber War on U.S.

China is eyeing dominance of the Internet of Things (IoT) market and may use vulnerabilities in these technologies as the next front on its ongoing cyberwar with the United States, according to a new report. The post Report: China Eyes...
The Security Ledger

Sextortionist Campaigns Get Personal, Creative to Force Payouts

Two security firms warn of a flurry of "sextortion" campaigns recently that use new, creative and sometimes extreme methods that leverage personal information, sex-related activity and even death threats to spur victims to pay thousands in ransom fees to...
The Security Ledger

Podcast Episode 118: White Hat Eye on the Gaming Guy

In this week’s episode, #118: modern computer games are like mini economies and that makes them a big target for hackers. We talk with four leading researchers from Bug Crowd about how even popular games fall down on security....
The Security Ledger

Research: Russian Disinformation Campaigns Target African Americans

Russian misinformation campaigns have been targeting African Americans in a number of ways to create division between left and right political agendas, create racial division and discord, and even suppress Black voter turnout, new research has found. Two recent...
The Security Ledger

Report: Obvious Security Flaws Make ICS Networks Easy Targets

Industrial control systems (ICSs) remain easy targets for nation-states actors because of security gaps such as plain-text passwords, direct Internet connections and weak anti-virus protections, a new report has found. The warnings about industrial control systems running on Windows...
The Security Ledger

Podcast Episode 117: Insurance Industry Confronts Silent Cyber Risk, Converged Threats

In this episode of the podcast (#117), we go deep on one of the hottest sectors around: cyber insurance. In the first segment, we talk with Thomas Harvey of the firm RMS about the problem of “silent cyber” risk...
SC Magazine

Instagram flaw exposes user passwords

A security flaw in Instagram’s recently released “Download Your Data” tool could have exposed some user passwords, the company reportedly told users. The tool, revealed by Instagram right before the GDPR regulation went into effect, is designed to let users...

Julian Assange Charges, Japan’s Top Cybersecurity Official, and More Security News This Week

Safer browsing, more bitcoin scams, and the rest of the week's top security news.
The Register

SMS 2FA database leak drama, MageCart mishaps, Black Friday badware, and more

Plus, why is Kaspersky Lab getting into chess? Roundup  What a week it has been: we had the creation of a new government agency, a meltdown flashback, and of course, Patch Tuesday.…
TechRepublic

Is retaining a cybersecurity attorney a good idea for your business?

Cybersecurity is so complicated that businesses, large and small, are retaining legal counsel specializing in security. Learn two more steps businesses should take before a cyberattack hits.

Machine Learning Can Create Fake ‘Master Key’ Fingerprints

Researchers have refined a technique to create so-called DeepMasterPrints, fake fingerprints designed to get past security.