Tuesday, January 31, 2023
The Security Ledger

Beware: Images, Video Shared on Signal Hang Around

A researcher is warning that photos and video files shared in Signal chats may be hanging around on devices, even when they deleted the messages in which the images were shared. The post Beware: Images, Video Shared on Signal...
The Security Ledger

T-Mobile: Leaky API Exposes Data on 37 Million

U.S. Telecommunications giant T-Mobile disclosed on Thursday that hackers obtained data on 37 million customers through a vulnerable API (application program interface). The disclosure was included in an 8-K filing with the U.S. Securities and Exchange Commission. The post...
The Security Ledger

2023 Technologies to Secure Your Hybrid Workspace

For businesses looking to invest in the creation of a safer and more productive modern office environment, here’s a rundown of the top 2023 technologies to secure your hybrid workspace.  The post 2023 Technologies to Secure Your Hybrid Workspace appeared...
The Security Ledger

CES Overlooks New Report That Finds Auto Cyber Is A Dumpster Fire

Automakers swear that the security of their connected vehicles is their top priority. So how come researchers just found dozens of software flaws that could give hackers access to millions of cars? The post CES Overlooks New Report That...
The Security Ledger

New Report Finds Auto Cyber Is A Dumpster Fire

Automakers swear that the security of their connected vehicles is their top priority. So how come researchers just found dozens of software flaws that could give hackers access to millions of cars? The post New Report Finds Auto Cyber...
The Security Ledger

IoCs vs. EoCs: What’s the difference and why should you care?

Security analysts and threat hunters know the importance of IOCs – indicators of compromise. But EOCs - enablers of compromise - are just as important. The post IoCs vs. EoCs: What’s the difference and why should you care? appeared...
The Security Ledger

Episode 248: GitHub’s Jill Moné-Corallo on Product Security And Supply Chain Threats

In this episode of the Security Ledger Podcast, Paul speaks with Jill Moné-Corallo, the Director of Product Security Engineering Response at GitHub. Jill talks about her journey from a college stint working at Apple’s Genius bar, to the information...
The Security Ledger

What’s the Future of Detection Teams? Five Predictions for What Lies Ahead 

Cyber threats are rampant, but security teams lack the tools, resources, and support to do their jobs effectively today — much less prepare them for tomorrow. In this Expert Insight, Jack Naglieri, the CEO of Panther, writes about where...
The Security Ledger

Episode 247: Into the AppSec Trenches with Robinhood CSO Caleb Sima

Paul speaks with Caleb Sima, the CSO of the online trading platform Robinhood, about his journey from teenage cybersecurity phenom and web security pioneer, to successful entrepreneur to an executive in the trenches of protecting high value financial services...
The Security Ledger

Why digital certificates are critical to 5G security

As 5G gains traction, service providers need to be able to trust their networks’ security to truly take advantage of 5G’s capabilities. Digital certificates are critical to that, writes Alexa Tahan of Nokia. The post Why digital certificates are critical...
The Security Ledger

Cloudflare Targets Security Poverty Line With Free Tools For At-Risk Groups

Humanitarian groups, local governments and non-profits will be able to use Cloudflare’s Zero Trust One suite of security tools at no cost, the company announced. The post Cloudflare Targets Security Poverty Line With Free Tools For At-Risk Groups appeared...
The Security Ledger

What CISOs Can Do to Win the Ransomware Game

In this Expert Insight, Jeffrey Wheatman, the Cyber Risk Evangelist at Black Kite, says that CISOs need to shift their approach: becoming more proactive in working to preventing ransomware attacks. And he provides some steps CISOs can take to...
The Security Ledger

Spotlight: SIEMs suck. Panther is out to change that. 

I interview Jack Naglieri, CEO of Panther about the failures of the current SIEM technology and the need for what Naglieri terms “detection engineers." The post Spotlight: SIEMs suck. Panther is out to change that.  appeared first on The Security...
The Security Ledger

The Future of IoT Security Standards

When it comes to measuring the security level of a device, a checklist of security ‘low hanging fruit’ is a good place to start. But more is needed, says Mike Sheward of Particle.io The post The Future of IoT Security...
The Security Ledger

Episode 246: SOARing out of Lockdown with Revelstoke Security

Getting a start-up off the ground isn’t easy in the best of times. Now imagine doing it just as a global pandemic is shutting down society...and the economy. Our guest this week, Josh McCarthy of Revelstoke Security, did it...

GitHub says hackers cloned code-signing certificates in breached repository

Enlarge GitHub said unknown intruders gained unauthorized access to some of its code repositories and stole code-signing certificates for two of its desktop applications: Desktop and Atom. Code-signing certificates place...
Security Affairs

QNAP addresses a critical flaw impacting its NAS devices

Taiwanese vendor QNAP is warning customers to install QTS and QuTS firmware updates to address a critical flaw impacting its NAS devices. QNAP released QTS and QuTS firmware updates to address a critical vulnerability, tracked as CVE-2022-27596 (CVSS v3 score: 9.8), that...
The Register

Chromebook SH1MMER exploit promises admin jailbreak

Schools' laptops are out if this one gets around, but beware bricking Users of enterprise-managed Chromebooks now, for better or worse, have a way to break the shackles of administrative control through an exploit called SHI1MMER.…

MusicLM: Google AI generates music in various genres at 24 kHz

Enlarge / An AI-generated image of an exploding ball of music. (credit: Ars Technica) On Thursday, researchers from Google announced a new generative AI model called MusicLM that can create...

Russia's Sandworm APT Launches Swarm of Wiper Attacks in Ukraine

The incidents are the latest indication of the growing popularity of dangerous disk wipers, created to disrupt and degrade critical infrastructure and other organizations.