In Boston Exercise, Election Hackers Bypass Voting Machines
At an exercise in Boston that imagined a cyber attack designed to disrupt an important election in a “swing state,” voting machines were not an issue. It’s election day in Nolandia, an imaginary, mid-sized U.S. city in a key...
Mirai Creators Cooperate with Feds to Avoid Prison
The three 20-something-year-old creators of the Mirai botnet have cooperated with the federal investigators on their case to avoid jail time. The three men–Paras Jha, 22, of Fanwood, New Jersey; Josiah White, 21, of Washington, Pennsylvania; and Dalton Norman, 22,...
Kaspersky: Attacks on Smart Devices Rise Threefold in 2018
Attacks against smart devices are surging, with both old and new threats targeting connected devices that remain largely unsecured, according to researchers at Kaspersky Lab. Kaspersky researchers observed three times as many malware samples against smart devices in the...
Report: Financial industry in crosshairs of credential-stuffing botnets
Botnets mounting credential-stuffing attacks against the financial industry are on the rise, with a more than 20-percent uptick in a two-month period, a new report from Akamai has found. Bad actors from the United States, Russia and Vietnam are...
Podcast Episode 112: what it takes to be a top bug hunter
In this week’s episode (#112): top bug hunters can earn more than $1 million a year from “bounties” paid for information on exploitable software holes in common platforms and applications. What does it take to be among the best?...
Veeam mishandles Own Data, exposes 440M Customer E-mails
Data-management Veeam found itself in need of some self-help after mismanaging its own data with a misconfigured server that exposed more than 440 million e-mail addresses and other types of customer information. Security researcher Bob Diachenko discovered that a...
Spotlight Podcast: Flashpoint’s Allison Nixon on SIM Swapping and the Looming Online Identity Crisis
Your smart phone does double and triple duty: letting you do banking, buy a cup of coffee, board a plane or access a sensitive online account. But that doesn’t mean that your phone number is equally as trustworthy. In...
Podcast Episode 111: Click Here to Kill Everybody and CyberSN on Why Security Talent Walks
In this week’s podcast (episode #111), sponsored by CyberSN: what happens when the Internet gets physical? Noted author and IBM security guru Bruce Schneier joins us to talk about his new book on Internet of Things risk: Click Here...
Opinion: The Corporate Lessons of Election Hacks
Recent demonstrations of election hacks are about more than ballots. They also contain important lessons for enterprises, Security Ledger Editor in Chief Paul Roberts argues in this opinion piece. (Note: this post first appeared on Hitachi Security Systems web...
Before Senate Facebook, Twitter Defend Efforts to Stop Fake News
Facebook and Twitter executives defended recent efforts to stop the use of their platforms by Russia, Iran and other countries to influence U.S. elections. In testimony before the U.S. Senate, Facebook COO Sheryl Sandberg and Twitter Chief Executive Jack...
Collection Management: a Crash-Course
Effective collection management is integral to the success of an intelligence operation. What is it and how does it work? Thomas Hofmann, the Vice President of Intelligence at Flashpoint offers a crash-course in creating an effective collection management program....
Automation, Machine Learning Power Future of SIEM
In this interview with The Security Ledger, Amy Blackshaw of RSA talks about how the company’s Netwitness SIEM product is evolving to keep pace with a fast -evolving security market. Job 1: use machine learning and automation to allow...
Video: How Automation and Machine Learning Power Future of SIEM
In this interview with The Security Ledger, Amy Blackshaw of RSA talks about how the company’s Netwitness SIEM product is evolving to keep pace with a fast -evolving security market. Job 1: use machine learning and automation to allow...
Voting Machine Maker Defends Refusal of White-Hat Hacker Testing at DEF-CON
Voting machine maker Election Systems & Software (ES&S) defended its decision not to participate in a white-hat hacking event at this year’s DEF-CON to test the security of voting systems, saying such hack-a-thons could actually jeopardize election security and invite...
North Korea’s Lazarus Tied to Cryptojacking Campaign Targeting MacOS
North Korean state-sponsored hacking group Lazarus is believed to be behind a recent crypto jacking attack on several banks with an unexpected twist–the use of a Trojan that tricked a company employee into downloading malware, according to Kaspersky Lab....
Breach at US Retailer SHEIN Hits Over Six Million Users
Breach at US Retailer SHEIN Hits Over Six Million UsersUS fashion retailer SHEIN has admitted suffering a major breach affecting the personal information of over six million customers.
The women’s clothing company revealed at the end of last week that...
Bug? Feature? Power users baffled as BitLocker update switch-off continues
Microsoft claims issue confined to older kit Three months on, users continue to report that Microsoft's BitLocker disk encryption technology turns itself off during security updates.…
UK issues first-ever GDPR notice in connection to Facebook data scandal
Canadian firm AggregateIQ, linked to the Facebook & Cambridge Analytica data scandal, is the first to be put on notice.
Symantec Completes Internal Accounting Investigation
Symantec announced on Monday that it has completed its internal accounting audit, and while some issues have been uncovered, only one customer transaction has an impact on financial statements.
read more
Are Colleges Teaching Real-World Cyber Security Skills?
The cybersecurity skill shortage is a well-recognized industry challenge, but the problem isn’t that there are too few people rather that many of them lack suitable skills and experience. Cybersecurity is a fast-growing profession, and talented graduates are in...
