At the Intersection of Technology and Real Life

Episode 183: Researcher Patrick Wardle talks Zoom 0days and Mac (in)Security

Michael York Reading, PA Syndicated Stories, The Security Ledger

You just reported a major security vulnerability in the Zoom platform. Now the CEO of Zoom wants to chat…via Zoom. What do you do? Security researcher Patrick Wardle of Jamf joins us to talk about it, his recent Zoom 0day, the state of Mac (in)security and his hot date in Moscow.

The post Episode 183: Researcher Patrick Wardle talks Zoom 0days…

Read the whole entry… »

WhatsApp malware dubbed WhatsApp Pink has now been updated with advanced capabilities that let this counterfeit Android app automatically respond to your Signal, Telegram, Viber, and Skype messages. WhatsApp Pink refers to a counterfeit app that appeared this week, primarily targeting WhatsApp users in the Indian subcontinent. [...]

Facebook leaks strategy to numb reaction to data scraping incidents

21 April 2021

Facebook's long-term strategy is to desensitize users about leaked data dumps that were collected through scraping the public portion of the social network. [...]

REvil gang tries to extort Apple, threatens to sell stolen blueprints

20 April 2021

The REvil ransomware gang asked Apple to "buy back" stolen product blueprints to avoid having them leaked on REvil's leak site before today's Apple Spring Loaded event where the new iMac was introduced. [...]

SonicWall warns customers to patch 3 zero-days exploited in the wild

20 April 2021

Security hardware manufacturer SonicWall is urging customers to patch a set of three zero-day vulnerabilities affecting both its on-premises and hosted Email Security products. [...]

Eversource Energy data breach caused by unsecured cloud storage

20 April 2021

Eversource, the largest power supplier in New England, has suffered a data breach after customers' personal information was exposed on an unsecured cloud server. [...]

Microsoft partially fixes Windows 7, Server 2008 vulnerability

20 April 2021

Microsoft has silently issued a partial fix for a local privilege escalation (LPE) vulnerability impacting all Windows 7 and Server 2008 R2 devices. [...]

Pulse Secure VPN zero-day used to hack defense firms, govt orgs

20 April 2021

Pulse Secure has shared mitigation measures for a zero-day authentication bypass vulnerability in the Pulse Connect Secure (PCS) SSL VPN appliance actively exploited in attacks against worldwide organizations and focused on US Defense Industrial base (DIB) networks. [...]

Fake Microsoft Store, Spotify sites spread info-stealing malware

20 April 2021

Attackers are promoting sites impersonating the Microsoft Store, Spotify, and an online document converter that distribute malware to steal credit cards and passwords saved in web browsers. [...]

Hundreds of networks reportedly hacked in Codecov supply-chain attack

20 April 2021

More details have emerged on the recent Codecov system breach which is being likened to the SolarWinds hack. In new reporting, investigators have stated that hundreds of customer networks have been breached in the incident, expanding the scope of this system breach beyond just Codecov's systems. [...]

North Korean hackers adapt web skimming for stealing Bitcoin

20 April 2021

Hackers linked with the North Korean government applied the web skimming technique to steal cryptocurrency in a previously undocumented campaign that started early last year, researchers say. [...]

Galaxy S21 Ultra's 100x camera zoom is pointless, but 10x is incredible - CNET

21 April 2021

The S21 Ultra is a superb camera phone and the one to get if you love zooming in for your photos. [...]

The best outdoor home security cameras for 2021 - CNET

21 April 2021

Take a look at our favorite outdoor security cameras. [...]

Canon's new printers cater to first-time users, photo enthusiasts and office workers - CNET

21 April 2021

The company unveils a series of devices with expanded print capacity and ink life. [...]

2023 Cadillac Lyriq is a rolling concept car that starts at $60,000 - Roadshow

21 April 2021

A 100-kWh battery provides enough juice for about 300 miles of range. [...]

Windshield repair is more complicated thanks to technology - Roadshow

21 April 2021

Driver assistance technology built into windshields is both to blame and to thank. [...]

Cadillac Lyriq vs. E-Tron, Mach-E and Model Y: Electric SUVs compared - Roadshow

21 April 2021

Let's see how Cadillac's fancy new electric crossover SUV handles rivals from Audi, Ford and Tesla. [...]

Verizon feels the heat as it rolls out C-band for 5G - CNET

21 April 2021

The telecommunications giant reported big losses of wireless subscribers in the first quarter of 2021 as competition heats up. [...]

A 'sizable' Xbox Series X restock arrives at GameStop today at 10 a.m. ET - CNET

21 April 2021

You can get the console via Microsoft's All Access financing option -- which is actually a great deal for most gamers. [...]

Best streaming device in 2021 - CNET

21 April 2021

From Roku to Amazon Fire Stick to Apple TV to Chromecast, here are our favorite devices to stream Netflix, Hulu, HBO Max, Disney Plus, YouTube and more on your TV. [...]

Apple's colorful iMacs revive trends from the '90s, while pushing new M1 chip - CNET

21 April 2021

The seven colors for its iMac computers represent the first major redesign in nearly a decade. [...]

Pulse Secure VPN Flaws Exploited to Target US Defense Sector

20 April 2021

China-linked attackers have used vulnerabilities in the Pulse Secure VPN appliance to attack US Defense Industrial Base networks. [...]

Foreign Spies Target British Nationals With Fake Social Media Profiles

20 April 2021

British security agency MI5 has launched a new education campaign to warn potential victims of the attacks. [...]

Attackers Compromised Code-Checking Vendor's Tool for Two Months

20 April 2021

A script used to upload sensitive reports-with access to credentials and datastores-likely sent information on hundreds, possibly thousands, of companies to attackers. [...]

Dept. of Energy Launches Plan to Protect Electric Grid from Cyberattack

20 April 2021

Over the next 100 days, the DoE will work with electric utilities to improve visibility, detection, and response for industrial control systems. [...]

2020 Changed Identity Forever; What's Next?

20 April 2021

For all the chaos the pandemic caused, it also sparked awareness of how important an identity-centric approach is to securing today's organizations. [...]

7 Old IT Things Every New InfoSec Pro Should Know

20 April 2021

Beneath all those containers and IoT devices, there's a rich patchwork of gear, protocols, and guidelines that have been holding it together since before you were born. Knowledge of those fundamentals is growing more valuable, not less. [...]

Beware the Bug Bounty

20 April 2021

In recent months, bug-bounty programs have shifted from mitigating risk to inadvertently creating new liabilities for customers and vendors. [...]

White House Scales Back Response to SolarWinds & Exchange Server Attacks

19 April 2021

Lessons learned from the Unified Coordination Groups will be used to inform future response efforts, a government official says. [...]

Attackers Test Weak Passwords in Purple Fox Malware Attacks

19 April 2021

Researchers share a list of passwords that Purple Fox attackers commonly brute force when targeting the SMB protocol. [...]

Lazarus Group Uses New Tactic to Evade Detection

19 April 2021

Attackers conceal malicious code within a BMP file to slip past security tools designed to detect embedded objects within images. [...]

Cloud Security Alliance Shares Security Guidance for Crypto-Assets Exchange

13 April 2021

The Cloud Security Alliance (CSA) has released new Crypto-Asset Exchange Security Guidelines, a set of guidelines and best practices for crypto-asset exchange (CaE) security. [...]

Intel Corp. to Speak at SecurityWeek Supply Chain Security Summit

9 March 2021

Join Intel on Wednesday, March 10, at SecurityWeek’s Supply Chain Security Summit, where industry leaders will examine the current state of supply chain attacks. Hear Intel’s experts discuss the need for transparency and integrity across the complete product lifecycle, from build to retire. [...]

GitHub Hires Former Cisco Executive Mike Hanley as Chief Security Officer

24 February 2021

Software development platform GitHub announced on Wednesday that it has hired Mike Hanley as its new Chief Security Officer (CSO). [...]

Reddit Names Allison Miller as Chief Information Security Officer (CISO)

23 February 2021

Social news community site Reddit announced has hired Allison Miller as Chief Information Security Officer (CISO) and VP of Trust. [...]

SecurityWeek Names Ryan Naraine as Editor-at-Large

19 January 2021

SecurityWeek has named Ryan Naraine as Editor-at-Large, adding a veteran cybersecurity journalist and podcaster to its editorial team. [...]

Why Cyber Security Should Be at the Top of Your Christmas List

17 December 2020

To take advantage of emerging trends in both technology and cyberspace, businesses need to manage risks in ways beyond those traditionally handled by the information security function. [...]

United States Federal Government’s Shift to Identity-Centric Security

17 December 2020

Governments are increasingly facing new legislation, standards, frameworks, and policies to protect critical and sensitive information. [...]

How Extreme Weather Will Create Chaos on Infrastructure

21 October 2020

Extreme weather events will soon become more frequent and widespread, devastating areas of the world that typically don’t experience them and amplifying the destruction in areas that do. [...]

BSIMM11 Observes the Cutting Edge of Software Security Initiatives

21 October 2020

In addition to helping an organization start an SSI, the BSIMM also gives them a way to evaluate the maturity of their SSI. [...]

Sustaining Video Collaboration Through End-to-End Encryption

21 October 2020

By infusing end-to-end encryption into any video strategy, it ensures not only the sustainability of the channel, but the businesses that rely on it. [...]

Oppo Find X3 Pro camera deep dive: Microscope mode offers unique shooting experience

21 April 2021

Most phones today offer all you need to get work done with camera technology one area for phones to stand out from others. Oppo's new Find X3 Pro has multiple rear cameras like most flagships, but one offers a unique capability that contributes to creativity. [...]

Chuwi launches CoreBook Xe laptop with Intel's discrete Iris Xe MAX graphics, $699 price tag

21 April 2021

The Chinese system maker is one of the first to introduce a notebook with Intel's new discrete GPU rather than one of its integrated graphics solutions. [...]

Google: These five datacenters are now running on carbon-free clean electricity

21 April 2021

Google says all its infrastructure will go green by 2030. [...]

Salesforce updates Service Cloud to meet post-pandemic consumer demands

21 April 2021

As economic activity rebounds, Salesforce contends, consumers will need more help, both from customer service agents and field service agents. [...]

Oracle makes GoldenGate a cloud-native, fully-managed service

21 April 2021

The general purpose real-time data fabric platform is designed to deliver data integration for both operational databases and analytic data stores [...]

Verizon Q1 better than expected amid intense competition for consumers, but business net adds

21 April 2021

Verizon's first quarter showed revenue growth and a lot of moving parts including better prospects on business accounts, competition for consumers and video losses that were offset by higher broadband speed tiers. [...]

New Microsoft Teams features: Now you can send praise to colleagues or try out this 'virtual commute'

21 April 2021

Praise might be needed when nearly half of all employees think they'll leave their current job because they can now work remotely. [...]

Retail robots coming to these grocery stores

21 April 2021

Sector laser-focused on gaining new ground after industry upheaval. [...]

Zero-day vulnerabilities in SonicWall email security are being actively exploited

21 April 2021

The vendor is urging customers to apply patches immediately. [...]

For the CIO, digital transformation is the key - wherever they work

21 April 2021

Switching between the public and private sectors can be rare for CIOs, but one tech chief who's made that move says it delivers big benefits. [...]

‘Inbox Zero’ Your Threat Reports: How to Combat Security Alert Fatigue

20 April 2021

At best, a new cybersecurity alert should trigger immediate action. But we all know in practice that work is not always clear cut. A new alert can find itself as just the latest un-addressed number in the inbox. In an inbox-zero case, the latest new alert is the most urgent task. But in a backed-up, […] The post ‘Inbox Zero’ Your Threat Reports: How to Combat Security Alert Fatigue appeared first on Security Intelligence. [...]

Progressive Web Apps and Cookies: Taking a Bite Out of Security

20 April 2021

To prevent cookie theft, have cyber defense baked in. With progressive web apps (PWA) and other relatively new protective efforts in place, how can you be sure you’re defending against today’s attackers? Here’s what enterprise needs to know about the rumbling threat of pass-the-cookie attacks, how current cloud and mobile frameworks like PWAs can empower […] The post Progressive Web Apps and Cookies: Taking a Bite Out of Security appeared first on Security Intelligence. [...]

Cloud-Native IAM Controls Part 2: An Approach for Governance

19 April 2021

Some organizations with multicloud environments opt for a cloud service provider with native identity access management (IAM). However, these same people often struggle when it comes to adding the cloud-native controls into a larger enterprise IAM program. In part 1 of our cloud-native IAM controls blog, we explored why these controls are not enough for […] The post Cloud-Native IAM Controls Part 2: An Approach for Governance appeared first on Security Intelligence. [...]

How VPNs Are Changing to Manage Zero Trust Network Access

19 April 2021

What do a growing number of cyberattacks, emerging tech, such as artificial intelligence, and cloud adoption have in common? They’re all helping fuel the rise of zero trust. Zero trust network access is, in turn, changing the way we access the internet for work. Let’s take a look at how another common tool today — the […] The post How VPNs Are Changing to Manage Zero Trust Network Access appeared first on Security Intelligence. [...]

Why Business Password Management Remains a Struggle

18 April 2021

How secure is your password? Everyone has a favorite. Savvy people, of course, know better than to use something that can be easily guessed, like 12345 or ‘Password.’ But, once you latch on to a password you really like and is easy to remember, you use it again on a site you might not visit […] The post Why Business Password Management Remains a Struggle appeared first on Security Intelligence. [...]

How AI in Cybersecurity Addresses Challenges Faced by Today’s SOC Analysts

16 April 2021

Today’s security operations centers (SOC) have to manage data, tools and teams dispersed across the organization, making threat detection and teamwork difficult. There are many factors driving complex security work. Many people now work from home with coworkers in far-away places. The cost and maintenance of legacy tools and the migration to cloud also make […] The post How AI in Cybersecurity Addresses Challenges Faced by Today’s SOC Analysts appeared first on Security Intelligence. [...]

Combating Sleeper Threats With MTTD

16 April 2021

During the SolarWinds Orion supply chain compromise, threat actors lurked in the victim’s network for more than a year. Discovered by FireEye in December 2020, the earliest traces of a modified SolarWinds Orion go back as early as October 2019. Although these early versions did not contain the malicious backdoor (this was added in March […] The post Combating Sleeper Threats With MTTD appeared first on Security Intelligence. [...]

Ransomware Attacks in 2021: Information Meets Emotion

16 April 2021

“If you want to go quickly, go alone, but if you want to go far, go together.” This African proverb opens the Sophos 2021 Threat Report, and in view of recent cybersecurity events, its meaning is very important when it comes to defending against ransomware attacks. As threat actors work together to provide ransomware-as-a-service, defenders […] The post Ransomware Attacks in 2021: Information Meets Emotion appeared first on Security Intelligence. [...]

How to Design and Roll Out a Threat Model for Cloud Security

15 April 2021

Today’s cloud security requires a new way of looking at threat models. Making a threat model can support your security teams before problems start. It helps them develop a strategy for handling existing risks, instead of detecting incidents at a later stage. Let’s walk through how to create a threat model that works for your […] The post How to Design and Roll Out a Threat Model for Cloud Security appeared first on Security Intelligence. [...]

Why Security Pros Can’t Ignore Big Data Monopolies

15 April 2021

The rise of the cloud didn’t free us from concerns over who stores our data. Where matters, and major cloud providers and big data monopolies host a huge percentage of the world’s data. Thousands of organizations that store and manage personal, business and government data use big-name cloud providers. Smartphone platform companies house and process terabytes […] The post Why Security Pros Can’t Ignore Big Data Monopolies appeared first on Security Intelligence. [...]

Over 580 WordPress Vulnerabilities Disclosed in 2020: Report

21 April 2021

Over 96% of WordPress Vulnerabilities Disclosed in 2020 Affected Third-Party Code More than 580 WordPress vulnerabilities were disclosed in 2020, but a vast majority of them impact third-party plugins and themes rather than the WordPress core, according to a new report from website security company Patchstack (formerly WebARX). read more [...]

Oracle Delivers 390 Security Fixes With April 2021 CPU

21 April 2021

Oracle this week announced the release of 390 new security fixes as part of the April 2021 Critical Patch Update (CPU), including patches for more than 200 bugs that could be exploited remotely without authentication. read more [...]

EU Unveils AI Rules to Tackle Big Brother Fears

21 April 2021

SonicWall’s Email Security product is affected by three vulnerabilities that have been exploited in attacks. It took the vendor roughly two weeks to start releasing patches, but a public warning about active exploitation came only 25 days after it learned about the attacks. read more [...]

Google Chrome Hit in Another Mysterious Zero-Day Attack

20 April 2021

Google late Tuesday shipped another urgent security patch for its dominant Chrome browser and warned that attackers are exploiting one of the zero-days in active attacks. read more [...]

Pulse Secure Zero-Day Flaw Actively Exploited in Attacks

20 April 2021

Multiple threat actors are actively engaged in the targeting of four vulnerabilities in Pulse Secure VPN appliances, including a zero-day identified this month that won't be patched until next month. read more [...]

Passwordless Authentication Firm HYPR Raises $35 Million

20 April 2021

HYPR, a company that provides a cloud-based passwordless authentication platform, has raised $35 million in a Series C financing, doubling the company’s total funding to more than $70 million. read more [...]

Japan Says Chinese Military Likely Behind Cyberattacks

20 April 2021

Tokyo police are investigating cyberattacks on about 200 Japanese companies and research organizations, including the country’s space agency, by a hacking group believed to be linked to the Chinese military, the government said Tuesday. read more [...]

Firefox 88 Combats Cross-Site Tracking to Improve User Privacy

20 April 2021

Mozilla this week released Firefox 88 in the stable channel with patches for a dozen vulnerabilities and with improved user privacy, obtained through isolating the window.name property to the website that created it. read more [...]

US Takes Steps to Protect Electric System From Cyberattacks

20 April 2021

The Biden administration is taking steps to protect the country’s electric system from cyberattacks through a new 100-day initiative combining federal government agencies and the private industry. read more [...]

Join ECL on Wednesday to pitch your startup to Fifth Wall’s Brendan Wallace and Hippo’s Assaf Wand

21 April 2021

Have you ever dreamed about the opportunity to find yourself in, say, an elevator with an investor who is open to hearing your pitch? Well, then the next episode of Extra Crunch Live is for you. If you’ve hung out with us on an ECL before, you know we start with a bit of top […] [...]

AppOmni raises $40M for tools to secure enterprise SaaS apps

21 April 2021

Enterprises are adopting an ever-wider range of SaaS applications to work and interface with customers, and that is proving to be a major security concern: it’s not just the prospect of phishing, credential stuffing and other malicious tricks to get into systems that are a worry, but the fact that more applications mean more attack […] [...]

Authzed scores $3.9M seed to build permissions API service

21 April 2021

Authzed, an early stage startup that wants to make it easier for developers to build permissions in their applications, announced a $3.9 million seed round today. The investment was led by Work-Bench with participation from Y Combinator and Amplify Partners. CEO and co-founder Jake Moshenko says the service is an API that is designed to […] [...]

Cadillac’s all-electric Lyriq flagship to start just below $60,000

21 April 2021

The Cadillac Lyriq, the all-electric crossover and flagship of GM’s luxury brand, will start at a skosh under $60,000 when it comes to the U.S. market in early 2022. The price, which doesn’t include destination charges, is one of the last remaining details to be shared about the production version of the Lyriq. GM first […] [...]

Europe lays out plan for risk-based AI rules to boost trust and uptake

21 April 2021

European Union lawmakers have presented their risk-based proposal for regulating high risk applications of artificial intelligence within the bloc’s single market. The plan includes prohibitions on a small number of use-cases that are considered too dangerous to people’s safety or EU citizens’ fundamental rights, such as a China-style social credit scoring system or certain types […] [...]

Hive raises $85M for AI-based APIs to help moderate content, identify objects and more

21 April 2021

As content moderation continues to be a critical aspect of how social media platforms work — one that they may be pressured to get right, or at least do better in tackling — a startup that has built a set of data and image models to help with that, along with any other tasks that […] [...]

Running apps still lag behind on privacy and security

21 April 2021

Some of the most popular running apps are still lagging behind on security and privacy. That’s the verdict from security researchers who examined the leading running apps five years apart and found only a few apps had improved — and not by much. Running apps know and learn a lot about you as you use […] [...]

Expenses startup Pleo preps $100M Series C funding, launches new bill payments service

21 April 2021

Late-stage Fintech startup Pleo, which offers expense management tools and ‘smart’ company Mastercards, says it plans to raise a Series C round of funding this summer. It’s also launching a B2B bill payments service this week. Co-founder and CEO Jeppe Rindom told me via a call: “We have money until 2022, but we’ve seen incredible […] [...]

ActiveCampaign raises $240M at a $3B valuation as marketing and sales automation come into focus for SMBs

21 April 2021

As businesses continue to adopt new digital tools to get their names out into the world, a startup that’s built a sales and marketing platform specifically for small and medium businesses is announcing a big round of funding. ActiveCampaign, which has built what it describes as a “customer experience automation” platform — providing a way […] [...]

Gogoro partners with India’s Hero MotoCorp, one of the world’s largest two-wheel vehicle makers

21 April 2021

Electric scooters powered by Gogoro’s swappable, rechargeable batteries now account for nearly a quarter of monthly sales in Taiwan, its home market. But one of the most frequent questions co-founder and chief executive officer Horace Luke gets asked is when will Gogoro launch its scooters in other countries. “I always said, ‘we’re getting ready, we’re […] [...]

Hackers threaten to leak stolen Apple blueprints if $50 million ransom isn't paid

21 April 2021

Prominent Apple supplier Quanta on Wednesday said it suffered a ransomware attack from the REvil ransomware group, which is now demanding the iPhone maker pay a ransom of $50 million to prevent leaking sensitive files on the dark web. In a post shared on its deep web "Happy Blog" portal, the threat actor said it came into possession of schematics of the U.S. company's products such as MacBooks [...]

Improve Your Cyber Security Posture by Combining State of the Art Security Tools

21 April 2021

Today there are plenty of cybersecurity tools on the market. It is now more important than ever that the tools you decide to use work well together. If they don't, you will not get the complete picture, and you won't be able to analyze the entire system from a holistic perspective. This means that you won't be able to do the right mitigations to improve your security posture. Here are examples [...]

Update Your Chrome Browser ASAP to Patch a Week Old Public Exploit

21 April 2021

Google on Tuesday released an update for Chrome web browser for Windows, Mac, and Linux, with a total of seven security fixes, including one flaw for which it says an exploit exists in the wild. Tracked as CVE-2021-21224, the flaw concerns a type confusion vulnerability in V8 open-source JavaScript engine that was reported to the company by security researcher Jose Martinez on April 5 According [...]

3 Zero-Day Exploits Hit SonicWall Enterprise Email Security Appliances

21 April 2021

SonicWall has addressed three critical security vulnerabilities in its hosted and on-premises email security (ES) product that are being actively exploited in the wild. Tracked as CVE-2021-20021 and CVE-2021-20022, the flaws were discovered and reported to the company by FireEye's Mandiant subsidiary on March 26, 2021, after the cybersecurity firm detected post-exploitation web shell activity on [...]

WARNING: Hackers Exploit Unpatched Pulse Secure 0-Day to Breach Organizations

21 April 2021

If the Pulse Connect Secure gateway is part of your organization network, you need to be aware of a newly discovered critical zero-day authentication bypass vulnerability (CVE-2021-22893) that is currently being exploited in the wild and for which there is no patch yet. At least two threat actors have been behind a series of intrusions targeting defense, government, and financial organizations [...]

Over 750,000 Users Downloaded New Billing Fraud Apps From Google Play Store

20 April 2021

Researchers have uncovered a new set of fraudulent Android apps in the Google Play store that were found to hijack SMS message notifications for carrying out billing fraud. The apps in question primarily targeted users in Southwest Asia and the Arabian Peninsula, attracting a total of 700,000 downloads before they were discovered and removed from the platform. The findings were reported [...]

[eBook] Why Autonomous XDR Is Going to Replace NGAV/EDR

20 April 2021

For most organizations today, endpoint protection is the primary security concern. This is not unreasonable – endpoints tend to be the weakest points in an environment – but it also misses the forest for the trees. As threat surfaces expand, security professionals are harder pressed to detect threats that target other parts of an environment and can easily miss a real vulnerability by focusing [...]

120 Compromised Ad Servers Target Millions of Internet Users

20 April 2021

An ongoing malvertising campaign tracked as "Tag Barnakle" has been behind the breach of more than 120 ad servers over the past year to sneakily inject code in an attempt to serve malicious advertisements that redirect users to rogue websites, thus exposing victims to scamware or malware. Unlike other operators who set about their task by infiltrating the ad-tech ecosystem using "convincing [...]

Lazarus APT Hackers are now using BMP images to hide RAT malware

20 April 2021

A spear-phishing attack operated by a North Korean threat actor targeting its southern counterpart has been found to conceal its malicious code within a bitmap (.BMP) image file to drop a remote access trojan (RAT) capable of stealing sensitive information. Attributing the attack to the Lazarus Group based on similarities to prior tactics adopted by the adversary, researchers from Malwarebytes [...]

Passwordless: More Mirage Than Reality

19 April 2021

The concept of "passwordless" authentication has been gaining significant industry and media attention. And for a good reason. Our digital lives are demanding an ever-increasing number of online accounts and services, with security best practices dictating that each requires a strong, unique password in order to ensure data stays safe. Who wouldn't want an easier way? That's the premise behind [...]

Episode 211: Scrapin’ ain’t Hackin’. Or is it?

16 April 2021

Is scraping the same as hacking or just an example of “zealous” use of a social media platform? And if it isn’t considered hacking…should it be? As more and more online platforms open their doors to API-based access, do we need more rules and oversight of how APIs are used to prevent wanton abuse? The post Episode 211: Scrapin’ ain’t...Read the whole entry... » Related StoriesEpisode 206: What Might A Federal Data Privacy Law Mean In the US?Book argues for New Laws to break Social Media MonopoliesExclusive: Flaws in Zoom’s Keybase App Kept Chat Images From Being Deleted [...]

Episode 210: Moving The Goal Posts On Vendor Transparency: A Conversation With Intel’s Suzy Greenberg

8 April 2021

In this episode of the podcast, Paul speaks with Intel Vice President Suzy Greenberg about a new survey by the Poneman Institute that shows how customers’ expectations are changing when it comes to vendor transparency about software vulnerabilities. The post Episode 210: Moving The Goal Posts On Vendor Transparency: A Conversation With...Read the whole entry... » Related StoriesEpisode 201: Bug Hunting with Sick CodesCritical Flaws Found In Widely Used Netmask Open Source LibraryEpisode 208: Getting Serious about Hardware Supply Chains with Goldman Sachs’ Michael Mattioli [...]

Episode 209: Fortinet’s Renee Tarun on Scaling InfoSec To Meet Tomorrow’s Challenges

2 April 2021

The information security industry needs both better tools to fight adversaries, and more people to do the fighting, says Fortinet Deputy CISO Renee Tarun in this interview with The Security Ledger Podcast’s Paul Roberts. The post Episode 209: Fortinet’s Renee Tarun on Scaling InfoSec To Meet Tomorrow’s Challenges appeared first on The...Read the whole entry... » Related StoriesEpisode 207: Sara Tatsis of Blackberry on finding and Keeping Women in CyberEncore Edition: Veracode CEO Sam King on Infosec’s Leaky Talent PipelineEpisode 205 – Google’s Camille Stewart: InfoSec’s Lack of Diversity is a Cyber Risk [...]

Critical Flaw Found In Widely Used Netmask Open Source Module

30 March 2021

An IP address parsing flaw in the netmask NPM module affects hundreds of thousands of applications that rely on it. But that may be just the tip of the iceberg, researchers warn. The post Critical Flaw Found In Widely Used Netmask Open Source Module appeared first on The Security Ledger. Related StoriesEpisode 201: Bug Hunting with Sick CodesEpisode 210: Moving The Goal Posts On Vendor Transparency: A Conversation With Intel’s Suzy GreenbergEpisode 200: Sakura Samurai Wants To Make Hacking Groups Cool Again. And: Automating Our Way Out of PKI Chaos [...]

Episode 208: Getting Serious about Hardware Supply Chains with Goldman Sachs’ Michael Mattioli

26 March 2021

In this week’s Security Ledger Podcast, sponsored by Trusted Computing Group, we’re talking about securing the hardware supply chain. We’re joined by Michael Mattioli, a Vice President at Goldman Sachs who heads up that organization’s hardware supply chain security program. The post Episode 208: Getting Serious about Hardware Supply...Read the whole entry... » Related StoriesEpisode 210: Moving The Goal Posts On Vendor Transparency: A Conversation With Intel’s Suzy GreenbergEpisode 201: Bug Hunting with Sick CodesEncore Edition: Veracode CEO Sam King on Infosec’s Leaky Talent Pipeline [...]

Episode 207: Sarah Tatsis of BlackBerry on finding and Keeping Women in Cyber

19 March 2021

In this week’s episode of the podcast (#207) we speak with Sara Tatsis of the firm Blackberry about her 20 year career at the legendary mobile device maker and the myriad challenges attracting women to- and keeping them in the information security field. The post Episode 207: Sarah Tatsis of BlackBerry on finding and Keeping Women in Cyber...Read the whole entry... » Related StoriesEncore Edition: Veracode CEO Sam King on Infosec’s Leaky Talent PipelineEpisode 209: Fortinet’s Renee Tarun on Scaling InfoSec To Meet Tomorrow’s ChallengesEpisode 205 – Google’s Camille Stewart: InfoSec’s Lack of Diversity is a Cyber Risk [...]

Encore Edition: Veracode CEO Sam King on Infosec’s Leaky Talent Pipeline

12 March 2021

Women are more than 50% of the population, but barely 20% of the information security workforce. Why? In this encore podcast in honor of Women’s History Month, we revisit a 2019 interview with Veracode CEO Sam King to talk about cybersecurity’s leaky talent pipeline. The post Encore Edition: Veracode CEO Sam King on Infosec’s Leaky Talent...Read the whole entry... » Related StoriesEpisode 207: Sara Tatsis of Blackberry on finding and Keeping Women in CyberEpisode 205 – Google’s Camille Stewart: InfoSec’s Lack of Diversity is a Cyber RiskEpisode 210: Moving The Goal Posts On Vendor Transparency: A Conversation With Intel’s Suzy Greenberg [...]

Futility or Fruition?Rethinking Common Approaches To Cybersecurity

11 March 2021

The current approaches most organizations take towards security are not good enough, writes Albert Zhichun Li, the Chief Security Scientist at Stellar Cyber. Something has to change. The post Futility or Fruition?Rethinking Common Approaches To Cybersecurity appeared first on The Security Ledger. Related StoriesContainers Complicate Compliance (And What To Do About It)PKI Points the Way for Identity and Authentication in IoTWhat’s Good IAM? The Answer may depend on your Industry [...]

Episode 206: What Might A Federal Data Privacy Law Mean In the US?

7 March 2021

With movement towards passage of a federal data privacy law stronger than ever, we invite two experts in to the Security Ledger studio to talk about what that might mean for U.S. residents and businesses: Stacey Gray, who is a Senior Counsel at the Future of Privacy Forum and Rehan Jalil, the CEO of Securiti.ai. The post Episode 206: What Might A...Read the whole entry... » Related StoriesBook argues for New Laws to break Social Media MonopoliesEpisode 202: The Byte Stops Here – Biden’s Cyber AgendaEpisode 178: Killing Encryption Softly with the EARN IT Act. Also: SMBs Struggle with Identity [...]

Episode 205 – Google’s Camille Stewart: InfoSec’s Lack of Diversity is a Cyber Risk

26 February 2021

In this interview, Camille Stewart, Google’s Head of Security Policy for Google Play and Android explains how understanding how systemic racism influences cyber security is integral to protecting the American people and defending the country from cyber adversaries. The post Episode 205 – Google’s Camille Stewart: InfoSec’s Lack of...Read the whole entry... » Related StoriesEncore Edition: Veracode CEO Sam King on Infosec’s Leaky Talent PipelineEpisode 207: Sara Tatsis of Blackberry on finding and Keeping Women in CyberEpisode 203: Don’t Hack The Water and Black Girls Hack Founder Tennisha Martin [...]

How the M1-powered iPad Pro compares to other iPad models

21 April 2021

iPad Pro 2021 | Image: Apple Apple has announced the next generation of its iPad Pro line. But most of the biggest changes for Apple’s flagship tablet are largely on the inside. The latest iPad Pros feature a new eight-core M1 processor; the same chip featured in the most recent model refreshes for the MacBook Air, MacBook Pro, Mac Mini, and the newly announced iMac. Like last year, the iPad Pro comes in two sizes: 11 inches and 12.9 inches. The 12.9-inch model this year also includes a new Mini-LED screen, which Apple is branding as a “Liquid Retina XDR”… [...]

Cadillac’s Lyriq EV will start at $59,990

21 April 2021

Images: Cadillac Cadillac has announced that its first electric car, the Lyriq, will start at $59,990 before tax, license, and dealer fees. The luxury brand of General Motors also said the electric SUV will be available for reservations starting in September ahead of the start of production in the first quarter of 2022. The Lyriq SUV will officially go on sale shortly after that in the first half of the year. The Lyriq got a proper debut last August, but that was technically still just a show car. The photos Cadillac showed off Wednesday as it announced pricing are of… [...]

The Tamagotchi Pix has a built-in camera for taking pictures with your pet

21 April 2021

image: Bandai Today, Bandai is announcing the Tamagotchi Pix: a combination of its classic Tamagotchi pet-rearing toy line with a new built-in camera for taking pictures with your digital pet. The Pix is shaped like a hatching egg, with the top part of the “broken shell” working as a shutter button. Using the camera, you can insert yourself (and friends) into photos with your Tamagotchi, with appropriately cute photo frames. We’ve reached out to Bandai for more information about the camera quality. Photos taken with the Pix are stored locally, and any photos you take will appear in a feed… [...]

Asian activists are tracking the surge in hate crimes as police reporting falls short

21 April 2021

People demonstrate at the ‘Stop Asian Hate March and Rally’ in Koreatown on March 27, 2021 in Los Angeles, California. March 27 is the #StopAsianHate National Day of Action against anti-Asian violence. On March 16th, eight people were killed at three Atlanta-area spas, six of whom were Asian women, in an attack that sent fear through the Asian community amid a rise in anti-Asian hate crimes. | Photo by Mario Tama/Getty Images With new tools and new technology, groups like Project 1907 want to fix hate crime statistics Continue reading… [...]

FBI used facial recognition to identify a Capitol rioter from his girlfriend’s Instagram posts

21 April 2021

Illustration by Alex Castro / The Verge The FBI says it used facial recognition technology to track down and arrest an individual suspected of taking part in the US Capitol riots earlier this year. The case, which was first reported by The Huffington Post, is notable for the FBI’s acknowledgement that it used facial recognition not just to confirm a suspect’s identity, but to discover it in the first place. According to an affidavit shared online by the Huffington Post, federal agents tracked down an individual named Stephen Chase Randolph using crowdsourced images from the riots (including those shared on… [...]

Any video conferencing app can use the iPad Pro’s fancy zoom and pan camera

21 April 2021

The new iPad Pro’s front-facing camera can digitally pan and tilt to track video conference participants. | Video: Apple Apple has confirmed that the digital pan and zoom feature of the new M1 iPad Pro’s front-facing camera can work with any video conferencing app, not just FaceTime. That opens the door for popular apps like Zoom and Microsoft Teams to make remote work and e-learning blend more seamlessly into the realities of pandemic life — a hybrid lifestyle that’s likely to continue even after the outbreak subsides. Center Stage, as Apple brands it, keeps video conferencing participants properly framed even… [...]

Apple’s $64 billion-a-year App Store isn’t catching the most egregious scams

21 April 2021

Illustration by William Joel / The Verge A one-man Bunco Squad is poking holes in Apple’s App Store image Continue reading… [...]

Gogoro is bringing its electric scooter and battery tech to India

21 April 2021

Images: Gogoro Gogoro is branching out of home country Taiwan in the biggest way yet, as it just announced a partnership with major two-wheeler manufacturer Hero MotorCorp to bring its swappable battery and scooter tech to India. As part of the deal, Hero will build electric scooters based around Gogoro’s tech, and will also install Gogoro’s battery-swapping stations in cities throughout the country. Electric vehicles could help eat away at some of India’s pollution, and Tesla is even wading into the market. But building out charging infrastructure to handle passenger EVs is going to be a challenge for any company… [...]

HTC downplays leaked Vive Air headset, says it’s just a concept

21 April 2021

Leaked images appeared to show a new fitness-focused VR headset from HTC. HTC has downplayed leaked images that appeared to show a new fitness-focused VR headset built by the firm. Pictures and details of the HTC Vive Air leaked online earlier this week on a design award website but HTC now says the headset is “only a concept.” “It’s exciting to see our concept piece, the VIVE Air VR headset, win an iF Design Award,” the company said in a statement given to UploadVR. “While this is only a concept, the design language has elements and inspirations you’ll see elsewhere… [...]

B&W’s first true wireless headphones have a workaround for in-flight entertainment

21 April 2021

The PI7 true wireless headphones. | Image: Bowers and Wilkins Bowers and Wilkins’ debut pair of noise cancelling true wireless earbuds, the PI7, fix one of the key annoyances with the form-factor — it’s usable with in-flight entertainment systems because the case doubles as an audio transmitter. Plug the case into an audio source using an included 3.5mm to USB-C cable and it will retransmit the audio wirelessly to the earbuds. Alongside it, Bowers and Wilkins has also announced the less expensive PI5 true wireless headphones, which also offer noise-cancellation. Bowers and Wilkins claims the PI7’s transmitting case is an… [...]

Time Travel in Video Games Isn’t Really Cheating

21 April 2021

Games like Animal Crossing and Cozy Grove are meant to be played every day, but who’s got that kind of time? [...]

Our Favorite Products Made of Upcycled and Recycled Materials

21 April 2021

Tread lightly on the planet with shoes made out of repurposed plastic, and many other Earth-friendly picks. [...]

A Linguistic Guide to Assassin’s Creed: Valhalla

21 April 2021

Ubisoft consulted with native Welsh speakers, 13th-century Icelandic texts, and Gaelic scholars to create the game's lingua-scape. [...]

Help! How Do I Plan a Virtual Work Hang That's Actually Fun?

21 April 2021

Online office events are never going to be a blast. But Megan has a few ideas for how to make them suck less. [...]

Don't Underestimate the Challenge of Building a PC

21 April 2021

Building your own computer isn't exactly “adult Lego,” but that doesn't mean it's not worth doing. You just need to know what you're in for first. [...]

Need an Angel Investor? Just Open Up Clubhouse

21 April 2021

Consider it like 'Shark Tank' on your phone: Every week on Angelhouse, founders make a pitch to a panel of investors as hundreds of people listen in. [...]

Can an App Help Change Your Personality?

21 April 2021

Want to be more sociable or less of a doormat? There's an (experimental) app for that. [...]

AirTags Are the Perfectly Boring, Functional Future of AR

21 April 2021

Apple’s new location-aware widgets point to the company’s possible larger ambitions for augmented reality. [...]

Apple Stuffs the iPad Pro With a New Display and Its Mac M1 Chip

20 April 2021

The new high-end tablet uses Mini-LED display technology, supports Thunderbolt, and has the powerful new Mac processor. [...]

Everything Apple Announced Today: New iMacs, iPads, AirTags

20 April 2021

Say hello to new iMacs, new iPads Pro, an updated Apple TV, and some little wireless trackers that keep tabs on your tchotchkes. [...]

Episode 183: Researcher Patrick Wardle talks Zoom 0days and Mac (in)Security

Related Stories

Related Posts

Google Chrome Hit in Another Mysterious Zero-Day Attack

‘Inbox Zero’ Your Threat Reports: How to Combat Security Alert Fatigue

Critical Vulnerability Can Allow Attackers to Hijack or Disrupt Juniper Devices