At the Intersection of Technology and Real Life

Containers Complicate Compliance (And What To Do About It)

Michael York Reading, PA Syndicated Stories, The Security Ledger

If you work within the security industry, compliance is seen almost as a dirty word. You have likely run into situations like that which @Nemesis09 describes below. Here, we see it’s all too common for organizations to treat testing compliance as a checkbox exercise and to thereby view compliance in a way that goes against its entire purpose….

Read the whole entry… »

These Google-owned domains have confused even the most skilled researchers and security products time and time again if these are malicious. The domains in question are redirector.gvt1.com and gvt1/gvt2 subdomains that have spun many threads on the internet. BleepingComputer has dug deeper into the origin of these domains. [...]

Google Voice silenced by expired TLS certificate in February outage

28 February 2021

In an incident report published on Friday, Google said that a Google Voice outage affecting a majority of the telephone service's users earlier this month was caused by expired TLS certificates. [...]

The Windows 10 Sun Valley design refresh - Here's what's coming

27 February 2021

Windows 10 'Sun Valley' UI refresh, otherwise known as 'version 21H2', is reportedly arriving in the second half of this year and it will also include several new features. [...]

NSA, Microsoft promote a Zero Trust approach to cybersecurity

27 February 2021

The National Security Agency (NSA) and Microsoft are advocating for the Zero Trust security model as a more efficient way for enterprises to defend against today's increasingly sophisticated threats. [...]

Microsoft fixes Windows 10 drive corruption bug — what you need to know

27 February 2021

Microsoft has fixed a Windows 10 bug that could cause NTFS volumes to become corrupted by merely accessing a particular path or viewing a specially crafted file. [...]

Google shares PoC exploit for critical Windows 10 Graphics RCE bug

27 February 2021

Project Zero, Google's 0day bug-hunting team, shared technical details and proof-of-concept (PoC) exploit code for a critical remote code execution (RCE) bug affecting a Windows graphics component. [...]

Peruse pleasing portable projector pics, please - CNET

1 March 2021

Here are a few of the battery-powered portable projectors we've recently reviewed. [...]

Hollywood is slowly working to rectify decades of Muslim misrepresentation - CNET

1 March 2021

Shows like Ramy, Transplant and DC's Legends of Tomorrow are pushing the industry away from stereotypical portrayals of Muslims as terrorists. But it's a long road ahead. [...]

I wanted to love foldable phones, but the novelty got old fast - CNET

1 March 2021

Phones have gotten boring, but foldables offered a glimmer of excitement. It didn't last. [...]

iPhone 13 release date: When can we expect to see the new phones? - CNET

1 March 2021

It may seem like the iPhone 12 just came out, but Apple is already looking towards the iPhone 13. Here's what we know about a potential release date. [...]

Polaris is teaming up with Zero on an electric Ranger UTV - Roadshow

1 March 2021

This will be the first model born from the two brands' partnership, announced in 2020. [...]

Best midsize SUVs for 2021 - Roadshow

1 March 2021

Need something big enough for the family without needing to build a bigger garage? Here are our picks for the best midsize SUVs. [...]

Is that a thylacine? Camera trap footage released but experts dismiss claims of rediscovery - CNET

1 March 2021

"Make up your own mind," urges Neil Waters, who captured the images. [...]

Golden Globes 2021 results: The full list of winners, from The Crown to The Queen's Gambit - CNET

1 March 2021

Schitt's Creek and The Crown's Diana and Charles actors win big. [...]

Golden Globes 2021: How to watch or stream tonight's show online - CNET

1 March 2021

The Golden Globes have kicked off! Here's everything you need to know to watch, including start time, red carpet and nominations. [...]

All the games of 2021 you should be excited about - CNET

1 March 2021

New Pokemon games are coming, along with Halo, Resident Evil, Final Fantasy and more. [...]

NSA Releases Guidance on Zero-Trust Architecture

26 February 2021

A new document provides guidance for businesses planning to implement a zero-trust system management strategy. [...]

'Nerd' Humor

26 February 2021

Some jokes never get old. [...]

The Edge Pro Tip: Fasten Your Seatbelts

26 February 2021

An unprecedented 2020 has shaken up security leaders' usual list of must-have technologies for 2021. Where do they plan to spend next? [...]

Securing Super Bowl LV

26 February 2021

A peek at open XDR technology, and defense that held up better than the Kansas City Chiefs. [...]

Attackers Turn Struggling Software Projects Into Trojan Horses

26 February 2021

While access to compromised systems has become an increasingly common service, some cybercriminals are going straight to the source: buying code bases and then updating the application with malicious code. [...]

After a Year of Quantum Advances, the Time to Protect Is Now

26 February 2021

Innovations in quantum computing mean enterprise and manufacturing organizations need to start planning now to defend against new types of cybersecurity threats. [...]

Inside Strata's Plans to Solve the Cloud Identity Puzzle

25 February 2021

Strata Identity was founded to change businesses' approach to identity management as multicloud environments become the norm. [...]

Microsoft Releases Free Tool for Hunting SolarWinds Malware

25 February 2021

Meanwhile, researchers at SecurityScorecard say the "fileless" malware loader in the attack - Teardrop - actually dates back to 2017. [...]

North Korea's Lazarus Group Expands to Stealing Defense Secrets

25 February 2021

Several gigabytes of sensitive data stolen from one restricted network, with organizations in more than 12 countries impacted, Kaspersky says. [...]

Ransomware, Phishing Will Remain Primary Risks in 2021

25 February 2021

Attackers have doubled down on ransomware and phishing -- with some tweaks -- while deepfakes and disinformation will become more major threats in the future, according to a trio of threat reports. [...]

GitHub Hires Former Cisco Executive Mike Hanley as Chief Security Officer

24 February 2021

Software development platform GitHub announced on Wednesday that it has hired Mike Hanley as its new Chief Security Officer (CSO). [...]

Reddit Names Allison Miller as Chief Information Security Officer (CISO)

23 February 2021

Social news community site Reddit announced has hired Allison Miller as Chief Information Security Officer (CISO) and VP of Trust. [...]

SecurityWeek Names Ryan Naraine as Editor-at-Large

19 January 2021

SecurityWeek has named Ryan Naraine as Editor-at-Large, adding a veteran cybersecurity journalist and podcaster to its editorial team. [...]

Why Cyber Security Should Be at the Top of Your Christmas List

17 December 2020

To take advantage of emerging trends in both technology and cyberspace, businesses need to manage risks in ways beyond those traditionally handled by the information security function. [...]

United States Federal Government’s Shift to Identity-Centric Security

17 December 2020

Governments are increasingly facing new legislation, standards, frameworks, and policies to protect critical and sensitive information. [...]

How Extreme Weather Will Create Chaos on Infrastructure

21 October 2020

Extreme weather events will soon become more frequent and widespread, devastating areas of the world that typically don’t experience them and amplifying the destruction in areas that do. [...]

BSIMM11 Observes the Cutting Edge of Software Security Initiatives

21 October 2020

In addition to helping an organization start an SSI, the BSIMM also gives them a way to evaluate the maturity of their SSI. [...]

Sustaining Video Collaboration Through End-to-End Encryption

21 October 2020

By infusing end-to-end encryption into any video strategy, it ensures not only the sustainability of the channel, but the businesses that rely on it. [...]

Will Robo-Helpers Help Themselves to Your Data?

8 September 2020

Are you sure that your robo-helpers are secure? [...]

Securing the Hybrid Workforce Begins with Three Crucial Steps

2 September 2020

The global shift to a remote workforce has redefined the way organizations structure their business models. [...]

World's best headphones? The Cold War story behind these high-end products

1 March 2021

A small company's headphones, said by some to be the best in the world, can trace their roots back to the Soviet era. [...]

Members should be heard and not seen. The rise of Clubhouse and social audio?

1 March 2021

Clubhouse is a phenomenon. It is overrun by noise and the signal is hard to find. Does it and its categorical parent -- social audio -- have a future? Read on and find out the good and the ugly/bad and you make the call. [...]

Wanted: 1 million robots (as soon as humanly possible)

1 March 2021

What a $1bn valuation says about the unstoppable transformation of world commerce. [...]

Over 80 percent of iPhones running iOS 14

1 March 2021

Despite the bugs and the headaches, adoption of iOS and iPadOS 14 has been strong. [...]

Linus Torvalds battles power cuts to keep Linux releases rolling out

1 March 2021

Linux kernel 5.12 first release candidate survives the snow storms hitting the US. [...]

Judge approves $650m settlement for Facebook users in privacy, biometrics lawsuit

1 March 2021

Facebook users represented in the lawsuit may soon receive hundreds of dollars each. [...]

TikTok removed 89M videos, most of which from US

1 March 2021

Video platform yanks 89.1 million clips in the second half of 2020, which accounts for under 1% of all content uploaded on TikTok and the majority of which -- at 11.78 million -- are from the United States. [...]

What is Agile software development? Everything you need to know about delivering better code, faster

1 March 2021

Agile software development is more popular than ever - here's where it came from, how it's being used in major organisations, and how it's likely to evolve in the future. [...]

Your USB-C dock could brick your MacBook; Apple releases an update to prevent this

1 March 2021

Using a third-party dock with your MacBook? It's a good idea to download and install macOS 11.2.2 now. [...]

Minion privilege escalation exploit patched in SaltStack Salt project

1 March 2021

The bug permitted attackers to perform privilege escalation attacks in the automation software. [...]

Developers vs. Security: Who is Responsible for Application Security?

1 March 2021

Call it the blame game or just a vicious circle. The long-standing tension between developers and IT security experts is not easing anytime soon. Each side blames the other for security risks in application security and other areas, but digital defense overall will suffer unless the two sides come together. We spoke to Vikram Kunchala, […] The post Developers vs. Security: Who is Responsible for Application Security? appeared first on Security Intelligence. [...]

Security Automation: The Future of Enterprise Defense

26 February 2021

When it comes to giving cyber security experts the tools they need to take action, automation and machine learning (ML) can make a big difference. Many companies are working with high volumes of data, and types and variants of attack are always growing and changing. It can become too much for people to process in […] The post Security Automation: The Future of Enterprise Defense appeared first on Security Intelligence. [...]

2021 X-Force Threat Intelligence Index Reveals Peril From Linux Malware, Spoofed Brands and COVID-19 Targeting

24 February 2021

From the front lines of incident response engagements to managed security services, IBM Security X-Force observes attack trends firsthand, yielding insights into the cyber threat landscape. Every year, X-Force collates billions of data points to assess cybersecurity threats to our customers. This report — the X-Force Threat Intelligence Index 2021 — represents our latest edition of […] The post 2021 X-Force Threat Intelligence Index Reveals Peril From Linux Malware, Spoofed Brands and COVID-19 Targeting appeared first on Security Intelligence. [...]

How a CISO’s Executive Role Has Changed

22 February 2021

Ever since the role of the chief information security officer (CISO) was first created in 1994, the position has been treated like the pesky youngest sibling in the C-suite family. In the office, the CISO wasn’t given the same voice as the chief information officer (CIO) or other executives. During meetings of the board of […] The post How a CISO’s Executive Role Has Changed appeared first on Security Intelligence. [...]

Manufacturing Cybersecurity Threats and How To Face Them

19 February 2021

With manufacturing cybersecurity threats on the rise, what should companies know about protecting their digital assets in the future? Risks to Security in Manufacturing The number of ransomware incidents involving the manufacturing sector increased 156% between the first quarters of 2019 and 2020. Later in 2020, ransomware actors demanded $17 million from a laptop maker […] The post Manufacturing Cybersecurity Threats and How To Face Them appeared first on Security Intelligence. [...]

Cyber Resilience Strategy Changes You Should Know in the EU’s Digital Decade

18 February 2021

For enterprises operating in Europe, the European Commission’s December 2020 EU Cybersecurity Strategy may dictate how you go about improving cyber resilience. The 2020 EU Cybersecurity Strategy underlines the important role of cybersecurity for a growing EU economy and reinforcing user confidence in digital tools. The publication goes beyond cybersecurity policy and compliance aspects to […] The post Cyber Resilience Strategy Changes You Should Know in the EU’s Digital Decade appeared first on Security Intelligence. [...]

Braced for Impact: Fostering Good Cloud Security Posture Management

18 February 2021

Starting off on the right foot in digital defense today means having good Cloud Security Posture Management (CSPM). Although it can be challenging to adopt, this set of strategies and tools manages and orchestrates cloud security in ways other tactics don’t. It shows gaps might arise between organizations’ stated cloud defense policies, their actual posture […] The post Braced for Impact: Fostering Good Cloud Security Posture Management appeared first on Security Intelligence. [...]

The Uncertainty of Cybersecurity Hiring

17 February 2021

Cybersecurity hiring is going through a weird phase. The pandemic, the remote work movement, budget changes and the rising aggression and refinement of cyber attacks are all major shifts. Through it all, and into the future, is a persistent cybersecurity skills gap. There simply aren’t enough experts in this field to go around. And while […] The post The Uncertainty of Cybersecurity Hiring appeared first on Security Intelligence. [...]

Firewall Services and More: What’s Next for IT?

16 February 2021

Firewall services, cloud network protection tools and other IT defense staples are seeing a lot of changes in 2021. IT landscapes are growing more complex, as are the defense systems that protect them. Remote work is common, and more work is moving to the cloud. Companies of all sizes will be looking to streamline digital defense. What […] The post Firewall Services and More: What’s Next for IT? appeared first on Security Intelligence. [...]

Solving 5 Challenges of Contact Tracing Apps

16 February 2021

Contact tracing apps are designed to help public health agencies connect the dots by linking confirmed carriers of novel coronavirus to recent, close-proximity interactions. In theory, this creates a protective safety net — a way for countries to manage the spread and mitigate the impact of COVID-19 at scale. Despite good intentions, the push for […] The post Solving 5 Challenges of Contact Tracing Apps appeared first on Security Intelligence. [...]

Cybersecurity M&A Round-Up for February 2021

1 March 2021

A critical vulnerability discovered in a firewall appliance made by Germany-based cybersecurity company Genua could be useful to threat actors once they’ve gained access to an organization’s network, according to Austrian cybersecurity consultancy SEC Consult. read more [...]

IT Asset Management Firm Axonius Raises $100 Million

1 March 2021

IT asset management company Axonius has raised $100 million in Series D funding, the company told SecurityWeek Sunday. Led by private equity firm Stripes, the latest funding round brings the total amount raised by the New York based company to $195 million at more than $1 billion valuation. read more [...]

Judge Approves $650M Facebook Privacy Lawsuit Settlement

27 February 2021

A federal judge on Friday approved a $650 million settlement of a privacy lawsuit against Facebook for allegedly using photo face-tagging and other biometric data without the permission of its users. read more [...]

HYAS Raises $16 Million to Hunt Adversary Infrastructure

26 February 2021

HYAS, a Victoria, Canada-based provider of threat intelligence based on adversary infrastructure, announced this week that it has closed a $16 million Series B round of funding led by S3 Ventures. read more [...]

Meet the Vaccine Appointment Bots, and Their Foes

26 February 2021

Having trouble scoring a COVID-19 vaccine appointment? You’re not alone. To cope, some people are turning to bots that scan overwhelmed websites and send alerts on social media when slots open up. read more [...]

Chinese Threat Actor Uses Browser Extension to Hack Gmail Accounts

26 February 2021

In early 2021, a Chinese threat actor tracked as TA413 attempted to hack into the Gmail accounts of Tibetan organizations using a malicious browser extension, researchers with cybersecurity firm Proofpoint have discovered. read more [...]

Security, Privacy Issues Found in Tens of COVID-19 Contact Tracing Apps

26 February 2021

An analysis of 40 COVID-19 contact tracing applications for Android has led to the discovery of numerous security and privacy issues, according to a new research paper. Contact tracing applications have been created to help authorities automate the process of identifying those who have been in close contact with infected individuals. read more [...]

Microsoft Releases Open Source Resources for Solorigate Threat Hunting

26 February 2021

Microsoft on Thursday announced the open source availability of CodeQL queries that it used during its investigation into the SolarWinds attack. read more [...]

Unprotected Private Key Allows Remote Hacking of Rockwell Controllers

26 February 2021

Industrial organizations have been warned this week that a critical authentication bypass vulnerability can allow hackers to remotely compromise programmable logic controllers (PLCs) made by industrial automation giant Rockwell Automation. read more [...]

Rocket Lab debuts plans for a new, larger, reusable rocket for launching satellite constellations

1 March 2021

Because news of its SPAC-fueled public market debut wasn’t enough, Rocket Lab also unveiled a new class of rocket it has in development on Monday. The launch vehicle, called Neutron, will be able to carry 8 metric tons (around 18,000 lbs) to orbit, far exceeding the cargo capacity of Rocket Lab’s current Electron vehicle, which […] [...]

Rocket Lab to go public via SPAC at valuation of $4.1 billion

1 March 2021

The SPAC run is on for space startups, which have been relatively slow in their overall exit pace before the current special purpose acquisitions company merger craze got underway. Rocket Lab is the latest, and likely the most notable to jump on the trend, with a deal that will see it combine with a SPAC […] [...]

Klarna confirms new $31B valuation

1 March 2021

Klarna, the Swedish buy now, pay later behemoth and upstart bank, has raised $1 billion in new funding at a post-money valuation of $31 billion. That sees the company retain the crown as the highest valued private fintech in Europe. Backers of this round are said to be combination of new and existing investors, while […] [...]

Axonius nabs $100M at a $1.2B valuation for its asset management cybersecurity platform

1 March 2021

Remote work has become the norm for many businesses in the last year, and today a startup that has built a cybersecurity platform to help manage all the devices connecting to organizations’ wide-ranging networks — while also providing a way for those organizations to take advantage of all the best that the quite fragmented security […] [...]

Paytm claims top spot in India’s mobile payments market with 1.2B monthly transactions

1 March 2021

Paytm, India’s most valuable startup, said on Monday it processed 1.2 billion transactions in the month of February, illustrating the level of penetration it has made in one of the world’s fastest-growing payments markets where it competes with Google, Facebook, Amazon, and Flipkart-backed PhonePe. Paytm said its users made 1.2 billion transactions last month across […] [...]

Istanbul’s Dream Games snaps up $50M and launches its first game, the puzzle-based Royal Match

1 March 2021

On the back of Zynga acquiring Turkey’s Peak Games for $1.8 billion last year and then following it up with another gaming acquisition in the country, Turkey has been making a name for itself as a hub for mobile gaming startups, and specifically those building casual puzzle games, the wildly popular and very sticky format […] [...]

Lime unveils new ebike as part of $50 million investment to expand to more 25 cities

1 March 2021

Lime said Monday it has allocated $50 million towards its bike-share operation, an investment that has been used to develop a new ebike and will fund its expansion this year to another 25 cities in North America, Europe, and Australia and New Zealand. If the company hits its goal, Lime’s bike-share service will be operational […] [...]

Qualcomm veteran to replace Alain Crozier as Microsoft Greater China boss

1 March 2021

Microsoft is getting a new leader for its Greater China business. Yang Hou, a former senior vice president at Qualcomm, will take over Alain Crozier as the chairman and chief executive officer for Microsoft Greater China Region, says a company announcement released Monday. After eight years at Qualcomm where he led sales and business development, Hou […] [...]

Autonomous drone maker Skydio raises $170M led by Andreessen Horowitz

1 March 2021

Skydio has raised $170 million in a Series D funding round led by Andreessen Horowitz’s Growth Fund. That pushes it into unicorn territory, with $340 million in total funding and a post-money valuation north of $1 billion. Skydio’s fresh capital comes on the heels of its expansion last year into the enterprise market, and it […] [...]

Space startup Gitai raises $17.1M to help build the robotic workforce of commercial space

1 March 2021

Japanese space startup Gitai has raised a $17.1 million funding round, a Series B financing for the robotics startup. This new funding will be used for hiring, as well as funding the development and execution of an on-orbit demonstration mission for the company’s robotic technology, which will show its efficacy in performing in-space satellite servicing […] [...]

Why do companies fail to stop breaches despite soaring IT security investment?

1 March 2021

Let's first take a look back at 2020! Adding to the list of difficulties that surfaced last year, 2020 was also grim for personal data protection, as it has marked a new record number of leaked credentials and PI data. A whopping 20 billion records were stolen in a single year, increasing 66% from 12 billion in 2019. Incredibly, this is a 9x increase from the comparatively "small" amount of 2.3 [...]

Chinese Hackers Targeted India's Power Grid Amid Geopolitical Tensions

1 March 2021

Amid heightened border tensions between India and China, cybersecurity researchers have revealed a concerted campaign against India's critical infrastructure, including the nation's power grid, from Chinese state-sponsored groups. The attacks, which coincided with the standoff between the two nations in May 2020, targeted a total of 12 organizations, 10 of which are in the power generation and [...]

SolarWinds Blames Intern for Weak Password That Led to Biggest Attack in 2020

1 March 2021

As cybersecurity researchers continue to piece together the sprawling SolarWinds supply chain attack, top executives of the Texas-based software services firm blamed an intern for a critical password lapse that went unnoticed for several years. The said password "solarwinds123" was originally believed to have been publicly accessible via a GitHub repository since June 17, 2018, before the [...]

North Korean Hackers Targeting Defense Firms with ThreatNeedle Malware

1 March 2021

A prolific North Korean state-sponsored hacking group has been tied to a new ongoing espionage campaign aimed at exfiltrating sensitive information from organizations in the defense industry. Attributing the attacks with high confidence to the Lazarus Group, the new findings from Kaspersky signal an expansion of the APT actor's tactics by going beyond the usual gamut of financially-motivated [...]

ALERT: Malicious Amazon Alexa Skills Can Easily Bypass Vetting Process

27 February 2021

Researchers have uncovered gaps in Amazon's skill vetting process for the Alexa voice assistant ecosystem that could allow a malicious actor to publish a deceptive skill under any arbitrary developer name and even make backend code changes after approval to trick users into giving up sensitive information. The findings were presented on Wednesday at the Network and Distributed System Security [...]

Cisco Releases Security Patches for Critical Flaws Affecting its Products

1 March 2021

Cisco has addressed a maximum severity vulnerability in its Application Centric Infrastructure (ACI) Multi-Site Orchestrator (MSO) that could allow an unauthenticated, remote attacker to bypass authentication on vulnerable devices. "An attacker could exploit this vulnerability by sending a crafted request to the affected API," the company said in an advisory published yesterday. "A successful [...]

Chinese Hackers Using Firefox Extension to Spy On Tibetan Organizations

26 February 2021

Cybersecurity researchers today unwrapped a new campaign aimed at spying on vulnerable Tibetan communities globally by deploying a malicious Firefox extension on target systems. "Threat actors aligned with the Chinese Communist Party's state interests delivered a customized malicious Mozilla Firefox browser extension that facilitated access and control of users' Gmail accounts," Proofpoint said [...]

The Top Free Tools for Sysadmins in 2021

25 February 2021

It's no secret that sysadmins have plenty on their plates. Managing, troubleshooting, and updating software or hardware is a tedious task. Additionally, admins must grapple with complex webs of permissions and security. This can quickly become overwhelming without the right tools. If you're a sysadmin seeking to simplify your workflows, you're in luck. We've gathered some excellent software [...]

Russian Hackers Targeted Ukraine Authorities With Supply-Chain Malware Attack

25 February 2021

Ukraine is formally pointing fingers at Russian hackers for hacking into one of its government systems and attempting to plant and distribute malicious documents that would install malware on target systems of public authorities. "The purpose of the attack was the mass contamination of information resources of public authorities, as this system is used for the circulation of documents in most [...]

Online Trackers Increasingly Switching to Invasive CNAME Cloaking Technique

27 February 2021

With browser makers steadily clamping down on third-party tracking, advertising technology companies are increasingly embracing a DNS technique to evade such defenses, thereby posing a threat to web security and privacy. Called CNAME Cloaking, the practice of blurring the distinction between first-party and third-party cookies not only results in leaking sensitive private information without [...]

Episode 205 – Google’s Camille Stewart: InfoSec’s Lack of Diversity is a Cyber Risk

26 February 2021

In this interview, Camille Stewart, Google’s Head of Security Policy for Google Play and Android explains how understanding how systemic racism influences cyber security is integral to protecting the American people and defending the country from cyber adversaries. The post Episode 205 – Google’s Camille Stewart: InfoSec’s Lack of...Read the whole entry... » Related StoriesEpisode 192: It’s Showtime! Are Local Governments Ready To Turn Back Election Hacks?Episode 203: Don’t Hack The Water and Black Girls Hack Founder Tennisha MartinEpisode 202: The Byte Stops Here – Biden’s Cyber Agenda [...]

Exclusive: Flaws in Zoom’s Keybase App Kept Chat Images From Being Deleted

22 February 2021

A serious flaw in Zoom’s Keybase secure chat application left copies of images contained in secure communications on Keybase users’ computers after they were supposedly deleted. The post Exclusive: Flaws in Zoom’s Keybase App Kept Chat Images From Being Deleted appeared first on The Security Ledger. Related StoriesEpisode 201: Bug Hunting with Sick CodesEpisode 200: Sakura Samurai Wants To Make Hacking Groups Cool Again. And: Automating Our Way Out of PKI ChaosDHS Looking Into Cyber Risk from TCL Smart TVs [...]

Episode 204: Josh Corman of CISA on securing the Vaccine Supply Chain

18 February 2021

Joshua Corman, the Chief Strategist for Healthcare and COVID on CISA’s COVID Task Force, joins us to talk about the myriad of cyber threats facing healthcare and the vaccine distribution system and how the federal government is working to counter them. The post Episode 204: Josh Corman of CISA on securing the Vaccine Supply Chain appeared first...Read the whole entry... » Related StoriesEpisode 197: The Russia Hack Is A 5 Alarm Fire | Also: Shoppers Beware!Episode 194: What Happened To All The Election Hacks?Episode 195: Cyber Monday Super Deals Carry Cyber Risk [...]

Episode 203: Don’t Hack The Water and Black Girls Hack Founder Tennisha Martin

15 February 2021

In this episode of the Security Ledger Podcast (#203) we talk about the apparent hack of a water treatment plant in Oldsmar Florida with Frank Downs of the firm BlueVoyant. In our second segment: is infosec’s lack of diversity a bug or a feature? Tennisha Martin of Black Girls Hack joins us to talk about the many obstacles that black women face...Read the whole entry... » Related StoriesEpisode 197: The Russia Hack Is A 5 Alarm Fire | Also: Shoppers Beware!Episode 200: Sakura Samurai Wants To Make Hacking Groups Cool Again. And: Automating Our Way Out of PKI ChaosEpisode 198: Must… [...]

Episode 202: The Byte Stops Here – Biden’s Cyber Agenda

5 February 2021

Even before Solar Storm, Joe Biden had made it clear that a cyber security reset was needed. But what will that reset look like? To understand a bit better what might be in store in the months ahead we devoted this episode of the podcast to interviewing three experts on federal IT security and cyber defense. The post Episode 202: The Byte Stops...Read the whole entry... » Related StoriesEpisode 197: The Russia Hack Is A 5 Alarm Fire | Also: Shoppers Beware!Episode 199 COVID’s Other Legacy: Data Theft and Enterprise InsecurityEpisode 194: What Happened To All The Election Hacks? [...]

Episode 201: Bug Hunting with Sick Codes

29 January 2021

The work of vulnerability research has changed a lot in the last two decades. In this episode, Security Ledger Podcast host Paul Roberts chats with the independent researcher known as “Sick Codes” about the growing risk of open source supply chain hacks, his method for bug hunting and what projects are in the pipeline for 2021. The post ...Read the whole entry... » Related StoriesEpisode 200: Sakura Samurai Wants To Make Hacking Groups Cool Again. And: Automating Our Way Out of PKI ChaosEpisode 195: Cyber Monday Super Deals Carry Cyber RiskDHS Looking Into Cyber Risk from TCL Smart TVs [...]

Episode 200: Sakura Samurai Wants To Make Hacking Groups Cool Again. And: Automating Our Way Out of PKI Chaos

22 January 2021

In this episode of the podcast (#200), sponsored by Digicert: John Jackson, founder of the group Sakura Samurai talks to us about his quest to make hacking groups cool again. Also: we talk with Avesta Hojjati of the firm Digicert about the challenge of managing a growing population of digital certificates and how automation may be an answer. The...Read the whole entry... » Related StoriesEpisode 201: Bug Hunting with Sick CodesEpisode 195: Cyber Monday Super Deals Carry Cyber RiskEpisode 198: Must Hear Interviews from 2020 [...]

Researchers Test UN’s Cybersecurity, Find Data on 100k

11 January 2021

Independent security researchers testing the security of the United Nations were able to compromise public-facing servers and a cloud-based development account for the U.N. and lift data on more than 100,000 staff and employees, according to a report released Monday. The post Researchers Test UN’s Cybersecurity, Find Data on 100k appeared first...Read the whole entry... »Related StoriesExclusive: Flaws in Zoom’s Keybase App Kept Chat Images From Being DeletedPodcast Episode 189: AppSec for Pandemic Times, A Conversation with GitLab Security VP Jonathan HuntEpisode 200: Sakura Samurai Wants To Make Hacking Groups Cool Again. And: Automating Our Way Out of PKI Chaos [...]

Episode 199 COVID’s Other Legacy: Data Theft and Enterprise Insecurity

8 January 2021

In this episode of the podcast (#199), sponsored by LastPass, we talk with Shareth Ben of Securonix about how massive layoffs that have resulted from the COVID pandemic put organizations at far greater risk of data theft. In our second segment, we’re joined by Barry McMahon, a Senior Global Product Marketing Manager at LogMeIn, to talk about...Read the whole entry... » Related StoriesEpisode 197: The Russia Hack Is A 5 Alarm Fire | Also: Shoppers Beware!Episode 200: Sakura Samurai Wants To Make Hacking Groups Cool Again. And: Automating Our Way Out of PKI ChaosEpisode 202: The Byte Stops Here – Biden’s… [...]

Episode 198: Must Hear Interviews from 2020

31 December 2020

Trying times have a way of peeling back the curtains and seeing our world with new eyes. We The post Episode 198: Must Hear Interviews from 2020 appeared first on The Security Ledger. Related StoriesEpisode 200: Sakura Samurai Wants To Make Hacking Groups Cool Again. And: Automating Our Way Out of PKI ChaosEpisode 195: Cyber Monday Super Deals Carry Cyber RiskEpisode 203: Don’t Hack The Water and Black Girls Hack Founder Tennisha Martin [...]

US drone firm Skydio valued at $1 billion as government freezes out Chinese competition

1 March 2021

Skydio’s X2 drone is aimed at enterprise and military customers. | Image: Skydio Skydio has become the first US dronemaker with a valuation of more than $1 billion, a signal of deeper investment in American-made drones after the US government blacklisted Chinese manufacturers. The California-based Skydio raised $170 million in a Series D funding round led by VC firm Andreessen Horowitz, as first reported by The Financial Times. Skydio’s drones are best known for their self-flying tech, which allows the aircraft to autonomously navigate obstacles and track users on the ground. The company released its first drone in 2018, the… [...]

My PS5 is now matte black thanks to Dbrand’s Darkplates

1 March 2021

A stealthy look for the elusive console Continue reading… [...]

Today I learned the iPhone’s excellent document scanner can be controlled from a Mac

1 March 2021

Scan documents directly into Mail, Finder, and other Mac apps. | Image: Apple The iPhone’s Notes app has a powerful document scanning feature built right into it, and today I learned that this scanner can be controlled directly from a paired Mac in a variety of apps. It’s an incredibly useful tip for Mac users as it cuts out the awkward middle steps of having to transfer it from phone to computer, or grabbing it from the Mac’s Notes app after it syncs. Shoutout to TikTok account @keyboardshortcuts for bringing it to my attention. Besides Notes, the iPhone’s scanner can… [...]

Polaris teases an all-electric Ranger, first in its collaboration with Zero Motorcycles

1 March 2021

The first electric power sports vehicle to emerge from the new collaboration between Polaris and Zero Motorcycles will be a battery-powered Ranger utility side-by-side. The companies didn’t provide any details about the vehicle’s range, battery pack, or price, but they did say that production on the new UTV (or utility terrain vehicle) was expected to start in December 2021. Ranger is the number one-selling brand in the Minnesota-based Polaris’ lineup of utility vehicles. More details are forthcoming, a spokesperson said, but the goal is to “build a better Ranger with more torque, more power, more hauling, the capabilities needed to… [...]

Lime says it will spend $50 million on a huge e-bike expansion

1 March 2021

Lime is getting back to its roots. The scooter company formerly known as LimeBike says it will invest $50 million to grow its shared electric bicycle network, including adding a new model of bike and doubling the number of cities in which it operates. Lime got its start with shared bikes, only to quickly pivot after Bird first introduced the concept of dockless electric scooters in 2017. The company dropped the “bike” from its name and started phasing out its bikes in 2019. But the following year, Lime acquired bike-share company Jump from Uber, and suddenly, bikes were back on… [...]

2021 Golden Globes: Netflix dominates the night, Nomadland takes top honor

1 March 2021

Kevin Mazur/Getty Images for Hollywood Foreign Press Association In a year of ongoing movie delays and stalled television productions, it’s no surprise that this year’s Golden Globes winners were dominated by streaming services — in particular, Netflix. However, before getting into the winners of the evening, it’s impossible to ignore that this year’s Golden Globes were surrounded by a number of important controversies. Last week the Los Angeles Times published an in-depth feature investigation into the questionable ethics involving all 87 members of the Hollywood Foreign Press Association (HFPA), the voting body that selects Golden Globe winners every year. Some… [...]

Cybersecurity firm says social media bots hyped GameStop during trading frenzy

28 February 2021

Photo by Sean Hollister / The Verge A cybersecurity firm found that bots were promoting GameStop stock on social media before and after the stock’s frenzied rise last month, Reuters reported. Massachusetts-based PiiQ Media says social media bots promoted Dogecoin, GameStop, and other “meme” stocks in posts on Facebook, Twitter, Instagram, and YouTube. The firm estimated that tens of thousands of bots participated, but it’s still unclear how much influence they had or didn’t have on the rise and fall of GME and other stocks. Shares in GME skyrocketed in January as Reddit users on r/wallstreetbets rallied around the stock… [...]

Minneapolis hiring social media influencers for former police officers’ trials

28 February 2021

George Floyd died in police custody in May 2020 | Getty Minneapolis is hiring social media influencers to share “city-generated and approved messages” during the trials of four former city police officers charged in the May 2020 killing of George Floyd, according to the Minnesota Reformer. The Minneapolis city council approved the plan on Friday, which calls for six influencers to be paid about $2,000 each to spread the city’s messages with Black, Native American, Hmong, and Latino communities. The goal is to “address/dispel incorrect information” by using “trusted messengers,” part of a program the city refers to as its… [...]

New AI ‘Deep Nostalgia’ brings old photos, including very old ones, to life

28 February 2021

MyHeritage An AI-powered service called Deep Nostalgia that animates still photos has become the main character on Twitter this fine Sunday, as people try to create the creepiest fake “video” possible, apparently. The Deep Nostalgia service, offered by online genealogy company MyHeritage, uses AI licensed from D-ID to create the effect that a still photo is moving. It’s kinda like the iOS Live Photos feature, which adds a few seconds of video to help smartphone photographers find the best shot. But Deep Nostalgia can take photos from any camera and bring them to “life.” The program uses pre-recorded driver videos… [...]

How to watch the 2021 Golden Globes online

28 February 2021

Photo by VALERIE MACON/AFP via Getty Images Awards season in Hollywood begins Sunday, February 28th, with the 78th Golden Globe Awards, hosted by the Hollywood Foreign Press Association. The Golden Globes, usually considered a harbinger of who may take home awards at other shows like the Oscars, will look a bit different this year thanks to the coronavirus pandemic. The hosts and presenters will be in different locations in the US and around the world. Streaming services have finally come into their own at the Globes, with Netflix leading the pack of with 20 total nominations for its television shows;… [...]

Sherry Turkle Talks Going Remote, Loneliness, and Her Memoir

1 March 2021

In The Empathy Diaries, the pioneering computer researcher finally studies her own life. She tells WIRED why now was the right time. [...]

The Raging Evolutionary War Between Humans and Covid-19

1 March 2021

Fighting the pandemic isn’t only about vaccines and drugs. It’s about understanding how viruses mutate and change inside us, and among us. [...]

Why a YouTube Chat About Chess Got Flagged for Hate Speech

1 March 2021

AI programs that analyze language have difficulty gauging context. Words such as “black,” “white,” and “attack" can have different meanings. [...]

Far-Right Platform Gab Has Been Hacked—Including Private Data

1 March 2021

The transparency group DDoSecrets says it will make the 70GB of passwords, private posts, and more available to researchers, journalists, and social scientists. [...]

The Best Nintendo Switch Games for Every Kind of Player

28 February 2021

From Hyrule to Hallownest, these are our absolute favorite video game escapes for the Switch and Switch Lite. [...]

A Decades-Long Quest Reveals New Details of Antimatter

28 February 2021

Twenty years ago, physicists began investigating a mysterious asymmetry inside the proton. Their results show how antimatter helps stabilize every atom’s core. [...]

How to Set Up a 4G LTE Wi-Fi Network as an Alternative to Broadband

28 February 2021

Connecting to cell networks is an increasingly viable option—here’s how it works. [...]

Warnings From the Queer History of Modern Internet Regulation

28 February 2021

Section 230 faces countless reform efforts. But a look back reminds us that categorical content bans often come at the expense of marginalized groups. [...]

Period Underwear Changed My Life—and I'm Never Going Back

28 February 2021

Wearing underwear designed to absorb my menstrual flow—with no additional protection—has made my period more comfortable. It’s kinder to the planet too. [...]

The SolarWinds Body Count Now Includes NASA and the FAA

27 February 2021

Plus: Firefox blocks more tracking, how to fight a robodog, and more of the week’s top security news. [...]

Containers Complicate Compliance (And What To Do About It)

Related Stories

Related Posts

Inside the Battle to Control Enterprise Security Data Lakes

Episode 204: Josh Corman of CISA on securing the Vaccine Supply Chain

Episode 203: Don’t Hack The Water and Black Girls Hack Founder Tennisha Martin