At the Intersection of Technology and Real Life

Episode 233: Unpacking Log4Shell’s Un-coordinated Disclosure Chaos

Mike York Syndicated Stories, The Security Ledger

In this episode of the podcast (#233) Mark Stanislav, a Vice President at the firm Gemini, joins Paul to talk about what went wrong with disclosure of Log4Shell, the critical, remote code execution flaw in the Log4j open source library. Mark talks about how the Internet community can come together ahead of the next vulnerability to make sure the…

Read the whole entry… »

Security researcher Sam Curry describes a stressful situation he encountered upon his return to the U.S. when border officials and federal agents seized and searched his electronic devices. Curry was further served with a 'Grand Jury' subpoena that demanded him to appear in court for testimony. [...]

Budworm hackers target telcos and govt orgs with custom malware

28 September 2023

A Chinese cyber-espionage hacking group tracked as Budworm has been observed targeting a telecommunication firm in the Middle East and a government entity in Asia using a new variant of its custom 'SysUpdate' backdoor. [...]

Google fixes fifth actively exploited Chrome zero-day of 2023

27 September 2023

Google has patched the fifth Chrome zero-day vulnerability exploited in attacks since the start of the year in emergency security updates released today. [...]

SSH keys stolen by stream of malicious PyPI and npm packages

27 September 2023

A stream of malicious npm and PyPi packages have been found stealing a wide range of sensitive data from software developers on the platforms. [...]

Teensy, $60 Raspberry Pi 5 Computer Gets Bigger PC Brawn - CNET

28 September 2023

The new model is two or three times faster than its 4-year-old predecessor. And it includes the Raspberry Pi Foundation's first in-house chip. [...]

Best TV Deals: Save Big on TVs From Samsung, LG, Sony and More - CNET

28 September 2023

Don't buy a new TV until you've seen our collection of the best deals around right here, right now. [...]

Best Gas Grill of 2023 - CNET

28 September 2023

The key to any backyard get-together is a great gas grill. We've tested the best gas grills on the market to find the perfect one for your budget and needs. [...]

ChatGPT Isn't Stuck in 2021 Anymore, Can Browse Web for Recent Answers - CNET

28 September 2023

After an earlier beta test, ChatGPT will now serve up current info from the internet to people with a Plus or Enterprise subscription. [...]

Best Android Phone of 2023 - CNET

28 September 2023

From Google's Pixel 7 Pro to new foldables from Samsung and Motorola, these are the best Android phones of 2023. [...]

Best Holiday Gifts for Grandparents in 2023 - CNET

28 September 2023

Show Grandma and Grandpa just how much you love them with a thoughtful holiday gift. [...]

Best iPhone 15 and iPhone 15 Pro Cases for 2023 - CNET

28 September 2023

All the new iPhone 15 models are now available. Check out our current top cases for them, with more picks coming soon. [...]

iOS 17.1 Beta 1: What Could Be Coming to Your iPhone Soon - CNET

28 September 2023

Developers and beta testers can download this iOS update now. [...]

Best Electric Lawn Mower of 2023 - CNET

28 September 2023

Our experts tested the best electric mowers to find the perfect option to keep your lawn healthy. [...]

6 Best Weightlifting Shoes for 2023 - CNET

28 September 2023

Whether you're a new lifter or experienced CrossFitter, you'll love these picks. [...]

Chrome Flags Third Zero-Day This Month That's Tied to Spying Exploits

28 September 2023

So far this year, Google has disclosed six vulnerabilities that attackers were actively exploiting before the company had a patch for them. [...]

New Cisco IOS Zero-Day Delivers a Double Punch

28 September 2023

The networking giant discloses new vulnerabilities the same day as warnings get issued that Cisco gear has been targeted in a Chinese APT attack. [...]

Johnson Controls International Disrupted by Major Cyberattack

28 September 2023

The company filed with the SEC and is assessing its operations and financial damages. [...]

Q&A: UK Ambassador on Creating New Cybersecurity Agencies Around the World

28 September 2023

How the UK is assisting other nations in forming their own versions of a National Centre for Cybersecurity (NCSC). [...]

Novel ZenRAT Scurries Onto Systems via Fake Password Manager Tool

28 September 2023

Attackers exclusively target Windows users with an impersonation website that distributes information-stealing malware. [...]

Looking Beyond the Hype Cycle of AI/ML in Cybersecurity

28 September 2023

Artificial intelligence and machine learning aren't yet delivering on their cybersecurity promises. How can we close the gaps? [...]

4 Legal Surprises You May Encounter After a Cybersecurity Incident

28 September 2023

Many organizations are not prepared to respond to all the constituencies that come knocking after a breach or ransomware incident. [...]

Supply Chain Attackers Escalate With GitHub Dependabot Impersonation

28 September 2023

Armed with stolen developer passcodes, attackers have checked in changes to repositories under the automation feature's name in an attempt to escape notice. [...]

CAPTCHAs Easy for Humans, Hard for Bots

28 September 2023

Proton is aiming for the sweet spot between security, privacy, and accessibility with its CAPTCHA. [...]

A Preview of Windows 11's Passkeys Support

28 September 2023

The latest update to Windows 11 introduces support for passkeys, which provide phishing-resistant passwordless authentication. [...]

RSS Error: A feed could not be found at `http://www.infosecisland.com/rss.html`; the status code is `404` and content-type is `text/html; charset=utf-8`

How to use Google Bard: What to do and what not to do

28 September 2023

You no longer need to join a waitlist to try out Google's AI chatbot, Bard. Here's everything you need to know to use it. [...]

The search for a 5G killer app that's 'bigger than connectivity'

28 September 2023

Industry observers agree that 5G represents a new frontier of innovation. To push the boundaries, these tech and telecom giants have joined the 5G OI Lab's ecosystem. [...]

iPhone 15 Pro users can replace Siri with ChatGPT. Here's how

28 September 2023

With the tap of the Action button, you can start chatting with ChatGPT. [...]

How to create a Kanban board in the MacOS Sonoma Reminders app

28 September 2023

If you'd like to incorporate the power of Kanban boards into your daily life, MacOS Sonoma's Reminders app has a handy trick up its sleeve. [...]

Asian banks are a favorite target of cybercooks, and malicious bots their preferred tool

28 September 2023

Asia-Pacific is the second-most targeted region for malicious bot requests against financial services, with global hubs Singapore, Australia, and Japan the region's top three most targeted, accounting for the bulk of web application and API attacks. [...]

How to add widgets to your MacOS Sonoma desktop

28 September 2023

MacOS Sonoma leans into the same Widgets that are taking iOS by storm. Here's how you can add them to your desktop. [...]

How to save money on groceries with Amazon Prime

28 September 2023

Trying to save money on groceries these days? Trim down your grocery bill with these Prime membership hacks. [...]

These $200 wireless headphones are the best it gets at this price point

28 September 2023

Audio-Technica's new ATH-M50xBT2 are a worthy successor to an already fantastic pair of headphones. [...]

Fitbit's new fitness tracker adds Google features we've all been waiting for

28 September 2023

The Fitbit Charge 6 offers a sleek form factor and deeper integration into the Google ecosystem. Here's everything new. [...]

Can AI code? In baby steps only

28 September 2023

Don't give up your coding career. Studies have shown generative AI does only a so-so job of coding, and fails spectacularly on hard problems. [...]

Vulnerability resolution enhanced by integrations

28 September 2023

Why speed is of the essence in today’s cybersecurity landscape? How are you quickly achieving vulnerability resolution? Identifying vulnerabilities should be part of the daily process within an organization. It’s an important piece of maintaining an organization’s security posture. However, the complicated nature of modern technologies — and the pace of change — often make […] The post Vulnerability resolution enhanced by integrations appeared first on Security Intelligence. [...]

How I got started: SIEM engineer

28 September 2023

As careers in cybersecurity become increasingly more specialized, Security Information and Event Management (SIEM) engineers are playing a more prominent role. These professionals are like forensic specialists but are also on the front lines protecting sensitive information from the relentless onslaught of cyber threats. SIEM engineers meticulously monitor, analyze and manage security events and incidents […] The post How I got started: SIEM engineer appeared first on Security Intelligence. [...]

Tequila OS 2.0: The first forensic Linux distribution in Latin America

27 September 2023

Incident response teams are stretched thin, and the threats are only intensifying. But new tools are helping bridge the gap for cybersecurity pros in Latin America. IBM Security X-Force Threat Intelligence Index 2023 found that 12% of the security incidents X-force responded to were in Latin America. In comparison, 31% were in the Asia-Pacific, followed […] The post Tequila OS 2.0: The first forensic Linux distribution in Latin America appeared first on Security Intelligence. [...]

Cost of a data breach 2023: Geographical breakdowns

27 September 2023

Data breaches can occur anywhere in the world, but they are historically more common in specific countries. Typically, countries with high internet usage and digital services are more prone to data breaches. To that end, IBM’s Cost of a Data Breach Report 2023 looked at 553 organizations of various sizes across 16 countries and geographic […] The post Cost of a data breach 2023: Geographical breakdowns appeared first on Security Intelligence. [...]

The Growing Risks of Shadow IT and SaaS Sprawl

26 September 2023

In today’s fast-paced digital landscape, there is no shortage of apps and Software-as-a-Service (SaaS) solutions tailored to meet the diverse needs of businesses across different industries. This incredible array of options has revolutionized how we work, providing cost-effective and user-friendly tools that streamline tasks and boost productivity. However, this ever-expanding application ecosystem comes with its […] The post The Growing Risks of Shadow IT and SaaS Sprawl appeared first on Security Intelligence. [...]

Are you ready to build your organization’s digital trust?

25 September 2023

As organizations continue their digital transformation journey, they need to be able to trust that their digital assets are secure. That’s not easy in today’s environment, as the numbers and sophistication of cyberattacks increase and organizations face challenges from remote work and insider behavior. Digital trust can make your organization’s digital transformation stronger. A lack […] The post Are you ready to build your organization’s digital trust? appeared first on Security Intelligence. [...]

Most organizations want security vendor consolidation

21 September 2023

Cybersecurity is complicated, to say the least. Maintaining a strong security posture goes far beyond knowing about attack groups and their devious TTPs. Merely understanding, coordinating and unifying security tools can be challenging. We quickly passed through the “not if, but when” stage of cyberattacks. Now, it’s commonplace for companies to have experienced multiple breaches. […] The post Most organizations want security vendor consolidation appeared first on Security Intelligence. [...]

How IBM secures the U.S. Open

20 September 2023

More than 15 million tennis fans around the world visited the US Open app and website this year, checking scores, poring over statistics and watching highlights from hundreds of matches over the two weeks of the tournament. To help develop this world-class digital experience, IBM Consulting worked closely with the USTA, developing powerful generative AI […] The post How IBM secures the U.S. Open appeared first on Security Intelligence. [...]

How the FBI Fights Back Against Worldwide Cyberattacks

19 September 2023

In the worldwide battle against malicious cyberattacks, there is no organization more central to the fight than the Federal Bureau of Investigation (FBI). And recent years have proven that the bureau still has some surprises up its sleeve. In early May, the U.S. Department of Justice announced the conclusion of a U.S. government operation called […] The post How the FBI Fights Back Against Worldwide Cyberattacks appeared first on Security Intelligence. [...]

How NIST Cybersecurity Framework 2.0 Tackles Risk Management

18 September 2023

The NIST Cybersecurity Framework 2.0 (CSF) is moving into its final stages before its 2024 implementation. After the public discussion period to inform decisions for the framework closed in May, it’s time to learn more about what to expect from the changes to the guidelines. The updated CSF is being aligned with the Biden Administration’s […] The post How NIST Cybersecurity Framework 2.0 Tackles Risk Management appeared first on Security Intelligence. [...]

Progress Software Patches Critical Pre-Auth Flaws in WS_FTP Server Product

28 September 2023

Progress Software ships patches for critical-severity flaws in its WS_FTP file transfer software and warns that a pre-authenticated attacker could wreak havoc on the underlying operating system. The post Progress Software Patches Critical Pre-Auth Flaws in WS_FTP Server Product appeared first on SecurityWeek. [...]

Verisoul Raises $3.25 Million in Seed Funding to Detect Fake Users

28 September 2023

Verisoul, a company that has developed a SaaS platform for detecting and blocking fake users, has raised $3.25 million in seed funding. The post Verisoul Raises $3.25 Million in Seed Funding to Detect Fake Users appeared first on SecurityWeek. [...]

Lumu Raises $30 Million for Threat Detection and Response Platform

28 September 2023

Intrusion detection company Lumu has raised $30 million in a Series B funding round led by Forgepoint Capital. The post Lumu Raises $30 Million for Threat Detection and Response Platform appeared first on SecurityWeek. [...]

Government Shutdown Could Bench 80% of CISA Staff

28 September 2023

Roughly 80% of CISA staff will be sent home at the end of the week in case of a government shutdown. The post Government Shutdown Could Bench 80% of CISA Staff appeared first on SecurityWeek. [...]

Moving From Qualitative to Quantitative Cyber Risk Modeling

28 September 2023

Migrating to a quantitative cyber risk model of analysis allows for more accurate data, which leads to more informed decision-making. The post Moving From Qualitative to Quantitative Cyber Risk Modeling appeared first on SecurityWeek. [...]

Cisco Warns of IOS Software Zero-Day Exploitation Attempts

28 September 2023

Cisco has released patches for vulnerability in the GET VPN feature of IOS and IOS XE software that has been exploited in attacks. The post Cisco Warns of IOS Software Zero-Day Exploitation Attempts appeared first on SecurityWeek. [...]

Russian Zero-Day Acquisition Firm Offers $20 Million for Android, iOS Exploits

28 September 2023

Russian zero-day acquisition firm Operation Zero is now offering $20 million for full Android and iOS exploit chains. The post Russian Zero-Day Acquisition Firm Offers $20 Million for Android, iOS Exploits appeared first on SecurityWeek. [...]

Sysdig Launches Realtime Attack Graph for Cloud Environments

28 September 2023

Sysdig enhanced its existing CNAPP offering with a cloud attack graph, risk prioritization, attack path analysis, a searchable inventory, and complete agentless scanning. The post Sysdig Launches Realtime Attack Graph for Cloud Environments appeared first on SecurityWeek. [...]

Google Rushes to Patch New Zero-Day Exploited by Spyware Vendor

28 September 2023

Google has rushed to patch a new Chrome zero-day vulnerability, tracked as CVE-2023-5217 and exploited by a spyware vendor. The post Google Rushes to Patch New Zero-Day Exploited by Spyware Vendor appeared first on SecurityWeek. [...]

Chinese Gov Hackers Caught Hiding in Cisco Router Firmware

27 September 2023

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently hop around the corporate networks of U.S. and Japanese companies. The post Chinese Gov Hackers Caught Hiding in Cisco Router Firmware appeared first on SecurityWeek. [...]

Judge upholds $18 minimum pay for NYC delivery workers

28 September 2023

In a blow to Uber, DoorDash and Grubhub, a New York judge on Thursday ruled to allow the implementation of the minimum pay rate of $18 per hour for New York City’s food delivery workers. The delivery apps sued the city in July, when the city’s 65,000 delivery workers would have begun seeing hourly payments, […] [...]

It’s not clear X CEO Linda Yaccarino knew about Elon Musk’s plan to charge for X

28 September 2023

In a live chat earlier this month, Elon Musk said X would charge users “a small monthly payment” to use its service — a necessity, he explained, in order to combat the “vast armies of bots” on the platform. But in an interview this week at the Code Conference, X CEO Linda Yaccarino seemed to […] [...]

Federal agency sues Tesla for racial discrimination of Black workers

28 September 2023

The EEOC filed suit against Tesla, accusing the automaker of violating federal law by tolerating widespread and ongoing racial harassment of its Black employees. [...]

ispace unveils new lunar lander that will fly to the moon in 2026

28 September 2023

Japanese space company ispace has invested over $40 million in its new U.S. subsidiary to-date, as it looks to take advantage of growing investment from NASA and the Pentagon in technologies for the moon. The level of investment is a mark of ispace’s “strong commitment to the U.S. market,” CEO Takeshi Hakamada said in a […] [...]

Honda forms largest EV partner network in the US despite not yet selling an EV in the country

28 September 2023

Honda is touting today that drivers of its EVs will soon have access to the most amount of charging locations in America. This is thanks to just-announced agreements with EVgo and Electrify America, two of the largest EV charging networks in the States. Honda previously signed on with the NACS charging standard, granting access to […] [...]

Your website can now opt out of training Google’s Bard and future AIs

28 September 2023

Large language models are trained on all kinds of data, most of which it seems was collected without anyone’s knowledge or consent. Now you have a choice whether to allow your web content to be used by Google as material to feed its Bard AI and any future models it decides to make. It’s as […] [...]

Should VCs back the FTC suit against Amazon?

28 September 2023

Which do you prefer: Regulators working to contain market power or a potential ceiling being set on exit values for the companies that you back? [...]

Review: Tablo DVR gives users a major upgrade with its free ad-supported TV offering

28 September 2023

Tablo has always been a niche product, Grant Hall, founder and CEO of parent company Nuvyyo, admitted to TechCrunch. However, as more cord-cutters become frustrated with streaming services raising their prices, OTA (over-the-air) DVRs and TV antennas are making a comeback. The Consumer Technology Association reported that 36 million U.S. households own an antenna. Plus, […] [...]

Apple asks the Supreme Court to reconsider a previous ruling in Epic’s favor

28 September 2023

Apple has asked the Supreme Court to reconsider a previous ruling in its fight against Epic Games that would change the rules of the App Store. In a cert petition, filed Thursday and embedded below, Apple criticized a prior decision that would force it to allow app developers to point their users toward alternative payment […] [...]

Ask Sophie: What are your top immigration tips from TechCrunch Disrupt 2023?

28 September 2023

I wasn’t able to make it to TechCrunch Disrupt this year. What were your main immigration takeaways for founders and startups? [...]

GitHub Repositories Hit by Password-Stealing Commits Disguised as Dependabot Contributions

28 September 2023

A new malicious campaign has been observed hijacking GitHub accounts and committing malicious code disguised as Dependabot contributions with an aim to steal passwords from developers. "The malicious code exfiltrates the GitHub project's defined secrets to a malicious C2 server and modify any existing javascript files in the attacked project with a web-form password-stealer malware code [...]

China's BlackTech Hacking Group Exploited Routers to Target U.S. and Japanese Companies

28 September 2023

Cybersecurity agencies from Japan and the U.S. have warned of attacks mounted by a state-backed hacking group from China to stealthily tamper with branch routers and use them as jumping-off points to access the networks of various companies in the two countries. The attacks have been tied to a malicious cyber actor dubbed BlackTech by the U.S. National Security Agency (NSA), Federal Bureau of [...]

The Dark Side of Browser Isolation – and the Next Generation Browser Security Technologies

28 September 2023

The landscape of browser security has undergone significant changes over the past decade. While Browser Isolation was once considered the gold standard for protecting against browser exploits and malware downloads, it has become increasingly inadequate and insecure in today's SaaS-centric world. The limitations of Browser Isolation, such as degraded browser performance and inability to tackle [...]

China-Linked Budworm Targeting Middle Eastern Telco and Asian Government Agencies

28 September 2023

Government and telecom entities have been subjected to a new wave of attacks by a China-linked threat actor tracked as Budworm using an updated malware toolset. The intrusions, targeting a Middle Eastern telecommunications organization and an Asian government, took place in August 2023, with the adversary deploying an improved version of its SysUpdate toolkit, the Symantec Threat Hunter Team, [...]

Update Chrome Now: Google Releases Patch for Actively Exploited Zero-Day Vulnerability

28 September 2023

Google on Wednesday rolled out fixes to address a new actively exploited zero-day in the Chrome browser. Tracked as CVE-2023-5217, the high-severity vulnerability has been described as a heap-based buffer overflow in the VP8 compression format in libvpx, a free software video codec library from Google and the Alliance for Open Media (AOMedia). Exploitation of such buffer overflow flaws can [...]

Red Cross-Themed Phishing Attacks Distributing DangerAds and AtlasAgent Backdoors

27 September 2023

A new threat actor known as AtlasCross has been observed leveraging Red Cross-themed phishing lures to deliver two previously undocumented backdoors named DangerAds and AtlasAgent. NSFOCUS Security Labs described the adversary as having a "high technical level and cautious attack attitude," adding that "the phishing attack activity captured this time is part of the attacker's targeted strike on [...]

Researchers Uncover New GPU Side-Channel Vulnerability Leaking Sensitive Data

27 September 2023

A novel side-channel attack called GPU.zip renders virtually all modern graphics processing units (GPU) vulnerable to information leakage. "This channel exploits an optimization that is data dependent, software transparent, and present in nearly all modern GPUs: graphical data compression," a group of academics from the University of Texas at Austin, Carnegie Mellon University, University of [...]

New Survey Uncovers How Companies Are Confronting Data Security Challenges Head-On

27 September 2023

Data security is in the headlines often, and it’s almost never for a positive reason. Major breaches, new ways to hack into an organization’s supposedly secure data, and other threats make the news because well, it’s scary — and expensive. Data breaches, ransomware and malware attacks, and other cybercrime might be pricey to prevent, but they are even more costly when they occur, with the [...]

New ZenRAT Malware Targeting Windows Users via Fake Password Manager Software

27 September 2023

A new malware strain called ZenRAT has emerged in the wild that's distributed via bogus installation packages of the Bitwarden password manager. "The malware is specifically targeting Windows users and will redirect people using other hosts to a benign web page," enterprise security firm Proofpoint said in a technical report. "The malware is a modular remote access trojan (RAT) with information [...]

Critical libwebp Vulnerability Under Active Exploitation - Gets Maximum CVSS Score

27 September 2023

Google has assigned a new CVE identifier for a critical security flaw in the libwebp image library for rendering images in the WebP format that has come under active exploitation in the wild. Tracked as CVE-2023-5129, the issue has been given the maximum severity score of 10.0 on the CVSS rating system. It has been described as an issue rooted in the Huffman coding algorithm - With a specially [...]

Black Hat: Colin O’Flynn On Hacking An Oven To Make It Stop Lying

9 August 2023

In this episode of the podcast, host Paul Roberts speaks with Colin O'Flynn, CTO and founder of the firm NewAE about his work to patch shoddy software on his home's electric oven - and the bigger questions about owners rights to fix, tinker with or replace the software that powers their connected stuff. The post Black Hat: Colin O’Flynn On...Read the whole entry... »Click the icon below to listen. Related StoriesEpisode 250: Window Snyder of Thistle on Making IoT Security EasyEpisode 251: Kry10 CEO Boyd Multerer on building a secure OS for the IoTForget the IoT. Meet the IoZ: our Internet [...]

Spotlight Podcast: Are you ready for Threat Reconnaissance?

2 August 2023

In this Spotlight podcast interview, David Monnier of Team Cymru talks about the evolution of the threat intelligence into actionable and target specific “threat reconnaissance.” The post Spotlight Podcast: Are you ready for Threat Reconnaissance? first appeared on The Security Ledger with Paul F. Roberts. The post Spotlight Podcast: Are you...Read the whole entry... »Click the icon below to listen. Related StoriesSpotlight: SIEMs suck. Panther is out to change that. Episode 249: Intel Federal CTO Steve Orrin on the CHIPS Act and Supply Chain SecuritySpotlight: Making the Most of Cyber Threat Intelligence with Itsik Kesler of KELA [...]

Attacks on APIs demand a Security Re-Think

12 July 2023

New threats demand that we transform the way we think about securing the endpoints. Case in point: APIs, writes Ross Moore. The post Attacks on APIs demand a Security Re-Think first appeared on The Security Ledger with Paul F. Roberts. The post Attacks on APIs demand a Security Re-Think appeared first on The Security Ledger with Paul F. Roberts. Related StoriesMalicious Automation is driving API Security BreachesThe surveys speak: supply chain threats are freaking people outResearcher finds malicious packages lurked on npm for months [...]

Episode 251: Kry10 CEO Boyd Multerer on building a secure OS for the IoT

29 June 2023

Host Paul Roberts speaks with Boyd Multerer, the CEO and founder of Kry10, which has made a secure OS for the Internet of Things. The post Episode 251: Kry10 CEO Boyd Multerer on building a secure OS for the IoT first appeared on The Security Ledger with Paul F. Roberts. The post Episode 251: Kry10 CEO Boyd Multerer on building a secure OS for the...Read the whole entry... »Click the icon below to listen. Related StoriesEpisode 250: Window Snyder of Thistle on Making IoT Security EasyBlack Hat: Colin O’Flynn On Hacking An Oven To Make It Stop LyingSpotlight: Traceable CSO Richard [...]

Is a DEF CON Village the right way to assess AI risk?

13 June 2023

The AI industry is pointing to the AI Village at DEF CON as a venue for assessing cybersecurity risk. But is a "village" the best way to test AI risk? Experts have their doubts. The post Is a DEF CON Village the right way to assess AI risk? first appeared on The Security Ledger with Paul F. Roberts. The post Is a DEF CON Village the right way to...Read the whole entry... »Related StoriesThe surveys speak: supply chain threats are freaking people outEpisode 250: Window Snyder of Thistle on Making IoT Security EasyEpisode 249: Intel Federal CTO Steve Orrin on the [...]

Researcher: malicious packages lurked on npm for months

18 May 2023

Researchers at ReversingLabs said they discovered two npm open source packages that contained malicious code linked to open source malware known as TurkoRat. The post Researcher: malicious packages lurked on npm for months first appeared on The Security Ledger with Paul F. Roberts. The post Researcher: malicious packages lurked on npm for months...Read the whole entry... »Related StoriesThe surveys speak: supply chain threats are freaking people outMalicious Automation is driving API Security BreachesAttacks on APIs demand a Security Re-Think [...]

Episode 250: Window Snyder of Thistle on Making IoT Security Easy

13 May 2023

In this episode of the podcast, I speak with Window Snyder, the founder and CEO of Thistle Technologies about the (many) security challenges facing Internet of Things (IoT) devices and her idea for making things better: Thistle’s platform for secure development and deployment of IoT devices. The post Episode 250: Window Snyder of Thistle on...Read the whole entry... »Click the icon below to listen. Related StoriesBlack Hat: Colin O’Flynn On Hacking An Oven To Make It Stop LyingEpisode 251: Kry10 CEO Boyd Multerer on building a secure OS for the IoTSpotlight: Traceable CSO Richard Bird on Securing the API Economy [...]

The surveys speak: supply chain threats are freaking people out

10 May 2023

A bunch of recent surveys of IT and security pros send a clear message: threats and risks from vulnerable software supply chains are real, and they’re starting to freak people out. The post The surveys speak: supply chain threats are freaking people out first appeared on The Security Ledger with Paul F. Roberts. The post The surveys speak:...Read the whole entry... »Related StoriesResearcher finds malicious packages lurked on npm for monthsAttacks on APIs demand a Security Re-ThinkEpisode 249: Intel Federal CTO Steve Orrin on the CHIPS Act and Supply Chain Security [...]

Spotlight: Traceable CSO Richard Bird on Securing the API Economy

5 April 2023

In this Spotlight episode of the Security Ledger podcast, I interview Richard Bird, the CSO of the firm Traceable AI about the challenge of securing application programming interfaces (APIs), which are increasingly being abused to steal sensitive data. The post Spotlight: Traceable CSO Richard Bird on Securing the API Economy first appeared...Read the whole entry... »Click the icon below to listen. Related StoriesEpisode 250: Window Snyder of Thistle on Making IoT Security EasyEpisode 247: Into the AppSec Trenches with Robinhood CSO Caleb SimaBlack Hat: Colin O’Flynn On Hacking An Oven To Make It Stop Lying [...]

Episode 249: Intel Federal CTO Steve Orrin on the CHIPS Act and Supply Chain Security

23 March 2023

Paul speaks with Steve Orrin, the Federal CTO at Intel Corp about representing Intel and its technologies to Uncle Sam and the impact of the CHIPS Act a massive new federal investment in semiconductors. The post Episode 249: Intel Federal CTO Steve Orrin on the CHIPS Act and Supply Chain Security first appeared on The Security Ledger with Paul F....Read the whole entry... »Click the icon below to listen. Related StoriesThe surveys speak: supply chain threats are freaking people outEpisode 250: Window Snyder of Thistle on Making IoT Security EasyIs a DEF CON Village the right way to assess AI risk? [...]

Nvidia offices raided by French competition authority

28 September 2023

Illustration by Alex Castro / The Verge Nvidia’s France offices were raided by the country’s competition authority this week, according to a report from The Wall Street Journal. While the French agency doesn’t mention Nvidia by name, it confirms it carried out a raid over concerns about anti-competitive practices in the graphics cards industry. Sources tell the WSJ that French authorities specifically targeted Nvidia, which has seen demand for its chips skyrocket in recent months. Several companies, including Microsoft and OpenAI, have purchased thousands of the company’s high-end AI chips to power large language models. That massive demand resulted in [...]

Tesla sued for ‘severe’ racial harassment at its California factory, again

28 September 2023

Photo by Becca Farsace / The Verge Tesla subjected Black employees at its California factory to “severe or pervasive racial harassment” and helped perpetuate a hostile work environment for employees of color, according to a lawsuit filed by the US Equal Employment Opportunity Commission (EEOC). Racist slurs and epithets and race-based stereotyping “permeated Tesla’s Fremont Factory subjecting Black employees to racial hostility and offenses,” the agency alleges. Black employees were also fired or subject to retaliation after raising complaints about their treatment, the lawsuit says. The lawsuit includes a lot of the language that was alleged to be used at [...]

The best iPhones

28 September 2023

Navigate Apple’s lengthy iPhone product catalog like a pro. | Image: The Verge Whether you want a battery that lasts for days or the very best deal, we’ve got some recommendations for an iPhone you’ll love. Continue reading… [...]

The best entertainment of 2023

28 September 2023

The Boy and the Heron. | Image: Studio Ghibli Right now, we are absolutely spoiled for choice when it comes to entertainment. TV shows, movies, and games all come out at such a fast and furious pace that it’s hard to keep up. Not all of them are worth your time, of course — which is where we come in. Our team spends a lot of time immersed in the various realms of pop culture so that we can handpick our favorites for you. That could mean a hot new indie game you might’ve otherwise missed or the streaming series [...]

Castlevania: Nocturne is a revolutionary epic that does the franchise’s best games justice

28 September 2023

Drolta Tzuentes as she appears in Castlevania: Nocturne. | Image: Netflix Netflix’s newest Castlevania animated series reworks elements of the franchise’s best games into an epic history lesson about freedom and the French Revolution. Continue reading… [...]

Spotify is adding auto-generated transcripts to millions of podcasts

28 September 2023

Image: Spotify Spotify is rolling out auto-generated podcast transcripts to more creators in the coming weeks, the company announced Thursday. The text transcripts will also be time-synced so listeners can visually follow along as a podcast episode progresses. Transcripts are available by scrolling down below the podcast player and tapping into a “read along” section. A transcription of a show makes the podcast more accessible to users and allows listeners to skip around and skim an episode without listening through. Spotify says “millions” of podcast episodes will get the tool, and in the future, creators could add media to transcripts [...]

Google adds a switch for publishers to opt out of becoming AI training data

28 September 2023

Illustration: The Verge Google just announced it’s giving website publishers a way to opt out of having their data used to train the company’s AI models while remaining accessible through Google Search. The new tool, called Google-Extended, allows sites to continue to get scraped and indexed by crawlers like the Googlebot while avoiding having their data used to train the company’s present and future AI models. The company says Google-Extended will let publishers “manage whether their sites help improve Bard and Vertex AI generative APIs,” adding that web publishers can use the toggle to “control access to content on a [...]

The best magnetic chargers for your MagSafe iPhone

28 September 2023

Image: The Verge Making sense of Apple’s messy MagSafe charging ecosystem, where the first-party options are far from the best. Continue reading… [...]

Newsrooms around the world are using AI to optimize work, despite concerns about bias and accuracy

28 September 2023

Journalism and other fields are dealing with a new wave of tools like Google Bard. | Image: Google The arrival of generative artificial intelligence has accelerated the use of AI in different fields, including journalism. AI is most visible in journalism when things go wrong. Some newsrooms have published AI articles riddled with errors or offensive suggestions. There’s widespread anxiety that AI will be used to replace journalists on the cheap. But a new global survey demonstrates the ways that AI has worked its way into the business, even as journalists worry about its implications — and they don’t just [...]

Five ways the Meta Quest 3 will (let developers) change the game

28 September 2023

On Wednesday, Meta didn’t announce an obvious killer app alongside the $499 Meta Quest 3 headset — unless you count the bundled Asgard’s Wrath 2 or Xbox Cloud Gaming in VR. But if you watched the company’s Meta Connect keynote and developer session closely, the company revealed a bunch of intriguing improvements that could help devs build a next-gen portable headset game themselves. Graphics — look how far we’ve come This is the obvious one, but it’s also stunning to see just how much better the same games can look on Quest 3 vs. Quest 2. A lot of that’s [...]

The Animated TV Show You Never See

28 September 2023

The HBO series Young Love, about millennial parents in Chicago, has the instincts of an old-school Black sitcom but wears the skin of an animated world. [...]

X Fires Its Election Team Before a Huge Election Year

28 September 2023

The “last man standing” in X’s threat intelligence team has been fired, as the company guts its election integrity response ahead of a year in which more than 50 countries go to the polls. [...]

The 33 Best Shows on Hulu Right Now

28 September 2023

The Full Monty and Fargo are just two of the shows you won’t want to miss on this streaming service. [...]

The Hollywood Writers AI Deal Sure Puts a Lot of Trust in Studios to Do the Right Thing

28 September 2023

The Writers Guild of America won important protections, but it's not enough. When the Screen Actors Guild goes to the table, it should fight for more to keep AI from impinging on the work of artists. [...]

An Epic Fight Over What Really Killed the Dinosaurs

28 September 2023

A deep learning model has joined a vigorous debate over whether volcanoes began dinosaur doomsday well before the asteroid hit. [...]

US Justice Department Urged to Investigate Gunshot Detector Purchases

28 September 2023

A civil liberties group has asked the DOJ to investigate deployment of the ShotSpotter gunfire-detection system, which research shows is often installed in predominantly Black neighborhoods. [...]

Six Months Ago Elon Musk Called for a Pause on AI. Instead Development Sped Up

28 September 2023

Earlier this year, prominent AI and tech experts signed a letter calling for a halt to advanced AI development. When WIRED checked back in, some signatories said they had never expected it to work. [...]

Fitbit Charge 6: Features, Specs, Release Date

28 September 2023

The latest in the company’s most popular series now requires a Google account to track your health data and to use Google Maps and Google Wallet. [...]

16 Best iPhone 15 Cases and Accessories (2023): Clear, Grippy, Rugged, and Stylish

28 September 2023

Titanium doesn’t mean a thing. A case might not be a surefire defense against cracks, but it’s smart to add some protection. [...]

DJI Osmo Action 4 Review: Finally, a Worthy GoPro Competitor

28 September 2023

The company’s latest action cam one-ups the GoPro with a bigger sensor, better mounting system, and a front touchscreen. [...]

Episode 233: Unpacking Log4Shell’s Un-coordinated Disclosure Chaos

Related Stories

Related Posts

Car Cybersecurity Study Shows Drop in Critical Vulnerabilities Over Past Decade

Google Patches Chrome Zero-Day Reported by Apple, Spyware Hunters

Cisco ASA Zero-Day Exploited in Akira Ransomware Attacks