Other News

CrowdStrike says that North Korean hackers have been expanding their list of targets to include defense and financial firms in the US.

North Korea’s widening Net, pricing the Equifax Hack & Dark Markets in Turmoil

In this week’s podcast, after a string of reports about North Korea’s growing forays onto sensitive corporate networks, we speak with Adam Meyers of CrowdStrike about the widening net of North Korean offensive hacking and how the Hermit Kingdom is playing the part both of cyber criminal and nation-state actor.  Also: we unpack the cost of the Equifax breach with Accenture and talk to Flashpoint about the turmoil on the deep, dark web following the shutdown of the AlphaBay marketplace. 

China's government appears to be suppressing information on serious, exploitable security vulnerabilities in software, a study by Recorded Future found.

China delays notification of software holes targeted in state hacks

China is doing a better job finding and disclosing information on software security holes…except when those vulnerabilities are high risk and might be used in targeted attacks. That, according to a report out Thursday by the firm Recorded Future.

There are warnings from the DHS and FBI about a North Korean cyber operation dubbed Hidden Cobra.

US Government Warns of Hidden Cobra North Korea Cyber Threat

A Department of Homeland Security (DHS) Alert released on Tuesday warns the public about a campaign of hacking by the government of North Korea it has code-named “Hidden Cobra.”

Cisco said that it discovered a slew of new flaws in Foscam's indoor IP cameras that could expose the devices to remote attacks.

Cisco Talos finds More Flaws in Foscam Cameras

Cisco Systems is warning the public about a range of new vulnerabilities it has discovered in IP cameras from the firm Foscam, a popular maker of commercial and consumer surveillance cameras, the second trove of software security holes uncovered since June. 

The FBI is warning medical and dental offices to be on the lookout for insecure FTP servers.

Securing Medical Devices, Rethinking OWASP’s Top 10 & BlackDuck CEO Lou Shipley

In this, our 70th episode of The Security Ledger podcast, we speak withXu Zou of the Internet of Things security startup Zingbox about the challenges of securing medical devices and clinical networks from cyber attack. Also: we take a look at the turmoil that has erupted around the OWASP Top 10, a list of common application security foibles. And finally: open source management vendor Black Duck Software announced that it was being acquired for more than half a billion dollars. We sit down with Black Duck CEO Lou Shipley to talk about the software supply chain and to hear what’s next for his company.