Hundreds of millions of wireless devices may be affected by a flaw in WPA-2, a widely used standard for securing wireless Internet connections. (Updated to add commentary by Bob Rudis of Rapid 7.)
Hacks & Hackers
CEO Eugene Kaspersky likened a Wall Street Journal report on his company’s software being used to hack an NSA contractor to “the script of a C movie” and said his company was in the middle of a geopolitical dispute.
Hacker Eye on the Consultant Guy: Deloitte and the Art of spotting Vulnerable Firms from the Outside
In the latest Security Ledger podcast, we analyze the breach of Deloitte by talking to two people who spend a lot of time judging the security of firms by how they look to the outside world. Dan Tentler of the firm Phobos Group tells us what he found out about Deloitte doing some fast and dirty open source research. Also: we talk to Stephen Boyer of the firm BitSight about a new study that firm did of the gap between the security readiness of financial services firms and the third-party software supply chain they rely on.
A survey of public data breaches has found a large increase in the number of records that have been stolen, lost or compromised in the first six months of 2017. The firm Gemalto said that the number of records caught up in breaches jumped 164% from the second half of 2016 and the first half 2017 to almost 2 billion lost records. That is more than the total number of records lost in all of 2016. Gemalto said its latest data from the company’s Breach Level Index, a global database of public data breaches, indicates 918 data breaches led to 1.9 billion data records being compromised worldwide in the first half of 2017. Most of the leaked records came from just 22 large data breaches, each involving more than one million compromised records, the company said. How many records? Nobody knows. Even more worrying: of the 918 data breaches, the […]
What makes a good CSO? In the wake of the Equifax breach, we talk about the controversy over that company’s CSO’s music degree. Also: we talk with Signal Sciences about why companies keep getting hacked via application vulnerabilities like the Apache Struts hole that felled Equifax.