MikroTik is part of a bigger problem: the failure of infrastructure owners to take appropriate action to address serious security holes in products.
Podcast: Play in new window | Download (Duration: 35:36 — 40.7MB)Subscribe: Android | Email | Google Podcasts | RSSIn this week’s episode (#115), noted hardware enthusiast and hacker Joe Grand (aka “Kingpin”) told reporters from Bloomberg that finding an in-the-wild supply chain hack implanting malicious hardware on motherboards was akin to witnessing “a unicorn jumping over a rainbow.” They went with their story about just such an attack anyway. Joe joins us in the Security Ledger studios to talk about whether Bloomberg got it right. Also, Adam Meyers of Crowdstrike comes into the studio to talk about the U.S. Department of Justice indictment of seven Russian nationals. Adam talks about the hacks behind the charges and what comes next.
The NotPetya malware’s ability to cripple even sophisticated, global firms is a cautionary tale about the need for businesses to understand their risk and take a holistic view of security says Fadi Albatal, Chief Strategy Officer at Hitachi Systems Security.*
Podcast: Play in new window | Download (Duration: 29:33 — 33.8MB)Subscribe: Android | Email | Google Podcasts | RSSIn this week’s podcast: Facebook revealed that a breach affected 50 million accounts and as many as 90 million users. Is complexity at the root of the social media giant’s troubles? We speak with Gary McGraw of the firm Synopsys about it. Also: BIOS-based malware has been demonstrated at security conferences for years. Last week, the security firm ESET warned that it identified a sample in the wild. Even worse: the Russian Hacking Group Fancy Bear was believed to be responsible. We’ll talk to firmware security expert Giovanni Vigna of the firm Lastline about the truth and hype around LoJax and other firmware based attacks.
Smart vehicles are less vulnerable than they were a few years ago, thanks to improvements in security according to a new report from the security firm IOActive.