privilege escalation

Top Secret

Podcast: Uber Breach Puts Focus on Securing DevOps Secrets

Podcast: Play in new window | Download (Duration: 24:17 — 44.5MB)Subscribe: Android | Email | Google Podcasts | RSSThe hack of Uber and the loss of information on 57 million customers is just the latest security incident stemming from what our guest Elizabeth Lawler calls “DevOps secrets” – valuable credentials, APIs and other sensitive information that often end up exposed to the public as a result of lax continuous development operations. In this Spotlight Edition* of The Security Ledger Podcast, sponsored by CyberArk, we talk with Elizabeth about how to contain DevOps secrets and secure the secret super user lurking in modern organizations: highly privileged application code. 

Report: Hacking Crews are all APT now

  In-brief:The tactics of cyber criminal hacking crews are indistinguishable from those of sophisticated, state sponsored “advanced persistent threat” groups, the firm FireEye said in its most recent M-Trends report.

Don’t Be The DNC: An Introduction to Enterprise Threat Hunting

In-brief: The New York Times expose on the hack of the Democratic National Committee is a case study in how not to respond to a cyber attack. In this video interview with Tim Bandos of Digital Guardian, we talk about how to do it right. His new ebook on hunting digital threats in the enterprise explains that incident response doesn’t have to cost a fortune. 

Cyberattack Inflicts Massive Damage on German Steel Factory

  A report released this week from Germany’s Federal Office for Information Security said that a German steel manufacturing plant was severely damaged by a cyber-physical attack this year. The incident was mentioned in an annual report by the Bundesamt für Sicherheit in der Informationstechnik (or BSI), which provided a summary of cyber security issues and incidents affecting Germany. According to the report, a German steel manufacturing facility was the victim of a “targeted attack” that the report labeled an “APT” or “advanced persistent threat” style attack.  [Read more Security Ledger coverage of APT-style attacks.] The attackers used a sophisticated spear-phishing e-mail and social engineering to get access to the office network at the steelworks, the report claims. “From there, they worked successively to production networks.” The malicious code disrupted the function of control system components that led to a blast furnace not being able to be turned off in a regulated fashion. “The result (was) massive damage […]

Big Data, Security Drive Dell In Post-PC Future

If you consider how the Internet of Things is transforming the technology industry, one of the most interesting and thought-provoking areas to pay attention to is what we might consider technology “majors” – firms like HP and IBM and Cisco that made their mark (and their hundreds of billions) serving the needs of an earlier generation of technology consumers. How these established technology firms are pivoting to address the myriad challenges posed by the “Internet of Things” tells us a lot about how the IoT market is likely to shake out for consumers and – more pressingly- the enterprise.