Security Ledger Editor in Chief Paul Roberts discusses the breach at Deloitte and what can be learned about corporations’ security just by looking at them through the eyes of a hacker. His guests are Dan Tentler of the firm Phobos, who uncovered some embarrassing security lapses at Deloitte and Stephen Boyer of the firm BitSight, which rates companies based on their security posture.
Top Stories
Firm that discovered CCleaner Compromise: there may be Others
The firm that discovered the CCleaner attack thinks there may be other common applications that, like CCleaner, have been secretly compromised and used to gain access to corporate networks. Engineers at the firm Morphisec are reviewing historical reports that were considered “false positives” to determine if any of those reports may have been evidence of compromises of other common applications, Chief Technology Officer Michael Gorelik told The Security Ledger. “It’s something we’re doing right now. We’re revalidating stuff that we caught within the last several months,” he said. While Gorelik declined to say whether they had found evidence that other, similar attacks had taken place, he said the initial findings of the investigation were “very interesting.” “They’re very interesting events and when you go deeper they become more interesting,” he said. He said he believed there were other so-called supply chain attacks like CCleaner, but declined to say whether his firm […]
Opinion: NIST Guidelines make Digital Identity all about Risk
Contributing writer Chip Block of the firm Evolver says the new NIST Digital Identity guidelines do much more than rethink passwords. They help solve an age old problem: how to prioritize security spending.
Hole in Mobile Apps Leave Home Automation Systems Vulnerable to Hacking
Mobile applications used with two, popular home automation platforms by Wink and Insteon fail to protect user login information, leaving the devices vulnerable to hacking, a researcher at Rapid7 found.
Episode 64: CCleaner Supply Chain Attack and can Amazon Alexa tell you you’ve been hacked?
Security Ledger Editor in Chief Paul Roberts discusses last week’s attack on the security software CCLeaner with Michael Gorelik, the Chief Technology Officer at the firm Morphisec, which discovered the compromise. He says that CCleaner may be the tip of the iceberg in supply chain attacks. Also: Paul talks with Grant Wernick of Insight Engines about his company’s integration with Splunk and Amazon’s Echo. Are voice-based interfaces the future of security?
