Recent Posts

Firm that discovered CCleaner Compromise: there may be Others

The firm that discovered the CCleaner attack thinks there may be other common applications that, like CCleaner, have been secretly compromised and used to gain access to corporate networks. Engineers at the firm Morphisec are reviewing historical reports that were considered “false positives” to determine if any of those reports may have been evidence of compromises of other common applications, Chief Technology Officer Michael Gorelik told The Security Ledger. “It’s something we’re doing right now. We’re revalidating stuff that we caught within the last several months,” he said. While Gorelik declined to say whether they had found evidence that other, similar attacks had taken place, he said the initial findings of the investigation were “very interesting.” “They’re very interesting events and when you go deeper they become more interesting,” he said.  He said he believed there were other so-called supply chain attacks like CCleaner, but declined to say whether his firm […]

Continue Reading

Opinion: NIST Guidelines make Digital Identity all about Risk

Contributing writer Chip Block of the firm Evolver says the new NIST Digital Identity guidelines do much more than rethink passwords. They help solve an age old problem: how to prioritize security spending. 

Continue Reading

Hole in Mobile Apps Leave Home Automation Systems Vulnerable to Hacking

Mobile applications used with two, popular home automation platforms by Wink and Insteon fail to protect user login information, leaving the devices vulnerable to hacking, a researcher at Rapid7 found. 

Continue Reading

Is CCleaner the Tip of an Iceberg of Supply Chain Hacks? And Alexa: did China hack us Last Night?

In the latest Security Ledger podcast, Paul speaks with Michael Gorelik of the firm Morphisec about the hack of security software vendor CCleaner – a hack that Gorelik’s firm discovered. CCleaner, he says, may just be the tip of the iceberg when it comes to supply chain hacks. And: “Alexa: have we been hacked by China?” Paul speaks with Grant Wernick of the firm Insight Engines, which is releasing a product this week that integrates the Splunk log management tool with Amazon’s voice assistant. 

Continue Reading

Episode 64: CCleaner Supply Chain Attack and can Amazon Alexa tell you you’ve been hacked?

Security Ledger Editor in Chief Paul Roberts discusses last week’s attack on the security software CCLeaner with Michael Gorelik, the Chief Technology Officer at the firm Morphisec, which discovered the compromise. He says that CCleaner may be the tip of the iceberg in supply chain attacks. Also: Paul talks with Grant Wernick of Insight Engines about his company’s integration with Splunk and Amazon’s Echo. Are voice-based interfaces the future of security?

Continue Reading
1 134 135 136 137 138 397