Other News

Hacking Team incident prompts calls to retire Adobe Flash

July 13, 2015 22:465 comments
Hacking Team incident prompts calls to retire Adobe Flash

  In-brief: Adobe’s Flash technology may end up being the highest profile victim of the attack on software arms dealers the Hacking Team, as news of that group’s reliance on Flash vulnerabilities prompts calls for Adobe to permanently retire the web-enhancing technology.

Read more ›

Morpho Is A Profit-Based Hacking Group, Says Symantec

July 10, 2015 16:240 comments

Attribution in information security attack is a difficult thing. Being able to put a particular person behind a keyboard is often the problem. However, in recent years, security companies have been doing a better job of identifying groups of individuals with similar attack methods and preferences. For example CrowdStrike has identified over seven thousand discrete groups of state-sponsored groups, criminals, and hacktivists solely by their methods of operation, their patterns of attack. A report this week from Symantec looks at one particular group they call Morpho, which they believe is not state-sponsored but nonetheless responsible for intellectual property theft for monetary gain. Symantec notes that one key difference between attacks coming from competitors and state-sponsored attackers is that competitors are likely in a better position to request the theft of specific information of economic value. They make faster use of this information than a state-sponsored group. Morpho hs a preference […]

Read more ›

Opinion: The Security Case for Software Defined Networking

11:490 comments
Opinion: The Security Case for Software Defined Networking

  In-brief: Recent news events underscore the threat that companies face from inadequately protected internal network assets. Cisco’s Scott Harrell argues that the adoption of software-defined networking may provide a powerful new tool to halt hackers ability to move within compromised networks.

Read more ›

New OpenSSL Flaw Is No Heartbleed

July 9, 2015 14:280 comments

In Brief: Although severe, a new vulnerability in OpenSSL that allows an attacker to impersonate a trusted CA serveris expected to have minimal impact. OpenSSL today issued a high severity advisory warning of forged certificates. During certificate verification, the alert says OpenSSL will attempt to find an alternative certificate chain if the first attempt to build such a chain fails. This could allow an adversary to impersonate a trusted CA server and eavesdrop on otherwise encrypted communication. Fortunately, the flaw only affects versions of OpenSSL released last month and not yet available in some OSs such as Ubuntu. Affected versions are OpenSSL 1.0.2c, 1.0.2b, 1.0.1n and 1.0.1o. Despite the severity, experts expect the overall impact will be minimal. “Exploiting the OpenSSL vulnerability (CVE-2015-1793) is not quick or easy, making it nowhere near as serious as Heartbleed,” said Veracode’s Vice President of Research Chris Eng in an email. “For starters, an […]

Read more ›

Sign up for The Daily Ledger

The day's security news from The Security Ledger in one e-mail.

Security Ledger Video

Paul talks with Sean Lorenz of Xively about the latest CES.

Paul chats with Pete Chestna and Ryan O'Boyle of Veracode about integrating secure development into agile development environments.

Founder and Editor in Chief

Paul F. Roberts

Paul F. Roberts

I'm the founder and Editor in Chief of The Security Ledger (securityledger.com), an independent security news and analysis publication that explores the intersection of cyber security with the Internet of Things.

View Full Profile →

%d bloggers like this: