Search Results for "supply chain"

Podcast: Made In China, Secured In The U.S.

We’ve written a lot about the threat posed by nation-state sponsored hackers  to U.S. corporations and the economy. So-called “advanced persistent threat” (or APT) style attacks against corporate and government networks have been linked to the theft of sensitive data and intellectual property. Difficult as it is to stop APT attacks against networks, it’s even more challenging to identify threats one-step removed from direct attacks. Lately, attention has shifted to vulnerabilities in the supply chain of companies selling networking gear, servers and other critical IT components. Concerns about corrupted products from foreign suppliers were enough to prompt the U.S. Congress to hold hearings focused on the threat posed to government agencies by Chinese networking equipment makers like Huawei and ZTE. In this week’s podcast, The Security Ledger talks with Jerry Caponera, of Cyberpoint International. Cyberpoint is a Baltimore, Maryland firm that sells Prescient, a service that verifies where true vulnerabilities exist […]

Continue Reading

IT Security A Major Stumbling Block To Smart Manufacturing

The Internet of Things holds tremendous promise for the manufacturing space. But smart factories may still be more than a decade away, due in part to a lack of solid IT security controls, according to a survey of 1,300 German manufacturing firms and academics. The survey of 1,300 members companies and universities by the German Association for Electrical, Electronic, and Information Technologies (VDE) found that only 20% anticipated adoption of “smart production” (or “Industry 4.0” – as its referred to) by the start of the next decade. In contrast, 70% of those surveyed doubted that smart manufacturing goals would be achieved by 2025, despite obvious advantages. Why the skepticism? One commonly cited reason is a lack of strong IT security. According to a write-up on SAP’s blog, IT security was the most oft-cited obstacle to setting up smart factories. Sixty six percent of those surveyed cited security concerns as a reason to […]

Continue Reading

Malware’s Future Looks A Lot Like Its Present

SAN FRANCISCO – What does the future of malicious software look like? Depressingly like the present, according to a panel of leading experts. Phishing attacks, spam and even self-propagating worms will continue to plague technology users in the years ahead, just as they have for much of the last two decades, according to experts at the RSA Security Conference in San Francisco on Wednesday. However, the malware will operate across a far more crowded landscape of mobile devices, virtual machines, cloud-based computing resources and Internet connected “stuff” – complicating the job of securing sensitive information. The panel, “50 Minutes into the Future: Tomorrow’s Malware Threats” asked the experts to look into the crystal ball and predict what malicious software would look like in the near- and distant future. The answer was: much like it looks today. Dave Marcus, the director of security research and communications at McAfee Labs, said that the […]

Continue Reading

Profile Poisoning the Next Frontier for Hackers

Google and Facebook already know everything about you – your interests, friends, tastes and even your movements. That’s already a privacy nightmare, but researchers at the Georgia Institute of Technology’s Information Security Center (GTISC) think it could soon be a security nightmare, also. Automated information systems already determine what version of the news most of us see. But researchers at Georgia Tech warn that the power of such systems to shape what each of us see online could soon become a powerful tool in the hands of sophisticated attackers, who might look for ways to manipulate victims’ online profile to steer them to certain sites, according to the report “Emerging Cyber Threats Reports 2013.” Researchers at Georgia Tech said attacks that manipulate a victim’s search history, part of their online profile, using cross-site request forgery are already technically feasible. In practice, they would allow for a kind of super-search engine […]

Continue Reading
Cancelled Talk DEF CON

A Digital Lock Maker Tried To Squash A DEF CON Talk. It Happened Anyway. Here’s Why.

Keyless lock maker Digilock withdrew a cease and desist order and allowed a DEF CON talk on security flaws in its devices to move forward. Other device makers should take note!

Continue Reading
1 38 39 40 41 42 43