Tag: APT

An analysis of the code used in the CCleaner attack reveals similarities to an earlier APT group based in China.

Is CCleaner the Tip of an Iceberg of Supply Chain Hacks? And Alexa: did China hack us Last Night?

In the latest Security Ledger podcast, Paul speaks with Michael Gorelik of the firm Morphisec about the hack of security software vendor CCleaner – a hack that Gorelik’s firm discovered. CCleaner, he says, may just be the tip of the iceberg when it comes to supply chain hacks. And: “Alexa: have we been hacked by China?” Paul speaks with Grant Wernick of the firm Insight Engines, which is releasing a product this week that integrates the Splunk log management tool with Amazon’s voice assistant. 

Equifax said last week that hackers may have made off with information on 143 million individuals. But the company's response to the hack may have angered customers more than the hack itself. (Image courtesy of Equifax.)

Inside the Equifax Hack, Facebook’s Problem with Authoritarianism & ASPertise harnesses Asperger’s Syndrome

In-brief: In this week’s podcast, Security Ledger Editor in Chief Paul Roberts talks with noted security researcher Robert “RSnake” Hansen about the data breach at Equifax and why the company’s response to it was so lacking. Also: Chris Sumner of the Online Privacy Foundation talks about why Facebook is a killer app for information operations and we talk to the president of ASPertise: a consulting firm by and of professionals with Aspergers and Autism spectrum disorders.

Facebook said thousands of ads that ran on its site in 2015 and 2016 have links to Russian information operations.

Facebook: Russia’s Hand in Disinformation Campaign That Reached Millions

In-brief: Facebook said thousands of ads that ran on its site in 2015 and 2016 have links to Russian information operations. The ads were designed to foment discord around a range of issues. 

The USS John S

Hacking Warships, Capitol Hill takes a Swing at IoT Security and why CS Grads don’t get Security

In-brief: on this week’s Security Ledger Podcast, we delve deeper into the question of maritime cyber security, speaking with noted researcher Ruben Santamarta of the firm IOActive about the work he’s done exposing vulnerabilities in the software that runs both commercial and navy vessels. Also: Alan Brill of Kroll joins us to talk about The Internet of Things Cybersecurity Improvement Act. And we talk to Maria Loughlin of the firm Veracode about a new survey that suggests undergraduate computer science majors aren’t receiving adequate instruction in cyber security. 

Sea Level Rise, Runaway AI and Grid Hacks: Why We Ignore Warnings about Preventable Catastrophes

Sea Level Rise, Runaway AI and Grid Hacks: Why We Ignore Warnings about Preventable Catastrophes

In-brief: is it ever the case that things happen that “nobody saw coming”? Our guest on this week’s podcast would say “no.” He is Richard Clarke, a former National Coordinator for Security, Infrastructure Protection and Counter-terrorism for the United States and a veteran of four administrations, from President Ronald Reagan through to President George W. Bush. We talk about modern-day Cassandras: people who are warning about looming catastrophes, mostly in vain.