In this 67th episode of The Security Ledger Podcast, we talk with Bob Rudis of the firm Rapid7 about KRACK, a security hole that affects most wi-fi hotspots. Also: Or Katz of Akamai talks about that company’s work analyzing fast-flux botnets, which have become like AirBnB for cyber criminals looking for a place to host malicious networks. Finally: Tim Jarrett of Veracode tells us how a single security hole in an open source library found its way into millions of applications.
Hacker Eye on the Consultant Guy: Deloitte and the Art of spotting Vulnerable Firms from the Outside
In the latest Security Ledger podcast, we analyze the breach of Deloitte by talking to two people who spend a lot of time judging the security of firms by how they look to the outside world. Dan Tentler of the firm Phobos Group tells us what he found out about Deloitte doing some fast and dirty open source research. Also: we talk to Stephen Boyer of the firm BitSight about a new study that firm did of the gap between the security readiness of financial services firms and the third-party software supply chain they rely on.
FedEx, the worldwide package delivery giant, said in a regulatory filing on Tuesday that the NotPetya ransomware outbreak in late June has cost it an estimated $300 million dollars and forced the company to miss its fiscal first quarter earnings. The company said in its quarterly “8K” report to the U.S. Securities and Exchange Commission (SEC) that the impact of NotPetya on TNT Express N.V., a newly acquired subsidiary based in The Netherlands. “Worldwide operations of TNT Express were significantly affected during the first quarter by the June 27 NotPetya cyber attack,” the company reported. The subsidiary has restored “substantially all” critical operational systems but “volume, revenue and profit still remain below previous levels.” The statement is the latest on the effects of NotPetya, which spread by way of bogus updates for software by the Ukrainian firm MeDoc. In July, FedEx said in a filing with the Securities and Exchange Commission […]
What makes a good CSO? In the wake of the Equifax breach, we talk about the controversy over that company’s CSO’s music degree. Also: we talk with Signal Sciences about why companies keep getting hacked via application vulnerabilities like the Apache Struts hole that felled Equifax.
In-brief: Equifax said on Friday that its Chief Information Officer and Chief Security Officer had “retired” in the wake of a massive data breach that leaked sensitive on some 143 million people.