Tag: Policy

OceanLotus, an advanced threat group believed to be operating out of Vietnam, is alleged to have targeted ASEAN and other civil society groups.

Report details mass digital surveillance, attacks on ASEAN linked to Vietnamese APT group

The security firm Volexity reported on Monday that it uncovered a massive campaign of digital surveillance and web-based attacks directed at ASEAN and other civil society groups in Vietnam, Cambodia and other countries, including ASEAN, the Association of Southeast Asian Nations. Volexity researchers discovered malicious code lurking on main website for ASEAN and more than 80 other websites, many belonging to small media, human rights and civil society organizations, as well as individuals who had been critical of the Vietnamese government. The malicious code allowed the hacking group, dubbed OceanLotus, to track, profile and target visitors to the websites, Volexity said. The scope of the campaign was one of the largest the researchers have ever come across, rivaling the so-called “Waterbug” campaign of phishing and watering hole attacks that was described by the security firm Symantec in 2016. Links to Vietnam OceanLotus is believed to be an Advanced Persistent Threat (or […]

Ryan Kazanciyan talks to us about how he helps USA Network get the hacking scenes in Mr. Robot right. (Image courtesy of USA Network.)

Hacking Back Reconsidered and the Guy who makes Mr. Robot’s Hacking Scenes Look So Good

In this week’s podcast, we talk with Gadi Evron of Cymmetria, which released Mazehunter, a targeted hack-back tool this week about going on offense and staying on the right side of the law. Also: Ryan Kazanciyan of Tanium is one of the talented hackers who help design Mr. Robot’s hacking scenes. We talk with him about bringing realistic hacks alive on the small screen. And: when Uncle Sam dishes the dirt on a state sponsored campaign against critical infrastructure, what are companies supposed to do with the information? Mark Durfresne of the firm Endgame and Itzik Kotler of the firm Safebreach give us their thoughts.

Kaspersky Lab's name has been linked to increasingly detailed reports of spying by Russian intelligence agencies.

Kaspersky’s Cold War(e), Unpacking DOJ’s Encryption Talk and regulating IoT

Podcast: Play in new window | DownloadSubscribe: Android | RSS | MoreIn our latest Security Ledger Podcast we talk about Kaspersky Lab’s Cold War tinged smack down with for NSA analyst Dave Aitel of Immunity Inc. Also: Bruce Schneier weighs in on what has and hasn’t changed in the Trump DOJ’s take on strong encryption, while Josh Corman of PTC tells us that federal rules governing IoT security may be closer than we think.

What can you tell about a company's security just by looking at it from the outside? A lot.

Hacker Eye on the Consultant Guy: Deloitte and the Art of spotting Vulnerable Firms from the Outside

Podcast: Play in new window | DownloadSubscribe: Android | RSS | MoreIn the latest Security Ledger podcast, we analyze the breach of Deloitte by talking to two people who spend a lot of time judging the security of firms by how they look to the outside world. Dan Tentler of the firm Phobos Group tells us what he found out about Deloitte doing some fast and dirty open source research. Also: we talk to Stephen Boyer of the firm BitSight about a new study that firm did of the gap between the security readiness of financial services firms and the third-party software supply chain they rely on.