Podcast: Play in new window | DownloadSubscribe: Android | RSSThe hack of Uber and the loss of information on 57 million customers is just the latest security incident stemming from what our guest Elizabeth Lawler calls “DevOps secrets” – valuable credentials, APIs and other sensitive information that often end up exposed to the public as a result of lax continuous development operations. In this Spotlight Edition* of The Security Ledger Podcast, sponsored by CyberArk, we talk with Elizabeth about how to contain DevOps secrets and secure the secret super user lurking in modern organizations: highly privileged application code.
Podcast: Play in new window | DownloadSubscribe: Android | RSSIn this week’s Security Ledger podcast, sponsored by our friends at CyberArk, we talk about the German government’s recent decision to declare kids smart watches “surveillance devices” and to order their destruction. Also: Adrian Shabaz of Freedom House comes in to talk to us about the latest Internet Freedom report, which finds that governments are increasingly manipulating online content to shape online discussions and even the outcome of elections at home and abroad. And finally: leaked credentials in a GitHub repository may have been behind Uber’s loss of information on some 50 million customers. In a preview of a Security Ledger spotlight podcast, we hear from Elizabeth Lawler of CyberArk about the proliferation of so-called “Dev Ops secrets” and how companies need to do a better managing the permissions assigned to applications.
China is doing a better job finding and disclosing information on software security holes…except when those vulnerabilities are high risk and might be used in targeted attacks. That, according to a report out Thursday by the firm Recorded Future.
A Department of Homeland Security (DHS) Alert released on Tuesday warns the public about a campaign of hacking by the government of North Korea it has code-named “Hidden Cobra.”
North Korean hackers have stepped up their attacks on U.S. defense contractors in an apparent effort to gain intelligence on weapon systems and other assets that might be used against the country in an armed conflict with the United States and its allies, The Security Ledger has learned.