Tag: vulnerabilities

Plumbing the KRACK Vulnerability and Fast Flux Botnets: the AirBnB of the Cybercrime World

Plumbing the KRACK Vulnerability and Fast Flux Botnets: the AirBnB of the Cybercrime World

In this 67th episode of The Security Ledger Podcast, we talk with Bob Rudis of the firm Rapid7 about KRACK, a security hole that affects most wi-fi hotspots. Also: Or Katz of Akamai talks about that company’s work analyzing fast-flux botnets, which have become like AirBnB for cyber criminals looking for a place to host malicious networks. Finally: Tim Jarrett of Veracode tells us how a single security hole in an open source library found its way into millions of applications. 

A flaw in firmware by Infineon could have widespread and long-lasting implications for security on the Internet of Things, security experts warn.

ROCA Crypto Flaw could have big Impact on Internet of Things

With no simple way to patch affected systems, the security vulnerability in Trusted Platform Module (TPM) chipsets made by the firm Infineon may be with us for years to come, security experts warn.

A flaw in the WPA-2 wireless protocol leaves millions of device vulnerable to hacking and other malicious acts.

Update: Flaw in widely used Wi-Fi Standard could allow snooping

Hundreds of millions of wireless devices may be affected by a flaw in WPA-2, a widely used standard for securing wireless Internet connections.  (Updated to add commentary by Bob Rudis of Rapid 7.)

What can you tell about a company's security just by looking at it from the outside? A lot.

Hacker Eye on the Consultant Guy: Deloitte and the Art of spotting Vulnerable Firms from the Outside

In the latest Security Ledger podcast, we analyze the breach of Deloitte by talking to two people who spend a lot of time judging the security of firms by how they look to the outside world. Dan Tentler of the firm Phobos Group tells us what he found out about Deloitte doing some fast and dirty open source research. Also: we talk to Stephen Boyer of the firm BitSight about a new study that firm did of the gap between the security readiness of financial services firms and the third-party software supply chain they rely on. 

Security holes in mobile applications leave home automation hubs by Insteon and Wink vulnerable to attack, a researcher at Rapid7 warns.

Hole in Mobile Apps Leave Home Automation Systems Vulnerable to Hacking

Mobile applications used with two, popular home automation platforms by Wink and Insteon fail to protect user login information, leaving the devices vulnerable to hacking, a researcher at Rapid7 found.