The Security Ledger
@securityledger.bsky.social
Founded in 2012, the Security Ledger is an independent cyber security news website that explores the intersection of cyber security with the Internet of Things. Voted a Top 100 Information Security Blog, we offer original reporting, podcasts and opinion.
A report that dropped this week by Lucija Valentić, a threat researcher at ReversingLabs described her discovery of malicious packages on npm and GitHub that abused Ethereum smart contracts to facilitate malicious command and control.
securityledger.com/2025/09/ethe...
securityledger.com/2025/09/ethe...
Ethereum Smart Contracts Abused In Open Source Supply Chain Attack
ReversingLabs researcher Lucija Valentić discovered malicious packages on the Node Package Manager (npm) open source repository that abused Ethereum smart contracts to facilitate malicious command and...
securityledger.com
September 6, 2025 at 10:03 PM
A report that dropped this week by Lucija Valentić, a threat researcher at ReversingLabs described her discovery of malicious packages on npm and GitHub that abused Ethereum smart contracts to facilitate malicious command and control.
securityledger.com/2025/09/ethe...
securityledger.com/2025/09/ethe...
In our latest podcast we talked with Tanya Janca (@shehackspurple.bsky.social ) about her new book Alice and Bob Learn Secure Coding.
February 25, 2025 at 8:26 PM
In our latest podcast we talked with Tanya Janca (@shehackspurple.bsky.social ) about her new book Alice and Bob Learn Secure Coding.
Props to Sam Curry (@zlz.bsky.social) and Shubham Shah for exposing severe security flaws in the web infrastructure used by #Subaru to manage and surveil...err... "monitor" smart vehicles. #autocyber #telematics #dataprivacy securityledger.com/2025/01/more...
More Of The Shame: Software Flaw Exposes Millions of Subarus, Rivers of Driver Data
A flaw in Subaru's STARLINK connected vehicle service exposed location and driver data for millions of vehicles, a new report finds.
securityledger.com
January 26, 2025 at 5:40 PM
Props to Sam Curry (@zlz.bsky.social) and Shubham Shah for exposing severe security flaws in the web infrastructure used by #Subaru to manage and surveil...err... "monitor" smart vehicles. #autocyber #telematics #dataprivacy securityledger.com/2025/01/more...
In this clip from our latest #podcast, David Kellerman the Field #CTO at Cymulate explains how the company's attack simulation feature works - helping organizations test the effectiveness of security products in real life attack scenarios. Check out the full interview here: lnkd.in/efyEiJRe
January 17, 2025 at 1:23 PM
In this clip from our latest #podcast, David Kellerman the Field #CTO at Cymulate explains how the company's attack simulation feature works - helping organizations test the effectiveness of security products in real life attack scenarios. Check out the full interview here: lnkd.in/efyEiJRe
🎙️ In this clip from our latest podcast, host @paulroberts.bsky.social asks David Kellerman, Field #CTO at #Cymulate about security tool overload and whether enterprises might already have all they need to protect themselves from major cyber risks. #podcast #sponsored
January 16, 2025 at 2:31 AM
🎙️ In this clip from our latest podcast, host @paulroberts.bsky.social asks David Kellerman, Field #CTO at #Cymulate about security tool overload and whether enterprises might already have all they need to protect themselves from major cyber risks. #podcast #sponsored
Our latest podcast is out (episode #259). Our guest: @sophossecurity.bsky.social #CISO Ross McKerchar who talks about Sophos' recent report Pacific Rim detailing a 6 year long cyber campaign by #China based #APT actors targeting Sophos customers. securityledger.com/2024/11/paci...
Pacific Rim: Sophos’ 6 Year Battle To Beat Back China State Hackers
Host Paul Roberts speaks with Sophos CISO Ross McKerchar about Pacific Rim, Sophos' investigation of a years-long Chinese cyber campaign.
securityledger.com
November 22, 2024 at 11:27 PM
Our latest podcast is out (episode #259). Our guest: @sophossecurity.bsky.social #CISO Ross McKerchar who talks about Sophos' recent report Pacific Rim detailing a 6 year long cyber campaign by #China based #APT actors targeting Sophos customers. securityledger.com/2024/11/paci...
Check out our new Spotlight Podcast with Jim Broome, President and #CTO at DirectDefense, a leading MSSP. Jim and host @paulroberts.bsky.social chat about D2's latest Security Operations Threat Report and the evolution of threats and attacks driven by #AI. securityledger.com/2024/05/spot...
Spotlight Podcast: How AI Is Reshaping The Cyber Threat Landscape
Paul speaks with Jim Broome, the CTO & President of DirectDefense about how technologies like AI are reshaping the cybersecurity landscape.
securityledger.com
May 2, 2024 at 1:14 PM
Check out our new Spotlight Podcast with Jim Broome, President and #CTO at DirectDefense, a leading MSSP. Jim and host @paulroberts.bsky.social chat about D2's latest Security Operations Threat Report and the evolution of threats and attacks driven by #AI. securityledger.com/2024/05/spot...
In our latest #podcast, @paulroberts.bsky.social speaks with renowned #IoT hacker Dennis Giese about his mission to liberate robot vacuums from OEM control, letting owners maintain their devices and control the data they collect. #cybersecurity #righttorepair
securityledger.com/2023/12/epis...
securityledger.com/2023/12/epis...
Episode 254: Dennis Giese's Revolutionary Robot Vacuum Liberation Movement | The Security Ledger wit...
Security researcher and IoT hacker Dennis Giese talks about his mission to liberate robot vacuums from the control of their manufacturers, letting owners tinker with their own devices and - importantl...
securityledger.com
December 19, 2023 at 5:36 PM
In our latest #podcast, @paulroberts.bsky.social speaks with renowned #IoT hacker Dennis Giese about his mission to liberate robot vacuums from OEM control, letting owners maintain their devices and control the data they collect. #cybersecurity #righttorepair
securityledger.com/2023/12/epis...
securityledger.com/2023/12/epis...
Dragos Security on Wednesday unveiled a "Community Defense Program" to provide free cybersecurity software for small utilities providing water, electric, and natural gas in the United States. securityledger.com/2023/12/citi...
Citing Attacks On Small Utilities, Dragos Launches Community Defense Program - The Security Ledger w...
Dragos Security on Wednesday unveiled a "Community Defense Program" to provide free cybersecurity software for small utilities providing water, electric, and natural gas in the United States.
securityledger.com
December 6, 2023 at 1:48 PM
Dragos Security on Wednesday unveiled a "Community Defense Program" to provide free cybersecurity software for small utilities providing water, electric, and natural gas in the United States. securityledger.com/2023/12/citi...
The slow motion #appsec car crash known as #MOVEit hit home, highlighting a sad fact of our modern life in the U.S.: the utter lack of online safety and security. securityledger.com/2023/11/apps...
AppSec Is A Mess. Our Kids Are Paying The Price.
Data stolen? Get used to it kid. That's the reality for young people coming of age today in the app sec shanty town that is the 21st century U.S. economy.
securityledger.com
November 15, 2023 at 12:44 PM
The slow motion #appsec car crash known as #MOVEit hit home, highlighting a sad fact of our modern life in the U.S.: the utter lack of online safety and security. securityledger.com/2023/11/apps...
How do we improve software quality and end the epidemic of shoddy, exploitable software harming consumers, communities and businesses? To start, we need to change the way we think and talk about software-based risks, writes @paulroberts.bsky.social.
securityledger.com/2023/10/opin...
securityledger.com/2023/10/opin...
Sickened by Software? Changing The Way We Talk About 0Days
How do we improve software quality and end the epidemic of shoddy, exploitable software harming consumers, communities and businesses? To start, we need to change the way we think and talk about so…
securityledger.com
October 26, 2023 at 2:11 PM
How do we improve software quality and end the epidemic of shoddy, exploitable software harming consumers, communities and businesses? To start, we need to change the way we think and talk about software-based risks, writes @paulroberts.bsky.social.
securityledger.com/2023/10/opin...
securityledger.com/2023/10/opin...
In this Security Ledger #Podcast @shehackspurple.bsky.social of the group We Hack Purple (now SemGrep), talks with Security Ledger host @paulroberts.bsky.social about the biggest security mistakes that #DevSecOps teams make, and the #OSS “tragedy of the commons.” securityledger.com/2023/10/epis...
Episode 253: DevSecOps Worst Practices With Tanya Janca of We Hack Purple
Tanya Janca of the group We Hack Purple, talks with Security Ledger host Paul Roberts about the biggest security mistakes that DevSecOps teams make.
securityledger.com
October 13, 2023 at 12:47 AM
In this Security Ledger #Podcast @shehackspurple.bsky.social of the group We Hack Purple (now SemGrep), talks with Security Ledger host @paulroberts.bsky.social about the biggest security mistakes that #DevSecOps teams make, and the #OSS “tragedy of the commons.” securityledger.com/2023/10/epis...
Expert Insight, Derek Kernus, the Director of Cybersecurity Operations at DTS talks about the challenges facing small businesses that are under pressure to adopt #cybersecurity best practices without breaking their budget. #SME #opinion #riskmanagement securityledger.com/2023/10/what...
What does it cost small businesses to get advanced cybersecurity?
Derek Kernus, Director of Cybersecurity Operations at DTS, talks about the challenges facing small businesses under pressure to adopt cyber best practices.
securityledger.com
October 13, 2023 at 12:43 AM
Expert Insight, Derek Kernus, the Director of Cybersecurity Operations at DTS talks about the challenges facing small businesses that are under pressure to adopt #cybersecurity best practices without breaking their budget. #SME #opinion #riskmanagement securityledger.com/2023/10/what...
In this podcast, host Paul Roberts speaks with @colinoflynn.bsky.social of the firm NewAE about his work to patch shoddy software on his #Samsung electric oven – and big questions about our rights to fix, tinker with or replace the software that powers connected stuff. #BlackHat2023 #righttorepair
Black Hat: Colin O'Flynn On Hacking An Oven To Make It Stop Lying
Host Paul Roberts speaks with Colin O'Flynn about his Black Hat talk on patching the shoddy software on his electric oven and implications for the IoT.
securityledger.com
August 10, 2023 at 4:45 PM
In this podcast, host Paul Roberts speaks with @colinoflynn.bsky.social of the firm NewAE about his work to patch shoddy software on his #Samsung electric oven – and big questions about our rights to fix, tinker with or replace the software that powers connected stuff. #BlackHat2023 #righttorepair
All eyes are on the AIVillage at @defcon.bsky.social but is a village the best format for assessing the #cyberrisks of #AI? Experts have their doubts…
Is a DEF CON Village the right way to assess AI risk? | The Security Ledger with Paul F. Roberts
Is a DEF CON village the best venue for assessing the cyber risks of large language model AI like ChatGPT? Experts have their doubts.
securityledger.com
June 13, 2023 at 4:53 PM
All eyes are on the AIVillage at @defcon.bsky.social but is a village the best format for assessing the #cyberrisks of #AI? Experts have their doubts…