The Security Ledger's Avatar

The Security Ledger

@securityledger.bsky.social

Founded in 2012, the Security Ledger is an independent cyber security news website that explores the intersection of cyber security with the Internet of Things. Voted a Top 100 Information Security Blog, we offer original reporting, podcasts and opinion.

267 Followers  |  4 Following  |  15 Posts  |  Joined: 08.06.2023  |  1.8389

Latest posts by securityledger.bsky.social on Bluesky

Preview
Ethereum Smart Contracts Abused In Open Source Supply Chain Attack ReversingLabs researcher Lucija Valentić discovered malicious packages on the Node Package Manager (npm) open source repository that abused Ethereum smart contracts to facilitate malicious command and...

A report that dropped this week by Lucija Valentić, a threat researcher at ReversingLabs described her discovery of malicious packages on npm and GitHub that abused Ethereum smart contracts to facilitate malicious command and control.

securityledger.com/2025/09/ethe...

06.09.2025 22:03 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Video thumbnail

In our latest podcast we talked with Tanya Janca (@shehackspurple.bsky.social ) about her new book Alice and Bob Learn Secure Coding.

25.02.2025 20:26 β€” πŸ‘ 4    πŸ” 1    πŸ’¬ 0    πŸ“Œ 1
Preview
More Of The Shame: Software Flaw Exposes Millions of Subarus, Rivers of Driver Data A flaw in Subaru's STARLINK connected vehicle service exposed location and driver data for millions of vehicles, a new report finds.

Props to Sam Curry (@zlz.bsky.social) and Shubham Shah for exposing severe security flaws in the web infrastructure used by #Subaru to manage and surveil...err... "monitor" smart vehicles. #autocyber #telematics #dataprivacy securityledger.com/2025/01/more...

26.01.2025 17:40 β€” πŸ‘ 0    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0
Video thumbnail

In this clip from our latest #podcast, David Kellerman the Field #CTO at Cymulate explains how the company's attack simulation feature works - helping organizations test the effectiveness of security products in real life attack scenarios. Check out the full interview here: lnkd.in/efyEiJRe

17.01.2025 13:23 β€” πŸ‘ 1    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0
Video thumbnail

πŸŽ™οΈ In this clip from our latest podcast, host @paulroberts.bsky.social asks David Kellerman, Field #CTO at #Cymulate about security tool overload and whether enterprises might already have all they need to protect themselves from major cyber risks. #podcast #sponsored

16.01.2025 02:31 β€” πŸ‘ 0    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0
Preview
Pacific Rim: Sophos’ 6 Year Battle To Beat Back China State Hackers Host Paul Roberts speaks with Sophos CISO Ross McKerchar about Pacific Rim, Sophos' investigation of a years-long Chinese cyber campaign.

Our latest podcast is out (episode #259). Our guest: @sophossecurity.bsky.social #CISO Ross McKerchar who talks about Sophos' recent report Pacific Rim detailing a 6 year long cyber campaign by #China based #APT actors targeting Sophos customers. securityledger.com/2024/11/paci...

22.11.2024 23:27 β€” πŸ‘ 3    πŸ” 1    πŸ’¬ 1    πŸ“Œ 0
Preview
Spotlight Podcast: How AI Is Reshaping The Cyber Threat Landscape Paul speaks with Jim Broome, the CTO & President of DirectDefense about how technologies like AI are reshaping the cybersecurity landscape.

Check out our new Spotlight Podcast with Jim Broome, President and #CTO at DirectDefense, a leading MSSP. Jim and host @paulroberts.bsky.social chat about D2's latest Security Operations Threat Report and the evolution of threats and attacks driven by #AI. securityledger.com/2024/05/spot...

02.05.2024 13:14 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
Episode 254: Dennis Giese's Revolutionary Robot Vacuum Liberation Movement | The Security Ledger wit... Security researcher and IoT hacker Dennis Giese talks about his mission to liberate robot vacuums from the control of their manufacturers, letting owners tinker with their own devices and - importantl...

In our latest #podcast, @paulroberts.bsky.social speaks with renowned #IoT hacker Dennis Giese about his mission to liberate robot vacuums from OEM control, letting owners maintain their devices and control the data they collect. #cybersecurity #righttorepair
securityledger.com/2023/12/epis...

19.12.2023 17:36 β€” πŸ‘ 1    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0
Preview
Citing Attacks On Small Utilities, Dragos Launches Community Defense Program - The Security Ledger w... Dragos Security on Wednesday unveiled a "Community Defense Program" to provide free cybersecurity software for small utilities providing water, electric, and natural gas in the United States.

Dragos Security on Wednesday unveiled a "Community Defense Program" to provide free cybersecurity software for small utilities providing water, electric, and natural gas in the United States. securityledger.com/2023/12/citi...

06.12.2023 13:48 β€” πŸ‘ 1    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0
Preview
AppSec Is A Mess. Our Kids Are Paying The Price. Data stolen? Get used to it kid. That's the reality for young people coming of age today in the app sec shanty town that is the 21st century U.S. economy.

The slow motion #appsec car crash known as #MOVEit hit home, highlighting a sad fact of our modern life in the U.S.: the utter lack of online safety and security. securityledger.com/2023/11/apps...

15.11.2023 12:44 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 1
Preview
Sickened by Software? Changing The Way We Talk About 0Days How do we improve software quality and end the epidemic of shoddy, exploitable software harming consumers, communities and businesses? To start, we need to change the way we think and talk about so…

How do we improve software quality and end the epidemic of shoddy, exploitable software harming consumers, communities and businesses? To start, we need to change the way we think and talk about software-based risks, writes @paulroberts.bsky.social.

securityledger.com/2023/10/opin...

26.10.2023 14:11 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 1
Preview
Episode 253: DevSecOps Worst Practices With Tanya Janca of We Hack Purple Tanya Janca of the group We Hack Purple, talks with Security Ledger host Paul Roberts about the biggest security mistakes that DevSecOps teams make.

In this Security Ledger #Podcast @shehackspurple.bsky.social of the group We Hack Purple (now SemGrep), talks with Security Ledger host @paulroberts.bsky.social about the biggest security mistakes that #DevSecOps teams make, and the #OSS β€œtragedy of the commons.” securityledger.com/2023/10/epis...

13.10.2023 00:47 β€” πŸ‘ 2    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0
Preview
What does it cost small businesses to get advanced cybersecurity? Derek Kernus, Director of Cybersecurity Operations at DTS, talks about the challenges facing small businesses under pressure to adopt cyber best practices.

Expert Insight, Derek Kernus, the Director of Cybersecurity Operations at DTS talks about the challenges facing small businesses that are under pressure to adopt #cybersecurity best practices without breaking their budget. #SME #opinion #riskmanagement securityledger.com/2023/10/what...

13.10.2023 00:43 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
Black Hat: Colin O'Flynn On Hacking An Oven To Make It Stop Lying Host Paul Roberts speaks with Colin O'Flynn about his Black Hat talk on patching the shoddy software on his electric oven and implications for the IoT.

In this podcast, host Paul Roberts speaks with @colinoflynn.bsky.social of the firm NewAE about his work to patch shoddy software on his #Samsung electric oven – and big questions about our rights to fix, tinker with or replace the software that powers connected stuff. #BlackHat2023 #righttorepair

10.08.2023 16:45 β€” πŸ‘ 2    πŸ” 2    πŸ’¬ 0    πŸ“Œ 0
Preview
Is a DEF CON Village the right way to assess AI risk? | The Security Ledger with Paul F. Roberts Is a DEF CON village the best venue for assessing the cyber risks of large language model AI like ChatGPT? Experts have their doubts.

All eyes are on the AIVillage at @defcon.bsky.social but is a village the best format for assessing the #cyberrisks of #AI? Experts have their doubts…

13.06.2023 16:53 β€” πŸ‘ 3    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0

@securityledger is following 4 prominent accounts