HPE, Microsoft breach disclosures mark new era of CISO accountability
New revelations show Russia’s SVR has stepped up cyber-espionage. They also spotlight how public companies are on the hook with the SEC’s disclosure laws.
Paul Roberts
Director of Content and Editorial at RL. Paul is a reporter, editor and industry analyst with 20 years’ experience covering the cybersecurity space. He is the founder and editor in chief at The Security Ledger, a cybersecurity news website. His writing about cyber security has appeared in publications including Forbes, The Christian Science Monitor, MIT Technology Review, The Economist Intelligence Unit, CIO Magazine, ZDNet and Fortune Small Business. He has appeared on NPR’s Marketplace Tech Report, KPCC AirTalk, Fox News Tech Take, Al Jazeera and The Oprah Show.
Posts from Paul Roberts
HPE, Microsoft breach disclosures mark new era of CISO accountability
SSCS attacks: A (partial) history
The Sunburst hack of SolarWinds put software supply chain attacks on everyone’s radar. But they aren’t new. Here’s an abbreviated history of key attacks and compromises.
Protestware taps npm to call out wars in Ukraine, Gaza
ReversingLabs researchers have discovered npm packages that hide scripts broadcasting messages of peace related to the conflicts in Ukraine and in Israel and the Gaza Strip.
The art of security chaos engineering
What if dev and app sec teams showed the same ingenuity, nimbleness and ruthless efficiency as cybercriminals? Fastly's Kelly Shortridge explains why that's essential to resilience.
6 things you may have missed at Hacker Summer Camp
The summertime trio of events in Las Vegas — Black Hat, DEF CON, and BSides — is information overload for cybersecurity leaders and practitioners. Here are the sessions that stood out.
8 Black Hat sessions you don’t want to miss
Black Hat USA is a showcase for top security experts and companies. Here's our short list of must-see sessions for 2023.
More malicious npm packages found in wake of JumpCloud supply chain hack
ReversingLabs researchers uncovered evidence of more malicious npm packages beyond those already disclosed — and conclude that the attack is still active.
Federal security guidance: Been there, done that
CISA and NSA issued security guidance on continuous integration/continuous delivery (CI/CD) environments — but missed an opportunity to escalate the conversation.
CISA SBOM-a-rama tackles challenges: 5 key takeaways
CISA hosted SBOM-a-rama on Wednesday to move software bills of material — a list of ingredients for software and services — forward. Here are top takeaways and insights.