Welcome to our

Cyber Security News Aggregator


Cyber Tzar

provide a

cyber security risk management

platform; including automated penetration tests and risk assesments culminating in a "cyber risk score" out of 1,000, just like a credit score.
Return to Planet "Home"
Filter applied:
Current page:
Go to "Navigation Help" (page end)
Articles in this collection: 1,428

Feed: Schneier on Security

Articles recieved 26/08/2021
Article: Interesting Privilege Escalation Vulnerability - published over 3 years ago.
Content: If you plug a Razer peripheral (mouse or keyboard, I think) into a Windows 10 or 11 machine, you can use a vulnerability in the Razer Synapse software — which automatically downloads — to gain SYSTEM privileges. It should be noted that this is a local privilege escalation (LPE) vulnerability, which means that you need to have a Razer devices and physical acc...
Published: 2021 08 26 11:28:00
Received: 2021 08 26 12:05:35
Feed: Schneier on Security
Source: Schneier on Security
Category: Cyber Security
Topic: Cyber Security
12:05 Interesting Privilege Escalation Vulnerability
Articles recieved 25/08/2021
Article: Surveillance of the Internet Backbone - published over 3 years ago.
Content: Vice has an article about how data brokers sell access to the Internet backbone. This is netflow data. It’s useful for cybersecurity forensics, but can also be used for things like tracing VPN activity. At a high level, netflow data creates a picture of traffic flow and volume across a network. It can show which server communicated with another, information ...
Published: 2021 08 25 15:13:48
Received: 2021 08 25 16:06:15
Feed: Schneier on Security
Source: Schneier on Security
Category: Cyber Security
Topic: Cyber Security
16:06 Surveillance of the Internet Backbone
Articles recieved 20/08/2021
Article: Friday Squid Blogging: On Squid Brains - published over 3 years ago.
Content: Interesting National Geographic article. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here. ...
Published: 2021 08 20 21:18:14
Received: 2021 08 20 22:04:55
Feed: Schneier on Security
Source: Schneier on Security
Category: Cyber Security
Topic: Cyber Security
Article: More on Apple’s iPhone Backdoor - published over 3 years ago.
Content: In this post, I’ll collect links on Apple’s iPhone backdoor for scanning CSAM images. Previous links are here and here. Apple says that hash collisions in its CSAM detection system were expected, and not a concern. I’m not convinced that this secondary system was originally part of the design, since it wasn’t discussed in the original specification. Good op-...
Published: 2021 08 20 13:54:51
Received: 2021 08 20 14:06:28
Feed: Schneier on Security
Source: Schneier on Security
Category: Cyber Security
Topic: Cyber Security
22:04 Friday Squid Blogging: On Squid Brains
14:06 More on Apple’s iPhone Backdoor
Articles recieved 19/08/2021
Article: T-Mobile Data Breach - published over 3 years ago.
Content: It’s a big one: As first reported by Motherboard on Sunday, someone on the dark web claims to have obtained the data of 100 million from T-Mobile’s servers and is selling a portion of it on an underground forum for 6 bitcoin, about $280,000. The trove includes not only names, phone numbers, and physical addresses but also more sensitive data like social secu...
Published: 2021 08 19 11:17:56
Received: 2021 08 19 12:05:57
Feed: Schneier on Security
Source: Schneier on Security
Category: Cyber Security
Topic: Cyber Security
12:05 T-Mobile Data Breach
Articles recieved 18/08/2021
Article: Apple’s NeuralHash Algorithm Has Been Reverse-Engineered - published over 3 years ago.
Content: Apple’s NeuralHash algorithm — the one it’s using for client-side scanning on the iPhone — has been reverse-engineered. Turns out it was already in iOS 14.3, and someone noticed: Early tests show that it can tolerate image resizing and compression, but not cropping or rotations. We also have the first collision: two images that hash to the same value. The ne...
Published: 2021 08 18 16:51:17
Received: 2021 08 18 17:04:55
Feed: Schneier on Security
Source: Schneier on Security
Category: Cyber Security
Topic: Cyber Security
Article: Tetris: Chinese Espionage Tool - published over 3 years ago.
Content: I’m starting to see writings about a Chinese espionage tool that exploits website vulnerabilities to try and identify Chinese dissidents.
Published: 2021 08 18 11:23:54
Received: 2021 08 18 12:06:17
Feed: Schneier on Security
Source: Schneier on Security
Category: Cyber Security
Topic: Cyber Security
17:04 Apple’s NeuralHash Algorithm Has Been Reverse-Engineered
12:06 Tetris: Chinese Espionage Tool
Articles recieved 13/08/2021
Article: Friday Squid Blogging: Squid Dog Toy - published over 3 years ago.
Content: It’s sold out, but the pictures are cute. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here. ...
Published: 2021 08 06 21:05:38
Received: 2021 08 13 22:04:57
Feed: Schneier on Security
Source: Schneier on Security
Category: Cyber Security
Topic: Cyber Security
Article: Friday Squid Blogging: A Good Year for Squid? - published over 3 years ago.
Content: Improved ocean conditions are leading to optimism about this year’s squid catch. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here. ...
Published: 2021 08 13 21:28:16
Received: 2021 08 13 22:04:57
Feed: Schneier on Security
Source: Schneier on Security
Category: Cyber Security
Topic: Cyber Security
Article: Using AI to Scale Spear Phishing - published over 3 years ago.
Content: The problem with spear phishing is that it takes time and creativity to create individualized enticing phishing emails. Researchers are using GPT-3 to attempt to solve that problem: The researchers used OpenAI’s GPT-3 platform in conjunction with other AI-as-a-service products focused on personality analysis to generate phishing emails tailored to their coll...
Published: 2021 08 13 11:16:00
Received: 2021 08 13 12:06:13
Feed: Schneier on Security
Source: Schneier on Security
Category: Cyber Security
Topic: Cyber Security
22:04 Friday Squid Blogging: Squid Dog Toy
22:04 Friday Squid Blogging: A Good Year for Squid?
12:06 Using AI to Scale Spear Phishing
Articles recieved 12/08/2021
Article: Apple Adds a Backdoor to iMessage and iCloud Storage - published over 3 years ago.
Content: Apple’s announcement that it’s going to start scanning photos for child abuse material is a big deal. (Here are five news stories.) I have been following the details, and discussing it in several different email lists. I don’t have time right now to delve into the details, but wanted to post something. EFF writes: There are two main features that the company...
Published: 2021 08 10 11:37:30
Received: 2021 08 12 05:05:04
Feed: Schneier on Security
Source: Schneier on Security
Category: Cyber Security
Topic: Cyber Security
Article: Cobalt Strike Vulnerability Affects Botnet Servers - published over 3 years ago.
Content: Cobalt Strike is a security tool, used by penetration testers to simulate network attackers. But it’s also used by attackers — from criminals to governments — to automate their own attacks. Researchers have found a vulnerability in the product. The main components of the security tool are the Cobalt Strike client — also known as a Beacon — and the Cobalt Str...
Published: 2021 08 11 11:42:27
Received: 2021 08 12 05:05:04
Feed: Schneier on Security
Source: Schneier on Security
Category: Cyber Security
Topic: Cyber Security
05:05 Apple Adds a Backdoor to iMessage and iCloud Storage
05:05 Cobalt Strike Vulnerability Affects Botnet Servers
Articles recieved 11/08/2021
Article: Cobolt Strike Vulnerability Affects Botnet Servers - published over 3 years ago.
Content: Cobolt Strike is a security tool, used by penetration testers to simulate network attackers. But it’s also used by attackers — from criminals to governments — to automate their own attacks. Researchers have found a vulnerability in the product. The main components of the security tool are the Cobalt Strike client — also known as a Beacon — and the Cobalt Str...
Published: 2021 08 11 11:42:27
Received: 2021 08 11 12:05:12
Feed: Schneier on Security
Source: Schneier on Security
Category: Cyber Security
Topic: Cyber Security
12:05 Cobolt Strike Vulnerability Affects Botnet Servers
Articles recieved 10/08/2021
Article: Apple Adds a Backdoor to iMesssage and iCloud Storage - published over 3 years ago.
Content: Apple’s announcement that it’s going to start scanning photos for child abuse material is a big deal. (Here are five news stories.) I have been following the details, and discussing it in several different email lists. I don’t have time right now to delve into the details, but wanted to post something. EFF writes: There are two main features that the company...
Published: 2021 08 10 11:37:30
Received: 2021 08 10 12:06:01
Feed: Schneier on Security
Source: Schneier on Security
Category: Cyber Security
Topic: Cyber Security
12:06 Apple Adds a Backdoor to iMesssage and iCloud Storage
Articles recieved 09/08/2021
Article: Defeating Microsoft’s Trusted Platform Module - published over 3 years ago.
Content: This is a really interesting story explaining how to defeat Microsoft’s TPM in 30 minutes — without having to solder anything to the motherboard. Researchers at the security consultancy Dolos Group, hired to test the security of one client’s network, received a new Lenovo computer preconfigured to use the standard security stack for the organization. They re...
Published: 2021 08 09 11:19:49
Received: 2021 08 09 12:05:09
Feed: Schneier on Security
Source: Schneier on Security
Category: Cyber Security
Topic: Cyber Security
12:05 Defeating Microsoft’s Trusted Platform Module
Articles recieved 06/08/2021
Article: Squid Dog Toy - published over 3 years ago.
Content: It’s sold out, but the pictures are cute. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here. ...
Published: 2021 08 06 21:05:38
Received: 2021 08 06 22:05:09
Feed: Schneier on Security
Source: Schneier on Security
Category: Cyber Security
Topic: Cyber Security
Article: Using “Master Faces” to Bypass Face-Recognition Authenticating Systems - published over 3 years ago.
Content: Fascinating research: “Generating Master Faces for Dictionary Attacks with a Network-Assisted Latent Space Evolution.” Abstract: A master face is a face image that passes face-based identity-authentication for a large portion of the population. These faces can be used to impersonate, with a high probability of success, any user, without having access to any ...
Published: 2021 08 06 11:44:53
Received: 2021 08 06 12:05:02
Feed: Schneier on Security
Source: Schneier on Security
Category: Cyber Security
Topic: Cyber Security
22:05 Squid Dog Toy
12:05 Using “Master Faces” to Bypass Face-Recognition Authenticating Systems
Articles recieved 05/08/2021
Article: Zoom Lied about End-to-End Encryption - published over 3 years ago.
Content: The facts aren’t news, but Zoom will pay $85M — to the class-action attorneys, and to users — for lying to users about end-to-end encryption, and for giving user data to Facebook and Google without consent. The proposed settlement would generally give Zoom users $15 or $25 each and was filed Saturday at US District Court for the Northern District of Californ...
Published: 2021 08 05 11:25:58
Received: 2021 08 05 12:05:13
Feed: Schneier on Security
Source: Schneier on Security
Category: Cyber Security
Topic: Cyber Security
12:05 Zoom Lied about End-to-End Encryption
Articles recieved 03/08/2021
Article: Paragon: Yet Another Cyberweapons Arms Manufacturer - published over 3 years ago.
Content: Forbes has the story: Paragon’s product will also likely get spyware critics and surveillance experts alike rubbernecking: It claims to give police the power to remotely break into encrypted instant messaging communications, whether that’s WhatsApp, Signal, Facebook Messenger or Gmail, the industry sources said. One other spyware industry executive said it a...
Published: 2021 08 03 11:44:47
Received: 2021 08 03 12:05:29
Feed: Schneier on Security
Source: Schneier on Security
Category: Cyber Security
Topic: Cyber Security
12:05 Paragon: Yet Another Cyberweapons Arms Manufacturer
Articles recieved 02/08/2021
Article: The European Space Agency Launches Hackable Satellite - published over 3 years ago.
Content: Of course this is hackable: A sophisticated telecommunications satellite that can be completely repurposed while in space has launched. […] Because the satellite can be reprogrammed in orbit, it can respond to changing demands during its lifetime. […] The satellite can detect and characterise any rogue emissions, enabling it to respond dynamically to accide...
Published: 2021 08 02 11:46:55
Received: 2021 08 02 12:05:47
Feed: Schneier on Security
Source: Schneier on Security
Category: Cyber Security
Topic: Cyber Security
12:05 The European Space Agency Launches Hackable Satellite
Articles recieved 30/07/2021
Article: Friday Squid Blogging: Squid Skin Is Naturally Anti-microbial - published over 3 years ago.
Content: Often it feels like squid just evolved better than us mammals. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here. ...
Published: 2021 07 30 21:13:48
Received: 2021 07 30 22:04:52
Feed: Schneier on Security
Source: Schneier on Security
Category: Cyber Security
Topic: Cyber Security
Article: I Am Parting With My Crypto Library - published over 3 years ago.
Content: The time has come for me to find a new home for my (paper) cryptography library. It’s about 150 linear feet of books, conference proceedings, journals, and monographs — mostly from the 1980s, 1990s, and 2000s. My preference is that it goes to an educational institution, but will consider a corporate or personal home if that’s the only option available. If yo...
Published: 2021 07 30 17:13:20
Received: 2021 07 30 18:05:13
Feed: Schneier on Security
Source: Schneier on Security
Category: Cyber Security
Topic: Cyber Security
Article: Storing Encrypted Photos in Google’s Cloud - published over 3 years ago.
Content: New paper: “Encrypted Cloud Photo Storage Using Google Photos“: Abstract: Cloud photo services are widely used for persistent, convenient, and often free photo storage, which is especially useful for mobile devices. As users store more and more photos in the cloud, significant privacy concerns arise because even a single compromise of a user’s credentials gi...
Published: 2021 07 30 11:34:12
Received: 2021 07 30 12:05:00
Feed: Schneier on Security
Source: Schneier on Security
Category: Cyber Security
Topic: Cyber Security
22:04 Friday Squid Blogging: Squid Skin Is Naturally Anti-microbial
18:05 I Am Parting With My Crypto Library
12:05 Storing Encrypted Photos in Google’s Cloud
Articles recieved 29/07/2021
Article: AirDropped Gun Photo Causes Terrorist Scare - published over 3 years ago.
Content: A teenager on an airplane sent a photo of a replica gun via AirDrop to everyone who had their settings configured to receive unsolicited photos from strangers. This caused a three-hour delay as the plane — still at the gate — was evacuated and searched. The teen was not allowed to reboard. I can’t find any information about whether he was charged with any of...
Published: 2021 07 29 11:52:48
Received: 2021 07 29 12:05:14
Feed: Schneier on Security
Source: Schneier on Security
Category: Cyber Security
Topic: Cyber Security
12:05 AirDropped Gun Photo Causes Terrorist Scare
Articles recieved 28/07/2021
Article: De-anonymization Story - published over 3 years ago.
Content: This is important: Monsignor Jeffrey Burrill was general secretary of the US Conference of Catholic Bishops (USCCB), effectively the highest-ranking priest in the US who is not a bishop, before records of Grindr usage obtained from data brokers was correlated with his apartment, place of work, vacation home, family members’ addresses, and more. […] The data ...
Published: 2021 07 28 11:03:57
Received: 2021 07 28 11:05:05
Feed: Schneier on Security
Source: Schneier on Security
Category: Cyber Security
Topic: Cyber Security
11:05 De-anonymization Story
Articles recieved 27/07/2021
Article: Hiding Malware in ML Models - published over 3 years ago.
Content: Interesting research: “EvilModel: Hiding Malware Inside of Neural Network Models”. Abstract: Delivering malware covertly and detection-evadingly is critical to advanced malware campaigns. In this paper, we present a method that delivers malware covertly and detection-evadingly through neural network models. Neural network models are poorly explainable and ha...
Published: 2021 07 27 11:25:59
Received: 2021 07 27 12:05:12
Feed: Schneier on Security
Source: Schneier on Security
Category: Cyber Security
Topic: Cyber Security
12:05 Hiding Malware in ML Models
Articles recieved 26/07/2021
Article: Disrupting Ransomware by Disrupting Bitcoin - published over 3 years ago.
Content: Ransomware isn’t new; the idea dates back to 1986 with the “Brain” computer virus. Now, it’s become the criminal business model of the internet for two reasons. The first is the realization that no one values data more than its original owner, and it makes more sense to ransom it back to them — sometimes with the added extortion of threatening to make it pub...
Published: 2021 07 26 11:30:39
Received: 2021 07 26 12:05:13
Feed: Schneier on Security
Source: Schneier on Security
Category: Cyber Security
Topic: Cyber Security
12:05 Disrupting Ransomware by Disrupting Bitcoin
Articles recieved 23/07/2021
Article: Friday Squid Blogging: The Evolution of Squid - published over 3 years ago.
Content: Good video about the evolutionary history of squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here. ...
Published: 2021 07 23 20:58:31
Received: 2021 07 23 21:05:13
Feed: Schneier on Security
Source: Schneier on Security
Category: Cyber Security
Topic: Cyber Security
Article: Nasty Windows Printer Driver Vulnerability - published over 3 years ago.
Content: From SentinelLabs, a critical vulnerability in HP printer drivers: Researchers have released technical details on a high-severity privilege-escalation flaw in HP printer drivers (also used by Samsung and Xerox), which impacts hundreds of millions of Windows machines. If exploited, cyberattackers could bypass security products; install programs; view, change,...
Published: 2021 07 22 15:41:58
Received: 2021 07 23 14:05:01
Feed: Schneier on Security
Source: Schneier on Security
Category: Cyber Security
Topic: Cyber Security
Article: Commercial Location Data Used to Out Priest - published over 3 years ago.
Content: A Catholic priest was outed through commercially available surveillance data. Vice has a good analysis: The news starkly demonstrates not only the inherent power of location data, but how the chance to wield that power has trickled down from corporations and intelligence agencies to essentially any sort of disgruntled, unscrupulous, or dangerous individual. ...
Published: 2021 07 23 13:58:33
Received: 2021 07 23 14:05:01
Feed: Schneier on Security
Source: Schneier on Security
Category: Cyber Security
Topic: Cyber Security
21:05 Friday Squid Blogging: The Evolution of Squid
14:05 Nasty Windows Printer Driver Vulnerability
14:05 Commercial Location Data Used to Out Priest
Articles recieved 22/07/2021
Article: Nasty Printer Driver Vulnerability - published over 3 years ago.
Content: From SentinelLabs, a critical vulnerability in HP printer drivers: Researchers have released technical details on a high-severity privilege-escalation flaw in HP printer drivers (also used by Samsung and Xerox), which impacts hundreds of millions of Windows machines. If exploited, cyberattackers could bypass security products; install programs; view, change,...
Published: 2021 07 22 15:41:58
Received: 2021 07 22 16:07:11
Feed: Schneier on Security
Source: Schneier on Security
Category: Cyber Security
Topic: Cyber Security
16:07 Nasty Printer Driver Vulnerability
Articles recieved 20/07/2021
Article: NSO Group Hacked - published over 3 years ago.
Content: NSO Group, the Israeli cyberweapons arms manufacturer behind the Pegasus spyware — used by authoritarian regimes around the world to spy on dissidents, journalists, human rights workers, and others — was hacked. Or, at least, an enormous trove of documents was leaked to journalists. There’s a lot to read out there. Amnesty International has a report. Citizen...
Published: 2021 07 20 18:50:56
Received: 2021 07 20 19:05:08
Feed: Schneier on Security
Source: Schneier on Security
Category: Cyber Security
Topic: Cyber Security
19:05 NSO Group Hacked
Articles recieved 19/07/2021
Article: Candiru: Another Cyberweapons Arms Manufacturer - published over 3 years ago.
Content: Citizen Lab has identified yet another Israeli company that sells spyware to governments around the world: Candiru. From the report: Summary: Candiru is a secretive Israel-based company that sells spyware exclusively to governments. Reportedly, their spyware can infect and monitor iPhones, Androids, Macs, PCs, and cloud accounts. Using Internet scanning we ...
Published: 2021 07 19 15:54:58
Received: 2021 07 19 16:05:07
Feed: Schneier on Security
Source: Schneier on Security
Category: Cyber Security
Topic: Cyber Security
16:05 Candiru: Another Cyberweapons Arms Manufacturer
Articles recieved 16/07/2021
Article: Friday Squid Blogging: Giant Squid Model - published over 3 years ago.
Content: Pretty wooden model. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here.
Published: 2021 07 16 21:12:12
Received: 2021 07 16 22:05:07
Feed: Schneier on Security
Source: Schneier on Security
Category: Cyber Security
Topic: Cyber Security
Article: REvil is Off-Line - published over 3 years ago.
Content: This is an interesting development: Just days after President Biden demanded that President Vladimir V. Putin of Russia shut down ransomware groups attacking American targets, the most aggressive of the groups suddenly went off-line early Tuesday. […] Gone was the publicly available “happy blog” the group maintained, listing some of its victims and the group...
Published: 2021 07 16 20:03:13
Received: 2021 07 16 20:05:04
Feed: Schneier on Security
Source: Schneier on Security
Category: Cyber Security
Topic: Cyber Security
22:05 Friday Squid Blogging: Giant Squid Model
20:05 REvil is Off-Line
Articles recieved 15/07/2021
Article: Colorado Passes Consumer Privacy Law - published over 3 years ago.
Content: First California. Then Virginia. Now Colorado. Here’s a good comparison of the three states’ laws.
Published: 2021 07 15 11:08:02
Received: 2021 07 15 12:05:18
Feed: Schneier on Security
Source: Schneier on Security
Category: Cyber Security
Topic: Cyber Security
12:05 Colorado Passes Consumer Privacy Law
Articles recieved 14/07/2021
Article: China Taking Control of Zero-Day Exploits - published over 3 years ago.
Content: China is making sure that all newly discovered zero-day exploits are disclosed to the government. Under the new rules, anyone in China who finds a vulnerability must tell the government, which will decide what repairs to make. No information can be given to “overseas organizations or individuals” other than the product’s manufacturer. No one may “collect, se...
Published: 2021 07 14 11:04:46
Received: 2021 07 14 12:05:12
Feed: Schneier on Security
Source: Schneier on Security
Category: Cyber Security
Topic: Cyber Security
12:05 China Taking Control of Zero-Day Exploits
Articles recieved 13/07/2021
Article: Iranian State-Sponsored Hacking Attempts - published over 3 years ago.
Content: Interesting attack: Masquerading as UK scholars with the University of London’s School of Oriental and African Studies (SOAS), the threat actor TA453 has been covertly approaching individuals since at least January 2021 to solicit sensitive information. The threat actor, an APT who we assess with high confidence supports Islamic Revolutionary Guard Corps (IR...
Published: 2021 07 13 14:04:19
Received: 2021 07 13 15:05:20
Feed: Schneier on Security
Source: Schneier on Security
Category: Cyber Security
Topic: Cyber Security
15:05 Iranian State-Sponsored Hacking Attempts
Articles recieved 12/07/2021
Article: Analysis of the FBI’s Anom Phone - published over 3 years ago.
Content: Motherboard got its hands on one of those Anom phones that were really FBI honeypots. The details are interesting.
Published: 2021 07 12 16:58:12
Received: 2021 07 12 17:05:10
Feed: Schneier on Security
Source: Schneier on Security
Category: Cyber Security
Topic: Cyber Security
17:05 Analysis of the FBI’s Anom Phone
Articles recieved 09/07/2021
Article: Friday Squid Blogging: Squid-Related Game - published over 3 years ago.
Content: It’s called “Squid Fishering.” As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here. ...
Published: 2021 07 09 21:03:11
Received: 2021 07 09 22:05:29
Feed: Schneier on Security
Source: Schneier on Security
Category: Cyber Security
Topic: Cyber Security
22:05 Friday Squid Blogging: Squid-Related Game
Articles recieved 08/07/2021
Article: Details of the REvil Ransomware Attack - published over 3 years ago.
Content: ArsTechnica has a good story on the REvil ransomware attack of last weekend, with technical details: This weekend’s attack was carried out with almost surgical precision. According to Cybereason, the REvil affiliates first gained access to targeted environments and then used the zero-day in the Kaseya Agent Monitor to gain administrative control over the tar...
Published: 2021 07 08 15:06:31
Received: 2021 07 08 16:05:14
Feed: Schneier on Security
Source: Schneier on Security
Category: Cyber Security
Topic: Cyber Security
16:05 Details of the REvil Ransomware Attack
Articles recieved 06/07/2021
Article: Vulnerability in the Kaspersky Password Manager - published over 3 years ago.
Content: A vulnerability (just patched) in the random number generator used in the Kaspersky Password Manager resulted in easily guessable passwords: The password generator included in Kaspersky Password Manager had several problems. The most critical one is that it used a PRNG not suited for cryptographic purposes. Its single source of entropy was the current time. ...
Published: 2021 07 06 14:27:47
Received: 2021 07 06 15:05:00
Feed: Schneier on Security
Source: Schneier on Security
Category: Cyber Security
Topic: Cyber Security
15:05 Vulnerability in the Kaspersky Password Manager
Articles recieved 05/07/2021
Article: Stealing Xbox Codes - published over 3 years ago.
Content: Detailed story of Volodymyr Kvashuk, a Microsoft insider who noticed a bug in the company’s internal systems that allowed him to create unlimited Xbox gift cards, and stole $10.1 million before he was caught.
Published: 2021 07 05 11:11:07
Received: 2021 07 05 12:05:04
Feed: Schneier on Security
Source: Schneier on Security
Category: Cyber Security
Topic: Cyber Security
12:05 Stealing Xbox Codes
Articles recieved 02/07/2021
Article: Friday Squid Blogging: Best Squid-Related Headline - published over 3 years ago.
Content: From the New York Times: “When an Eel Climbs a Ramp to Eat Squid From a Clamp, That’s a Moray.” The article is about the eel; the squid is just eel food. But still…. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here. ...
Published: 2021 07 02 21:06:18
Received: 2021 07 02 22:05:02
Feed: Schneier on Security
Source: Schneier on Security
Category: Cyber Security
Topic: Cyber Security
Article: More Russian Hacking - published over 3 years ago.
Content: Two reports this week. The first is from Microsoft, which wrote: As part of our investigation into this ongoing activity, we also detected information-stealing malware on a machine belonging to one of our customer support agents with access to basic account information for a small number of our customers. The actor used this information in some cases to laun...
Published: 2021 07 02 11:26:06
Received: 2021 07 02 12:05:07
Feed: Schneier on Security
Source: Schneier on Security
Category: Cyber Security
Topic: Cyber Security
22:05 Friday Squid Blogging: Best Squid-Related Headline
12:05 More Russian Hacking
Articles recieved 01/07/2021
Article: Insurance and Ransomware - published over 3 years ago.
Content: As ransomware becomes more common, I’m seeing more discussions about the ethics of paying the ransom. Here’s one more contribution to that issue: a research paper that the insurance industry is hurting more than it’s helping. However, the most pressing challenge currently facing the industry is ransomware. Although it is a societal problem, cyber insurers ha...
Published: 2021 07 01 16:01:50
Received: 2021 07 01 16:06:40
Feed: Schneier on Security
Source: Schneier on Security
Category: Cyber Security
Topic: Cyber Security
16:06 Insurance and Ransomware
Articles recieved 29/06/2021
Article: Risks of Evidentiary Software - published over 3 years ago.
Content: Over at Lawfare, Susan Landau has an excellent essay on the risks posed by software used to collect evidence (a Breathalyzer is probably the most obvious example). Bugs and vulnerabilities can lead to inaccurate evidence, but the proprietary nature of software makes it hard for defendants to examine it. The software engineers proposed a three-part test. Fir...
Published: 2021 06 29 14:12:45
Received: 2021 06 29 15:05:18
Feed: Schneier on Security
Source: Schneier on Security
Category: Cyber Security
Topic: Cyber Security
15:05 Risks of Evidentiary Software
Articles recieved 28/06/2021
Article: NFC Flaws in POS Devices and ATMs - published over 3 years ago.
Content: It’s a series of vulnerabilities: Josep Rodriguez, a researcher and consultant at security firm IOActive, has spent the last year digging up and reporting vulnerabilities in the so-called near-field communications reader chips used in millions of ATMs and point-of-sale systems worldwide. NFC systems are what let you wave a credit card over a reader — rather ...
Published: 2021 06 28 11:53:45
Received: 2021 06 28 12:05:04
Feed: Schneier on Security
Source: Schneier on Security
Category: Cyber Security
Topic: Cyber Security
12:05 NFC Flaws in POS Devices and ATMs
Articles recieved 25/06/2021
Article: Friday Squid Blogging: Colossal Squid Photographed off the Coast of Antarctica - published over 3 years ago.
Content: Wow. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here.
Published: 2021 06 25 21:20:00
Received: 2021 06 25 22:05:38
Feed: Schneier on Security
Source: Schneier on Security
Category: Cyber Security
Topic: Cyber Security
Article: AI-Piloted Fighter Jets - published over 3 years ago.
Content: News from Georgetown’s Center for Security and Emerging Technology: China Claims Its AI Can Beat Human Pilots in Battle: Chinese state media reported that an AI system had successfully defeated human pilots during simulated dogfights. According to the Global Times report, the system had shot down several PLA pilots during a handful of virtual exercises in re...
Published: 2021 06 25 13:53:27
Received: 2021 06 25 14:05:18
Feed: Schneier on Security
Source: Schneier on Security
Category: Cyber Security
Topic: Cyber Security
22:05 Friday Squid Blogging: Colossal Squid Photographed off the Coast of Antarctica
14:05 AI-Piloted Fighter Jets
Articles recieved 24/06/2021
Article: Banning Surveillance-Based Advertising - published over 3 years ago.
Content: The Norwegian Consumer Council just published a fantastic new report: “Time to Ban Surveillance-Based Advertising.” From the Introduction: The challenges caused and entrenched by surveillance-based advertising include, but are not limited to: privacy and data protection infringements opaque business models manipulation and discrimination at scale fraud and ...
Published: 2021 06 24 14:44:39
Received: 2021 06 24 15:05:06
Feed: Schneier on Security
Source: Schneier on Security
Category: Cyber Security
Topic: Cyber Security
15:05 Banning Surveillance-Based Advertising
Articles recieved 23/06/2021
Article: Mollitiam Industries is the Newest Cyberweapons Arms Manufacturer - published over 3 years ago.
Content: Wired is reporting on a company called Mollitiam Industries: Marketing materials left exposed online by a third-party claim Mollitiam’s interception products, dubbed “Invisible Man” and “Night Crawler,” are capable of remotely accessing a target’s files, location, and covertly turning on a device’s camera and microphone. Its spyware is also said to be equipp...
Published: 2021 06 23 11:01:53
Received: 2021 06 23 11:06:14
Feed: Schneier on Security
Source: Schneier on Security
Category: Cyber Security
Topic: Cyber Security
11:06 Mollitiam Industries is the Newest Cyberweapons Arms Manufacturer
Articles recieved 22/06/2021
Article: Apple Will Offer Onion Routing for iCloud/Safari Users - published almost 4 years ago.
Content: At this year’s Apple Worldwide Developer Conference, Apple announced something called “iCloud Private Relay.” That’s basically its private version of onion routing, which is what Tor does. Privacy Relay is built into both the forthcoming iOS and MacOS versions, but it will only work if you’re an iCloud Plus subscriber and you have it enabled from within your...
Published: 2021 06 22 11:54:09
Received: 2021 06 22 12:05:22
Feed: Schneier on Security
Source: Schneier on Security
Category: Cyber Security
Topic: Cyber Security
12:05 Apple Will Offer Onion Routing for iCloud/Safari Users
Articles recieved 21/06/2021
Article: The Future of Machine Learning and Cybersecurity - published almost 4 years ago.
Content: The Center for Security and Emerging Technology has a new report: “Machine Learning and Cybersecurity: Hype and Reality.” Here’s the bottom line: The report offers four conclusions: Machine learning can help defenders more accurately detect and triage potential attacks. However, in many cases these technologies are elaborations on long-standing methods — no...
Published: 2021 06 21 11:31:24
Received: 2021 06 21 12:06:21
Feed: Schneier on Security
Source: Schneier on Security
Category: Cyber Security
Topic: Cyber Security
12:06 The Future of Machine Learning and Cybersecurity
Articles recieved 18/06/2021
Article: Friday Squid Blogging: Video of Giant Squid Hunting Prey - published almost 4 years ago.
Content: Fantastic video of a giant squid hunting at depths between 1,827 and 3,117 feet. This is a follow-on from this post. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here. ...
Published: 2021 06 18 21:06:44
Received: 2021 06 18 22:05:37
Feed: Schneier on Security
Source: Schneier on Security
Category: Cyber Security
Topic: Cyber Security
Article: Peloton Vulnerability Found and Fixed - published almost 4 years ago.
Content: Researchers have discovered a vulnerability in Peloton stationary bicycles, one that would give the attacker complete control over the device. The attack requires physical access to the Peloton, so it’s not really a practical attack. President Biden’s Peloton was not in danger. ...
Published: 2021 06 18 11:18:28
Received: 2021 06 18 12:05:35
Feed: Schneier on Security
Source: Schneier on Security
Category: Cyber Security
Topic: Cyber Security
22:05 Friday Squid Blogging: Video of Giant Squid Hunting Prey
12:05 Peloton Vulnerability Found and Fixed
Articles recieved 17/06/2021
Article: Intentional Flaw in GPRS Encryption Algorithm GEA-1 - published almost 4 years ago.
Content: General Packet Radio Service (GPRS) is a mobile data standard that was widely used in the early 2000s. The first encryption algorithm for that standard was GEA-1, a stream cipher built on three linear-feedback shift registers and a non-linear combining function. Although the algorithm has a 64-bit key, the effective key length is only 40 bits, due to “an exc...
Published: 2021 06 17 18:51:41
Received: 2021 06 17 19:05:03
Feed: Schneier on Security
Source: Schneier on Security
Category: Cyber Security
Topic: Cyber Security
Article: Paul van Oorschot’s Computer Security and the Internet - published almost 4 years ago.
Content: Paul van Oorschot’s webpage contains a complete copy of his book: Computer Security and the Internet: Tools and Jewels. It’s worth reading.
Published: 2021 06 17 11:25:54
Received: 2021 06 17 12:05:03
Feed: Schneier on Security
Source: Schneier on Security
Category: Cyber Security
Topic: Cyber Security
19:05 Intentional Flaw in GPRS Encryption Algorithm GEA-1
12:05 Paul van Oorschot’s Computer Security and the Internet
Articles recieved 16/06/2021
Article: VPNs and Trust - published almost 4 years ago.
Content: TorrentFreak surveyed nineteen VPN providers, asking them questions about their privacy practices: what data they keep, how they respond to court order, what country they are incorporated in, and so on. Most interesting to me is the home countries of these companies. Express VPN is incorporated in the British Virgin Islands. NordVPN is incorporated in Panama...
Published: 2021 06 16 11:17:53
Received: 2021 06 16 12:05:28
Feed: Schneier on Security
Source: Schneier on Security
Category: Cyber Security
Topic: Cyber Security
12:05 VPNs and Trust
Articles recieved 15/06/2021
Article: Andrew Appel on New Hampshire’s Election Audit - published almost 4 years ago.
Content: Really interesting two part analysis of the audit conducted after the 2020 election in Windham, New Hampshire. Based on preliminary reports published by the team of experts that New Hampshire engaged to examine an election discrepancy, it appears that a buildup of dust in the read heads of optical-scan voting machines (possibly over several years of use) can...
Published: 2021 06 15 15:45:12
Received: 2021 06 15 16:05:11
Feed: Schneier on Security
Source: Schneier on Security
Category: Cyber Security
Topic: Cyber Security
16:05 Andrew Appel on New Hampshire’s Election Audit
Articles recieved 14/06/2021
Article: Upcoming Speaking Engagements - published about 3 years ago.
Content: This is a current list of where and when I am scheduled to speak: I’m giving an online-only talk on “Securing a World of Physically Capable Computers” as part of Teleport’s Security Visionaries 2022 series, on January 18, 2022. I’m speaking at IT-S Now 2022 in Vienna on June 2, 2022. I’m speaking at the 14th International Conference on Cyber Conflict, CyCon...
Published: 2022 01 14 18:02:41
Received: 2021 06 14 17:05:32
Feed: Schneier on Security
Source: Schneier on Security
Category: Cyber Security
Topic: Cyber Security
Article: TikTok Can Now Collect Biometric Data - published almost 4 years ago.
Content: This is probably worth paying attention to: A change to TikTok’s U.S. privacy policy on Wednesday introduced a new section that says the social video app “may collect biometric identifiers and biometric information” from its users’ content. This includes things like “faceprints and voiceprints,” the policy explained. Reached for comment, TikTok could not con...
Published: 2021 06 14 15:11:11
Received: 2021 06 14 16:05:35
Feed: Schneier on Security
Source: Schneier on Security
Category: Cyber Security
Topic: Cyber Security
17:05 Upcoming Speaking Engagements
16:05 TikTok Can Now Collect Biometric Data
Articles recieved 11/06/2021
Article: Friday Squid Blogging: Fossil of Squid Eating and Being Eaten - published almost 4 years ago.
Content: We now have a fossil of a squid eating a crustacean while it is being eaten by a shark. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here. ...
Published: 2021 06 11 21:18:48
Received: 2021 06 11 22:05:12
Feed: Schneier on Security
Source: Schneier on Security
Category: Cyber Security
Topic: Cyber Security
Article: FBI/AFP-Run Encrypted Phone - published almost 4 years ago.
Content: For three years, the Federal Bureau of Investigation and the Australian Federal Police owned and operated a commercial encrypted phone app, called AN0M, that was used by organized crime around the world. Of course, the police were able to read everything — I don’t even know if this qualifies as a backdoor. This week, the world’s police organizations announce...
Published: 2021 06 11 11:32:38
Received: 2021 06 11 12:05:13
Feed: Schneier on Security
Source: Schneier on Security
Category: Cyber Security
Topic: Cyber Security
22:05 Friday Squid Blogging: Fossil of Squid Eating and Being Eaten
12:05 FBI/AFP-Run Encrypted Phone
Articles recieved 10/06/2021
Article: Detecting Deepfake Picture Editing - published almost 4 years ago.
Content: “Markpainting” is a clever technique to watermark photos in such a way that makes it easier to detect ML-based manipulation: An image owner can modify their image in subtle ways which are not themselves very visible, but will sabotage any attempt to inpaint it by adding visible information determined in advance by the markpainter. One application is tamper-r...
Published: 2021 06 10 11:19:19
Received: 2021 06 10 12:05:33
Feed: Schneier on Security
Source: Schneier on Security
Category: Cyber Security
Topic: Cyber Security
12:05 Detecting Deepfake Picture Editing
Articles recieved 09/06/2021
Article: Information Flows and Democracy - published almost 4 years ago.
Content: Henry Farrell and I published a paper on fixing American democracy: “Rechanneling Beliefs: How Information Flows Hinder or Help Democracy.” It’s much easier for democratic stability to break down than most people realize, but this doesn’t mean we must despair over the future. It’s possible, though very difficult, to back away from our current situation towar...
Published: 2021 06 09 11:46:32
Received: 2021 06 09 12:06:17
Feed: Schneier on Security
Source: Schneier on Security
Category: Cyber Security
Topic: Cyber Security
12:06 Information Flows and Democracy
Articles recieved 08/06/2021
Article: Vulnerabilities in Weapons Systems - published almost 4 years ago.
Content: “If you think any of these systems are going to work as expected in wartime, you’re fooling yourself.” That was Bruce’s response at a conference hosted by US Transportation Command in 2017, after learning that their computerized logistical systems were mostly unclassified and on the Internet. That may be necessary to keep in touch with civilian companies lik...
Published: 2021 06 08 10:32:33
Received: 2021 06 08 11:05:22
Feed: Schneier on Security
Source: Schneier on Security
Category: Cyber Security
Topic: Cyber Security
11:05 Vulnerabilities in Weapons Systems
Articles recieved 07/06/2021
Article: The Supreme Court Narrowed the CFAA - published almost 4 years ago.
Content: In a 6-3 ruling, the Supreme Court just narrowed the scope of the Computer Fraud and Abuse Act: In a ruling delivered today, the court sided with Van Buren and overturned his 18-month conviction. In a 37-page opinion written and delivered by Justice Amy Coney Barrett, the court explained that the “exceeds authorized access” language was, indeed, too broad. J...
Published: 2021 06 07 11:09:24
Received: 2021 06 07 12:05:11
Feed: Schneier on Security
Source: Schneier on Security
Category: Cyber Security
Topic: Cyber Security
12:05 The Supreme Court Narrowed the CFAA
Articles recieved 06/06/2021
Article: Friday Squid Blogging: Picking up Squid on the Beach - published almost 4 years ago.
Content: Make sure they’re dead. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here. ...
Published: 2021 05 21 21:02:31
Received: 2021 06 06 09:05:17
Feed: Schneier on Security
Source: Schneier on Security
Category: Cyber Security
Topic: Cyber Security
Article: AIs and Fake Comments - published almost 4 years ago.
Content: This month, the New York state attorney general issued a report on a scheme by “U.S. Companies and Partisans [to] Hack Democracy.” This wasn’t another attempt by Republicans to make it harder for Black people and urban residents to vote. It was a concerted attack on another core element of US democracy ­– the ability of citizens to express their voice to the...
Published: 2021 05 24 11:20:05
Received: 2021 06 06 09:05:17
Feed: Schneier on Security
Source: Schneier on Security
Category: Cyber Security
Topic: Cyber Security
Article: New Disk Wiping Malware Targets Israel - published almost 4 years ago.
Content: Apostle seems to be a new strain of malware that destroys data. In a post published Tuesday, SentinelOne researchers said they assessed with high confidence that based on the code and the servers Apostle reported to, the malware was being used by a newly discovered group with ties to the Iranian government. While a ransomware note the researchers recovered s...
Published: 2021 05 26 14:33:19
Received: 2021 06 06 09:05:17
Feed: Schneier on Security
Source: Schneier on Security
Category: Cyber Security
Topic: Cyber Security
Article: The Story of the 2011 RSA Hack - published almost 4 years ago.
Content: Really good long article about the Chinese hacking of RSA, Inc. They were able to get copies of the seed values to the SecurID authentication token, a harbinger of supply-chain attacks to come.
Published: 2021 05 27 11:41:26
Received: 2021 06 06 09:05:17
Feed: Schneier on Security
Source: Schneier on Security
Category: Cyber Security
Topic: Cyber Security
Article: The Misaligned Incentives for Cloud Security - published almost 4 years ago.
Content: Russia’s Sunburst cyberespionage campaign, discovered late last year, impacted more than 100 large companies and US federal agencies, including the Treasury, Energy, Justice, and Homeland Security departments. A crucial part of the Russians’ success was their ability to move through these organizations by compromising cloud and local network identity systems...
Published: 2021 05 28 11:20:29
Received: 2021 06 06 09:05:17
Feed: Schneier on Security
Source: Schneier on Security
Category: Cyber Security
Topic: Cyber Security
Article: Friday Squid Blogging: Underwater Cameras for Observing Squid - published almost 4 years ago.
Content: Interesting research paper. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here. ...
Published: 2021 05 28 21:09:28
Received: 2021 06 06 09:05:17
Feed: Schneier on Security
Source: Schneier on Security
Category: Cyber Security
Topic: Cyber Security
Article: Security Vulnerability in Apple’s Silicon “M1” Chip - published almost 4 years ago.
Content: The website for the M1racles security vulnerability is an excellent demonstration that not all vulnerabilities are exploitable. Be sure to read the FAQ through to the end. EDITED TO ADD: Wired article.
Published: 2021 06 01 11:26:41
Received: 2021 06 06 09:05:17
Feed: Schneier on Security
Source: Schneier on Security
Category: Cyber Security
Topic: Cyber Security
Article: The DarkSide Ransomware Gang - published almost 4 years ago.
Content: The New York Times has a long story on the DarkSide ransomware gang. A glimpse into DarkSide’s secret communications in the months leading up to the Colonial Pipeline attack reveals a criminal operation on the rise, pulling in millions of dollars in ransom payments each month. DarkSide offers what is known as “ransomware as a service,” in which a malware dev...
Published: 2021 06 02 14:09:56
Received: 2021 06 06 09:05:17
Feed: Schneier on Security
Source: Schneier on Security
Category: Cyber Security
Topic: Cyber Security
Article: Security and Human Behavior (SHB) 2021 - published almost 4 years ago.
Content: Today is the second day of the fourteenth Workshop on Security and Human Behavior. The University of Cambridge is the host, but we’re all on Zoom. SHB is a small, annual, invitational workshop of people studying various aspects of the human side of security, organized each year by Alessandro Acquisti, Ross Anderson, and myself. The forty or so attendees incl...
Published: 2021 06 04 11:05:21
Received: 2021 06 06 09:05:17
Feed: Schneier on Security
Source: Schneier on Security
Category: Cyber Security
Topic: Cyber Security
Article: Friday Squid Blogging: Squids in Space - published almost 4 years ago.
Content: NASA is sending baby bobtail squid into space. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here. ...
Published: 2021 06 04 20:43:16
Received: 2021 06 06 09:05:17
Feed: Schneier on Security
Source: Schneier on Security
Category: Cyber Security
Topic: Cyber Security
09:05 Friday Squid Blogging: Picking up Squid on the Beach
09:05 AIs and Fake Comments
09:05 New Disk Wiping Malware Targets Israel
09:05 The Story of the 2011 RSA Hack
09:05 The Misaligned Incentives for Cloud Security
09:05 Friday Squid Blogging: Underwater Cameras for Observing Squid
09:05 Security Vulnerability in Apple’s Silicon “M1” Chip
09:05 The DarkSide Ransomware Gang
09:05 Security and Human Behavior (SHB) 2021
09:05 Friday Squid Blogging: Squids in Space
Cyber Tzar Free Score Certificate
Cyber Tzar Free Score Certificate
Cyber Tzar Your Score Explained
Cyber Tzar Your Score Explained
Cyber Tzar Gold Score Certificate
Cyber Tzar Gold Score Certificate
Cyber Tzar Score Analysis
Cyber Tzar Score Analysis
Return to Planet "Home"
Filter applied:
Current page:
Go to "Navigation Help" (page end)
Articles in this collection: 1,428
  • "Home" links back to the front page, effectivly the Planet "Home Page"; shows all articles, with no selections, or groupings.
  • Default date ordering is by "Received Date" (due to not all RSS feeds having a "Published Date").
  • Authors is the most poorly serviced field in the articles we see from cyber security news providers.
  • Only Published Date selections use the articles Published Date (for ordering and grouping).
  • The first page always shows fifty items plus from zero to up to a remaining forty-nine items, before they are commited permently to the next page.
  • All subsequent pages show fifty items.
  • Pagination is in reverse ordering (so that pages are permamenent links, aka "permalinks", to their content).
  • Return to the top of this page "Go Now"

Custom HTML Block

Click to Open Code Editor