How the Silk Road Affair Changed Law Enforcement
The Silk Road was the first modern dark web marketplace, an online place for anonymously buying and selling illegal products and services using Bitcoin.
Ross Ulbricht created The Silk Road in 2011 and operated it until 2013 when the FBI...
Data Privacy: How the Growing Field of Regulations Impacts Businesses
The recent proposed rules over artificial intelligence (AI) in the European Union (EU) are a harbinger of things to come. Data privacy laws are becoming more complex and growing in number and relevance. So, businesses that seek to become...
Why Zero Trust Works When Everything Else Doesn’t
The zero trust security model is proving to be one of the most effective cybersecurity approaches ever conceived.
Zero trust — also called zero trust architecture (ZTA), zero trust network architecture (ZTNA) and perimeter-less security — takes a “default deny”...
5 Golden Rules of Threat Hunting
When a breach is uncovered, the operational cadence includes threat detection, quarantine and termination. While all stages can occur within the first hour of discovery, in some cases, that’s already too late.
Security operations center (SOC) teams monitor and hunt...
Third-Party App Stores Could Be a Red Flag for iOS Security
Even Apple can’t escape change forever.
The famously restrictive company will allow third-party app stores for iOS devices, along with allowing users to “sideload” software directly. Spurring the move is the European Union’s (EU) Digital Markets Act (DMA), which looks...
Defensive Driving: The Need for EV Cybersecurity Roadmaps
As the U.S. looks to bolster electric vehicle (EV) adoption, a new challenge is on the horizon: cybersecurity.
Given the interconnected nature of these vehicles and their reliance on local power grids, they’re not just an alternative option for getting...
Kronos Malware Reemerges with Increased Functionality
The Evolution of Kronos Malware
The Kronos malware is believed to have originated from the leaked source code of the Zeus malware, which was sold on the Russian underground in 2011. Kronos continued to evolve and a new variant of...
Who Will Be the Next National Cyber Director?
After Congress approved his nomination in 2021, Chris Inglis served as the first-ever National Cyber Director for the White House. Now, he plans to retire. So who’s next?
As of this writing in January of 2023, there remains uncertainty around...
Too Much Caffeine? Phishing-as-a-Service Makes Us Jittery
Recently, investigators at Mandiant discovered a new software platform with an intuitive interface. The service has tools to orchestrate and automate core campaign elements. Some of the platform’s features enable self-service customization and campaign tracking.
Sounds like a typical Software-as-a-Service...
Everyone Wants to Build a Cyber Range: Should You?
In the last few years, IBM X-Force has seen an unprecedented increase in requests to build cyber ranges. By cyber ranges, we mean facilities or online spaces that enable team training and exercises of cyberattack responses. Companies understand the...
An IBM Hacker Breaks Down High-Profile Attacks
On September 19, 2022, an 18-year-old cyberattacker known as “teapotuberhacker” (aka TeaPot) allegedly breached the Slack messages of game developer Rockstar Games. Using this access, they pilfered over 90 videos of the upcoming Grand Theft Auto VI game. They...
Log4j Forever Changed What (Some) Cyber Pros Think About OSS
In late 2021, the Apache Software Foundation disclosed a vulnerability that set off a panic across the global tech industry. The bug, known as Log4Shell, was found in the ubiquitous open-source logging library Log4j, and it exposed a huge...
Dissecting and Exploiting TCP/IP RCE Vulnerability “EvilESP”
September’s Patch Tuesday unveiled a critical remote vulnerability in tcpip.sys, CVE-2022-34718. The advisory from Microsoft reads: “An unauthenticated attacker could send a specially crafted IPv6 packet to a Windows node where IPsec is enabled, which could enable a remote...
How Much is the U.S. Investing in Cyber (And is it Enough)?
It’s no secret that cyberattacks in the U.S. are increasing in frequency and sophistication. Since cyber crime impacts millions of businesses and individuals, many look to the government to see what it’s doing to anticipate, prevent and deal with...
Synthetic Media Creates New Social Engineering Threats
Social engineering attacks have challenged cybersecurity for years. No matter how strong your digital security, authorized human users can always be manipulated into opening the door for a clever cyber attacker.
Social engineering typically involves tricking an authorized user into...
GitHub says hackers cloned code-signing certificates in breached repository
Enlarge
GitHub said unknown intruders gained unauthorized access to some of its code repositories and stole code-signing certificates for two of its desktop applications: Desktop and Atom.
Code-signing certificates place...
QNAP addresses a critical flaw impacting its NAS devices
Taiwanese vendor QNAP is warning customers to install QTS and QuTS firmware updates to address a critical flaw impacting its NAS devices.
QNAP released QTS and QuTS firmware updates to address a critical vulnerability, tracked as CVE-2022-27596 (CVSS v3 score: 9.8), that...
Chromebook SH1MMER exploit promises admin jailbreak
Schools' laptops are out if this one gets around, but beware bricking Users of enterprise-managed Chromebooks now, for better or worse, have a way to break the shackles of administrative control through an exploit called SHI1MMER.…
MusicLM: Google AI generates music in various genres at 24 kHz
Enlarge / An AI-generated image of an exploding ball of music. (credit: Ars Technica)
On Thursday, researchers from Google announced a new generative AI model called MusicLM that can create...
Russia's Sandworm APT Launches Swarm of Wiper Attacks in Ukraine
The incidents are the latest indication of the growing popularity of dangerous disk wipers, created to disrupt and degrade critical infrastructure and other organizations.
