NIST’s Post-Quantum Cryptography Standards
Quantum computing is a completely new paradigm for computers. A quantum computer uses quantum properties such as superposition, which allows a qubit (a quantum bit) to be neither 0 nor 1, but something much more complicated. In theory, such...
Friday Squid Blogging: New Squid Species
Seems like they are being discovered all the time:
In the past, the DEEPEND crew has discovered three new species of Bathyteuthids, a type of squid that lives in depths between 700 and 2,000 meters. The findings were validated and...
SIKE Broken
SIKE is one of the new algorithms that NIST recently added to the post-quantum cryptography competition.
It was just broken, really badly.
We present an efficient key recovery attack on the Supersingular Isogeny Diffie-Hellman protocol (SIDH), based on a “glue-and-split” theorem...
Drone Deliveries into Prisons
Seems it’s now common to sneak contraband into prisons with a drone.
Surveillance of Your Car
TheMarkup has an extensive analysis of connected vehicle data and the companies that are collecting it.
The Markup has identified 37 companies that are part of the rapidly growing connected vehicle data industry that seeks to monetize such data in...
Ring Gives Videos to Police without a Warrant or User Consent
Amazon has revealed that it gives police videos from its Ring doorbells without a warrant and without user consent.
Ring recently revealed how often the answer to that question has been yes. The Amazon company responded to an inquiry from...
Friday Squid Blogging: Evolution of the Vampire Squid
Short article on the evolution of the vampire squid.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Read my blog posting guidelines here.
Microsoft Zero-Days Sold and then Used
Yet another article about cyber-weapons arms manufacturers and their particular supply chain. This one is about Windows and Adobe Reader zero-day exploits sold by an Austrian company named DSIRF.
There’s an entire industry devoted to undermining all of our security....
New UFEI Rootkit
Kaspersky is reporting on a new UFEI rootkit that survives reinstalling the operating system and replacing the hard drive. From an article:
The firmware compromises the UEFI, the low-level and highly opaque chain of firmware required to boot up nearly...
Securing Open-Source Software
Good essay arguing that open-source software is a critical national-security asset and needs to be treated as such:
Open source is at least as important to the economy, public services, and national security as proprietary code, but it lacks the...
Apple’s Lockdown Mode
I haven’t written about Apple’s Lockdown Mode yet, mostly because I haven’t delved into the details. This is how Apple describes it:
Lockdown Mode offers an extreme, optional level of security for the very few users who, because of who...
Friday Squid Blogging: Bathyteuthis berryi Holding Eggs
Image and video of a Bathyteuthis berryi carrying a few hundred eggs, taken at a depth of 4,650 feet.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t...
Critical Vulnerabilities in GPS Trackers
This is a dangerous vulnerability:
An assessment from security firm BitSight found six vulnerabilities in the Micodus MV720, a GPS tracker that sells for about $20 and is widely available. The researchers who performed the assessment believe the same critical...
Russia Creates Malware False-Flag App
The Russian hacking group Turla released an Android app that seems to aid Ukrainian hackers in their attacks against Russian networks. It’s actually malware, and provides information back to the Russians:
The hackers pretended to be a “community of free...
NSO Group’s Pegasus Spyware Used against Thailand Pro-Democracy Activists and Leaders
Yet another basic human rights violation, courtesy of NSO Group: Citizen Lab has the details:
Key Findings
We discovered an extensive espionage campaign targeting Thai pro-democracy protesters, and activists calling for reforms to the monarchy.
We forensically confirmed that at least 30...
Phishers who breached Twilio and fooled Cloudflare could easily get you, too
Enlarge (credit: Getty Images)
At least two security-sensitive companies—Twilio and Cloudflare—were targeted in a phishing attack by an advanced threat actor who had possession of home phone numbers of not...
Microsoft Patch Tuesday, August 2022 Edition
Microsoft today released updates to fix a record 141 security vulnerabilities in its Windows operating systems and related software. Once again, Microsoft is patching a zero-day vulnerability in the Microsoft Support Diagnostics Tool (MSDT), a service built into Windows....
One of 5G's Biggest Features Is a Security Minefield
New research found troubling vulnerabilities in the 5G platforms carriers offer to wrangle embedded device data.
Patch Tuesday: Yet another Microsoft RCE bug under active exploit
Oh, and that critical VMware auth bypass vuln? Miscreants found it, too August Patch Tuesday clicks off the week of hacker summer camp in Las Vegas this year, so it's basically a code cracker's holiday too. …
