Mysterious Macintosh Malware
This is weird:
Once an hour, infected Macs check a control server to see if there are any new commands the malware should run or binaries to execute. So far, however, researchers have yet to observe delivery of any payload...
National Security Risks of Late-Stage Capitalism
Early in 2020, cyberspace attackers apparently working for the Russian government compromised a piece of widely used network management software made by a company called SolarWinds. The hack gave the attackers access to the computer networks of some 18,000...
Friday Squid Blogging: Far Side Cartoon
The Far Side on squid.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Read my blog posting guidelines here.
The Problem with Treating Data as a Commodity
Excellent Brookings paper: “Why data ownership is the wrong approach to protecting privacy.”
From the introduction:
Treating data like it is property fails to recognize either the value that varieties of personal information serve or the abiding interest that individuals have...
On Chinese-Owned Technology Platforms
I am a co-author on a report published by the Hoover Institution: “Chinese Technology Platforms Operating in the United States.” From a blog post:
The report suggests a comprehensive framework for understanding and assessing the risks posed by Chinese technology...
Twelve-Year-Old Vulnerability Found in Windows Defender
Researchers found, and Microsoft has patched, a vulnerability in Windows Defender that has been around for twelve years. There is no evidence that anyone has used the vulnerability during that time.
The flaw, discovered by researchers at the security firm...
Dependency Confusion: Another Supply-Chain Vulnerability
Alex Birsan writes about being able to install malware into proprietary corporate software by naming the code files to be identical to internal corporate code files. From a ZDNet article:
Today, developers at small or large companies use package managers...
GPS Vulnerabilities
Really good op-ed in the New York Times about how vulnerable the GPS system is to interference, spoofing, and jamming — and potential alternatives.
The 2018 National Defense Authorization Act included funding for the Departments of Defense, Homeland Security and...
Friday Squid Blogging: Amazing Video of a Black-Eyed Squid Trying to Eat an Owlfish
From the Monterey Bay Aquarium.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Read my blog posting guidelines here.
Router Security
This report is six months old, and I don’t know anything about the organization that produced it, but it has some alarming data about router security.
Conclusion: Our analysis showed that Linux is the most used OS running on more...
WEIS 2021 Call for Papers
The 20th Annual Workshop on the Economics of Information Security (WEIS 2021) will be held online in June. We just published the call for papers.
Virginia Data Privacy Law
Virginia is about to get a data privacy law, modeled on California’s law.
Browser Tracking Using Favicons
Interesting research on persistent web tracking using favicons. (For those who don’t know, favicons are those tiny icons that appear in browser tabs next to the page name.)
Abstract: The privacy threats of online tracking have garnered considerable attention in...
Malicious Barcode Scanner App
Interesting story about a barcode scanner app that has been pushing malware on to Android phones. The app is called Barcode Scanner. It’s been around since 2017 and is owned by the Ukrainian company Lavabird Ldt. But a December...
US Cyber Command Valentine’s Day Cryptography Puzzles
The US Cyber Command has released a series of ten Valentine’s Day “Cryptography Challenge Puzzles.”
Slashdot thread. Reddit thread. (And here’s the archived link, in case Cyber Command takes the page down.)
Quarter of Healthcare Apps Contain High Severity Bugs
Quarter of Healthcare Apps Contain High Severity Bugs A quarter (25%) of healthcare apps contain high severity flaws, but healthcare organizations (HCOs) are relatively quick to fix them, according to new data from Veracode.
The security vendor broke out sector-specific...
Kaspersky to Co-Chair Working Group of the Paris Call
Kaspersky to Co-Chair Working Group of the Paris Call Kaspersky has announced it is partnering with Cigref to co-chair the Working Group 6 (WGF) as part of the Paris Call for Trust and Security in Cyberspace initiative. The group...
‘Clear and Present Danger’: Why Cybersecurity Risk Management Needs to Keep Evolving
The phrase ‘future-proof’ is seductive. We want to believe technology prepares us for the future. But with threat actors and developers in an arms race to breach and protect, cybersecurity risk — and cybersecurity risk management — are always...
Microsoft's Dream of Decentralized IDs Enters the Real World
The company will launch a public preview of its identification platform this spring—and has already tested it at the UK's National Health Service.
Search crimes – how the Gootkit gang poisons Google searches
When a search result looks too good to be true - it IS too good to be true!
