Thursday, May 19, 2022
Bruce Schneier

Websites that Collect Your Data as You Type

A surprising number of websites include JavaScript keyloggers that collect everything you type as you type it, not just when you submit a form. Researchers from KU Leuven, Radboud University, and University of Lausanne crawled and analyzed the top 100,000...
Bruce Schneier

iPhone Malware that Operates Even When the Phone Is Turned Off

Researchers have demonstrated iPhone malware that works even when the phone is fully shut down. t turns out that the iPhone’s Bluetooth chip­ — which is key to making features like Find My work­ — has no mechanism for digitally...
Bruce Schneier

Attacks on Managed Service Providers Expected to Increase

CISA, NSA, FBI, and similar organizations in the other Five Eyes countries are warning that attacks on MSPs — as a vector to their customers — are likely to increase. No details about what this prediction is based on....
Bruce Schneier

The NSA Says that There are No Known Flaws in NIST’s Quantum-Resistant Algorithms

Rob Joyce, the director of cybersecurity at the NSA, said so in an interview: The NSA already has classified quantum-resistant algorithms of its own that it developed over many years, said Joyce. But it didn’t enter any of its own...
Bruce Schneier

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I’m speaking on “Securing a World of Physically Capable Computers” at OWASP Belgium’s chapter meeting in Antwerp, Belgium, on May 17, 2022. I’m speaking at Future Summits in...
Bruce Schneier

Friday Squid Blogging: Squidmobile

The Squidmobile. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here.
Bruce Schneier

Surveillance by Driverless Car

This will only get more prevalent: “The SFPD claims it has already obtained evidence from autonomous vehicle cameras.”
Bruce Schneier

ICE Is a Domestic Surveillance Agency

Georgetown has a new report on the highly secretive bulk surveillance activities of ICE in the US: When you think about government surveillance in the United States, you likely think of the National Security Agency or the FBI. You might...
Bruce Schneier

Apple Mail Now Blocks Email Trackers

Apple Mail now blocks email trackers by default. Most email newsletters you get include an invisible “image,” typically a single white pixel, with a unique file name. The server keeps track of every time this “image” is opened and by...
Bruce Schneier

Friday Squid Blogging: Squid Filmed Changing Color for Camouflage Purposes

Video of oval squid (Sepioteuthis lessoniana) changing color in reaction to their background. The research paper claims this is the first time this has been documented. As usual, you can also use this squid post to talk about the security...
Bruce Schneier

Corporate Involvement in International Cybersecurity Treaties

The Paris Call for Trust and Stability in Cyberspace is an initiative launched by French President Emmanuel Macron during the 2018 UNESCO’s Internet Governance Forum. It’s an attempt by the world’s governments to come together and create a set...
Bruce Schneier

15.3 Million Request-Per-Second DDoS Attack

Cloudflare is reporting a large DDoS attack against an unnamed company “operating a crypto launchpad.” While this isn’t the largest application-layer attack we’ve seen, it is the largest we’ve seen over HTTPS. HTTPS DDoS attacks are more expensive in terms...
Bruce Schneier

New Sophisticated Malware

Mandiant is reporting on a new botnet. The group, which security firm Mandiant is calling UNC3524, has spent the past 18 months burrowing into victims’ networks with unusual stealth. In cases where the group is ejected, it wastes no time...
Bruce Schneier

Using Pupil Reflection in Smartphone Camera Selfies

Researchers are using the reflection of the smartphone in the pupils of faces taken as selfies to infer information about how the phone is being used: For now, the research is focusing on six different ways a user can hold...
Bruce Schneier

Friday Squid Blogging: Ten-Foot Long Squid Washed onto Japanese Shore — ALIVE

This is rare: An about 3-meter-long giant squid was found stranded on a beach here on April 20, in what local authorities said was a rare occurrence. At around 10 a.m., a nearby resident spotted the squid at Ugu beach in...
SecurityWeek

Phishers Add Chatbot to the Phishing Lure

Researchers have discovered a new approach being taken by phishers to increase victim engagement and confidence: the addition of an interactive chatbot. We have all become accustomed to the chatbots used by many of the largest service providers –...
SecurityWeek

QuSecure Lauches Quantum-Resilient Encryption Platform

New firm launches to provide the Easy Button for implementing quantum secure encryption The pressure to implement quantum secure encryption is increasing. This isn’t because functioning quantum computers able to crack asymmetric encryption are expected tomorrow, but because of the...
The Register

Iran, China-linked gangs join Putin’s disinformation war online

They're using the invasion 'to take aim at the usual adversaries,' Mandiant told The Reg Pro-Beijing and Iran miscreants are using the war in Ukraine to spread disinformation that supports these countries' political interests — namely, advancing anti-Western narratives...
ZDNet

Cyberattacks and misinformation activity against Ukraine continues say security researchers

Malware and fake news continues, says Mandiant.

6 Scary Tactics Used in Mobile App Attacks

Mobile attacks have been going on for many years, but the threat is rapidly evolving as more sophisticated malware families with novel features enter the scene.