Paragon: Yet Another Cyberweapons Arms Manufacturer
Forbes has the story:
Paragon’s product will also likely get spyware critics and surveillance experts alike rubbernecking: It claims to give police the power to remotely break into encrypted instant messaging communications, whether that’s WhatsApp, Signal, Facebook Messenger or Gmail,...
The European Space Agency Launches Hackable Satellite
Of course this is hackable:
A sophisticated telecommunications satellite that can be completely repurposed while in space has launched.
Because the satellite can be reprogrammed in orbit, it can respond to changing demands during its lifetime.
The satellite can detect and...
Friday Squid Blogging: Squid Skin Is Naturally Anti-microbial
Often it feels like squid just evolved better than us mammals.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Read my blog posting guidelines here.
I Am Parting With My Crypto Library
The time has come for me to find a new home for my (paper) cryptography library. It’s about 150 linear feet of books, conference proceedings, journals, and monographs — mostly from the 1980s, 1990s, and 2000s.
My preference is that...
Storing Encrypted Photos in Google’s Cloud
New paper: “Encrypted Cloud Photo Storage Using Google Photos“:
Abstract: Cloud photo services are widely used for persistent, convenient, and often free photo storage, which is especially useful for mobile devices. As users store more and more photos in the...
AirDropped Gun Photo Causes Terrorist Scare
A teenager on an airplane sent a photo of a replica gun via AirDrop to everyone who had their settings configured to receive unsolicited photos from strangers. This caused a three-hour delay as the plane — still at the...
De-anonymization Story
This is important:
Monsignor Jeffrey Burrill was general secretary of the US Conference of Catholic Bishops (USCCB), effectively the highest-ranking priest in the US who is not a bishop, before records of Grindr usage obtained from data brokers was correlated...
Hiding Malware in ML Models
Interesting research: “EvilModel: Hiding Malware Inside of Neural Network Models”.
Abstract: Delivering malware covertly and detection-evadingly is critical to advanced malware campaigns. In this paper, we present a method that delivers malware covertly and detection-evadingly through neural network models. Neural...
Disrupting Ransomware by Disrupting Bitcoin
Ransomware isn’t new; the idea dates back to 1986 with the “Brain” computer virus. Now, it’s become the criminal business model of the internet for two reasons. The first is the realization that no one values data more than...
Friday Squid Blogging: The Evolution of Squid
Good video about the evolutionary history of squid.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Read my blog posting guidelines here.
Commercial Location Data Used to Out Priest
A Catholic priest was outed through commercially available surveillance data. Vice has a good analysis:
The news starkly demonstrates not only the inherent power of location data, but how the chance to wield that power has trickled down from corporations...
Nasty Printer Driver Vulnerability
From SentinelLabs, a critical vulnerability in HP printer drivers:
Researchers have released technical details on a high-severity privilege-escalation flaw in HP printer drivers (also used by Samsung and Xerox), which impacts hundreds of millions of Windows machines.
If exploited, cyberattackers could...
NSO Group Hacked
NSO Group, the Israeli cyberweapons arms manufacturer behind the Pegasus spyware — used by authoritarian regimes around the world to spy on dissidents, journalists, human rights workers, and others — was hacked. Or, at least, an enormous trove of...
Candiru: Another Cyberweapons Arms Manufacturer
Citizen Lab has identified yet another Israeli company that sells spyware to governments around the world: Candiru.
From the report:
Summary:
Candiru is a secretive Israel-based company that sells spyware exclusively to governments. Reportedly, their spyware can infect and monitor iPhones, Androids,...
Friday Squid Blogging: Giant Squid Model
Pretty wooden model.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Read my blog posting guidelines here.
Beef up security in Firefox with Fission
Jack Wallen shows you how to enable Fission. Firefox developers understand web browser security is at a premium, so they've rolled out a site isolation feature.
Cybersecurity professionals: Positive reinforcement works wonders with users
The blame game is not working; experts suggest using positive reinforcement to improve employee attitude and performance.
Google Patches High-Risk Android Security Flaws
Google this week pushed out a security-themed Android update with fixes for more than 30 security flaws that expose mobile users to a range of malicious hacker attacks.
The latest Android update provides documentation on 33 security bugs, some serious...
Awful transaction and timing: AT&T finally ditches DirecTV
Enlarge (credit: Getty Images | Ronald Martinez)
AT&T has completed its spinoff of DirecTV after six years of mismanagement in which nearly 10 million customers ditched the company's pay-TV services.
AT&T bought DirecTV for $49 billion ($67 billion including...
Mismanagement Driving Cybersecurity Skills Gap: Research
“To some extent, this data supports the theory that the cybersecurity skills shortage is related to mismanagement rather than a dearth of qualified candidates or advanced skills.”
read more
