Saturday, December 5, 2020
Bruce Schneier

Friday Squid Blogging: Bigfin Squid Found in Australian Waters

A bigfin squid has been found — and filmed — in Australian waters for the first time. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my...
Bruce Schneier

The 2020 Workshop on Economics and Information Security (WEIS)

The workshop on Economics and Information Security is always an interesting conference. This year, it will be online. Here’s the program. Registration is free.
Bruce Schneier

Enigma Machine Recovered from the Baltic Sea

Neat story: German divers searching the Baltic Sea for discarded fishing nets have stumbled upon a rare Enigma cipher machine used by the Nazi military during World War Two which they believe was thrown overboard from a scuttled submarine. Thinking they...
Bruce Schneier

Open Source Does Not Equal Secure

Way back in 1999, I wrote about open-source software: First, simply publishing the code does not automatically mean that people will examine it for security flaws. Security researchers are fickle and busy people. They do not have the time to...
Bruce Schneier

Impressive iPhone Exploit

This is a scarily impressive vulnerability: Earlier this year, Apple patched one of the most breathtaking iPhone vulnerabilities ever: a memory corruption bug in the iOS kernel that gave attackers remote access to the entire device­ — over Wi-Fi, with...
Bruce Schneier

Manipulating Systems Using Remote Lasers

Many systems are vulnerable: Researchers at the time said that they were able to launch inaudible commands by shining lasers — from as far as 360 feet — at the microphones on various popular voice assistants, including Amazon Alexa,...
Bruce Schneier

Check Washing

I can’t believe that check washing is still a thing: “Check washing” is a practice where thieves break into mailboxes (or otherwise steal mail), find envelopes with checks, then use special solvents to remove the information on that check (except...
Bruce Schneier

Friday Squid Blogging: Diplomoceras Maximum

Diplomoceras maximum is an ancient squid-like creature. It lived about 68 million years ago, looked kind of like a giant paperclip, and may have had a lifespan of 200 years. As usual, you can also use this squid post to...
Bruce Schneier

Undermining Democracy

Last Thursday, Rudy Giuliani, a Trump campaign lawyer, alleged a widespread voting conspiracy involving Venezuela, Cuba, and China. Another lawyer, Sidney Powell, argued that Mr. Trump won in a landslide, the entire election in swing states should be overturned...
Bruce Schneier

Cyber Public Health

In a lecture, Adam Shostack makes the case for a discipline of cyber public health. It would relate to cybersecurity in a similar way that public health relates to medicine.
Bruce Schneier

On That Dusseldorf Hospital Ransomware Attack and the Resultant Death

Wired has a detailed story about the ransomware attack on a Dusseldorf hospital, the one that resulted in an ambulance being redirected to a more distant hospital and the patient dying. The police wanted to prosecute the ransomware attackers...
Bruce Schneier

More on the Security of the 2020 US Election

Last week I signed on to two joint letters about the security of the 2020 election. The first was as one of 59 election security experts, basically saying that while the election seems to have been both secure and...
Bruce Schneier

Indistinguishability Obfuscation

Quanta magazine recently published a breathless article on indistinguishability obfuscation — calling it the “‘crown jewel’ of cryptography” — and saying that it had finally been achieved, based on a recently published paper. I want to add some caveats...
Bruce Schneier

Friday Squid Blogging: Ram’s Horn Squid Video

This is the first video footage of a ram’s horn squid (Spirula spirula) . As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines...
Bruce Schneier

Symantec Reports on Cicada APT Attacks against Japan

Symantec is reporting on an APT group linked to China, named Cicada. They have been attacking organizations in Japan and elsewhere. Cicada has historically been known to target Japan-linked organizations, and has also targeted MSPs in the past. The group...

Top 20 Predictions Of How AI Is Going To Improve Cybersecurity In 2021

What 20 Leading Cybersecurity Experts Are Predicting For 2021
SecurityWeek

Italy Says Two Arrested for Defense Data Theft

Two people have been arrested for stealing defense data from the Italian aerospace and electronics group Leonardo, the interior ministry said on Saturday. The company has a wide range of activities from naval electronics, network and protection systems, electronic warfare...

The US Used the Patriot Act to Justify Logging Website Users

Plus: Better Twitter two-factor, a Spotify hack, and more of the week’s top security news.
ZDNet

Ransomware hits helicopter maker Kopter

Data from Kopter's internal network has been published on the LockBit gang's blog, hosted on the dark web.
ZDNet

Ransomware gangs are now cold-calling victims if they restore from backups without paying

Tactic used since August by ransomware gangs like Sekhmet, Maze, Conti, and Ryuk.