Websites that Collect Your Data as You Type
A surprising number of websites include JavaScript keyloggers that collect everything you type as you type it, not just when you submit a form.
Researchers from KU Leuven, Radboud University, and University of Lausanne crawled and analyzed the top 100,000...
iPhone Malware that Operates Even When the Phone Is Turned Off
Researchers have demonstrated iPhone malware that works even when the phone is fully shut down.
t turns out that the iPhone’s Bluetooth chip — which is key to making features like Find My work — has no mechanism for digitally...
Attacks on Managed Service Providers Expected to Increase
CISA, NSA, FBI, and similar organizations in the other Five Eyes countries are warning that attacks on MSPs — as a vector to their customers — are likely to increase. No details about what this prediction is based on....
The NSA Says that There are No Known Flaws in NIST’s Quantum-Resistant Algorithms
Rob Joyce, the director of cybersecurity at the NSA, said so in an interview:
The NSA already has classified quantum-resistant algorithms of its own that it developed over many years, said Joyce. But it didn’t enter any of its own...
Upcoming Speaking Engagements
This is a current list of where and when I am scheduled to speak:
I’m speaking on “Securing a World of Physically Capable Computers” at OWASP Belgium’s chapter meeting in Antwerp, Belgium, on May 17, 2022.
I’m speaking at Future Summits in...
Friday Squid Blogging: Squidmobile
The Squidmobile.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Read my blog posting guidelines here.
Surveillance by Driverless Car
This will only get more prevalent: “The SFPD claims it has already obtained evidence from autonomous vehicle cameras.”
ICE Is a Domestic Surveillance Agency
Georgetown has a new report on the highly secretive bulk surveillance activities of ICE in the US:
When you think about government surveillance in the United States, you likely think of the National Security Agency or the FBI. You might...
Apple Mail Now Blocks Email Trackers
Apple Mail now blocks email trackers by default.
Most email newsletters you get include an invisible “image,” typically a single white pixel, with a unique file name. The server keeps track of every time this “image” is opened and by...
Friday Squid Blogging: Squid Filmed Changing Color for Camouflage Purposes
Video of oval squid (Sepioteuthis lessoniana) changing color in reaction to their background. The research paper claims this is the first time this has been documented.
As usual, you can also use this squid post to talk about the security...
Corporate Involvement in International Cybersecurity Treaties
The Paris Call for Trust and Stability in Cyberspace is an initiative launched by French President Emmanuel Macron during the 2018 UNESCO’s Internet Governance Forum. It’s an attempt by the world’s governments to come together and create a set...
15.3 Million Request-Per-Second DDoS Attack
Cloudflare is reporting a large DDoS attack against an unnamed company “operating a crypto launchpad.”
While this isn’t the largest application-layer attack we’ve seen, it is the largest we’ve seen over HTTPS. HTTPS DDoS attacks are more expensive in terms...
New Sophisticated Malware
Mandiant is reporting on a new botnet.
The group, which security firm Mandiant is calling UNC3524, has spent the past 18 months burrowing into victims’ networks with unusual stealth. In cases where the group is ejected, it wastes no time...
Using Pupil Reflection in Smartphone Camera Selfies
Researchers are using the reflection of the smartphone in the pupils of faces taken as selfies to infer information about how the phone is being used:
For now, the research is focusing on six different ways a user can hold...
Friday Squid Blogging: Ten-Foot Long Squid Washed onto Japanese Shore — ALIVE
This is rare:
An about 3-meter-long giant squid was found stranded on a beach here on April 20, in what local authorities said was a rare occurrence.
At around 10 a.m., a nearby resident spotted the squid at Ugu beach in...
Phishers Add Chatbot to the Phishing Lure
Researchers have discovered a new approach being taken by phishers to increase victim engagement and confidence: the addition of an interactive chatbot. We have all become accustomed to the chatbots used by many of the largest service providers –...
QuSecure Lauches Quantum-Resilient Encryption Platform
New firm launches to provide the Easy Button for implementing quantum secure encryption
The pressure to implement quantum secure encryption is increasing. This isn’t because functioning quantum computers able to crack asymmetric encryption are expected tomorrow, but because of the...
Iran, China-linked gangs join Putin’s disinformation war online
They're using the invasion 'to take aim at the usual adversaries,' Mandiant told The Reg Pro-Beijing and Iran miscreants are using the war in Ukraine to spread disinformation that supports these countries' political interests — namely, advancing anti-Western narratives...
Cyberattacks and misinformation activity against Ukraine continues say security researchers
Malware and fake news continues, says Mandiant.
6 Scary Tactics Used in Mobile App Attacks
Mobile attacks have been going on for many years, but the threat is rapidly evolving as more sophisticated malware families with novel features enter the scene.
