China criticizes Twitter and Facebook. Silence expands internationally. A popular Ruby library was backdoored.
China says Twitter and Facebook are restricting its freedom of speech. The Silence criminal gang has expanded internationally. Google, Mozilla, and Apple are blocking the Kazakh government’s root certificate. A popular Ruby library was backdoored after a developer’s account...
Chinese information operations on Twitter and Facebook. iOS jailbreak released. Adult websites leak information.
Twitter and Facebook shut down Chinese information operations. A jailbreak for the latest version of iOS is out. Facebook may have known about the “view as” bug. Vulnerabilities in Google’s Nest cams are patched. Instagram gets a data abuse...
ISIS claims Kabul massacre. Huawei gets a temporary break. Texas governments hit by ransomware. Hy-Vee warns of point-of-sale attack.
ISIS claims responsibility for Kabul massacre. Huawei gets another temporary reprieve. Local governments in Texas sustain ransomware attacks. Georgia hopes to combat cyberattacks with training. Google cuts a data sharing service. Bulletproof VPN services purchase residential IPs. Smartphones could...
Detecting dating profile fraud — Research Saturday
Researchers from King’s College London, University of Bristol, Boston University, and University of Melbourne recently collaborated to publish a report titled, "Automatically Dismantling Online Dating Fraud." The research outlines techniques to analyze and identify fraudulent online dating profiles with...
ECB sustains an intrusion into a third-party-hosted service. Norman quietly mines Monero. MetaMorph appears in a stealthy phishing campaign. Information operations.
The European Central Bank shutters a service due to a hostile intrusion. Norman quietly mines Monero. MetaMorph passes through email security filters. Some Capital One insiders thought they saw trouble brewing. Instagram crowd-sources epistemology. Deep fakes are well and...
Huawei accused of abetting domestic surveillance in Africa. Cyber gangs adapt and evolve. Prosecutors indicate they’ll add charges to “erratic.” Bluetana detects card skimmers.
Huawei accused of aiding government surveillance programs in Zambia and Uganda. Cyber gangs are adapting to law enforcement, and they’ve turned to “big game hunting.” They’re also adapting legitimate tools to criminal purposes. US Federal prosecutors indicate they intend...
Hacking the Czech Foreign Ministry. Microsoft patches new wormable bugs. More controversial human review of AI. Insecure links, exposed databases, and a California vanity plate.
The Czech Senate wants action on what it describes as a foreign state’s cyberattack on the country’s Foreign Ministry. Microsoft warns against the wormable DéjaBlue set of vulnerabilities. More humans found training AI. Insecure airline check-in links. Exposed databases...
UN Security Council looks at North Korean cybercrime. Notes on PsiXBot and BITTER APT. The state of spearphishing. Election security. A final look back at Black Hat and Def Con.
More on the UN Security Council’s report on North Korean state-sponsored cyber crime. PsiXBot evolves. BITTER APT probes Chinese government networks in an apparent espionage campaign. A study looks at the state of spearphishing. It’s not just the three-letter...
A look back at Black Hat and Def Con. Sometimes failures that look like accidents are accidents. Russia wants better content suppression from Google. Notes on intelligence services.
A look back at Black Hat and Def Con, with notes on technology and public policy. Participants urge people to contribute their expertise to policymakers. Power failures in the UK at the end of last week are largely resolved,...
Unpacking the Malvertising Ecosystem — Research Saturday
Researchers at Cisco's Talos Unit recently published research exploring the tactics, technics and procedures of the global malvertising ecosystem. Craig Williams is head of Talos Outreach at Cisco, and he guides us through the life cycle of malicious online...
Voting machine security. Airliner firmware. Attribution and deterrence in cyberwar. Monitoring social media. Broadcom buys Symantec’s enterprise security business. Policing, privacy, and an IoT OS.
Are voting machines too connected for comfort? Airliner firmware security is in dispute. Attribution, deterrence, and the problem of an adversary who doesn’t have much to lose. Monitoring social media for signs of violent extremism. Broadcom will buy Symantec’s...
Hacking in the Gulf region. Vulnerability research into airliner avionics. Phishing and ransomware move to the cloud. EU data responsibilities. US bans five Chinese companies.
Tensions in the Gulf are accompanied by an increase in cyber optempo. A warning about vulnerable airliner avionics. Phishing is moving to the cloud, and so is ransomware. Android’s August patches address important Wi-Fi issues. An EU court decision...
Another speculative execution flaw. LokiBot evolves. APT41 moonlights. Scammers exploit tragedies. Black Hat notes.
A new speculative execution processor flaw is addressed with software mitigations. LokiBot gets more persistent, and it adopts steganography for better obfuscation. The cyber-spies of APT41 seem to be doing some moonlighting. An accused criminal who bribed telco workers...
Fancy Bear is snuffling around corporate IoT devices. Machete takes its cuts at Venezuelan military targets. What Mr. Kim is buying. MegaCortex goes for automation. Vigilantes, misconfigurations, etc.
Fancy Bear is back, and maybe in your office printer. El Machete, a cyber espionage group active at least since 2014, is currently working against the Venezuelan military. A UN report allegedly offers a look at what Mr. Kim...
Ransomware attacks in Mexico and Germany. Wipers in criminal service. Supervising Siri and Alexa. Mass shooters find inspiration and online expression.
A Mexican publisher is hit with an extortion demand. Ransomware increasingly carries a destructive, wiper component: Germany is dealing with a virulent strain right now. Apple and Amazon, after the bad optics of reports that they’re farming out Siri...
Ready or Not, Here Comes FIDO: How to Prepare for Success
Planning and Preparation Are Key to Successfully Adopting FIDO Standards for “Simpler, Stronger Authentication”
read more
Amazon, Microsoft, May be Putting World at Risk of Killer AI, Says Report
Amazon, Microsoft and Intel are among leading tech companies that could spearhead a global AI arms race, according to a report that surveyed major players from the sector about their stance on lethal autonomous weapons.
read more
The Joy of Six… critical security patches: Cisco small biz switches open to hijacking via web UI
Turn it on, download these fixes, crank it up – and rip the KNOB off Cisco has emitted a fresh round of software updates to address security holes in its network switches and controllers.…
New FISMA Report Shows Progress, Gaps in Federal Cybersecurity
No major incidents mixed with continuing gaps in implementation paint an improving, but still muddy, picture of cybersecurity in the federal government.
A botnet has been cannibalizing other hackers’ web shells for more than a year
Neutrino botnet is hijacking servers by taking over other hackers' PHP and Java web shells.
