What happened in Vegas (that you actually want to know about)

Welcome to this week's edition of the Threat Source newsletter. Last week I flew 5,000 miles to Las Vegas for Black Hat USA. After navigating the casino carpet labyrinth and finding the only venue in Nevada that serves a proper English breakfast tea with milk lifesaver, I've decided Black Hat fee...

Deepseek: Why it Matters and What the Press Got Wrong

...

Is Cybersecurity Awareness Month Anything More Than PR?

Cybersecurity Awareness Month has been going on since 2004. This year, Cybersecurity Awareness Month urged the public, professionals, and industry partners to "see themselves in cyber" in the following ways: 1. The public, by taking action to stay safe online. 2. Professionals, by joining the cyb...

Millions of Java Apps Remain Vulnerable to Log4Shell

Four months after the discovery of the zero-day Log4Shell critical flaw, millions of Java applications still remain vulnerable to compromise, researchers have found. Rezilion expected that due to the “massive amount of media coverage” the bug unsurprisingly received, the majority of applications...

Trojans, Backdoors and Droppers: The Most-Analyzed Malware

Trojans, backdoors and droppers, oh my: These are the top three malware types being analyzed by threat intelligence teams, according to statistics out on Thursday. According to anonymized statistics from requests to the Kaspersky Threat Intelligence Portal, almost three quarters 72 percent of the...

Social Engineering Based on Stimulus Bill and COVID-19 Financial Compensation Schemes Expected to Grow in Coming Weeks

Given the community interest and media coverage surrounding the economic stimulus bill currently being considered by the United States House of Representatives, we anticipate attackers will increasingly leverage lures tailored to the new stimulus bill and related recovery efforts such as stimulus...

Reference: TaoSecurity Press

I started appearing in media reports in 2000. I used to provide this information on my Web site, but since I don't keep that page up-to-date anymore, I decided to publish it here. As of 2017, Mr. Bejtlich generally declines press inquiries on cybersecurity matters, including those on background...

Click Here to Kill Everybody Reviews and Press Mentions

It's impossible to know all the details, but my latest book seems to be selling well. Initial reviews have been really positive: Boing Boing, Financial Times, Harris Online, Kirkus Reviews, Nature, Politico, and Virus Bulletin. I've also done a bunch of interviews -- either written or radio/podca...

Synaptics Says Claims of a Keylogger in HP Laptops are False

Synaptics said reports that claim hundreds of HP laptops contain a secret keylogger made by the company are inaccurate. In a statement released Wednesday, the company said its software was being mischaracterized as a keylogger. It also said it would remove the debugging component from production...

Vulnerability Quadrants

Hi everyone! Today I would like talk about software vulnerabilities. How to find really interesting vulnerabilities in the overall CVE flow. And how to do it automatically. First of all, let's talk why we may ever need to analyze software vulnerabilities? How people usually do their Vulnerability...

Ransomware Activity Spikes in March, Steadily increasing throughout 2016

UPDATE June 15, 2016: This post has been updated to include new data on ransomware activity, which is also now broken down by region. Cyber extortion for financial gain is typically carried out in one of two ways. The first method is a business disruption attack – a category we discussed at lengt...

Anonymous Clarifies Its Identity and Mission in Recent Statement

On December 10, 2010, Anonymous released a press statement to clarify its identity and objectives. Who is Anonymous? Anonymous, often misunderstood, is not a conventional group. Instead, it is an internet gathering without formal structure. Both Anonymous and the media acknowledge the perceived...

[Full-disclosure] Fun with wireless cards...

Lorenzo's Kernel Fun project: http://kernelfun.blogspot.com/ The Metasploit 3 exploit module: http://metasploit.com/svn/framework3/trunk/modules/auxiliary/dos/wireless/daringphucball.rb Media coverage so far: http://www.securityfocus.com/brief/344...