2979 matches found
ZuoRAT Malware Is Targeting Routers
Wired is reporting on a new remote-access Trojan that is able to infect at least eighty different targets: So far, researchers from Lumen Technologies Black Lotus Labs say theyve identified at least 80 targets infected by the stealthy malware, including routers made by Cisco, Netgear, Asus, and...
M1 Chip Vulnerability
This is a new vulnerability against Apples M1 chip. Researchers say that it is unpatchable. Researchers from MIT’s Computer Science and Artificial Intelligence Laboratory, however, have created a novel hardware attack, which combines memory corruption and speculative execution attacks to sidestep...
Friday Squid Blogging: More on the “Mind Boggling” Squid Genome
Octopus and squid genes are weird. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...
Friday Squid Blogging: Squid Bites Diver
I agree; the diver deserved it. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...
Surveillance by Driverless Car
San Francisco police are using autonomous vehicles as mobile surveillance cameras. Privacy advocates say the revelation that police are actively using AV footage is cause for alarm. “This is very concerning,” Electronic Frontier Foundation EFF senior staff attorney Adam Schwartz told Motherboard...
Apple Mail Now Blocks Email Trackers
Apple Mail now blocks email trackers by default. Most email newsletters you get include an invisible "image," typically a single white pixel, with a unique file name. The server keeps track of every time this "image" is opened and by which IP address. This quirk of internet history means that...
New Sophisticated Malware
Mandiant is reporting on a new botnet. The group, which security firm Mandiant is calling UNC3524, has spent the past 18 months burrowing into victims networks with unusual stealth. In cases where the group is ejected, it wastes no time reinfecting the victim environment and picking up where thin...
Upcoming Speaking Engagements
This is a current list of where and when I am scheduled to speak: I’m speaking at Future Summits in Antwerp, Belgium, on May 18, 2022. I’m speaking at IT-S Now 2022 in Vienna, Austria, on June 2, 2022. I’m speaking at the 14th International Conference on Cyber Conflict, CyCon 2022, in Tallinn,...
US Disrupts Russian Botnet
The Justice Department announced the disruption of a Russian GRU-controlled botnet: The Justice Department today announced a court-authorized operation, conducted in March 2022, to disrupt a two-tiered global botnet of thousands of infected network hardware devices under the control of a threat...
Friday Squid Blogging: Unexpectedly Low Squid Population in the Arctic
Research: Abstract: The retreating ice cover of the Central Arctic Ocean CAO fuels speculations on future fisheries. However, very little is known about the existence of harvestable fish stocks in this 3.3 million–square kilometer ecosystem around the North Pole. Crossing the Eurasian Basin, we...
NASA’s Insider Threat Program
The Office of Inspector General has audited NASAs insider threat program: While NASA has a fully operational insider threat program for its classified systems, the vast majority of the Agencys information technology IT systems -- including many containing high-value assets or critical...
Leak of Russian Censorship Data
The transparency organization Distributed Denial of Secrets has released 800GB of data from Roskomnadzor, the Russian government censorship organization. Specifically, Distributed Denial of Secrets says the data comes from the Roskomnadzor of the Republic of Bashkortostan. The Republic of...
Insurance Coverage for NotPetya Losses
Tarah Wheeler and Josephine Wolff analyze a recent court decision that the NotPetya attacks are not considered an act of war under the wording of Mercks insurance policy, and that the insurers must pay the $1B+ claim. Wheeler and Wolff argue that the judge "did the right thing for the wrong...
Merck Wins Insurance Lawsuit re NotPetya Attack
The insurance company Ace American has to pay for the losses: On 6th December 2021, the New Jersey Superior Court granted partial summary judgment attached in favour of Merck and International Indemnity, declaring that the War or Hostile Acts exclusion was inapplicable to the dispute. Merck...
Friday Squid Blogging: Piglet Squid
Nice article on the piglet squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...
UK Government to Launch PR Campaign Undermining End-to-End Encryption
Rolling Stone is reporting that the UK government has hired the M&C Saatchi advertising agency to launch an anti-encryption advertising campaign. Presumably theyll lean heavily on the "think of the children!" rhetoric were seeing in this current wave of the crypto wars. The technical eavesdroppin...
Faking an iPhone Reboot
Researchers have figured how how to intercept and fake an iPhone reboot: Well dissect the iOS system and show how its possible to alter a shutdown event, tricking a user that got infected into thinking that the phone has been powered off, but in fact, its still running. The "NoReboot" approach...
New German Government is Pro-Encryption and Anti-Backdoors
I hope this is true: According to Jens Zimmermann, the German coalition negotiations had made it "quite clear" that the incoming government of the Social Democrats SPD, the Greens and the business-friendly liberal FDP would reject "the weakening of encryption, which is being attempted under the...
More Russian SVR Supply-Chain Attacks
Microsoft is reporting that the same attacker that was behind the SolarWinds breach -- the Russian SVR, which Microsoft is calling Nobelium -- is continuing with similar supply-chain attacks: Nobelium has been attempting to replicate the approach it has used in past attacks by targeting...
More on NIST’s Post-Quantum Cryptography
Back in July, NIST selected third-round algorithms for its post-quantum cryptography standard. Recently, Daniel Apon of NIST gave a talk detailing the selection criteria. Interesting stuff. NOTE: Were in the process of moving this blog to WordPress. Comments will be disabled until the move is...
Schneier.com is Moving
Im switching my website software from Movable Type to WordPress, and moving to a new host. The migration is expected to last from approximately 3 AM EST Monday until 4 PM EST Tuesday. The site will still be visible during that time, but comments will be disabled. This is to prevent any new commen...
Friday Squid Blogging: Morning Squid
Asa ika means "morning squid" in Japanese. As usual, you can also use this squid post to talk about the security stories in the news that I havent covered. Read my blog posting guidelines here...
Measuring the Rationality of Security Decisions
Interesting research: "Dancing Pigs or Externalities? Measuring the Rationality of Security Decisions": Abstract: Accurately modeling human decision-making in security is critical to thinking about when, why, and how to recommend that users adopt certain secure behaviors. In this work, we conduct...
Google Employees Use a Physical Token as Their Second Authentication Factor
Krebs on Security is reporting that all 85,000 Google employees use two-factor authentication with a physical token. A Google spokesperson said Security Keys now form the basis of all account access at Google. "We have had no reported or confirmed account takeovers since implementing security key...
Friday Squid Blogging: Kraken Pie
Pretty, but contains no actual squid ingredients. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...
Friday Squid Blogging: Gonatus Squid Eating a Dragonfish
There's a video: Last July, Choy was on a ship off the shore of Monterey Bay, looking at the video footage transmitted by an ROV many feet below. A Gonatus squid was spotted sucking off the face of a "really huge dragonfish," she says. "It took a little while to figure out what's going on here,...
Uber Drivers Hacking the System to Cause Surge Pricing
Interesting story about Uber drivers who have figured out how to game the company's algorithms to cause surge pricing: According to the study. drivers manipulate Uber's algorithm by logging out of the app at the same time, making it think that there is a shortage of cars. ... The study said drive...
NSA Insider Security Post-Snowden
According to a recently declassified report obtained under FOIA, the NSA's attempts to protect itself against insider attacks aren't going very well: The N.S.A. failed to consistently lock racks of servers storing highly classified data and to secure data center machine rooms, according to the...
Advances in Ad Blocking
Ad blockers represent the largest consumer boycott in human history. They're also an arms race between the blockers and the blocker blockers. This article discusses a new ad-blocking technology that represents another advance in this arms race. I don't think it will "put an end to the ad-blocking...
AI and Liability
Earlier this month, a German court ruled that Google is liable for its AI search summaries. Rejecting defenses like "users can check for themselves," and that they generally know "that information generated with AI should not be blindly trusted," the court held that the AI's summaries are...
Friday Squid Blogging: Victims of Unregulated Squid Fishing
Dolphins, sharks, turtles, and human workers are all victims of unregulated squid fishing fleets. Another news article. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Blog moderation policy...
Enhanced License Plate Tracking
The surveillance company Leonardo wants more data: A surveillance company plans to add sensors to automatic license plate readers ALPRs that would mean the devices, as well as capture the license plate of passing vehicles, would also sweep up unique identifiers of mobile phones, wearables, and...
Anthropic’s Project Glasswing Update
In April, Anthropic initated Project Glasswing. The idea was to let companies use their new model to find and fix vulnerabilities in their own software. It was a fantastic PR move, and so many press outlets have uncritically parroted Anthropic's claims that it's now common wisdom that Mythos is...
AI Used to Decrypt Medieval Ciphers
Researchers are using machine learning algorithms to decrypt historical pencil-and-paper ciphers...
Bypassing On-Camera Age-Verification Checks
Some AI-based video age-verification checks can be fooled with a fake mustache...
DarkSword Malware
DarkSword is a sophisticated piece of malware--probably government designed--that targets iOS. Google Threat Intelligence Group GTIG has identified a new iOS full-chain exploit that leveraged multiple zero-day vulnerabilities to fully compromise devices. Based on toolmarks in recovered payloads, ...
Hacking Polymarket
Polymarket is a platform where people can bet on real-world events, political and otherwise. Leaving the ethical considerations of this aside for one, it facilitates assassination, one of the issues with making this work is the verification of these real-world events. Polymarket gamblers have...
Claude Mythos Has Found 271 Zero-Days in Firefox
That's a lot. No, it's an extraordinary number: Since February, the Firefox team has been working around the clock using frontier AI models to find and fix latent security vulnerabilities in the browser. We wrote previously about our collaboration with Anthropic to scan Firefox with Opus 4.6, whi...
Is “Hackback” Official US Cybersecurity Strategy?
The 2026 US "Cyber Strategy for America" document is mostly the same thing we've seen out of the White House for over a decade, but with a more aggressive tone. But one sentence stood out: "We will unleash the private sector by creating incentives to identify and disrupt adversary networks and...
Hacking a Robot Vacuum
Someone tries to remote control his own DJI Romo vacuum, and ends up controlling 7,000 of them from all around the world. The IoT is horribly insecure, but we already knew that...
AI Found Twelve New Vulnerabilities in OpenSSL
The title of the post is"What AI Security Research Looks Like When It Works," and I agree: In the latest OpenSSL security release on January 27, 2026, twelve new zero-day vulnerabilities meaning unknown to the maintainers at time of disclosure were announced. Our AI system is responsible for the...
Microsoft SharePoint Zero-Day
Chinese hackers are exploiting a high-severity vulnerability in Microsoft SharePoint to steal data worldwide: The vulnerability, tracked as CVE-2025-53770, carries a severity rating of 9.8 out of a possible 10. It gives unauthenticated remote access to SharePoint Servers exposed to the Internet...
Signal Blocks Windows Recall
This article gives a good rundown of the security risks of Windows Recall, and the repurposed copyright protection took that Signal used to block the AI feature from scraping Signal data...
Friday Squid Blogging: Pet Squid Simulation
From Hackaday.com, this is a neural network simulation of a pet squid. Autonomous Behavior: The squid moves autonomously, making decisions based on his current state hunger, sleepiness, etc.. Implements a vision cone for food detection, simulating realistic foraging behavior. Neural network can...
Florida Backdoor Bill Fails
A Florida bill requiring encryption backdoors failed to pass...
New Linux Rootkit
Interesting: The company has released a working rootkit called "Curing" that uses iouring, a feature built into the Linux kernel, to stealthily perform malicious activities without being caught by many of the detection solutions currently on the market. At the heart of the issue is the heavy...
Friday Squid Blogging: Two-Man Giant Squid
The Brooklyn indie art-punk group, Two-Man Giant Squid, just released a new album. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered...
Web 3.0 Requires Data Integrity
If you've ever taken a computer security class, you've probably learned about the three legs of computer security--confidentiality, integrity, and availability--known as the CIA triad. When we talk about a system being secure, that's what we're referring to. All are important, but to different...
The Signal Chat Leak and the NSA
US National Security Advisor Mike Waltz, who started the now-infamous group chat coordinating a US attack against the Yemen-based Houthis on March 15, is seemingly now suggesting that the secure messaging service Signal has security vulnerabilities. "I didn't see this loser in the group," Waltz...
Friday Squid Blogging: Squid Werewolf Hacking Group
In another rare squid/cybersecurity intersection, APT37 is also known as "Squid Werewolf." As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered...