2980 matches found
On Chinese-Owned Technology Platforms
I am a co-author on a report published by the Hoover Institution: "Chinese Technology Platforms Operating in the United States." From a blog post: The report suggests a comprehensive framework for understanding and assessing the risks posed by Chinese technology platforms in the United States and...
Twelve-Year-Old Vulnerability Found in Windows Defender
Researchers found, and Microsoft has patched, a vulnerability in Windows Defender that has been around for twelve years. There is no evidence that anyone has used the vulnerability during that time. The flaw, discovered by researchers at the security firm SentinelOne, showed up in a driver that...
Dependency Confusion: Another Supply-Chain Vulnerability
Alex Birsan writes about being able to install malware into proprietary corporate software by naming the code files to be identical to internal corporate code files. From a ZDNet article: Today, developers at small or large companies use package managers to download and import libraries that are...
GPS Vulnerabilities
Really good op-ed in the New York Times about how vulnerable the GPS system is to interference, spoofing, and jamming -- and potential alternatives. The 2018 National Defense Authorization Act included funding for the Departments of Defense, Homeland Security and Transportation to jointly conduct...
Friday Squid Blogging: Amazing Video of a Black-Eyed Squid Trying to Eat an Owlfish
From the Monterey Bay Aquarium. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...
Router Security
This report is six months old, and I dont know anything about the organization that produced it, but it has some alarming data about router security. Conclusion: Our analysis showed that Linux is the most used OS running on more than 90% of the devices. However, many routers are powered by very o...
WEIS 2021 Call for Papers
The 20th Annual Workshop on the Economics of Information Security WEIS 2021 will be held online in June. We just published the call for papers...
Virginia Data Privacy Law
Virginia is about to get a data privacy law, modeled on Californias law...
Browser Tracking Using Favicons
Interesting research on persistent web tracking using favicons. For those who dont know, favicons are those tiny icons that appear in browser tabs next to the page name. Abstract: The privacy threats of online tracking have garnered considerable attention in recent years from researchers and...
Malicious Barcode Scanner App
Interesting story about a barcode scanner app that has been pushing malware on to Android phones. The app is called Barcode Scanner. Its been around since 2017 and is owned by the Ukrainian company Lavabird Ldt. But a December 2020 update included some new features: However, a rash of malicious...
US Cyber Command Valentine’s Day Cryptography Puzzles
The US Cyber Command has released a series of ten Valentines Day "Cryptography Challenge Puzzles." Slashdot thread. Reddit thread. And heres the archived link, in case Cyber Command takes the page down...
Deliberately Playing Copyrighted Music to Avoid Being Live-Streamed
Vice is reporting on a new police hack: playing copyrighted music when being filmed by citizens, trying to provoke social media sites into taking the videos down and maybe even banning the filmers: In a separate part of the video, which Devermont says was filmed later that same afternoon, Devermo...
On Vulnerability-Adjacent Vulnerabilities
At the virtual Enigma Conference, Googles Project Zeros Maggie Stone gave a talk about zero-day exploits in the wild. In it, she talked about how often vendors fix vulnerabilities only to have the attackers tweak their exploits to work again. From a MIT Technology Review article: Soon after they...
Chinese Supply-Chain Attack on Computer Systems
Bloomberg News has a major story about the Chinese hacking computer motherboards made by Supermicro, Levono, and others. Its been going on since at least 2008. The US government has known about it for almost as long, and has tried to keep the attack secret: Chinas exploitation of products made by...
Friday Squid Blogging: Flying Squid
How squid fly. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...
Medieval Security Techniques
Sonja Drummer describes with photographs two medieval security techniques. The first is a for authentication: a document has been cut in half with an irregular pattern, so that the two halves can be brought together to prove authenticity. The second is for integrity: hashed lines written above an...
Attack against Florida Water Treatment Facility
A water treatment plant in Oldsmar, Florida, was attacked last Friday. The attacker took control of one of the systems, and increased the amount of sodium hydroxide -- thats lye -- by a factor of 100. This could have been fatal to people living downstream, if an alert operator hadnt noticed the...
Ransomware Profitability
Analyzing cryptocurrency data, a research group has estimated a lower-bound on 2020 ransomware revenue: $350 million, four times more than in 2019. Based on the companys data, among last years top earners, there were groups like Ryuk, Maze now-defunct, Doppelpaymer, Netwalker disrupted by...
Web Credit Card Skimmer Steals Data from Another Credit Card Skimmer
MalwareBytes is reporting a weird software credit card skimmer. It harvests credit card data stolen by another, different skimmer: Even though spotting multiple card skimmer scripts on the same online shop is not unheard of, this one stood out due to its highly specialized nature. "The threat...
SonicWall Zero-Day
Hackers are exploiting a zero-day in SonicWall: In an email, an NCC Group spokeswoman wrote: "Our team has observed signs of an attempted exploitation of a vulnerabilitythat affects the SonicWall SMA 100 series devices. We are working closely with SonicWall to investigate this in more depth." In...
NoxPlayer Android Emulator Supply-Chain Attack
It seems to be the season of sophisticated supply-chain attacks. This one is in the NoxPlayer Android emulator: ESET says that based on evidence its researchers gathered, a threat actor compromised one of the companys official API api.bignox.com and file-hosting servers res06.bignox.com. Using th...
Friday Squid Blogging: Live Giant Squid Found in Japan
A giant squid was found alive in the port of Izumo, Japan. Not a lot of news, just this Twitter thread with a couple of videos. If confirmed, I believe this will be the THIRD time EVER a giant squid was filmed alive! As usual, you can also use this squid post to talk about the security stories in...
Presidential Cybersecurity and Pelotons
President Biden wants his Peloton in the White House. For those who have missed the hype, its an Internet-connected stationary bicycle. It has a screen, a camera, and a microphone. You can take live classes online, work out with your friends, or join the exercise social network. And all of that i...
Another SolarWinds Orion Hack
At the same time the Russians were using a backdoored SolarWinds update to attack networks worldwide, another threat actor -- believed to be Chinese in origin -- was using an already existing vulnerability in Orion to penetrate networks: Two people briefed on the case said FBI investigators...
More SolarWinds News
Microsoft analyzed details of the SolarWinds attack: Microsoft and FireEye only detected the Sunburst or Solorigate malware in December, but Crowdstrike reported this month that another related piece of malware, Sunspot, was deployed in September 2019, at the time hackers breached SolarWinds...
Georgia’s Ballot-Marking Devices
Andrew Appel discusses Georgias voting machines, how the paper ballots facilitated a recount, and the problem with automatic ballot-marking devices: Suppose the polling-place optical scanners had been hacked enough to change the outcome. Then this would have been detected in the audit, and in...
Friday Squid Blogging: Squids Don’t Like Pile-Driving Noises
New research: Pile driving occurs during construction of marine platforms, including offshore windfarms, producing intense sounds that can adversely affect marine animals. We quantified how a commercially and economically important squid Doryteuthis pealeii: Lesueur 1821 responded to pile driving...
Including Hackers in NATO Wargames
This essay makes the point that actual computer hackers would be a useful addition to NATO wargames: The international information security community is filled with smart people who are not in a military structure, many of whom would be excited to pose as independent actors in any upcoming...
New iMessage Security Features
Apple has added added security features to mitigate the risk of zero-click iMessage attacks. Apple did not document the changes but Groß said he fiddled around with the newest iOS 14 and found that Apple shipped a "significant refactoring of iMessage processing" that severely cripples the usual...
Police Have Disrupted the Emotet Botnet
A coordinated effort has captured the command-and-control servers of the Emotet botnet: Emotet establishes a backdoor onto Windows computer systems via automated phishing emails that distribute Word documents compromised with malware. Subjects of emails and documents in Emotet campaigns are...
Dutch Insider Attack on COVID-19 Data
Insider data theft: Dutch police have arrested two individuals on Friday for allegedly selling data from the Dutch health ministrys COVID-19 systems on the criminal underground. … According to Verlaan, the two suspects worked in DDG call centers, where they had access to official Dutch government...
Massive Brazilian Data Breach
I think this is the largest data breach of all time: 220 million people. Lots more stories are in Portuguese...
Insider Attack on Home Surveillance Systems
No one who reads this blog regularly will be surprised: A former employee of prominent home security company ADT has admitted that he hacked into the surveillance feeds of dozens of customer homes, doing so primarily to spy on naked women or to leer at unsuspecting couples while they had sex. …...
Friday Squid Blogging: Vegan Chili Squid
The restaurant chain Wagamama is selling a vegan version of its Chilli Squid side dish made from king oyster mushrooms. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...
SVR Attacks on Microsoft 365
FireEye is reporting the current known tactics that the SVR used to compromise Microsoft 365 cloud data as part of its SolarWinds operation: Mandiant has observed UNC2452 and other threat actors moving laterally to the Microsoft 365 cloud using a combination of four primary techniques: Steal the...
Sophisticated Watering Hole Attack
Googles Project Zero has exposed a sophisticated watering-hole attack targeting both Windows and Android: Some of the exploits were zero-days, meaning they targeted vulnerabilities that at the time were unknown to Google, Microsoft, and most outside researchers both companies have since patched t...
Injecting a Backdoor into SolarWinds Orion
Crowdstrike is reporting on a sophisticated piece of malware that was able to inject malware into the SolarWinds build process: Key Points SUNSPOT is StellarParticles malware used to insert the SUNBURST backdoor into software builds of the SolarWinds Orion IT management product. SUNSPOT monitors...
Friday Squid Blogging: China Launches Six New Squid Jigging Vessels
From Pingtan Marine Enterprise: The 6 large-scale squid jigging vessels are normally operating vessels that returned to China earlier this year from the waters of Southwest Atlantic Ocean for maintenance and repair. These vessels left the port of Mawei on December 17, 2020 and are sailing to the...
Click Here to Kill Everybody Sale
For a limited time, I am selling signed copies of Click Here to Kill Everybody in hardcover for just $6, plus shipping. Note that I have had occasional problems with international shipping. The book just disappears somewhere in the process. At this price, international orders are at the buyers...
Cell Phone Location Privacy
We all know that our cell phones constantly give our location away to our mobile network operators; that’s how they work. A group of researchers has figured out a way to fix that. “Pretty Good Phone Privacy” PGPP protects both user identity and user location using the existing cellular networks. ...
Upcoming Speaking Engagements
This is a current list of where and when I am scheduled to speak: Im speaking online as part of Western Washington Universitys Internet Studies Lecture Series on January 20, 2021. Im speaking online at ITU Denmark on February 2, 2021. Details to come. Im being interviewed by Keith Cronin as part ...
Finding the Location of Telegram Users
Security researcher Ahmed Hassan has shown that spoofing the Androids "People Nearby" feature allows him to pinpoint the physical location of Telegram users: Using readily available software and a rooted Android device, hes able to spoof the location his device reports to Telegram servers. By usi...
On US Capitol Security — By Someone Who Manages Arena-Rock-Concert Security
Smart commentary: …I was floored on Wednesday when, glued to my television, I saw police in some areas of the U.S. Capitol using little more than those same mobile gates I had the ones that look like bike racks that can hook together to try to keep the crowds away from sensitive areas and,...
Cloning Google Titan 2FA keys
This is a clever side-channel attack: The cloning works by using a hot air gun and a scalpel to remove the plastic key casing and expose the NXP A700X chip, which acts as a secure element that stores the cryptographic secrets. Next, an attacker connects the chip to hardware and software that take...
Changes in WhatsApp’s Privacy Policy
If youre a WhatsApp user, pay attention to the changes in the privacy policy that youre being forced to agree with. In 2016, WhatsApp gave users a one-time ability to opt out of having account data turned over to Facebook. Now, an updated privacy policy is changing that. Come next month, users wi...
Friday Squid Blogging: Searching for Giant Squid by Collecting Environmental DNA
The idea is to collect and analyze random DNA floating around the ocean, and using that to figure out where the giant squid are. No one is sure if this will actually work. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blo...
APT Horoscope
This delightful essay matches APT hacker groups up with astrological signs. This is me: Capricorn is renowned for its discipline, skilled navigation, and steadfastness. Just like Capricorn, Helix Kitten also known as APT 35 or OilRig is a skilled navigator of vast online networks, maneuvering...
Russia’s SolarWinds Attack and Software Security
The information that is emerging about Russias extensive cyberintelligence operation against the United States and other countries should be increasingly alarming to the public. The magnitude of the hacking, now believed to have affected more than 250 federal agencies and businesses -- primarily...
Extracting Personal Information from Large Language Models Like GPT-2
Researchers have been able to find all sorts of personal information within GPT-2. This information was part of the training data, and can be extracted with the right sorts of queries. Paper: "Extracting Training Data from Large Language Models." Abstract: It has become common to publish large...
Backdoor in Zyxel Firewalls and Gateways
This is bad: More than 100,000 Zyxel firewalls, VPN gateways, and access point controllers contain a hardcoded admin-level backdoor account that can grant attackers root access to devices via either the SSH interface or the web administration panel. … Installing patches removes the backdoor...