2016, Accountability, Encryption and Surveillance

Snowden Ten Years Later

Schneier on Security

JUNE 6, 2023

In 2013 and 2014, I wrote extensively about new revelations regarding NSA surveillance based on the documents provided by Edward Snowden. Chatting with Snowden on an encrypted IM connection, I joked that the NSA cafeteria menu probably has code names for menu items. Transferring files electronically is what encryption is for.

Surveillance

Surveillance Computers and Electronics Encryption Government

Cross-Border Data Privacy and Security Concerns in the Dawn of Quantum Computing

Thales Cloud Protection & Licensing

DECEMBER 22, 2020

New EU restrictions could force companies to change data transfer practices and adopt more advanced data encryption methods. Beyond this we also have Payment Card Industry (PCI) standards, Health Insurance Portability and Accountability Act (HIPAA), the California Data Privacy Act (CCPA) and much more. Tue, 12/22/2020 - 10:08.

Data privacy

Data privacy Encryption Risk Digital transformation

Zoom Settles with FTC over Allegations of Deceptive Security Practices

Hot for Security

FEBRUARY 2, 2021

One major allegation brought forth by the FTC is that, since at least 2016, Zoom misled users by claiming it offered ‘end-to-end, 256-bit encryption’ when in fact it provided a lower level of security. Alleged negligence and deception towards end users.

Encryption

Encryption Consumer Protection Surveillance Data breaches

MY TAKE: Why consumers are destined to play a big role in securing the Internet of Things

The Last Watchdog

MARCH 13, 2019

Mirai and Reaper are examples of a new generation of IoT botnets comprised of millions of infected home routers and surveillance cams. Nor has anyone accepted accountability for encrypting any of the fresh flows of data, whether in transit or at rest. But companies and agencies need to do much more to get ahead of the problem.

Internet

Internet Internet IoT Energy and Utilities

Bouncing Golf cyberespionage campaign targets Android users in Middle East

Security Affairs

JUNE 19, 2019

The researchers speculate on a possible connection to Domestic Kitten espionage activities, an extensive surveillance operation conducted by Iranian APT actor aimed at specific groups of individuals since 2016. The attackers appear to be focused o n stealing military-related information.

Mobile

Mobile Malware Advertising Encryption

Pegasus?—?The Humanitarian Costs of Insecure Code

Security Boulevard

SEPTEMBER 30, 2021

Access encrypted chats from third-party apps. Pegasus is the creation of the NSO Group , an Israeli firm that licenses it to governments to perform surveillance. Media outlets first reported the existence of the spyware in 2016. Pegasus is deployed to directly monitor the individual, not steal their account privileges.

Spyware

Spyware Government Surveillance Mobile

Pegasus spyware has been here for years. We must stop ignoring it

Malwarebytes

JULY 22, 2021

And between 2016 and 2018, more than 1,000 IP addresses were found to be associated with it. Hulio told The Washington Post that his company had terminated the contracts of two customers because of allegations of human rights abuses, but, according to the paper, he refused to disclose which accounts were closed.

Spyware

Spyware Surveillance Mobile Government

Here’s what data the FBI can get from WhatsApp, iMessage, Signal, Telegram, and more

Malwarebytes

DECEMBER 1, 2021

A recently disclosed FBI training document shows how much access to the content of encrypted messages from secure messaging services US law enforcement can gain and what they can learn about your usage of the apps. All of them are messaging apps that promise end-to-end encryption for their users.

Encryption

Encryption Computers and Electronics Backups Accountability

CISSPs from Around the Globe: An Interview with James Wright

CyberSecurity Insiders

SEPTEMBER 8, 2021

I was obsessed with encryption. I was fascinated by the fact that nothing in the world could reverse an operation of encryption without the needed key to decrypt the item. I would love to get more involved in advancing privacy and security through the use of strong encryption and other safeguards. Those aren’t my only plans.

Computers and Electronics

Computers and Electronics Architecture Education Cybersecurity

ScarCruft surveilling North Korean defectors and human rights activists

SecureList

NOVEMBER 29, 2021

The ScarCruft group (also known as APT37 or Temp.Reaper) is a nation-state sponsored APT actor we first reported in 2016. The victim was infected by PowerShell malware and we discovered evidence that the actor had already stolen data from the victim and had been surveilling this victim for several months.

Surveillance

Surveillance Malware Phishing Encryption

MoonBounce: the dark side of UEFI firmware

SecureList

JANUARY 20, 2022

In the last year, there have been several public accounts on the ongoing trend of UEFI threats. It obtains the ScrambleCross shellcode by applying a modified ChaCha20 algorithm on an encrypted blob, which may reside as an additional file on disk or be embedded in the loader itself.

Firmware

Firmware Malware Encryption Passwords

APT trends report Q3 2023

SecureList

OCTOBER 17, 2023

The most remarkable findings In early 2023, we discovered an ongoing attack targeting government entities in the APAC region by compromising a specific type of a secure USB drive, which provides hardware encryption. This strategic shift signals its intent to intensify its surveillance capabilities and expand its range of targets.

Government

Government Malware VPN Manufacturing

Russia’s SolarWinds Attack

Schneier on Security

DECEMBER 28, 2020

Recent news articles have all been talking about the massive Russian cyberattack against the United States, but that’s wrong on two accounts. Code for that exploit was part of the Equation Group tools that the Shadow Brokers — again believed to be Russia — stole from the NSA and published in 2016.

Hacking

Hacking Government Internet Internet

The Hacker Mind Podcast: Ethical Hacking

ForAllSecure

MAY 26, 2022

So I'm an activist, security researcher or even whistleblower, we recently came across some stuff where there were leaks of personally identifiable information or some sort of previously unknown surveillance of people or employees. And, you know, I had the Twitter account ID set up in 2018. I think it was 2016. They're there.

Hacking

Hacking Technology InfoSec Media

Top VC Firms in Cybersecurity of 2022

eSecurity Planet

APRIL 26, 2022

Company Sector Year Status Verodin Cybersecurity analytics 2018 Acquired by FireEye Kenna Security Risk management 2018 Acquired by Cisco PhishMe Incident response 2016 Acquired: P.E. Named after the infamous string of nation-state cyber attacks during the late 2000s, NightDragon was established in 2016 by former McAfee CEO Dave DeWalt.

Cybersecurity

Cybersecurity Technology Marketing Healthcare

Cyber Security Informer

Snowden Ten Years Later

Cross-Border Data Privacy and Security Concerns in the Dawn of Quantum Computing

Trending Sources

Zoom Settles with FTC over Allegations of Deceptive Security Practices

MY TAKE: Why consumers are destined to play a big role in securing the Internet of Things

Bouncing Golf cyberespionage campaign targets Android users in Middle East

Pegasus?—?The Humanitarian Costs of Insecure Code

Pegasus spyware has been here for years. We must stop ignoring it

Here’s what data the FBI can get from WhatsApp, iMessage, Signal, Telegram, and more

CISSPs from Around the Globe: An Interview with James Wright

ScarCruft surveilling North Korean defectors and human rights activists

MoonBounce: the dark side of UEFI firmware

APT trends report Q3 2023

Russia’s SolarWinds Attack

The Hacker Mind Podcast: Ethical Hacking

Top VC Firms in Cybersecurity of 2022

Stay Connected