Article - Cyber Security Informer

Long Article on GM Spying on Its Cars’ Drivers

Schneier on Security

APRIL 26, 2024

Kashmir Hill has a really good article on how GM tricked its drivers into letting it spy on them—and then sold that data to insurance companies.

Insurance

Insurance Surveillance

Long Article on NSO Group

Schneier on Security

APRIL 21, 2022

Ronan Farrow has a long article in The New Yorker on NSO Group, which includes the news that someone — probably Spain — used the software to spy on domestic Catalonian sepratists.

Software

World of Warcraft players wrote about a fictional game element, “Glorbo,” on a subreddit for the game, trying to entice an AI bot to write an article about it. The article was left online for a while but has finally been taken down ( here’s a mirror, it’s hilarious ). It worked : And it…worked.

Social Engineering

Social Engineering Artificial Intelligence Engineering

No, The Chinese Have Not Broken Modern Encryption Systems with a Quantum Computer

Schneier on Security

OCTOBER 22, 2024

It all seems to have come from this news article , which wasn’t bad but was taken widely out of proportion. The headline is pretty scary: “ China’s Quantum Computer Scientists Crack Military-Grade Encryption.” ” No, it’s not true. This debunking saved me the trouble of writing one.

Encryption

Social Engineering to Disable iMessage Protections

Schneier on Security

JANUARY 17, 2025

One article claims that this trick has been popular since last summer. So—this is the new bit—the messages said something like: “Please reply Y, then exit the text message, reopen the text message activation link, or copy the link to Safari browser to open it.” Everyone has now adopted this new trick.

Social Engineering

Social Engineering Engineering Phishing

Microsoft Can Fix Ransomware Tomorrow

Adam Shostack

JANUARY 2, 2025

My latest article at Dark Reading is Microsoft Can Fix Ransomware Tomorrow. My latest at Dark Reading draws attention to how Microsoft can fix ransomware tomorrow. It starts: Recently, I was at a private event on security by design.

Ransomware

Ransomware Encryption Software

Deepfakes and the 2024 US Election

Schneier on Security

FEBRUARY 4, 2025

I send you a meme/article/clipping/photo to show that we are on the same team. This tracks with my analysis. People share as a form of social signaling. Whether it is true, or misinformation, or actual propaganda, is of secondary importance. Sometimes it’s completely irrelevant.

AI Industry is Trying to Subvert the Definition of “Open Source AI”

Schneier on Security

NOVEMBER 8, 2024

The Open Source Initiative has published (news article here ) its definition of “open source AI,” and it’s terrible. It allows for secret training data and mechanisms. It allows for development to be done in secret.

Artificial Intelligence

Hacking Scientific Citations

Schneier on Security

JULY 15, 2024

These details are stored as metadata, not visible in the article’s text directly, but assigned to a digital object identifier, or DOI—a unique identifier for each scientific publication. The result?

Hacking

The Independent Op-Ed: Australia’s social media ban won’t protect kids – it’ll put them more at risk

Joseph Steinberg

DECEMBER 21, 2024

While there is little doubt that the elected officials hope to protect children with the aforementioned act, the reality is that - as Australia has already learned in a previous case described in the article - the new law is more likely to make children less safe than more safe.

Media

Media Risk Artificial Intelligence Government

AIs and Robots Should Sound Robotic

Schneier on Security

FEBRUARY 6, 2025

The first clip is an AI-generated “podcast” of this article made by Google’s NotebookLM featuring two AI “hosts.” ” Google’s NotebookLM created the podcast script and audio given only the text of this article.

Technology

Technology Scams

Advice for Personal Digital Security

Schneier on Security

NOVEMBER 11, 2021

ArsTechnica’s Sean Gallagher has a two - part article on “securing your digital life.” ” It’s pretty good.

Risk

Risk Cybersecurity

Nearly 7% of Internet Traffic Is Malicious

Schneier on Security

JULY 31, 2024

News articles. Cloudflare reports on the state of applications security. It claims that 6.8% of Internet traffic is malicious. And that CVEs are exploited as quickly as 22 minutes after proof-of-concepts are published.

Internet

Internet Internet Malware

The Privacy Disaster of Modern Smart Cars

Schneier on Security

NOVEMBER 10, 2023

Article based on a Mozilla report.

The Present and Future of TV Surveillance

Schneier on Security

AUGUST 27, 2024

Ars Technica has a good article on what’s happening in the world of television surveillance. More than even I realized.

Surveillance

How the FBI Gets Location Information

Schneier on Security

OCTOBER 27, 2021

Vice has a detailed article about how the FBI gets data from cell phone providers like AT&T, T-Mobile, and Verizon, based on a leaked (I think) 2019 139-page presentation.

Mobile

Mobile Surveillance

Zero-Click iMessage Exploit

Schneier on Security

SEPTEMBER 17, 2021

News articles on the exploit. Citizen Lab released a report on a zero-click iMessage exploit that is used in NSO Group’s Pegasus spyware. Apple patched the vulnerability; everyone needs to update their OS immediately.

Spyware

Car Thieves Hacking the CAN Bus

Schneier on Security

APRIL 11, 2023

News articles. Car thieves are injecting malicious software into a car’s network through wires in the headlights (or taillights) that fool the car into believing that the electronic key is nearby.

Hacking

Hacking Software Malware

Future-Proofing Cloud Security: Trends and Predictions for 2025 and Beyond

Security Boulevard

JANUARY 14, 2025

In this article, we touch on the trends and predictions that in the year 2025 and beyond will fashion cloud security. The post Future-Proofing Cloud Security: Trends and Predictions for 2025 and Beyond appeared first on Security Boulevard.

Threat Detection

Threat Detection Architecture Cybersecurity

New Bluetooth Attack

Schneier on Security

DECEMBER 8, 2023

news articles. New attack breaks forward secrecy in Bluetooth. The vulnerability has been around for at least a decade.

Authentication

Real-World Steganography

Schneier on Security

JANUARY 20, 2023

From an article about Zheng Xiaoqing, an American convicted of spying for China: According to a Department of Justice (DOJ) indictment, the US citizen hid confidential files stolen from his employers in the binary code of a digital photograph of a sunset, which Mr Zheng then mailed to himself.

On the Zero-Day Market

Schneier on Security

MAY 24, 2024

This Article accounts for and critiques these failures, providing a socio-technical history since 2014, particularly focusing on the conversation about trade in zero-day vulnerabilities and exploits. Second, this Article applies lessons from these failures to guide regulatory efforts going forward.

Marketing

Marketing Spyware Surveillance Government

New Images of Colossus Released

Schneier on Security

JANUARY 30, 2024

News article. GCHQ has released new images of the WWII Colossus code-breaking computer, celebrating the machine’s eightieth anniversary (birthday?).

Phishing Defenses

Adam Shostack

JANUARY 2, 2025

Theres a good article on the UKs National Cyber Security Centre blog, Telling users to avoid clicking bad links still isnt working. Almost the entire article is excellent, but theres a fly in the ointment, and that is a sentence which starts out well: Firstly, because one of the above controls may fail, and so defence in depth is always good.

Phishing

Phishing Accountability

NSA Buying Bulk Surveillance Data on Americans without a Warrant

Schneier on Security

JANUARY 30, 2024

Some news articles. It finally admitted to buying bulk data on Americans from data brokers, in response to a query by Senator Weyden. This is almost certainly illegal, although the NSA maintains that it is legal until it’s told otherwise.

Surveillance

Surveillance Data collection Data privacy

Public Surveillance of Bars

Schneier on Security

JULY 2, 2024

This article about an app that lets people remotely view bars to see if they’re crowded or not is filled with commentary—on both sides—about privacy and openness.

Surveillance

Hacking Gas Pumps via Bluetooth

Schneier on Security

OCTOBER 3, 2023

No details in the article, but it seems that it’s easy to take control of the pump and have it dispense gas without requiring payment. Turns out pumps at gas stations are controlled via Bluetooth, and that the connections are insecure. It’s a complicated crime to monetize, though.

Hacking

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 15

Security Affairs

OCTOBER 13, 2024

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Over 300,000!

Malware

Malware DDOS Cryptocurrency Education

Dan Solove on Privacy Regulation

Schneier on Security

APRIL 24, 2024

Law professor Dan Solove has a new article on privacy regulation. In his email to me, he writes: “I’ve been pondering privacy consent for more than a decade, and I think I finally made a breakthrough with this article.” ” His mini-abstract: In this Article I argue that most of the time, privacy consent is fictitious.

Data collection

Data collection Risk

Using Machine Learning to Guess PINs from Video

Schneier on Security

OCTOBER 19, 2021

The article doesn’t contain a link to the original research. This works even if the person is covering the pad with their hands. If someone knows it, please put it in the comments. Slashdot thread.

Tesla Remotely Hacked from a Drone

Schneier on Security

MAY 4, 2021

News article. It would be possible for an attacker to unlock the doors and trunk, change seat positions, both steering and acceleration modes — in short, pretty much what a driver pressing various buttons on the console can do. This attack does not yield drive control of the car though. That last sentence is important.

Hacking

Hacking Software

Criminals Are Blowing up ATMs in Germany

Schneier on Security

OCTOBER 28, 2024

It has more ATMs than other European countries, and—if I read the article right—they have more money in them. It’s low tech , but effective. Why Germany?

Banking

Microsoft Zero-Days Sold and then Used

Schneier on Security

JULY 29, 2022

Yet another article about cyber-weapons arms manufacturers and their particular supply chain. This one is about Windows and Adobe Reader zero-day exploits sold by an Austrian company named DSIRF. There’s an entire industry devoted to undermining all of our security. It needs to be stopped.

Manufacturing

FBI Advising People to Avoid Public Charging Stations

Schneier on Security

APRIL 12, 2023

News article. Carry your own charger and USB cord and use an electrical outlet instead. How much of a risk is this, really? I am unconvinced, although I do carry a USB condom for charging stations I find suspicious.

Malware

Malware Software Risk

Surveillance of the Internet Backbone

Schneier on Security

AUGUST 25, 2021

Vice has an article about how data brokers sell access to the Internet backbone. This is netflow data. It’s useful for cybersecurity forensics, but can also be used for things like tracing VPN activity. At a high level, netflow data creates a picture of traffic flow and volume across a network.

Internet

Internet Internet Surveillance VPN

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 16

Security Affairs

OCTOBER 20, 2024

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape.

Malware

Malware Ransomware Encryption Phishing

The Combined Cipher Machine

Schneier on Security

MARCH 6, 2025

Interesting article —with photos!—of —of the US/UK “Combined Cipher Machine” from WWII.

Textbook Rental Scam

Schneier on Security

OCTOBER 20, 2021

The article doesn’t link to the indictment, so I don’t know how they were discovered. They used gift cards and prepaid credit cards to buy the books, so there was no available balance when Amazon tried to charge them the buyout price for non-returned books. In all, they stole 14,000 textbooks worth over $1.5

Scams

SMS Phishing Attacks are on the Rise

Schneier on Security

APRIL 25, 2022

I am not getting the “Fedex package delivered” messages the article talks about. SMS phishing attacks — annoyingly called “smishing” — are becoming more common. I know that I have been receiving a lot of phishing SMS messages over the past few months.

Phishing

RADIUS Vulnerability

Schneier on Security

JULY 10, 2024

News article. This forgery could give the attacker access to network devices and services without the attacker guessing or brute forcing passwords or shared secrets. The attacker does not learn user credentials. This is one of those vulnerabilities that comes with a cool name, its own website, and a logo. Research paper.

Authentication

Authentication Passwords

Quantum Computing Skeptics

Schneier on Security

JANUARY 25, 2024

Interesting article. I am also skeptical that we are going to see useful quantum computers anytime soon. Since at least 2019, I have been saying that this is hard. And that we don’t know if it’s “land a person on the surface of the moon” hard, or “land a person on the surface of the sun” hard.

A glimmer of good news on the ransomware front, as encryption rates plummet

Graham Cluley

OCTOBER 17, 2024

Read more in my article on the Tripwire State of Security blog. And boy do we need some good news - amid reports that 389 US-based healthcare institutions were hit by ransomware last year - more than one every single day.

Ransomware

Ransomware Encryption Healthcare Data breaches

China Surveillance Company Hacked

Schneier on Security

FEBRUARY 27, 2024

Lots of details in the news articles. Last week, someone posted something like 570 files, images and chat logs from a Chinese company called I-Soon. I-Soon sells hacking and espionage services to Chinese national and local government. These aren’t details about the tools or techniques, more the inner workings of the company.

Surveillance

Surveillance Hacking Government

CISA Identifies Five New Vulnerabilities Currently Being Exploited

Schneier on Security

MARCH 5, 2025

News article. Of the five , one is a Windows vulnerability, another is a Cisco vulnerability. We don’t have any details about who is exploiting them, or how. Slashdot thread.

Long Article on GM Spying on Its Cars’ Drivers

Long Article on NSO Group

Trending Sources

Fooling an AI Article Writer

No, The Chinese Have Not Broken Modern Encryption Systems with a Quantum Computer

Social Engineering to Disable iMessage Protections

Microsoft Can Fix Ransomware Tomorrow

Deepfakes and the 2024 US Election

AI Industry is Trying to Subvert the Definition of “Open Source AI”

Hacking Scientific Citations

The Independent Op-Ed: Australia’s social media ban won’t protect kids – it’ll put them more at risk

AIs and Robots Should Sound Robotic

Advice for Personal Digital Security

Nearly 7% of Internet Traffic Is Malicious

The Privacy Disaster of Modern Smart Cars

The Present and Future of TV Surveillance

How the FBI Gets Location Information

Zero-Click iMessage Exploit

Car Thieves Hacking the CAN Bus

Future-Proofing Cloud Security: Trends and Predictions for 2025 and Beyond

New Bluetooth Attack

Real-World Steganography

On the Zero-Day Market

New Images of Colossus Released

Phishing Defenses

NSA Buying Bulk Surveillance Data on Americans without a Warrant

Public Surveillance of Bars

Hacking Gas Pumps via Bluetooth

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 15

Dan Solove on Privacy Regulation

Using Machine Learning to Guess PINs from Video

Tesla Remotely Hacked from a Drone

Criminals Are Blowing up ATMs in Germany

Microsoft Zero-Days Sold and then Used

FBI Advising People to Avoid Public Charging Stations

Surveillance of the Internet Backbone

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 16

The Combined Cipher Machine

Textbook Rental Scam

SMS Phishing Attacks are on the Rise

RADIUS Vulnerability

Quantum Computing Skeptics

A glimmer of good news on the ransomware front, as encryption rates plummet

China Surveillance Company Hacked

CISA Identifies Five New Vulnerabilities Currently Being Exploited

Stay Connected