Schneier on Security

JUNE 20, 2025

Good article from 404 Media on the cozy surveillance relationship between local Oregon police and ICE: In the email thread, crime analysts from several local police departments and the FBI introduced themselves to each other and made lists of surveillance tools and tactics they have access to and felt comfortable using, and in some cases offered to (..)

Surveillance 249

Surveillance Media 249

Adam Shostack

JANUARY 2, 2025

My latest article at Dark Reading is Microsoft Can Fix Ransomware Tomorrow. My latest at Dark Reading draws attention to how Microsoft can fix ransomware tomorrow. It starts: Recently, I was at a private event on security by design.

Ransomware 246

Ransomware Encryption Software 246

Schneier on Security

APRIL 16, 2025

” More similar quotes in the article. The federated framework and openness of the system make this possible, but it’ll be a rocky road if operations do need to shift to another entity.” My guess is that we will somehow figure out how to continue this program without the US government.

CSO 312

CSO Government Software Cybersecurity 312

Schneier on Security

JUNE 13, 2025

TecCrunch article. Apple confirms to us that the zero-click attack deployed in these cases was mitigated as of iOS 18.3.1 and has assigned the vulnerability CVE-2025-43200. Our analysis is ongoing. The list of confirmed Italian cases is in the report’s appendix. Italy has recently admitted to using the spyware.

Spyware 276

Spyware 276

Schneier on Security

MAY 16, 2025

The article is short on fact and long on innuendo. The rogue components provide additional, undocumented communication channels that could allow firewalls to be circumvented remotely, with potentially catastrophic consequences, the two people said. Both more details and credible named sources would help a lot here.

Firewall 247

Firewall Risk 247

Schneier on Security

FEBRUARY 4, 2025

I send you a meme/article/clipping/photo to show that we are on the same team. This tracks with my analysis. People share as a form of social signaling. Whether it is true, or misinformation, or actual propaganda, is of secondary importance. Sometimes it’s completely irrelevant.

233

233

Schneier on Security

NOVEMBER 8, 2024

The Open Source Initiative has published (news article here ) its definition of “open source AI,” and it’s terrible. It allows for secret training data and mechanisms. It allows for development to be done in secret.

Artificial Intelligence 342

Artificial Intelligence 342

Schneier on Security

JUNE 9, 2025

Washington Post article. Defenses such as state partitioning and storage partitioning , which are built into all major browsers, store site cookies and other data associated with a website in containers that are unique to every top-level website domain to ensure they’re off-limits for every other site.

Mobile 278

Mobile Internet Internet 278

Schneier on Security

JUNE 4, 2025

Here’s an article from last year about the cost of drones versus the cost of top-of-the-line fighter jets. There’s a balance between the cost of the thing, and the cost to destroy the thing, and that balance is changing dramatically. This isn’t new, of course.

Technology 262

Technology 262

Schneier on Security

JULY 15, 2024

These details are stored as metadata, not visible in the article’s text directly, but assigned to a digital object identifier, or DOI—a unique identifier for each scientific publication. The result?

Hacking 352

Hacking 352

Schneier on Security

FEBRUARY 6, 2025

The first clip is an AI-generated “podcast” of this article made by Google’s NotebookLM featuring two AI “hosts.” ” Google’s NotebookLM created the podcast script and audio given only the text of this article.

Technology 247

Technology Scams 247

Joseph Steinberg

DECEMBER 21, 2024

While there is little doubt that the elected officials hope to protect children with the aforementioned act, the reality is that – as Australia has already learned in a previous case described in the article – the new law is more likely to make children less safe than more safe.

Media 277

Media Risk Artificial Intelligence Government 277

Schneier on Security

MAY 14, 2025

Wired article , behind a paywall. Google has extended its Advanced Protection features to Android devices. It’s not for everybody, but something to be considered by high-risk users.

Risk 155

Risk Cybersecurity 155

Schneier on Security

JUNE 6, 2025

Wall Street Journal article (also here ). I say “brief” because last year the models weren’t good enough for these sorts of things, and next year the threat actors will run their AI models locally—and we won’t have this kind of visibility. Slashdot thread.

Social Engineering 201

Social Engineering Scams Engineering Cyber threats 201

Adam Shostack

JUNE 16, 2025

Specifically, Article 13 states: “3. The cybersecurity risk assessment shall be documented and updated as appropriate during a support period to be determined in accordance with paragraph 8 of this Article. a description of the design.

Risk 130

Risk Architecture Manufacturing Cybersecurity 130

Schneier on Security

JULY 31, 2024

News articles. Cloudflare reports on the state of applications security. It claims that 6.8% of Internet traffic is malicious. And that CVEs are exploited as quickly as 22 minutes after proof-of-concepts are published.

Internet 333

Internet Internet Malware 333

Schneier on Security

AUGUST 27, 2024

Ars Technica has a good article on what’s happening in the world of television surveillance. More than even I realized.

Surveillance 316

Surveillance 316

Graham Cluley

OCTOBER 17, 2024

Read more in my article on the Tripwire State of Security blog. And boy do we need some good news - amid reports that 389 US-based healthcare institutions were hit by ransomware last year - more than one every single day.

Ransomware 136

Ransomware Encryption Healthcare Data breaches 136

Security Boulevard

JANUARY 14, 2025

In this article, we touch on the trends and predictions that in the year 2025 and beyond will fashion cloud security. The post Future-Proofing Cloud Security: Trends and Predictions for 2025 and Beyond appeared first on Security Boulevard.

Threat Detection 117

Threat Detection Architecture Cybersecurity 117

Adam Shostack

JANUARY 2, 2025

Theres a good article on the UKs National Cyber Security Centre blog, Telling users to avoid clicking bad links still isnt working. Almost the entire article is excellent, but theres a fly in the ointment, and that is a sentence which starts out well: Firstly, because one of the above controls may fail, and so defence in depth is always good.

Phishing 130

Phishing Accountability 130

Schneier on Security

OCTOBER 3, 2023

No details in the article, but it seems that it’s easy to take control of the pump and have it dispense gas without requiring payment. Turns out pumps at gas stations are controlled via Bluetooth, and that the connections are insecure. It’s a complicated crime to monetize, though.

Hacking 346

Hacking 346

Schneier on Security

JANUARY 30, 2024

Some news articles. It finally admitted to buying bulk data on Americans from data brokers, in response to a query by Senator Weyden. This is almost certainly illegal, although the NSA maintains that it is legal until it’s told otherwise.

Surveillance 331

Surveillance Data collection Data privacy 331

Security Affairs

OCTOBER 13, 2024

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Over 300,000!

Malware 124

Malware DDOS Cryptocurrency Education 124

Schneier on Security

JUNE 19, 2025

Two articles crossed my path recently. First, a discussion of all the video Waymo has from outside its cars: in this case related to the LA protests. Second, a discussion of all the video Tesla has from inside its cars. Lots of things are collecting lots of video of lots of other things.

Surveillance 211

Surveillance 211

Schneier on Security

MAY 24, 2024

This Article accounts for and critiques these failures, providing a socio-technical history since 2014, particularly focusing on the conversation about trade in zero-day vulnerabilities and exploits. Second, this Article applies lessons from these failures to guide regulatory efforts going forward.

Marketing 327

Marketing Spyware Surveillance Government 327

Schneier on Security

OCTOBER 28, 2024

It has more ATMs than other European countries, and—if I read the article right—they have more money in them. It’s low tech , but effective. Why Germany?

Banking 274

Banking 274

Graham Cluley

OCTOBER 24, 2024

Read more in my article on the Tripwire State of Security blog. But that doesn't mean that Mac users should be complacent. And the recent discovery of a new malware strain emphasises that the threat - even if much smaller than on Windows - remains real.

Ransomware 139

Ransomware Malware 139

Security Affairs

OCTOBER 20, 2024

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape.

Malware 126

Malware Ransomware Encryption Phishing 126

Schneier on Security

JUNE 12, 2025

Another article. This is news : A data broker owned by the country’s major airlines, including Delta, American Airlines, and United, collected U.S. The data includes passenger names, their full flight itineraries, and financial details.

Government 294

Government Media Data collection Data privacy 294

Schneier on Security

JULY 2, 2024

This article about an app that lets people remotely view bars to see if they’re crowded or not is filled with commentary—on both sides—about privacy and openness.

Surveillance 291

Surveillance 291

Schneier on Security

APRIL 24, 2024

Law professor Dan Solove has a new article on privacy regulation. In his email to me, he writes: “I’ve been pondering privacy consent for more than a decade, and I think I finally made a breakthrough with this article.” ” His mini-abstract: In this Article I argue that most of the time, privacy consent is fictitious.

Data collection 317

Data collection Risk 317

Security Boulevard

MAY 5, 2025

If you avoid the pitfalls detailed in this article, then EASM can provide a great defense against two-thirds of your breach problem. The post Why EASM Projects Fail: Three Pitfalls to Avoid appeared first on Security Boulevard.

Security Awareness 117

Security Awareness Cybersecurity 117

Security Affairs

OCTOBER 27, 2024

The court found them guilty of illegal circulation of means of payment (Part 2 of Article 187 of the Criminal Code of the Russian Federation).” ” reported Russian news outlet Kommersant. ” Zayets and Malozemov received 4.5 and 5 years, while Khansvyarov and Puzyrevsky were sentenced to 5.5

Ransomware 143

Ransomware Hacking Malware Cybercrime 143

Graham Cluley

JUNE 28, 2025

Read more in my article on the Hot for Security blog. Suspected high-ranking members of one of the world's largest online marketplaces for leaked data have been arrested by French police.

Cybercrime 103

Cybercrime Data breaches 103

Schneier on Security

SEPTEMBER 17, 2024

From a news article These particular attacks from North Korean state-funded hacking team Lazarus Group are new, but the overall malware campaign against the Python development community has been running since at least August of 2023, when a number of popular open source Python tools were maliciously duplicated with added malware.

Malware 303

Malware Social Engineering Engineering Hacking 303

Schneier on Security

JULY 10, 2024

News article. This forgery could give the attacker access to network devices and services without the attacker guessing or brute forcing passwords or shared secrets. The attacker does not learn user credentials. This is one of those vulnerabilities that comes with a cool name, its own website, and a logo. Research paper.

Authentication 304

Authentication Passwords 304

Heimadal Security

JANUARY 16, 2025

This article outlines the crucial steps for aligning with NIS2 standards, drawn from our comprehensive NIS2 […] The post Your Ultimate Guide to NIS2 Compliance: Key Steps and Insights appeared first on Heimdal Security Blog.

Cyber Risk 111

Cyber Risk Risk Cybersecurity 111