Joseph Steinberg

JULY 8, 2021

Note: In an article that I am writing together with Mark Lynd, Head of Digital Business at NETSYNC, and that will appear on this website next week, we will discuss some of the important Considerations when purchasing cyber insurance.

Insurance 364

Insurance Cyber Insurance Cybersecurity Small Business 364

Schneier on Security

MARCH 23, 2021

There’s much in the article about when Accellion knew about the vulnerability, when it alerted its customers, and when it patched its software.

Hacking 297

Hacking Banking Technology Software 297

Schneier on Security

FEBRUARY 15, 2021

From a MIT Technology Review article : Soon after they were spotted, the researchers saw one exploit being used in the wild. Another article on the talk. At the virtual Engima Conference , Google’s Project Zero’s Maggie Stone gave a talk about zero-day exploits in the wild. This is an important insight.

Technology 359

Technology Hacking Software 359

Schneier on Security

AUGUST 15, 2024

EDITED TO ADD: Good article : One – ML-KEM [PDF] (based on CRYSTALS-Kyber) – is intended for general encryption, which protects data as it moves across public networks. My recent writings on post-quantum cryptographic standards. NIST plans to select one or two of these algorithms by the end of 2024.

Encryption 340

Encryption Backups Authentication Technology 340

Schneier on Security

NOVEMBER 13, 2020

This is a significant step forward to realizing Tim’s vision : The technologies we’re releasing today are a component of a much-needed course correction for the web. These first major deployments of the technology will kick off the network effect necessary to ensure the benefits of Solid will be appreciated on a massive scale.

Insurance 357

Insurance IoT Healthcare Technology 357

Schneier on Security

NOVEMBER 16, 2020

Abstract: Voters are understandably concerned about election security.

Computers and Electronics 362

Computers and Electronics Internet Internet Risk 362

Schneier on Security

MAY 20, 2022

Although Khan demonstrated the hack on a 2021 Tesla Model Y, NCC Group said any smart locks using BLE technology, including residential smart locks, could be unlocked in the same way. Another news article.

Technology 273

Technology Authentication Hacking 273

SecureWorld News

SEPTEMBER 3, 2024

These factors are illustrated and discussed in depth in my article, The Rise of Data Sovereignty and a Privacy Era. Legacy technologies such as Virtual Private Networks (VPNs) do not scale and have been proven to be fraught with risk as evidenced by incidents such as nation-state attacks.

Technology 113

Technology Architecture Risk Data collection 113

Schneier on Security

SEPTEMBER 12, 2024

From a news article : The first new algorithm Microsoft added to SymCrypt is called ML-KEM. Previously known as CRYSTALS-Kyber, ML-KEM is one of three post-quantum standards formalized last month by the National Institute of Standards and Technology (NIST). Microsoft’s details are here.

Firmware 338

Firmware Technology 338

Schneier on Security

MARCH 24, 2020

Cybersecurity experts agree that under current technology, no practically proven method exists to securely, verifiably, or privately return voted materials over the internet. Such a system could violate protections guaranteeing a secret ballot, as outlined in Section 2, Article II of the Puerto Rico Constitution. The ACLU agrees.

Internet 271

Internet Internet Technology Cybersecurity 271

Schneier on Security

JANUARY 13, 2023

With the release of ChatGPT, I’ve read many random articles about this or that threat from the technology. This paper is a good survey of the field: what the threats are, how we might detect machine-generated text, directions for future research. It’s a solid grounding amongst all of the hype.

Accountability 325

Accountability Technology Cybersecurity 325

Schneier on Security

MAY 20, 2019

This law review article by Noam Kolt, titled " Return on Data ," proposes an interesting new way of thinking of privacy law. Abstract: Consumers routinely supply personal data to technology companies in exchange for services. This article suggests that privacy concerns should not be viewed in isolation, but as part of ROD.

Marketing 270

Marketing Technology 270

Schneier on Security

NOVEMBER 11, 2020

. “There’s a big gulf between what this technology promises, and what it actually does on the ground,” said Audrey Watters, a researcher on the edtech industry who runs the website Hack Education. “(They) assume everyone looks the same, takes tests the same way, and responds to stressful situations in the same way.”

Artificial Intelligence 354

Artificial Intelligence Education Technology Hacking 354

IT Security Guru

NOVEMBER 1, 2024

As technology advances, so do the methods and motivations of those who seek to disrupt global stability. This article will examine some of the most pressing threats to global national security today, with a particular emphasis on emerging digital and environmental concerns.

Technology 109

Technology Cyber Attacks Government Social Engineering 109

Schneier on Security

APRIL 7, 2022

The botnet “targets network devices manufactured by WatchGuard Technologies Inc. Four more news articles. WatchGuard) and ASUSTek Computer Inc. ” And note that only the command-and-control mechanism was disrupted. Those devices are still vulnerable. Slashdot post.

Manufacturing 276

Manufacturing Firewall Malware Internet 276

Schneier on Security

JUNE 30, 2022

Wired is reporting on a new remote-access Trojan that is able to infect at least eighty different targets: So far, researchers from Lumen Technologies’ Black Lotus Labs say they’ve identified at least 80 targets infected by the stealthy malware, including routers made by Cisco, Netgear, Asus, and DrayTek.

Malware 244

Malware DNS Architecture Hacking 244

SecureWorld News

FEBRUARY 28, 2025

Getting back to the article, let's first break down the findings, the implications, and why it's time for a revolution in how we think about security. Especially upon the emergence of exponential technologies of the Metaverse and Neuro-technologies (like Neuralink) that is transcending the very nature of cyber and cognitive attacks.

Cybersecurity 115

Cybersecurity Risk Social Engineering Phishing 115

Schneier on Security

JANUARY 27, 2020

This year : King County voters will be able to use their name and birthdate to log in to a Web portal through the Internet browser on their phones, says Bryan Finney, the CEO of Democracy Live, the Seattle-based voting company providing the technology. Another news article.

Internet 271

Internet Internet Technology Authentication 271

Malwarebytes

APRIL 3, 2025

Chinese company 360 Security Technology, also known as Qihoo 360, purchased Lemon Seed, according to its 2019 annual report. The island city has come under increasingly strict Chinese control lately with the passage a year ago of Article 23 , a bill applying strict penalties for a broad array of activities deemed anti-Chinese.

VPN 141

VPN Mobile Government Technology 141

Schneier on Security

JUNE 13, 2023

The New York Times has a long article on the investigative techniques used to identify the person who stabbed and killed four University of Idaho students.

Technology 267

Technology 267

Security Affairs

MAY 25, 2025

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Sarcoma Ransomware Unveiled: Anatomy of a Double Extortion Gang RVTools Bumblebee Malware Attack How a Trusted IT Tool Became a Malware Delivery Vector Malicious Checker Packages on PyPI Probe TikTok and Instagram for (..)

Malware 87

Malware Cryptocurrency Banking Ransomware 87

Schneier on Security

AUGUST 1, 2019

This article points out that Facebook's planned content moderation scheme will result in an encryption backdoor into WhatsApp: In Facebook's vision, the actual end-to-end encryption client itself such as WhatsApp will include embedded content moderation and blacklist filtering algorithms.

Encryption 140

Encryption Manufacturing Mobile Government 140

Troy Hunt

NOVEMBER 22, 2019

In both Vinny's and Lily's articles above, they mentions how references to Oxydata (another data enrichment company) were also found in another one of the exposed Elasticsearch indexes. i speak at conferences around the world and run workshops on how to build more secure software within organisations. coordinates":[.

Data breaches 363

Data breaches Technology Software Information Security 363

Schneier on Security

JULY 26, 2022

Web browsing: Certain complex web technologies, like just-in-time (JIT) JavaScript compilation, are disabled unless the user excludes a trusted site from Lockdown Mode. News article. At launch, Lockdown Mode includes the following protections: Messages: Most message attachment types other than images are blocked.

Spyware 296

Spyware Mobile Internet Internet 296

Schneier on Security

APRIL 9, 2024

The Board also concludes that Microsoft’s security culture was inadequate and requires an overhaul, particularly in light of the company’s centrality in the technology ecosystem and the level of trust customers place in the company to protect their data and operations. Here are a few news articles. This is their third report.

Hacking 331

Hacking Government Accountability Technology 331

Schneier on Security

JANUARY 20, 2020

The New York Times has a long story about Clearview AI, a small company that scrapes identified photos of people from pretty much everywhere, and then uses unstated magical AI technology to identify people in other photos. Another article. His tiny company, Clearview AI, devised a groundbreaking facial recognition app.

Identity Theft 266

Identity Theft Government Technology 266

SecureList

MARCH 10, 2025

Last year, we published an article about SideWinder , a highly prolific APT group whose primary targets have been military and government entities in Pakistan, Sri Lanka, China, and Nepal. Infection vectors The infection pattern observed in the second part of 2024 is consistent with the one described in the previous article.

Energy and Utilities 120

Energy and Utilities Malware Government Phishing 120

Joseph Steinberg

MARCH 23, 2021

Steinberg: While I’ve been involved in many interesting projects over the past few decades, I’m proudest about having helped many people without technology backgrounds stay safe from cyber threats.

Cybersecurity 246

Cybersecurity Artificial Intelligence Cyber threats Education 246

Krebs on Security

NOVEMBER 28, 2022

Edwards said Pushwoosh began as Arello-Mobile , and for several years the two co-branded — appearing side by side at various technology expos. used to outsource development parts of the product to the Russian company in Novosibirsk, mentioned in the article,” the company said. “Pushwoosh Inc. terminated the contract.”

Mobile 291

Mobile Malware Technology Government 291

Krebs on Security

JUNE 29, 2023

In a statement provided to KrebsOnSecurity, Group-IB said Mr. Kislitsin is no longer an employee, and that he now works for a Russian organization called FACCT , which stands for “ Fight Against Cybercrime Technologies.” “The company is monitoring developments.”

Cybersecurity 303

Cybersecurity Cybercrime Hacking Network Security 303

Schneier on Security

MAY 26, 2020

This is new research on a Bluetooth vulnerability (called BIAS) that allows someone to impersonate a trusted device: Abstract: Bluetooth (BR/EDR) is a pervasive technology for wireless communication used by billions of devices. News articles.

Authentication 237

Authentication Wireless Manufacturing Technology 237

Trend Micro

AUGUST 3, 2024

This article by Trend Micro CEO Eva Chen brings focus back to striking the cybersecurity strategies balance between business C-suite and information technology (IT) departments.

Technology 120

Technology Cybersecurity Artificial Intelligence Cyber threats 120

SecureWorld News

NOVEMBER 1, 2024

This new wave of technology is profoundly different. Innovation and Adaptability: Foster a culture of innovation, exploring new tech and services while remaining adaptable to changing technological and business landscapes. The technology may be new, but the playbook for managing it is not. Rinse and repeat.

Government 119

Government Risk Architecture Technology 119

Schneier on Security

OCTOBER 28, 2020

Senator Ron Wyden asked, and the NSA didn’t answer : The NSA has long sought agreements with technology companies under which they would build special access for the spy agency into their products, according to disclosures by former NSA contractor Edward Snowden and reporting by Reuters and others.

Firewall 338

Firewall Surveillance Government Internet 338

Graham Cluley

AUGUST 14, 2024

Scammers are once again using deepfake technology to dupe unwary internet Facebook and Instagram users into making unwise cryptocurrency investments. Read more in my article on the Hot for Security blog.

Cryptocurrency 140

Cryptocurrency Scams Media Internet 140

Schneier on Security

JULY 26, 2023

The European Telecommunications Standards Institute (ETSI), an organization that standardizes technologies across the industry, first created TETRA in 1995. Another news article. Seems that there is a deliberate backdoor in the twenty-year-old TErrestrial Trunked RAdio (TETRA) standard used by police forces around the world.

Telecommunications 246

Telecommunications Encryption Technology Software 246

Graham Cluley

SEPTEMBER 26, 2024

The US Cybersecurity and Infrastructure Security Agency (CISA) has warned that hackers continue to be capable of compromising industrial control systems (ICS) and other operational technology (OT) using "unsophisticated methods" - suggesting that much more still needs to be done to secure them properly.

Hacking 140

Hacking Technology Cybersecurity 140