Schneier on Security

FEBRUARY 15, 2021

From a MIT Technology Review article : Soon after they were spotted, the researchers saw one exploit being used in the wild. Another article on the talk. At the virtual Engima Conference , Google’s Project Zero’s Maggie Stone gave a talk about zero-day exploits in the wild. This is an important insight.

Technology 358

Technology Hacking Software 358

Schneier on Security

NOVEMBER 13, 2020

This is a significant step forward to realizing Tim’s vision : The technologies we’re releasing today are a component of a much-needed course correction for the web. These first major deployments of the technology will kick off the network effect necessary to ensure the benefits of Solid will be appreciated on a massive scale.

Insurance 358

Insurance IoT Healthcare Technology 358

Schneier on Security

MARCH 23, 2021

There’s much in the article about when Accellion knew about the vulnerability, when it alerted its customers, and when it patched its software.

Hacking 293

Hacking Banking Technology Software 293

Schneier on Security

MAY 20, 2022

Although Khan demonstrated the hack on a 2021 Tesla Model Y, NCC Group said any smart locks using BLE technology, including residential smart locks, could be unlocked in the same way. Another news article.

Technology 280

Technology Authentication Hacking 280

Schneier on Security

NOVEMBER 16, 2020

Abstract: Voters are understandably concerned about election security.

Computers and Electronics 361

Computers and Electronics Internet Internet Risk 361

Schneier on Security

SEPTEMBER 12, 2024

From a news article : The first new algorithm Microsoft added to SymCrypt is called ML-KEM. Previously known as CRYSTALS-Kyber, ML-KEM is one of three post-quantum standards formalized last month by the National Institute of Standards and Technology (NIST). Microsoft’s details are here.

Firmware 345

Firmware Technology 345

SecureWorld News

SEPTEMBER 3, 2024

These factors are illustrated and discussed in depth in my article, The Rise of Data Sovereignty and a Privacy Era. Legacy technologies such as Virtual Private Networks (VPNs) do not scale and have been proven to be fraught with risk as evidenced by incidents such as nation-state attacks.

Technology 112

Technology Architecture Risk Data collection 112

Schneier on Security

JANUARY 13, 2023

With the release of ChatGPT, I’ve read many random articles about this or that threat from the technology. This paper is a good survey of the field: what the threats are, how we might detect machine-generated text, directions for future research. It’s a solid grounding amongst all of the hype.

Accountability 334

Accountability Technology Cybersecurity 334

Schneier on Security

MARCH 24, 2020

Cybersecurity experts agree that under current technology, no practically proven method exists to securely, verifiably, or privately return voted materials over the internet. Such a system could violate protections guaranteeing a secret ballot, as outlined in Section 2, Article II of the Puerto Rico Constitution. The ACLU agrees.

Internet 268

Internet Internet Technology Cybersecurity 268

Tech Republic Security

APRIL 8, 2024

Cyber threat hunting combines strategies, advanced technologies and skilled analysts to methodically examine networks, endpoints and data repositories. This TechRepublic Premium article, written by Franklin Okeke, aims to look at threat hunting.

Cyber threats 113

Cyber threats Technology 113

Schneier on Security

MAY 20, 2019

This law review article by Noam Kolt, titled " Return on Data ," proposes an interesting new way of thinking of privacy law. Abstract: Consumers routinely supply personal data to technology companies in exchange for services. This article suggests that privacy concerns should not be viewed in isolation, but as part of ROD.

Marketing 268

Marketing Technology 268

Schneier on Security

NOVEMBER 11, 2020

. “There’s a big gulf between what this technology promises, and what it actually does on the ground,” said Audrey Watters, a researcher on the edtech industry who runs the website Hack Education. “(They) assume everyone looks the same, takes tests the same way, and responds to stressful situations in the same way.”

Artificial Intelligence 350

Artificial Intelligence Education Technology Hacking 350

Schneier on Security

JULY 10, 2019

Reuters has a long article on the Chinese government APT attack called Cloud Hopper. Yet the campaign ensnared at least six more major technology firms, touching five of the world's 10 biggest tech service providers. It was much bigger than originally reported. The hacking campaign, known as "Cloud Hopper," was the subject of a U.S.

Identity Theft 248

Identity Theft Mobile Hacking Technology 248

IT Security Guru

NOVEMBER 1, 2024

As technology advances, so do the methods and motivations of those who seek to disrupt global stability. This article will examine some of the most pressing threats to global national security today, with a particular emphasis on emerging digital and environmental concerns.

Technology 109

Technology Cyber Attacks Government Social Engineering 109

Schneier on Security

APRIL 7, 2022

The botnet “targets network devices manufactured by WatchGuard Technologies Inc. Four more news articles. WatchGuard) and ASUSTek Computer Inc. ” And note that only the command-and-control mechanism was disrupted. Those devices are still vulnerable. Slashdot post.

Manufacturing 281

Manufacturing Firewall Malware Internet 281

Schneier on Security

JUNE 30, 2022

Wired is reporting on a new remote-access Trojan that is able to infect at least eighty different targets: So far, researchers from Lumen Technologies’ Black Lotus Labs say they’ve identified at least 80 targets infected by the stealthy malware, including routers made by Cisco, Netgear, Asus, and DrayTek.

Malware 243

Malware DNS Architecture Hacking 243

Schneier on Security

JANUARY 27, 2020

This year : King County voters will be able to use their name and birthdate to log in to a Web portal through the Internet browser on their phones, says Bryan Finney, the CEO of Democracy Live, the Seattle-based voting company providing the technology. Another news article.

Internet 268

Internet Internet Technology Authentication 268

Malwarebytes

APRIL 3, 2025

Chinese company 360 Security Technology, also known as Qihoo 360, purchased Lemon Seed, according to its 2019 annual report. The island city has come under increasingly strict Chinese control lately with the passage a year ago of Article 23 , a bill applying strict penalties for a broad array of activities deemed anti-Chinese.

VPN 141

VPN Mobile Government Technology 141

SecureWorld News

FEBRUARY 28, 2025

Getting back to the article, let's first break down the findings, the implications, and why it's time for a revolution in how we think about security. Especially upon the emergence of exponential technologies of the Metaverse and Neuro-technologies (like Neuralink) that is transcending the very nature of cyber and cognitive attacks.

Cybersecurity 112

Cybersecurity Risk Social Engineering Phishing 112

Schneier on Security

JUNE 13, 2023

The New York Times has a long article on the investigative techniques used to identify the person who stabbed and killed four University of Idaho students.

Technology 271

Technology 271

Schneier on Security

JULY 26, 2022

Web browsing: Certain complex web technologies, like just-in-time (JIT) JavaScript compilation, are disabled unless the user excludes a trusted site from Lockdown Mode. News article. At launch, Lockdown Mode includes the following protections: Messages: Most message attachment types other than images are blocked.

Spyware 304

Spyware Mobile Internet Internet 304

Schneier on Security

AUGUST 1, 2019

This article points out that Facebook's planned content moderation scheme will result in an encryption backdoor into WhatsApp: In Facebook's vision, the actual end-to-end encryption client itself such as WhatsApp will include embedded content moderation and blacklist filtering algorithms.

Encryption 140

Encryption Manufacturing Mobile Government 140

Troy Hunt

NOVEMBER 22, 2019

In both Vinny's and Lily's articles above, they mentions how references to Oxydata (another data enrichment company) were also found in another one of the exposed Elasticsearch indexes. i speak at conferences around the world and run workshops on how to build more secure software within organisations. coordinates":[.

Data breaches 363

Data breaches Technology Software Accountability 363

Schneier on Security

APRIL 9, 2024

The Board also concludes that Microsoft’s security culture was inadequate and requires an overhaul, particularly in light of the company’s centrality in the technology ecosystem and the level of trust customers place in the company to protect their data and operations. Here are a few news articles. This is their third report.

Hacking 337

Hacking Government Accountability Technology 337

Schneier on Security

JANUARY 20, 2020

The New York Times has a long story about Clearview AI, a small company that scrapes identified photos of people from pretty much everywhere, and then uses unstated magical AI technology to identify people in other photos. Another article. His tiny company, Clearview AI, devised a groundbreaking facial recognition app.

Identity Theft 266

Identity Theft Government Technology 266

SecureList

MARCH 10, 2025

Last year, we published an article about SideWinder , a highly prolific APT group whose primary targets have been military and government entities in Pakistan, Sri Lanka, China, and Nepal. Infection vectors The infection pattern observed in the second part of 2024 is consistent with the one described in the previous article.

Energy and Utilities 121

Energy and Utilities Malware Government Phishing 121

Joseph Steinberg

MARCH 23, 2021

Steinberg: While I’ve been involved in many interesting projects over the past few decades, I’m proudest about having helped many people without technology backgrounds stay safe from cyber threats.

Cybersecurity 246

Cybersecurity Artificial Intelligence Education Cyber threats 246

Trend Micro

AUGUST 3, 2024

This article by Trend Micro CEO Eva Chen brings focus back to striking the cybersecurity strategies balance between business C-suite and information technology (IT) departments.

Technology 124

Technology Cybersecurity Artificial Intelligence Cyber threats 124

Krebs on Security

NOVEMBER 28, 2022

Edwards said Pushwoosh began as Arello-Mobile , and for several years the two co-branded — appearing side by side at various technology expos. used to outsource development parts of the product to the Russian company in Novosibirsk, mentioned in the article,” the company said. “Pushwoosh Inc. terminated the contract.”

Mobile 288

Mobile Malware Technology Government 288

Krebs on Security

JUNE 29, 2023

In a statement provided to KrebsOnSecurity, Group-IB said Mr. Kislitsin is no longer an employee, and that he now works for a Russian organization called FACCT , which stands for “ Fight Against Cybercrime Technologies.” “The company is monitoring developments.”

Cybersecurity 300

Cybersecurity Cybercrime Hacking Government 300

Schneier on Security

SEPTEMBER 26, 2019

News articles talk about " spy trains ," and the possibility that the train cars might surreptitiously monitor their passengers' faces, movements, conversations or phone calls. Meanwhile, the chairman of China's technology giant Huawei has pointed to NSA spying disclosed by Edward Snowden as a reason to mistrust US technology companies.

Surveillance 249

Surveillance Wireless Government Internet 249

Schneier on Security

MAY 26, 2020

This is new research on a Bluetooth vulnerability (called BIAS) that allows someone to impersonate a trusted device: Abstract: Bluetooth (BR/EDR) is a pervasive technology for wireless communication used by billions of devices. News articles.

Authentication 233

Authentication Wireless Manufacturing Technology 233

Schneier on Security

DECEMBER 19, 2023

Some articles are more nuanced , but there’s still a lot of confusion. This isn’t helped by the fact that AI technology means the scope of what’s possible is changing at a rate that’s hard to appreciate even if you’re deeply aware of the space. Here’s CNBC. Here’s Boing Boing. It seems not to be true.

Government 338

Government Banking Risk Internet 338

Schneier on Security

OCTOBER 28, 2020

Senator Ron Wyden asked, and the NSA didn’t answer : The NSA has long sought agreements with technology companies under which they would build special access for the spy agency into their products, according to disclosures by former NSA contractor Edward Snowden and reporting by Reuters and others.

Firewall 332

Firewall Surveillance Government Internet 332

Schneier on Security

JULY 26, 2023

The European Telecommunications Standards Institute (ETSI), an organization that standardizes technologies across the industry, first created TETRA in 1995. Another news article. Seems that there is a deliberate backdoor in the twenty-year-old TErrestrial Trunked RAdio (TETRA) standard used by police forces around the world.

Telecommunications 246

Telecommunications Encryption Technology Software 246

The Last Watchdog

AUGUST 10, 2022

Technology provides opportunities to positively impact the world and improve lives. Some bad actors also use this technology to create synthetic audio. Some of the roles include: •Information technology (IT). Finance- and employment-related technology. Using technology to fight technology can take people only so far.

Education 229

Education Technology Banking Cybersecurity 229

Joseph Steinberg

FEBRUARY 9, 2021

If you have not yet read my article on the aforementioned subject, I strongly suggest taking a look.). (If If you have not yet read my article on the aforementioned subject, I strongly suggest taking a look.). In some ways, CrowdSec mimics the behavior of a constantly-self-updating, massive, multi-party, and multi-network firewall.

Firewall 212

Firewall Technology Artificial Intelligence Risk 212