Schneier on Security

AUGUST 28, 2024

Matthew Green wrote a really good blog post on what Telegram’s encryption is and is not.

Encryption 334

Encryption 334

Malwarebytes

MARCH 26, 2025

Through an automated attack disguised as a notice from Hunts chosen newsletter provider Mailchimp, scammers stole roughly 16,000 records belonging to current and past subscribers of Hunts blog. The email claimed that Mailchimp was temporarily cutting service to Hunt because his blog had allegedly received a spam complaint. Hunt wrote.

Phishing 128

Phishing Data breaches Password Management Scams 128

Schneier on Security

JULY 19, 2024

He’s written a blog post about what he’s learned and what comes next. Brett Solomon is retiring from AccessNow after fifteen years as its Executive Director.

312

312

Troy Hunt

MARCH 30, 2025

On that note, stay tuned for the promised "Passkeys for Normal People" blog post, I hope to be talking about that in next week's video (travel schedule permitting). I've no doubt whatsoever this is a net-positive event that will do way more good than harm.

Phishing 229

Phishing Data breaches Scams 229

Graham Cluley

OCTOBER 17, 2024

Read more in my article on the Tripwire State of Security blog. And boy do we need some good news - amid reports that 389 US-based healthcare institutions were hit by ransomware last year - more than one every single day.

Ransomware 114

Ransomware Encryption Healthcare Data breaches 114

Schneier on Security

SEPTEMBER 6, 2024

Blog moderation policy. The first live video of the Promachoteuthis squid, filmed at a newly discovered seamount off the coast of Chile.

279

279

Krebs on Security

MARCH 14, 2025

. “This campaign delivers multiple families of commodity malware, including XWorm, Lumma stealer, VenomRAT, AsyncRAT, Danabot, and NetSupport RAT,” Microsoft wrote in a blog post on Thursday. “Depending on the specific payload, the specific code launched through mshta.exe varies.

Phishing 283

Phishing Malware Scams Passwords 283

Security Boulevard

DECEMBER 9, 2024

This blog post explores how maintaining USB security mitigates insider threats and fosters a secure workplace environment. The post The Role of USB Security in Combating Insider Threats appeared first on Security Boulevard.

Software 132

Software Security Awareness Cybersecurity 132

Troy Hunt

MARCH 3, 2025

But the confusing nature of stealer logs coupled with an overtly long blog post explaining them and the conflation of which services needed a subscription versus which were easily accessible by anyone made for a very intense last 6 days. That was a bit intense, as is usually the way after any large incident goes into HIBP.

Passwords 243

Passwords Accountability Malware 243

Krebs on Security

MARCH 11, 2025

. “Garantex has been used in sanctions evasion by Russian elites, as well as to launder proceeds of crime including ransomware, darknet market trade and thefts attributed to North Koreas Lazarus Group,” Elliptic wrote in a blog post.

Ransomware 276

Ransomware Cryptocurrency Marketing Government 276

Schneier on Security

SEPTEMBER 27, 2024

Blog moderation policy. Fishermen are catching more squid as other fish are depleted.

252

252

Schneier on Security

OCTOBER 11, 2024

Blog moderation policy. Fishermen in Tamil Nadu are reporting smaller catches of squid.

247

247

Schneier on Security

MARCH 21, 2025

The UK’s National Computer Security Center (part of GCHQ) released a timeline —also see their blog post —for migration to quantum-computer-resistant cryptography. It even made The Guardian.

261

261

Graham Cluley

OCTOBER 24, 2024

Read more in my article on the Tripwire State of Security blog. And the recent discovery of a new malware strain emphasises that the threat - even if much smaller than on Windows - remains real.

Ransomware 114

Ransomware Malware 114

Schneier on Security

SEPTEMBER 17, 2024

On this blog, let’s stick to the tech and the security ramifications of the threat. And it seems to be a large detonation for an overloaded battery. This reminds me of the 1996 assassination of Yahya Ayyash using a booby trapped cellphone. EDITED TO ADD: I am deleting political comments.

70

70

Krebs on Security

JANUARY 7, 2025

The image that Lookout used in its blog post for Crypto Chameleon can be seen in the lower right hooded figure. That latter domain was created and deployed shortly after Lookout published its blog post on Crypto Chameleon. com and two other related control domains — thebackendserver[.]com com and lookoutsucks[.]com.

Phishing 336

Phishing Cryptocurrency Accountability Social Engineering 336

Krebs on Security

OCTOBER 17, 2024

. “Where their potential impact becomes really significant is when they then acquire access to thousands of other machines — typically misconfigured web servers — through which almost anyone can funnel attack traffic,” Amazon explained in a blog post.

DDOS 269

DDOS Government Internet Internet 269

Adam Shostack

JANUARY 2, 2025

That the White House is involved should not be a shocker to readers of this blog, and it represents a fascinating state of the evolution of the conversation around memory safety that it would reach that level. Blog overview or direct link.) Regulation The White House released a report on memory safe languages.

Software 130

Software Advertising Hacking 130

NSTIC

OCTOBER 17, 2024

This blog is part of a larger NIST series during the month of October for Cybersecurity Awareness Month , called 'Staff Stories Spotlight.'

Cybersecurity 94

Cybersecurity 94

Heimadal Security

NOVEMBER 1, 2024

The same threat actors breached the tech giant earlier this week and are responsible for the notorious SolarWinds supply chain attack […] The post Microsoft Warns: Midnight Blizzard’s Ongoing Spear-Phishing Campaign with RDP Files appeared first on Heimdal Security Blog.

Phishing 98

Phishing Cybersecurity 98

Schneier on Security

AUGUST 12, 2024

Through this analysis, we illuminate key and novel patterns in misuse during this time period, including potential motivations, strategies, and how attackers leverage and abuse system capabilities across modalities (e.g. image, text, audio, video) in the wild. Note the graphic mapping goals with strategies.

Artificial Intelligence 330

Artificial Intelligence Risk 330

Daniel Miessler

DECEMBER 24, 2022

It started back in August of 2022 as a fairly common breach notification on a blog, but it, unfortunately, turned into more of a blog series. If you follow Information Security at all you are surely aware of the LastPass breach situation.

Password Management 364

Password Management Passwords Encryption Backups 364

Schneier on Security

OCTOBER 27, 2023

found no expired certificates on the server, ­ as explained in a blog post by ValdikSS, a pseudonymous anti-censorship researcher based in Russia who collaborated on the investigation. However, jabber.ru

Encryption 326

Encryption Surveillance 326

Heimadal Security

NOVEMBER 22, 2024

The same agencies issued a joint advisory in May that warned about BianLian’s shifting tactics, which […] The post CISA: BianLian Ransomware Focus Switches to Data Theft appeared first on Heimdal Security Blog.

Ransomware 104

Ransomware Cybersecurity 104

Heimadal Security

JANUARY 16, 2025

This article outlines the crucial steps for aligning with NIS2 standards, drawn from our comprehensive NIS2 […] The post Your Ultimate Guide to NIS2 Compliance: Key Steps and Insights appeared first on Heimdal Security Blog.

Cyber Risk 111

Cyber Risk Risk Cybersecurity 111

NSTIC

FEBRUARY 26, 2025

To make improving your security posture even easier, in this blog we are: Sharing new CSF 2.0 It has been one year since the release of the NIST Cybersecurity Framework (CSF) 2.0 !

Cybersecurity 109

Cybersecurity 109

Heimadal Security

NOVEMBER 1, 2024

The rules apply to key digital service providers, […] The post EU Adopts New Cybersecurity Rules for Critical Infrastructure Under NIS2 Directive appeared first on Heimdal Security Blog.

Cybersecurity 97

Cybersecurity 97

Adam Shostack

FEBRUARY 18, 2025

If youve read my recent blog post on Hoarding, Debt and Threat Modeling , youll hear me reiterate how people often try to model everything at once and get overwhelmed in the process. I wanted to share some key themes we explored. One of the core messages I emphasized is how we can make threat modeling more accessible.

130

130

Schneier on Security

FEBRUARY 26, 2024

There’s a lot of detail in the Apple blog post , and more in Douglas Stabila’s security analysis. Apple announced PQ3 , its post-quantum encryption standard based on the Kyber secure key-encapsulation protocol, one of the post-quantum algorithms selected by NIST in 2022. I am of two minds about this.

Encryption 349

Encryption 349

Troy Hunt

OCTOBER 14, 2023

here's a blog post about how stupid class actions like this are! Protect your identity now.

Data breaches 313

Data breaches Advertising Marketing Account Security 313

Heimadal Security

NOVEMBER 6, 2024

Recognizing […] The post Heimdal and COOLSPIRiT Team Up to Strengthen UK Business Cybersecurity appeared first on Heimdal Security Blog. Today’s organizations face sophisticated cyber threats targeting critical systems and data.

Cybersecurity 109

Cybersecurity Cyber threats Technology 109

Adam Shostack

JANUARY 2, 2025

Google has released information on their Secure by Design commitment, including a blog and white paper. Were launching a course, Scaling Threat Modeling , and theres a survey at the end of that blog announcement. Adam participated in the keynote, and we talked to lots of folks about how we can help them threat model. (If

Manufacturing 130

Manufacturing Data breaches Software Cybersecurity 130

Heimadal Security

JANUARY 13, 2025

This partnership will help MSPs in France deal with todays growing cybersecurity challenges by simplifying how they manage security and offering reliable tools from a […] The post Heimdal and Watsoft Team Up to Strengthen MSP Cybersecurity in France appeared first on Heimdal Security Blog.

Cybersecurity 105

Cybersecurity 105

Adam Shostack

JANUARY 2, 2025

Google calls attention to our Cyber Public Health work Last week, Bill Reid and Taylor Lehmann, both in the Office of the CISO at Google Cloud, wrote a blog post, Cyber Public Health: A new approach to cybersecurity.

CISO 130

CISO Technology Cybersecurity 130

ZoneAlarm

NOVEMBER 18, 2024

These fraudulent websites … The post Fraud Network Operates 4,700 Fake Shopping Sites to Steal Credit Card Data appeared first on ZoneAlarm Security Blog. The SilkSpecter network orchestrated a massive operation involving thousands of fake e-commerce sites.

Phishing 93

Phishing Engineering Cybersecurity Data privacy 93

Malwarebytes

NOVEMBER 4, 2024

In this blog post, we take a look at how criminals are abusing Bing and stay under the radar at the same time while also bypassing advanced security features such as two-factor authentication. The idea is about creating content that looks real, like a blog, but with malicious intent (monetization or other). com info-blog-news[.]com

Engineering 134

Engineering Phishing Banking Authentication 134

ZoneAlarm

DECEMBER 9, 2024

Recently, the incident returned to the spotlight due to new updates on the breachs scope … The post Anna Jaques Hospital Ransomware Breach Exposes Patient Data appeared first on ZoneAlarm Security Blog.

Ransomware 88

Ransomware Healthcare Cybersecurity 88