Schneier on Security

JANUARY 6, 2022

The privacy-oriented search engine netted more than 35 billion search queries in 2021 , a 46.4% It’s not as a good a search engine as Google. To solve that, I use use the feature that allows me to use Google’s search engine through DuckDuckGo: prepend “!Google” jump over 2020 (23.6 That’s big.

Engineering 360

Engineering Internet Internet 360

SecureList

APRIL 16, 2025

Triage and investigation The most typical issues at this stage are: Lack of a documented triage procedure analysts often rely on generic, high-level response playbooks sourced from the internet, especially from unreliable sources, which slows or hinders the process of qualifying alerts as potential incidents.

Engineering 71

Engineering Threat Detection Firewall Digital transformation 71

Krebs on Security

FEBRUARY 11, 2025

Tenable senior staff research engineer Satnam Narang noted that since 2022, there have been nine elevation of privilege vulnerabilities in this same Windows component — three each year — including one in 2024 that was exploited in the wild as a zero day (CVE-2024-38193).

Artificial Intelligence 216

Artificial Intelligence Engineering Software Internet 216

Krebs on Security

JANUARY 14, 2025

“What makes this vulnerability so impactful is the fact that it is remotely exploitable, so attackers can reach the compromised machine(s) over the internet, and the attacker does not need significant knowledge or skills to achieve repeatable success with the same payload across any vulnerable component,” Hopkins wrote.

Artificial Intelligence 292

Artificial Intelligence Social Engineering Encryption Internet 292

Anton on Security

SEPTEMBER 21, 2023

This blog series was written jointly with Amine Besson, Principal Cyber Engineer, Behemoth CyberDefence and one more anonymous collaborator. Detection Engineering is Painful — and It Shouldn’t Be (Part 1) Contrary to what some may think, a detection and response (D&R) success is more about the processes and people than about the SIEM.

Engineering 221

Engineering Threat Detection Marketing Internet 221

Security Affairs

OCTOBER 19, 2024

North Korea-linked group APT37 exploited an Internet Explorer zero-day vulnerability in a supply chain attack. The vulnerability is a scripting engine memory corruption issue that could lead to arbitrary code execution. As a result, TA-RedAnt exploited the toast ad program that were using the vulnerable IE browser engine (jscript9.dll),

Internet 143

Internet Internet Engineering Malware 143

Security Through Education

MARCH 3, 2025

When I first heard of social engineering, about 6 years ago, I couldnt define it clearly and concisely if you had offered me millions of dollars. ’ Lets re-visit what social engineering really means, how people use it, and how you can start protecting yourself from it. Either way, lets refresh and learn together!

Social Engineering 59

Social Engineering Engineering Scams Banking 59

Schneier on Security

MAY 30, 2025

It’s a folk belief, all over the Internet but with no actual research behind it—like the five-second rule when you drop food on the floor. It presumes people have the cognitive tools to understand the myriad potential attacks and figure out which one of the thousands of Internet actions they take is harmful.

Cybersecurity 234

Cybersecurity Scams Security Awareness Phishing 234

Krebs on Security

MAY 14, 2025

.” Two other zero-days patched by Microsoft today also were elevation of privilege flaws: CVE-2025-32709 , which concerns afd.sys, the Windows Ancillary Function Driver that enables Windows applications to connect to the Internet; and CVE-2025-30400 , a weakness in the Desktop Window Manager (DWM) library for Windows.

Artificial Intelligence 194

Artificial Intelligence Internet Internet Engineering 194

Schneier on Security

AUGUST 29, 2024

Remember that talk was given in 1982, less than a year before the ARPANET switched to TCP/IP and the internet went operational. It’s a wonderful talk: funny, engaging, wise, prescient. She was a remarkable person.

Engineering 343

Engineering Internet Internet 343

Krebs on Security

MARCH 27, 2025

Rather, it appears those responsible are promoting them by manipulating the search engine results shown when someone searches for one of these anti-Putin organizations.

Phishing 230

Phishing Government Engineering Internet 230

Krebs on Security

AUGUST 27, 2024

Malicious hackers are exploiting a zero-day vulnerability in Versa Director , a software product used by many Internet and IT service providers. ” Ryan English , an information security engineer at Lumen, said it’s disappointing his employer didn’t at least garner an honorable mention in Versa’s security advisory.

Internet 343

Internet Internet Technology Engineering 343

Schneier on Security

MARCH 30, 2023

Now this is interesting: Thousands of pages of secret documents reveal how Vulkan’s engineers have worked for Russian military and intelligence agencies to support hacking operations, train operatives before attacks on national infrastructure, spread disinformation and control sections of the internet.

Engineering 331

Engineering Internet Internet Hacking 331

Krebs on Security

MARCH 11, 2025

Rapid7’s lead software engineer Adam Barnett said Windows 11 and Server 2019 onwards are not listed as receiving patches, so are presumably not vulnerable. The SANS Internet Storm Center has a useful list of all the Microsoft patches released today, indexed by severity.

System Administration 243

System Administration Engineering Internet Internet 243

Schneier on Security

APRIL 2, 2024

An intentionally placed backdoor in xz Utils, an open-source compression utility, was pretty much accidentally discovered by a Microsoft engineer—weeks before it would have been incorporated into both Debian and Red Hat Linux. The cybersecurity world got really lucky last week. modified the way the software functions.

Social Engineering 354

Social Engineering Engineering Software Encryption 354

Krebs on Security

NOVEMBER 9, 2024

In the United States, when federal, state or local law enforcement agencies wish to obtain information about an account at a technology provider — such as the account’s email address, or what Internet addresses a specific cell phone account has used in the past — they must submit an official court-ordered warrant or subpoena.

Hacking 296

Hacking Accountability Government Social Engineering 296

Krebs on Security

MAY 20, 2025

The brief attack appears to have been a test run for a massive new Internet of Things (IoT) botnet capable of launching crippling digital assaults that few web destinations can withstand. Google Security Engineer Damian Menscher told KrebsOnSecurity the May 12 attack was the largest Google has ever handled.

DDOS 296

DDOS IoT Internet Internet 296

Schneier on Security

APRIL 25, 2024

In just a few decades, much of human knowledge has been collectively written up and made available to anyone with an internet connection. The internet initially promised to change this process. Large language models, or LLMs, are trained on massive troves of material—nearly the entire internet in some cases.

Engineering 360

Engineering Internet Internet Artificial Intelligence 360

Schneier on Security

JULY 25, 2024

Friday’s massive internet outage, caused by a mid-sized tech company called CrowdStrike, disrupted major airlines, hospitals, and banks. The catastrophe is yet another reminder of how brittle global internet infrastructure is. Compare the internet with ecological systems. Nearly 7,000 flights were canceled.

Marketing 351

Marketing Software Internet Internet 351

Schneier on Security

MARCH 15, 2021

OF leverages online finder devices to detect the presence of missing offline devices using Bluetooth and report an approximate location back to the owner via the Internet. To this end, we recover the specifications of the closed-source OF protocols by means of reverse engineering.

Engineering 363

Engineering Internet Internet 363

Krebs on Security

OCTOBER 18, 2024

Additional reporting revealed National Public Data had inadvertently published its own passwords on the Internet. The company is now the target of multiple class-action lawsuits, and recently declared bankruptcy. national infrastructure.

Social Engineering 281

Social Engineering Passwords Cybercrime Mobile 281

Schneier on Security

MAY 21, 2024

Apple and Google said they will continue collaborating with the Internet Engineering Task Force to further develop this technology and address the issue of unwanted tracking. Several Bluetooth tag companies have committed to making their future products compatible with the new standard.

Engineering 315

Engineering Internet Internet Technology 315

Krebs on Security

OCTOBER 8, 2024

One of the zero-day flaws — CVE-2024-43573 — stems from a security weakness in MSHTML , the proprietary engine of Microsoft’s Internet Explorer web browser. Cemerikic noted that while Internet Explorer is being retired on many platforms, its underlying MSHTML technology remains active and vulnerable.

Engineering 278

Engineering Internet Internet System Administration 278

Schneier on Security

APRIL 11, 2024

Last week, the internet dodged a major nation-state attack that would have had catastrophic cybersecurity repercussions worldwide. There are libraries for everything: displaying objects in 3D, spell-checking, performing complex mathematics, managing an e-commerce shopping cart, moving files around the internet—everything.

Software 361

Software Engineering Internet Internet 361

Krebs on Security

SEPTEMBER 10, 2021

The assault came from “ Meris ,” the same new “Internet of Things” (IoT) botnet behind record-shattering attacks against Russian search giant Yandex this week and internet infrastructure firm Cloudflare earlier this summer. Cloudflare recently wrote about its attack , which clocked in at 17.2 Image: Qrator.

IoT 354

IoT DDOS Internet Internet 354

Security Affairs

APRIL 1, 2025

Researchers at Microsofts Offensive Research and Security Engineering (MORSE) team have discovered a critical code execution vulnerability, tracked as CVE-2025-1268 (CVSS score of 9.4), impacting Canon printer drivers. Microsofts offensive security team discovered a critical code execution vulnerability impacting Canon printer drivers.

Engineering 131

Engineering Internet Internet Hacking 131

Krebs on Security

OCTOBER 4, 2021

We don’t yet know why this happened, but the how is clear: Earlier this morning, something inside Facebook caused the company to revoke key digital records that tell computers and other Internet-enabled devices how to find these destinations online. Kentik’s view of the Facebook, Instagram and WhatsApp outage. Update, 6:16 p.m.

Internet 363

Internet Internet DNS Marketing 363

Schneier on Security

JUNE 5, 2023

Now engineers and designers are rationalizing the way they go about building new models, taking advantage of much more powerful hardware to consolidate all those discrete functions into a small number of domain controllers. The behavior of new cars is increasingly defined by software, too.

Software 289

Software Engineering Internet Internet 289

Krebs on Security

NOVEMBER 14, 2024

Golubov later earned immunity from prosecution by becoming an elected politician and founding the Internet Party of Ukraine , which called for free internet for all, the creation of country-wide “hacker schools” and the “computerization of the entire economy.” He also apparently ran a business called click2dad[.]net

Retail 277

Retail Advertising Cryptocurrency Cybercrime 277

Krebs on Security

AUGUST 21, 2020

” The perpetrators focus on social engineering new hires at the targeted company, and impersonate staff at the target company’s IT helpdesk. The internet is a public resource; only post information you are comfortable with anyone seeing. authenticate the phone call before sensitive information can be discussed.

VPN 363

VPN Social Engineering Authentication Engineering 363

Krebs on Security

DECEMBER 29, 2024

Easily the longest story this year was an investigation into Stark Industries Solutions , a large, mysterious new Internet hosting firm that materialized when Russia invaded Ukraine. Fittingly, Radaris now pimps OneRep as a service when consumers request that their personal information be removed from the data broker’s website.

Scams 244

Scams Cybercrime Cryptocurrency Social Engineering 244

Security Affairs

MAY 14, 2025

The bug forces Edge to switch into Internet Explorer mode. . “Microsoft lists five bugs as being under active attack at the time of release, with two others being publicly known.”

Engineering 101

Engineering Ransomware Phishing Internet 101

Krebs on Security

NOVEMBER 21, 2024

Many of the hacking group’s phishing domains were registered through the registrar NameCheap , and FBI investigators said records obtained from NameCheap showed the person who managed those phishing websites did so from an Internet address in Scotland.

Identity Theft 271

Identity Theft Phishing Cryptocurrency Accountability 271

Krebs on Security

JANUARY 24, 2020

In the case of e-hawk.net, however, the scammers managed to trick an OpenProvider customer service rep into transferring the domain to another registrar with a fairly lame social engineering ruse — and without triggering any verification to the real owners of the domain. ” REGISTRY LOCK.

DNS 337

DNS Social Engineering Engineering Accountability 337

Krebs on Security

FEBRUARY 5, 2020

Many modern vehicles let owners use the Internet or a mobile device to control the car’s locks, track location and performance data, and start the engine. But he can still remotely track its location and usage, lock and unlock it, and start the engine.

Mobile 344

Mobile Engineering Internet Internet 344

Schneier on Security

SEPTEMBER 29, 2020

As expected, IoT devices are filled with vulnerabilities : As a thought experiment, Martin Hron, a researcher at security company Avast, reverse engineered one of the older coffee makers to see what kinds of hacks he could do with it. After just a week of effort, the unqualified answer was: quite a lot.

Hacking 363

Hacking IoT Engineering Internet 363

The Last Watchdog

OCTOBER 30, 2023

Unfortunately, most SOCs are still understaffed so detection engineering often goes on the back burner in favor of managing the alert queue. I think the biggest problem is in reactivity and how it forces us to use our more experienced engineers. Right now, the impact an engineer has is typically limited to their own organization.

Engineering 311

Engineering Mobile Internet Internet 311