More Russian Hacking

Schneier on Security

Uncategorized cybersecurity hacking malware Microsoft RussiaTwo reports this week.

FireEye Hacked

Schneier on Security

FireEye was hacked by — they believe — “a nation with top-tier offensive capabilities”: During our investigation to date, we have found that the attacker targeted and accessed certain Red Team assessment tools that we use to test our customers’ security.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

When AIs Start Hacking

Schneier on Security

Hacking is as old as humanity. To date, hacking has exclusively been a human activity. After hacking humanity, AI systems will then hack other AI systems, and humans will be little more than collateral damage. Separately, AIs can engage in something called reward hacking.

NSO Group Hacked

Schneier on Security

NSO Group, the Israeli cyberweapons arms manufacturer behind the Pegasus spyware — used by authoritarian regimes around the world to spy on dissidents, journalists, human rights workers, and others — was hacked.

Hacking Weapons Systems

Schneier on Security

Lukasz Olejnik has a good essay on hacking weapons systems. Uncategorized cyberattack cyberweapons hacking infrastructure military national security policy weapons

Another SolarWinds Orion Hack

Schneier on Security

The sources, who spoke on condition of anonymity to discuss ongoing investigations, said the attackers used computer infrastructure and hacking tools previously deployed by state-backed Chinese cyberspies. […]. Uncategorized backdoors China cyberespionage FBI hacking Russia supply chai

Hacking a Coffee Maker

Schneier on Security

As expected, IoT devices are filled with vulnerabilities : As a thought experiment, Martin Hron, a researcher at security company Avast, reverse engineered one of the older coffee makers to see what kinds of hacks he could do with it.

Hacking Apple for Profit

Schneier on Security

Five researchers hacked Apple Computer’s networks — not their products — and found fifty-five vulnerabilities. Uncategorized Apple hacking incentives vulnerabilities

Hacking Digitally Signed PDF Files

Schneier on Security

Uncategorized academic papers Adobe hacking signaturesInteresting paper: “ Shadow Attacks: Hiding and Replacing Content in Signed PDFs “: Abstract: Digitally signed PDFs are used in contracts and invoices to guarantee the authenticity and integrity of their content.

Hacked by Police

Schneier on Security

French police hacked EncroChat secure phones, which are widely used by criminals: Encrochat's phones are essentially modified Android devices, with some models using the "BQ Aquaris X2," an Android handset released in 2018 by a Spanish electronics company, according to the leaked documents.

Three Top Russian Cybercrime Forums Hacked

Krebs on Security

Over the past few weeks, three of the longest running and most venerated Russian-language online forums serving thousands of experienced cybercriminals have been hacked. A note posted by a Verified forum administrator concerning the hack of its registrar in January.

Tesla Remotely Hacked from a Drone

Schneier on Security

This is an impressive hack: Security researchers Ralf-Philipp Weinmann of Kunnamon, Inc. Uncategorized cars drones hacking vulnerabilities Wi-Fi

Accellion Supply Chain Hack

Schneier on Security

A vulnerability in the Accellion file-transfer program is being used by criminal groups to hack networks worldwide. Uncategorized hacking patching supply chain vulnerabilities

Marriott Was Hacked -- Again

Schneier on Security

accountability breaches disclosure hacking hotelsMarriott announced another data breach, this one affecting 5.2

Hacking a Power Supply

Schneier on Security

This hack targets the firmware on modern power supplies. academicpapers firmware hacking phonesYes, power supplies are also computers.).

North Korea ATM Hack

Schneier on Security

atms banking cybercrime cybersecurity hacking malware northkorea

2017 Tesla Hack

Schneier on Security

cars classbreaks hacking vulnerabilitiesInteresting story of a class break against the entire Tesla fleet.

Hacking AI-Graded Tests

Schneier on Security

artificialintelligence cheating hacking schoolsThe company Edgenuity sells AI systems for grading tests. Turns out that they just search for keywords without doing any actual semantic analysis.

UAE Hack and Leak Operations

Schneier on Security

Interesting paper on recent hack-and-leak operations attributed to the UAE: Abstract: Four hack-and-leak operations in U.S. academicpapers cybersecurity hacking leaks nationalsecuritypolicy qatar saudiarabia unitedarabemirates

The Story of the 2011 RSA Hack

Schneier on Security

Really good long article about the Chinese hacking of RSA, Inc. Uncategorized China cybersecurity hacking RSA supply chainThey were able to get copies of the seed values to the SecurID authentication token, a harbinger of supply-chain attacks to come.

Alaska’s Department of Health and Social Services Hack

Schneier on Security

Apparently, a nation-state hacked Alaska’s Department of Health and Social Services. Uncategorized cyberespionage hacking healthcare leaks

Hacking McDonald's for Free Food

Schneier on Security

This hack was possible because the McDonald's app didn't authenticate the server, and just did whatever the server told it to do: McDonald's receipts in Germany end with a link to a survey page. authentication hacking vulnerabilities

Latest on the SVR’s SolarWinds Hack

Schneier on Security

The New York Times has an in-depth article on the latest information about the SolarWinds hack (not a great name, since it’s much more far-reaching than that). There is also no indication yet that any human intelligence alerted the United States to the hacking.

Hacking School Surveillance Systems

Schneier on Security

Lance Vick suggesting that students hack their schools' surveillance systems. generations hacking privacy schools surveillanceThis is an ethical minefield that I feel students would be well within their rights to challenge, and if needed, undermine," he said.

Dark Web Hosting Provider Hacked

Schneier on Security

Daniel's Hosting, which hosts about 7,600 dark web portals for free, has been hacked and is down. darkweb hackingIt's unclear when, or if, it will be back up.

Hacked IoT Devices Livestreaming Swatting Attacks: FBI

Adam Levin

The post Hacked IoT Devices Livestreaming Swatting Attacks: FBI appeared first on Adam Levin. Data Security Technology featured hacking IoT swatHackers are using internet-connected home devices to livestream “swatting” attacks, according to the FBI.

IoT 249

Collating Hacked Data Sets

Schneier on Security

Two Harvard undergraduates completed a project where they went out on the Dark Web and found a bunch of stolen datasets. Then they correlated all the information , and then combined it with additional, publicly available information. No surprise: the result was much more detailed and personal.

More Detail on the Juniper Hack and the NSA PRNG Backdoor

Schneier on Security

Here’s me in 2015 about this Juniper hack. Uncategorized backdoors China firewall hacking Juniper NSA random numbersWe knew the basics of this story , but it’s good to have more detail. Here’s me in 2007 on the NSA backdoor.

NSA Advisory on Chinese Government Hacking

Schneier on Security

This advisory provides Common Vulnerabilities and Exposures (CVEs) known to be recently leveraged, or scanned-for, by Chinese state-sponsored cyber actors to enable successful hacking operations against a multitude of victim networks. Uncategorized China hacking NSA vulnerabilities

More on the Chinese Zero-Day Microsoft Exchange Hack

Schneier on Security

Nick Weaver has an excellent post on the Microsoft Exchange hack: The investigative journalist Brian Krebs has produced a handy timeline of events and a few things stand out from the chronology. Uncategorized China cybersecurity hacking Microsoft patching zero-day

Leaked NSA Hacking Tools

Schneier on Security

In 2016, a hacker group calling itself the Shadow Brokers released a trove of 2013 NSA hacking tools and related documents. china disclosure hacking nsa russia vulnerabilities zerodayMost people believe it is a front for the Russian government. Since, then the vulnerabilities and tools have been used by both government and criminals, and put the NSA's ability to secure its own cyberweapons seriously into question.

Where Next With Hacking Back Against Cyber Crime?

Lohrman on Security

to hack back against cybercrimminals and hold nation-states responsible. After the recent ransomware attacks against Colonial Pipeline, JBS and others, there are new calls for the U.S. So what now?

Hacking Voice Assistants with Ultrasonic Waves

Schneier on Security

I previously wrote about hacking voice assistants with lasers. academicpapers android apple google hacking iphone sidechannelattacks smartphones video

Norwegian Government Blames Russia for Hacking Campaign

Adam Levin

The Norwegian government has blamed Russia for a hacking campaign that targeted the email accounts of parliament members. The post Norwegian Government Blames Russia for Hacking Campaign appeared first on Adam Levin.

Brazilian Cell Phone Hack

Schneier on Security

The cell phones of a thousand Brazilians, including senior government officials, was hacked -- seemingly by actors much less sophisticated than rival governments. Brazil's federal police arrested four people for allegedly hacking 1,000 cellphones belonging to various government officials, including that of President Jair Bolsonaro. brazil cellphones cybersecurity hacking

Iranian Government Hacking Android

Schneier on Security

U.S. Treasury, Commerce Depts. Hacked Through SolarWinds Compromise

Krebs on Security

FireEye posits the impact of the hack on SolarWinds is widespread, affecting public and private organizations around the world. Communications at the U.S.

Hacking Hardware Security Modules

Schneier on Security

academicpapers hacking hardware securityengineeringSecurity researchers Gabriel Campana and Jean-Baptiste Bédrune are giving a hardware security module (HSM) talk at BlackHat in August: This highly technical presentation targets an HSM manufactured by a vendor whose solutions are usually found in major banks and large cloud service providers. It will demonstrate several attack paths, some of them allowing unauthenticated attackers to take full control of the HSM.

Twitch Was Hacked

Heimadal Security

The post Twitch Was Hacked appeared first on Heimdal Security Blog. Cybersecurity News data breach data leak hacker twitch twitch hackTwitch is a video live streaming service based in the United States that specializes in video game live broadcasting, including esports tournaments.

SolarWinds Hack Could Affect 18K Customers

Krebs on Security

FireEye didn’t explicitly say its own intrusion was the result of the SolarWinds hack, but the company confirmed as much to KrebsOnSecurity earlier today. 13, news broke that the SolarWinds hack resulted in attackers reading the email communications at the U.S.

Syniverse Hack

Schneier on Security

No details about the hack. Uncategorized cybersecurity data breaches hacking

A Devastating Twitch Hack Sends Streamers Reeling

WIRED Threat Level

Security Security / Cyberattacks and Hacks Culture Culture / Video GamesThe data breach apparently includes source code, gamer payouts, and more.

Technical Report of the Bezos Phone Hack

Schneier on Security

amazon hacking malware saudiarabia smartphones spyware