Cyber Security Informer

Social Engineering to Disable iMessage Protections

Schneier on Security

JANUARY 17, 2025

I am always interested in new phishing tricks, and watching them spread across the ecosystem. A few days ago I started getting phishing SMS messages with a new twist. They were standard messages about delayed packages or somesuch, with the goal of getting me to click on a link and entering some personal information into a website. But because they came from unknown phone numbers, the links did not work.

Social Engineering

Social Engineering Engineering Phishing

FBI Deletes PlugX Malware from Thousands of Computers

Schneier on Security

JANUARY 16, 2025

According to a DOJ press release , the FBI was able to delete the Chinese-used PlugX malware from “approximately 4,258 U.S.-based computers and networks.” Details : To retrieve information from and send commands to the hacked machines, the malware connects to a command-and-control server that is operated by the hacking group. According to the FBI , at least 45,000 IP addresses in the US had back-and-forths with the command-and-control server since September 2023.

Malware

Malware Hacking Software

Phishing False Alarm

Schneier on Security

JANUARY 15, 2025

A very security-conscious company was hit with a (presumed) massive state-actor phishing attack with gift cards, and everyone rallied to combat it—until it turned out it was company management sending the gift cards.

Phishing

Microsoft Takes Legal Action Against AI “Hacking as a Service” Scheme

Schneier on Security

JANUARY 13, 2025

Not sure this will matter in the end, but it’s a positive move : Microsoft is accusing three individuals of running a “hacking-as-a-service” scheme that was designed to allow the creation of harmful and illicit content using the company’s platform for AI-generated content. The foreign-based defendants developed tools specifically designed to bypass safety guardrails Microsoft has erected to prevent the creation of harmful content through its generative AI services, said S

Hacking

Hacking Authentication Accountability

Apps That Are Spying on Your Location

Schneier on Security

JANUARY 10, 2025

404 Media is reporting on all the apps that are spying on your location, based on a hack of the location data company Gravy Analytics: The thousands of apps, included in hacked files from location data company Gravy Analytics, include everything from games like Candy Crush to dating apps like Tinder, to pregnancy tracking and religious prayer apps across both Android and iOS.

Data collection

Data collection Advertising Media Hacking

Zero-Day Vulnerability in Ivanti VPN

Schneier on Security

JANUARY 9, 2025

It’s being actively exploited.

VPN

US Treasury Department Sanctions Chinese Company Over Cyberattacks

Schneier on Security

JANUARY 7, 2025

From the Washington Post : The sanctions target Beijing Integrity Technology Group , which U.S. officials say employed workers responsible for the Flax Typhoon attacks which compromised devices including routers and internet-enabled cameras to infiltrate government and industrial targets in the United States, Taiwan, Europe and elsewhere.

Internet

Internet Internet Government Technology

Privacy of Photos.app’s Enhanced Visual Search

Schneier on Security

JANUARY 6, 2025

Initial speculation about a new Apple feature.

ShredOS

Schneier on Security

JANUARY 3, 2025

ShredOS is a stripped-down operating system designed to destroy data. GitHub page here.

Google Is Allowing Device Fingerprinting

Schneier on Security

JANUARY 2, 2025

Lukasz Olejnik writes about device fingerprinting, and why Google’s policy change to allow it in 2025 is a major privacy setback.

Data collection

Salt Typhoon’s Reach Continues to Grow

Schneier on Security

DECEMBER 30, 2024

The US government has identified a ninth telecom that was successfully hacked by Salt Typhoon.

Government

Government Hacking

Casino Players Using Hidden Cameras for Cheating

Schneier on Security

DECEMBER 27, 2024

The basic strategy is to place a device with a hidden camera in a position to capture normally hidden card values, which are interpreted by an accomplice off-site and fed back to the player via a hidden microphone. Miniaturization is making these devices harder to detect. Presumably AI will soon obviate the need for an accomplice.

Scams Based on Fake Google Emails

Schneier on Security

DECEMBER 26, 2024

Scammers are hacking Google Forms to send email to victims that come from google.com. Brian Krebs reports on the effects. Boing Boing post.

Scams

Scams Hacking Cryptocurrency Cybercrime

Spyware Maker NSO Group Found Liable for Hacking WhatsApp

Schneier on Security

DECEMBER 24, 2024

A judge has found that NSO Group, maker of the Pegasus spyware, has violated the US Computer Fraud and Abuse Act by hacking WhatsApp in order to spy on people using it. Jon Penney and I wrote a legal paper on the case.

Spyware

Spyware Hacking

Criminal Complaint against LockBit Ransomware Writer

Schneier on Security

DECEMBER 23, 2024

The Justice Department has published the criminal complaint against Dmitry Khoroshev, for building and maintaining the LockBit ransomware.

Ransomware

Ransomware Cryptocurrency

Mailbox Insecurity

Schneier on Security

DECEMBER 19, 2024

It turns out that all cluster mailboxes in the Denver area have the same master key. So if someone robs a postal carrier , they can open any mailbox. I get that a single master key makes the whole system easier, but it’s very fragile security.

New Advances in the Understanding of Prime Numbers

Schneier on Security

DECEMBER 18, 2024

Really interesting research into the structure of prime numbers. Not immediately related to the cryptanalysis of prime-number-based public-key algorithms, but every little bit matters.

Hacking Digital License Plates

Schneier on Security

DECEMBER 17, 2024

Not everything needs to be digital and “smart.” License plates, for example : Josep Rodriguez, a researcher at security firm IOActive, has revealed a technique to jailbreak digital license plates sold by Reviver, the leading vendor of those plates in the US with 65,000 plates already sold. By removing a sticker on the back of the plate and attaching a cable to its internal connectors, he’s able to rewrite a Reviver plate’s firmware in a matter of minutes.

Firmware

Firmware Hacking Software

Short-Lived Certificates Coming to Let’s Encrypt

Schneier on Security

DECEMBER 16, 2024

Starting next year : Our longstanding offering won’t fundamentally change next year, but we are going to introduce a new offering that’s a big shift from anything we’ve done before—short-lived certificates. Specifically, certificates with a lifetime of six days. This is a big upgrade for the security of the TLS ecosystem because it minimizes exposure time during a key compromise event.

Encryption

Upcoming Speaking Events

Schneier on Security

DECEMBER 14, 2024

This is a current list of where and when I am scheduled to speak: I’m speaking at a joint meeting of the Boston Chapter of the IEEE Computer Society and GBC/ACM , in Boston, Massachusetts, USA, at 7:00 PM ET on Thursday, January 9, 2025. The event will take place at the Massachusetts Institute of Technology in Room 32-G449 (Kiva), as well as online via Zoom.

Technology

Ultralytics Supply-Chain Attack

Schneier on Security

DECEMBER 13, 2024

Last week, we saw a supply-chain attack against the Ultralytics AI library on GitHub. A quick summary : On December 4, a malicious version 8.3.41 of the popular AI library ultralytics —which has almost 60 million downloads—was published to the Python Package Index (PyPI) package repository. The package contained downloader code that was downloading the XMRig coinminer.

Jailbreaking LLM-Controlled Robots

Schneier on Security

DECEMBER 11, 2024

Surprising no one, it’s easy to trick an LLM-controlled robot into ignoring its safety instructions.

Social Engineering

Social Engineering Engineering Hacking

Full-Face Masks to Frustrate Identification

Schneier on Security

DECEMBER 10, 2024

This is going to be interesting. It’s a video of someone trying on a variety of printed full-face masks. They won’t fool anyone for long, but will survive casual scrutiny. And they’re cheap and easy to swap.

Detecting Pegasus Infections

Schneier on Security

DECEMBER 6, 2024

This tool seems to do a pretty good job. The company’s Mobile Threat Hunting feature uses a combination of malware signature-based detection, heuristics, and machine learning to look for anomalies in iOS and Android device activity or telltale signs of spyware infection. For paying iVerify customers, the tool regularly checks devices for potential compromise.

Spyware

Spyware Mobile Malware

Details about the iOS Inactivity Reboot Feature

Schneier on Security

DECEMBER 2, 2024

I recently wrote about the new iOS feature that forces an iPhone to reboot after it’s been inactive for a longish period of time. Here are the technical details , discovered through reverse engineering. The feature triggers after seventy-two hours of inactivity, even it is remains connected to Wi-Fi.

Engineering

Race Condition Attacks against LLMs

Schneier on Security

NOVEMBER 29, 2024

These are two attacks against the system components surrounding LLMs: We propose that LLM Flowbreaking, following jailbreaking and prompt injection, joins as the third on the growing list of LLM attack types. Flowbreaking is less about whether prompt or response guardrails can be bypassed, and more about whether user inputs and generated model outputs can adversely affect these other components in the broader implemented system. […] When confronted with a sensitive topic, Microsoft 365 Cop

Architecture

Architecture Artificial Intelligence

NSO Group Spies on People on Behalf of Governments

Schneier on Security

NOVEMBER 27, 2024

The Israeli company NSO Group sells Pegasus spyware to countries around the world (including countries like Saudi Arabia, UAE, India, Mexico, Morocco and Rwanda). We assumed that those countries use the spyware themselves. Now we’ve learned that that’s not true: that NSO Group employees operate the spyware on behalf of their customers. Legal documents released in ongoing US litigation between NSO Group and WhatsApp have revealed for the first time that the Israeli cyberweapons maker

Government

Government Spyware Mobile Hacking

What Graykey Can and Can’t Unlock

Schneier on Security

NOVEMBER 26, 2024

This is from 404 Media : The Graykey, a phone unlocking and forensics tool that is used by law enforcement around the world, is only able to retrieve partial data from all modern iPhones that run iOS 18 or iOS 18.0.1, which are two recently released versions of Apple’s mobile operating system, according to documents describing the tool’s capabilities in granular detail obtained by 404 Media.

Media

Media Manufacturing Mobile Hacking

Secret Service Tracking People’s Locations without Warrant

Schneier on Security

NOVEMBER 21, 2024

This feels important : The Secret Service has used a technology called Locate X which uses location data harvested from ordinary apps installed on phones. Because users agreed to an opaque terms of service page, the Secret Service believes it doesn’t need a warrant.

Technology

Technology Surveillance

Why Italy Sells So Much Spyware

Schneier on Security

NOVEMBER 19, 2024

Interesting analysis : Although much attention is given to sophisticated, zero-click spyware developed by companies like Israel’s NSO Group, the Italian spyware marketplace has been able to operate relatively under the radar by specializing in cheaper tools. According to an Italian Ministry of Justice document , as of December 2022 law enforcement in the country could rent spyware for €150 a day, regardless of which vendor they used, and without the large acquisition costs which would normally b

Spyware

Spyware Marketing Hacking

Most of 2023’s Top Exploited Vulnerabilities Were Zero-Days

Schneier on Security

NOVEMBER 18, 2024

Zero-day vulnerabilities are more commonly used , according to the Five Eyes: Key Findings In 2023, malicious cyber actors exploited more zero-day vulnerabilities to compromise enterprise networks compared to 2022, allowing them to conduct cyber operations against higher-priority targets. In 2023, the majority of the most frequently exploited vulnerabilities were initially exploited as a zero-day, which is an increase from 2022, when less than half of the top exploited vulnerabilities were explo

Cybersecurity

New iOS Security Feature Makes It Harder for Police to Unlock Seized Phones

Schneier on Security

NOVEMBER 14, 2024

Everybody is reporting about a new security iPhone security feature with iOS 18: if the phone hasn’t been used for a few days, it automatically goes into its “Before First Unlock” state and has to be rebooted. This is a really good security feature. But various police departments don’t like it, because it makes it harder for them to unlock suspects’ phones.

Cybersecurity

Mapping License Plate Scanners in the US

Schneier on Security

NOVEMBER 13, 2024

DeFlock is a crowd-sourced project to map license plate scanners. It only records the fixed scanners, of course. The mobile scanners on cars are not mapped. The post Mapping License Plate Scanners in the US appeared first on Schneier on Security.

Mobile

Mobile Surveillance

Criminals Exploiting FBI Emergency Data Requests

Schneier on Security

NOVEMBER 12, 2024

I’ve been writing about the problem with lawful-access backdoors in encryption for decades now: that as soon as you create a mechanism for law enforcement to bypass encryption, the bad guys will use it too. Turns out the same thing is true for non-technical backdoors: The advisory said that the cybercriminals were successful in masquerading as law enforcement by using compromised police accounts to send emails to companies requesting user data.

Encryption

Encryption Accountability Cybersecurity

AI Industry is Trying to Subvert the Definition of “Open Source AI”

Schneier on Security

NOVEMBER 8, 2024

The Open Source Initiative has published (news article here ) its definition of “open source AI,” and it’s terrible. It allows for secret training data and mechanisms. It allows for development to be done in secret. Since for a neural network, the training data is the source code—it’s how the model gets programmed—the definition makes no sense.

Artificial Intelligence

IoT Devices in Password-Spraying Botnet

Schneier on Security

NOVEMBER 6, 2024

Microsoft is warning Azure cloud users that a Chinese controlled botnet is engaging in “highly evasive” password spraying. Not sure about the “highly evasive” part; the techniques seem basically what you get in a distributed password-guessing attack: “Any threat actor using the CovertNetwork-1658 infrastructure could conduct password spraying campaigns at a larger scale and greatly increase the likelihood of successful credential compromise and initial access to mul

Passwords

Passwords IoT Accountability Internet

AIs Discovering Vulnerabilities

Schneier on Security

NOVEMBER 5, 2024

I’ve been writing about the possibility of AIs automatically discovering code vulnerabilities since at least 2018. This is an ongoing area of research: AIs doing source code scanning, AIs finding zero-days in the wild, and everything in between. The AIs aren’t very good at it yet, but they’re getting better. Here’s some anecdotal data from this summer: Since July 2024, ZeroPath is taking a novel approach combining deep program analysis with adversarial AI agents for valid

Software

Software Artificial Intelligence

Sophos Versus the Chinese Hackers

Schneier on Security

NOVEMBER 4, 2024

Really interesting story of Sophos’s five-year war against Chinese hackers.

Hacking

Roger Grimes on Prioritizing Cybersecurity Advice

Schneier on Security

OCTOBER 31, 2024

This is a good point : Part of the problem is that we are constantly handed lists…list of required controls…list of things we are being asked to fix or improve…lists of new projects…lists of threats, and so on, that are not ranked for risks. For example, we are often given a cybersecurity guideline (e.g., PCI-DSS, HIPAA, SOX, NIST, etc.) with hundreds of recommendations.

Cybersecurity

Cybersecurity Risk Authentication

Tracking World Leaders Using Strava

Schneier on Security

OCTOBER 31, 2024

Way back in 2018, people noticed that you could find secret military bases using data published by the Strava fitness app. Soldiers and other military personal were using them to track their runs, and you could look at the public data and find places where there should be no people running. Six years later, the problem remains. Le Monde has reported that the same Strava data can be used to track the movements of world leaders.

Data privacy

Simpson Garfinkel on Spooky Cryptographic Action at a Distance

Schneier on Security

OCTOBER 30, 2024

Excellent read. One example: Consider the case of basic public key cryptography, in which a person’s public and private key are created together in a single operation. These two keys are entangled, not with quantum physics, but with math. When I create a virtual machine server in the Amazon cloud, I am prompted for an RSA public key that will be used to control access to the machine.

Accountability

Accountability Risk Malware Hacking

Law Enforcement Deanonymizes Tor Users

Schneier on Security

OCTOBER 29, 2024

The German police have successfully deanonymized at least four Tor users. It appears they watch known Tor relays and known suspects, and use timing analysis to figure out who is using what relay. Tor has written about this. Hacker News thread.

Criminals Are Blowing up ATMs in Germany

Schneier on Security

OCTOBER 28, 2024

It’s low tech , but effective. Why Germany? It has more ATMs than other European countries, and—if I read the article right—they have more money in them.

Banking

Watermark for LLM-Generated Text

Schneier on Security

OCTOBER 25, 2024

Researchers at Google have developed a watermark for LLM-generated text. The basics are pretty obvious: the LLM chooses between tokens partly based on a cryptographic key, and someone with knowledge of the key can detect those choices. What makes this hard is (1) how much text is required for the watermark to work, and (2) how robust the watermark is to post-generation editing.

Artificial Intelligence

Schneier on Security

Social Engineering to Disable iMessage Protections

FBI Deletes PlugX Malware from Thousands of Computers

Trending Sources

Phishing False Alarm

Microsoft Takes Legal Action Against AI “Hacking as a Service” Scheme

Apps That Are Spying on Your Location

Zero-Day Vulnerability in Ivanti VPN

US Treasury Department Sanctions Chinese Company Over Cyberattacks

Privacy of Photos.app’s Enhanced Visual Search

ShredOS

Google Is Allowing Device Fingerprinting

Salt Typhoon’s Reach Continues to Grow

Casino Players Using Hidden Cameras for Cheating

Scams Based on Fake Google Emails

Spyware Maker NSO Group Found Liable for Hacking WhatsApp

Criminal Complaint against LockBit Ransomware Writer

Mailbox Insecurity

New Advances in the Understanding of Prime Numbers

Hacking Digital License Plates

Short-Lived Certificates Coming to Let’s Encrypt

Upcoming Speaking Events

Ultralytics Supply-Chain Attack

Jailbreaking LLM-Controlled Robots

Full-Face Masks to Frustrate Identification

Detecting Pegasus Infections

Details about the iOS Inactivity Reboot Feature

Race Condition Attacks against LLMs

NSO Group Spies on People on Behalf of Governments

What Graykey Can and Can’t Unlock

Secret Service Tracking People’s Locations without Warrant

Why Italy Sells So Much Spyware

Most of 2023’s Top Exploited Vulnerabilities Were Zero-Days

New iOS Security Feature Makes It Harder for Police to Unlock Seized Phones

Mapping License Plate Scanners in the US

Criminals Exploiting FBI Emergency Data Requests

AI Industry is Trying to Subvert the Definition of “Open Source AI”

IoT Devices in Password-Spraying Botnet

AIs Discovering Vulnerabilities

Sophos Versus the Chinese Hackers

Roger Grimes on Prioritizing Cybersecurity Advice

Tracking World Leaders Using Strava

Simpson Garfinkel on Spooky Cryptographic Action at a Distance

Law Enforcement Deanonymizes Tor Users

Criminals Are Blowing up ATMs in Germany

Watermark for LLM-Generated Text

Stay Connected