Schneier on Security

FEBRUARY 15, 2021

From a MIT Technology Review article : Soon after they were spotted, the researchers saw one exploit being used in the wild. Another article on the talk. At the virtual Engima Conference , Google’s Project Zero’s Maggie Stone gave a talk about zero-day exploits in the wild. This is an important insight.

Technology 356

Technology Hacking Software 356

Schneier on Security

MARCH 23, 2021

There’s much in the article about when Accellion knew about the vulnerability, when it alerted its customers, and when it patched its software.

Hacking 291

Hacking Banking Technology Software 291

Schneier on Security

NOVEMBER 13, 2020

This is a significant step forward to realizing Tim’s vision : The technologies we’re releasing today are a component of a much-needed course correction for the web. These first major deployments of the technology will kick off the network effect necessary to ensure the benefits of Solid will be appreciated on a massive scale.

Insurance 354

Insurance IoT Healthcare Technology 354

Schneier on Security

AUGUST 15, 2024

EDITED TO ADD: Good article : One – ML-KEM [PDF] (based on CRYSTALS-Kyber) – is intended for general encryption, which protects data as it moves across public networks. My recent writings on post-quantum cryptographic standards. NIST plans to select one or two of these algorithms by the end of 2024.

Encryption 334

Encryption Backups Authentication Technology 334

Schneier on Security

NOVEMBER 16, 2020

Abstract: Voters are understandably concerned about election security.

Computers and Electronics 360

Computers and Electronics Internet Internet Risk 360

Schneier on Security

MAY 20, 2022

Although Khan demonstrated the hack on a 2021 Tesla Model Y, NCC Group said any smart locks using BLE technology, including residential smart locks, could be unlocked in the same way. Another news article.

Technology 272

Technology Authentication Hacking 272

SecureWorld News

SEPTEMBER 3, 2024

These factors are illustrated and discussed in depth in my article, The Rise of Data Sovereignty and a Privacy Era. Legacy technologies such as Virtual Private Networks (VPNs) do not scale and have been proven to be fraught with risk as evidenced by incidents such as nation-state attacks.

Technology 109

Technology Architecture Risk Data collection 109

Schneier on Security

SEPTEMBER 12, 2024

From a news article : The first new algorithm Microsoft added to SymCrypt is called ML-KEM. Previously known as CRYSTALS-Kyber, ML-KEM is one of three post-quantum standards formalized last month by the National Institute of Standards and Technology (NIST). Microsoft’s details are here.

Firmware 334

Firmware Technology 334

Adam Levin

SEPTEMBER 4, 2019

According to a representative of Euler Hermes Group SA, the firm’s insurance company, the CEO was targeted by a new kind of scam that used AI-enhanced technology to create an audio deepfake of his employer’s voice. Read the Wall Street Journal article here (subscription required).

Scams 233

Scams Artificial Intelligence Insurance Technology 233

Schneier on Security

MARCH 24, 2020

Cybersecurity experts agree that under current technology, no practically proven method exists to securely, verifiably, or privately return voted materials over the internet. Such a system could violate protections guaranteeing a secret ballot, as outlined in Section 2, Article II of the Puerto Rico Constitution. The ACLU agrees.

Internet 267

Internet Internet Technology Cybersecurity 267

Schneier on Security

MAY 20, 2019

This law review article by Noam Kolt, titled " Return on Data ," proposes an interesting new way of thinking of privacy law. Abstract: Consumers routinely supply personal data to technology companies in exchange for services. This article suggests that privacy concerns should not be viewed in isolation, but as part of ROD.

Marketing 266

Marketing Technology 266

Schneier on Security

NOVEMBER 11, 2020

. “There’s a big gulf between what this technology promises, and what it actually does on the ground,” said Audrey Watters, a researcher on the edtech industry who runs the website Hack Education. “(They) assume everyone looks the same, takes tests the same way, and responds to stressful situations in the same way.”

Artificial Intelligence 349

Artificial Intelligence Education Technology Hacking 349

Schneier on Security

JULY 10, 2019

Reuters has a long article on the Chinese government APT attack called Cloud Hopper. Yet the campaign ensnared at least six more major technology firms, touching five of the world's 10 biggest tech service providers. It was much bigger than originally reported. The hacking campaign, known as "Cloud Hopper," was the subject of a U.S.

Identity Theft 246

Identity Theft Mobile Hacking Technology 246

IT Security Guru

NOVEMBER 1, 2024

As technology advances, so do the methods and motivations of those who seek to disrupt global stability. This article will examine some of the most pressing threats to global national security today, with a particular emphasis on emerging digital and environmental concerns.

Technology 110

Technology Cyber Attacks Government Social Engineering 110

SecureWorld News

FEBRUARY 13, 2024

This morning, I read an article about how brain scanning technology is causing Colorado and Minnesota to propose legislation that is aimed at establishing rights and protections for information collected from our thoughts through the neural signals that can be scanned and collected from our brains. What do you think?

Technology 107

Technology Hacking 107

Schneier on Security

JUNE 30, 2022

Wired is reporting on a new remote-access Trojan that is able to infect at least eighty different targets: So far, researchers from Lumen Technologies’ Black Lotus Labs say they’ve identified at least 80 targets infected by the stealthy malware, including routers made by Cisco, Netgear, Asus, and DrayTek.

Malware 242

Malware DNS Architecture Hacking 242

Schneier on Security

APRIL 7, 2022

The botnet “targets network devices manufactured by WatchGuard Technologies Inc. Four more news articles. WatchGuard) and ASUSTek Computer Inc. ” And note that only the command-and-control mechanism was disrupted. Those devices are still vulnerable. Slashdot post.

Manufacturing 269

Manufacturing Firewall Malware Internet 269

Schneier on Security

JANUARY 27, 2020

This year : King County voters will be able to use their name and birthdate to log in to a Web portal through the Internet browser on their phones, says Bryan Finney, the CEO of Democracy Live, the Seattle-based voting company providing the technology. Another news article.

Internet 267

Internet Internet Technology Authentication 267

Schneier on Security

APRIL 9, 2024

The Board also concludes that Microsoft’s security culture was inadequate and requires an overhaul, particularly in light of the company’s centrality in the technology ecosystem and the level of trust customers place in the company to protect their data and operations. Here are a few news articles. This is their third report.

Hacking 324

Hacking Government Accountability Technology 324

Schneier on Security

AUGUST 1, 2019

This article points out that Facebook's planned content moderation scheme will result in an encryption backdoor into WhatsApp: In Facebook's vision, the actual end-to-end encryption client itself such as WhatsApp will include embedded content moderation and blacklist filtering algorithms.

Encryption 139

Encryption Manufacturing Mobile Government 139

Troy Hunt

NOVEMBER 22, 2019

In both Vinny's and Lily's articles above, they mentions how references to Oxydata (another data enrichment company) were also found in another one of the exposed Elasticsearch indexes. i speak at conferences around the world and run workshops on how to build more secure software within organisations. coordinates":[.

Data breaches 363

Data breaches Technology Software Accountability 363

Schneier on Security

JUNE 13, 2023

The New York Times has a long article on the investigative techniques used to identify the person who stabbed and killed four University of Idaho students.

Technology 262

Technology 262

Schneier on Security

SEPTEMBER 11, 2023

Fatalities in the first decades of aviation forced regulation, which required new developments in both law and technology. Today, every airline crash is closely examined, motivating new technologies and procedures. Any regulation of industrial robots stems from existing industrial regulation, which has been evolving for many decades.

Artificial Intelligence 345

Artificial Intelligence Technology Risk Government 345

Schneier on Security

APRIL 5, 2022

Virtually all major technology companies serving large numbers of users online have departments that routinely review and process such requests, which are typically granted as long as the proper documents are provided and the request appears to come from an email address connected to an actual police department domain name.

Scams 323

Scams Engineering Encryption Technology 323

SecureList

MARCH 10, 2025

Last year, we published an article about SideWinder , a highly prolific APT group whose primary targets have been military and government entities in Pakistan, Sri Lanka, China, and Nepal. Infection vectors The infection pattern observed in the second part of 2024 is consistent with the one described in the previous article.

Energy and Utilities 109

Energy and Utilities Malware Government Phishing 109

Schneier on Security

JULY 26, 2022

Web browsing: Certain complex web technologies, like just-in-time (JIT) JavaScript compilation, are disabled unless the user excludes a trusted site from Lockdown Mode. News article. At launch, Lockdown Mode includes the following protections: Messages: Most message attachment types other than images are blocked.

Spyware 290

Spyware Mobile Internet Internet 290

Security Boulevard

DECEMBER 20, 2022

An AI chatbot wrote the following article on AI in cybersecurity. No humans were harmed in the drafting of this article. Artificial intelligence (AI) and machine learning (ML) are rapidly advancing technologies that have the potential to greatly impact cybersecurity.

Artificial Intelligence 144

Artificial Intelligence Cybersecurity Technology Security Awareness 144

Schneier on Security

JANUARY 20, 2020

The New York Times has a long story about Clearview AI, a small company that scrapes identified photos of people from pretty much everywhere, and then uses unstated magical AI technology to identify people in other photos. Another article. His tiny company, Clearview AI, devised a groundbreaking facial recognition app.

Identity Theft 261

Identity Theft Government Technology 261

Krebs on Security

NOVEMBER 28, 2022

Edwards said Pushwoosh began as Arello-Mobile , and for several years the two co-branded — appearing side by side at various technology expos. used to outsource development parts of the product to the Russian company in Novosibirsk, mentioned in the article,” the company said. “Pushwoosh Inc. terminated the contract.”

Mobile 286

Mobile Malware Technology Government 286

Krebs on Security

JUNE 29, 2023

In a statement provided to KrebsOnSecurity, Group-IB said Mr. Kislitsin is no longer an employee, and that he now works for a Russian organization called FACCT , which stands for “ Fight Against Cybercrime Technologies.” “The company is monitoring developments.”

Cybersecurity 298

Cybersecurity Cybercrime Hacking Government 298

Schneier on Security

SEPTEMBER 26, 2019

News articles talk about " spy trains ," and the possibility that the train cars might surreptitiously monitor their passengers' faces, movements, conversations or phone calls. Meanwhile, the chairman of China's technology giant Huawei has pointed to NSA spying disclosed by Edward Snowden as a reason to mistrust US technology companies.

Surveillance 248

Surveillance Wireless Government Internet 248

Schneier on Security

MAY 26, 2020

This is new research on a Bluetooth vulnerability (called BIAS) that allows someone to impersonate a trusted device: Abstract: Bluetooth (BR/EDR) is a pervasive technology for wireless communication used by billions of devices. News articles.

Authentication 232

Authentication Wireless Manufacturing Technology 232

Schneier on Security

JULY 26, 2023

The European Telecommunications Standards Institute (ETSI), an organization that standardizes technologies across the industry, first created TETRA in 1995. Another news article. Seems that there is a deliberate backdoor in the twenty-year-old TErrestrial Trunked RAdio (TETRA) standard used by police forces around the world.

Telecommunications 246

Telecommunications Encryption Technology Software 246

Joseph Steinberg

FEBRUARY 9, 2021

If you have not yet read my article on the aforementioned subject, I strongly suggest taking a look.). (If If you have not yet read my article on the aforementioned subject, I strongly suggest taking a look.). In some ways, CrowdSec mimics the behavior of a constantly-self-updating, massive, multi-party, and multi-network firewall.

Firewall 212

Firewall Technology Artificial Intelligence Risk 212

The Last Watchdog

AUGUST 10, 2022

Technology provides opportunities to positively impact the world and improve lives. Some bad actors also use this technology to create synthetic audio. Some of the roles include: •Information technology (IT). Finance- and employment-related technology. Using technology to fight technology can take people only so far.

Education 229

Education Technology Banking Cybersecurity 229

Javvad Malik

JULY 12, 2022

Full story and details in this Vice article. But putting technologies aside, any time I see a keyless car, or any so-called smart / IoT device, I am reminded of Jeff Goldblums famous words. I was able to replicate the Rolling Pwn exploit using two different key captures from two different times. So, yes, it definitely works.

IoT 182

IoT Technology 182

SecureWorld News

JANUARY 16, 2025

With the increasing reliance on digital technologies for operational efficiency, this sector has become a prime target for sophisticated cyber and physical threats. Leverage data analysis: Data analytics and IoT technologies are revolutionizing the oil and gas sector, enabling better monitoring and threat detection.

Energy and Utilities 107

Energy and Utilities IoT Artificial Intelligence Backups 107