Schneier on Security

FEBRUARY 15, 2021

From a MIT Technology Review article : Soon after they were spotted, the researchers saw one exploit being used in the wild. Another article on the talk. At the virtual Engima Conference , Google’s Project Zero’s Maggie Stone gave a talk about zero-day exploits in the wild. This is an important insight.

Technology 339

Technology Hacking Software 339

Schneier on Security

NOVEMBER 13, 2020

This is a significant step forward to realizing Tim’s vision : The technologies we’re releasing today are a component of a much-needed course correction for the web. These first major deployments of the technology will kick off the network effect necessary to ensure the benefits of Solid will be appreciated on a massive scale.

Insurance 338

Insurance Healthcare IoT Technology 338

Schneier on Security

NOVEMBER 16, 2020

Abstract: Voters are understandably concerned about election security.

Computers and Electronics 345

Computers and Electronics Internet Internet Risk 345

Schneier on Security

MARCH 23, 2021

There’s much in the article about when Accellion knew about the vulnerability, when it alerted its customers, and when it patched its software.

Hacking 272

Hacking Banking Technology Software 272

Adam Levin

SEPTEMBER 4, 2019

According to a representative of Euler Hermes Group SA, the firm’s insurance company, the CEO was targeted by a new kind of scam that used AI-enhanced technology to create an audio deepfake of his employer’s voice. Read the Wall Street Journal article here (subscription required).

Scams 233

Scams Artificial Intelligence Insurance Technology 233

Schneier on Security

AUGUST 15, 2024

EDITED TO ADD: Good article : One – ML-KEM [PDF] (based on CRYSTALS-Kyber) – is intended for general encryption, which protects data as it moves across public networks. My recent writings on post-quantum cryptographic standards. NIST plans to select one or two of these algorithms by the end of 2024.

Encryption 311

Encryption Backups Authentication Technology 311

Schneier on Security

SEPTEMBER 12, 2024

From a news article : The first new algorithm Microsoft added to SymCrypt is called ML-KEM. Previously known as CRYSTALS-Kyber, ML-KEM is one of three post-quantum standards formalized last month by the National Institute of Standards and Technology (NIST). Microsoft’s details are here.

Firmware 322

Firmware Technology 322

Schneier on Security

MARCH 24, 2020

Cybersecurity experts agree that under current technology, no practically proven method exists to securely, verifiably, or privately return voted materials over the internet. Such a system could violate protections guaranteeing a secret ballot, as outlined in Section 2, Article II of the Puerto Rico Constitution. The ACLU agrees.

Internet 248

Internet Internet Technology Cybersecurity 248

Zero Day

MARCH 30, 2023

If you're confronted with a long document or a lot of complicated text, here's how to use ChatGPT to summarize the key points. AI chatbots like …

Artificial Intelligence 135

Artificial Intelligence Technology 135

Schneier on Security

MAY 20, 2019

This law review article by Noam Kolt, titled " Return on Data ," proposes an interesting new way of thinking of privacy law. Abstract: Consumers routinely supply personal data to technology companies in exchange for services. This article suggests that privacy concerns should not be viewed in isolation, but as part of ROD.

Marketing 248

Marketing Technology 248

Schneier on Security

NOVEMBER 11, 2020

. “There’s a big gulf between what this technology promises, and what it actually does on the ground,” said Audrey Watters, a researcher on the edtech industry who runs the website Hack Education. “(They) assume everyone looks the same, takes tests the same way, and responds to stressful situations in the same way.”

Artificial Intelligence 324

Artificial Intelligence Education Technology Hacking 324

SecureWorld News

SEPTEMBER 3, 2024

These factors are illustrated and discussed in depth in my article, The Rise of Data Sovereignty and a Privacy Era. Legacy technologies such as Virtual Private Networks (VPNs) do not scale and have been proven to be fraught with risk as evidenced by incidents such as nation-state attacks.

Technology 93

Technology Architecture Risk Data collection 93

SecureWorld News

FEBRUARY 13, 2024

This morning, I read an article about how brain scanning technology is causing Colorado and Minnesota to propose legislation that is aimed at establishing rights and protections for information collected from our thoughts through the neural signals that can be scanned and collected from our brains. What do you think?

Technology 96

Technology Hacking 96

Schneier on Security

JULY 10, 2019

Reuters has a long article on the Chinese government APT attack called Cloud Hopper. Yet the campaign ensnared at least six more major technology firms, touching five of the world's 10 biggest tech service providers. It was much bigger than originally reported. The hacking campaign, known as "Cloud Hopper," was the subject of a U.S.

Identity Theft 226

Identity Theft Mobile Hacking Technology 226

Schneier on Security

JUNE 30, 2022

Wired is reporting on a new remote-access Trojan that is able to infect at least eighty different targets: So far, researchers from Lumen Technologies’ Black Lotus Labs say they’ve identified at least 80 targets infected by the stealthy malware, including routers made by Cisco, Netgear, Asus, and DrayTek.

Malware 226

Malware DNS Architecture Hacking 226

Schneier on Security

AUGUST 1, 2019

This article points out that Facebook's planned content moderation scheme will result in an encryption backdoor into WhatsApp: In Facebook's vision, the actual end-to-end encryption client itself such as WhatsApp will include embedded content moderation and blacklist filtering algorithms.

Encryption 139

Encryption Manufacturing Mobile Government 139

Schneier on Security

APRIL 7, 2022

The botnet “targets network devices manufactured by WatchGuard Technologies Inc. Four more news articles. WatchGuard) and ASUSTek Computer Inc. ” And note that only the command-and-control mechanism was disrupted. Those devices are still vulnerable. Slashdot post.

Manufacturing 248

Manufacturing Firewall Malware Internet 248

Troy Hunt

NOVEMBER 22, 2019

In both Vinny's and Lily's articles above, they mentions how references to Oxydata (another data enrichment company) were also found in another one of the exposed Elasticsearch indexes. i speak at conferences around the world and run workshops on how to build more secure software within organisations. coordinates":[.

Data breaches 360

Data breaches Technology Software Accountability 360

Schneier on Security

APRIL 9, 2024

The Board also concludes that Microsoft’s security culture was inadequate and requires an overhaul, particularly in light of the company’s centrality in the technology ecosystem and the level of trust customers place in the company to protect their data and operations. Here are a few news articles. This is their third report.

Hacking 306

Hacking Government Accountability Technology 306

Schneier on Security

SEPTEMBER 11, 2023

Fatalities in the first decades of aviation forced regulation, which required new developments in both law and technology. Today, every airline crash is closely examined, motivating new technologies and procedures. Any regulation of industrial robots stems from existing industrial regulation, which has been evolving for many decades.

Artificial Intelligence 343

Artificial Intelligence Technology Risk Government 343

Schneier on Security

APRIL 5, 2022

Virtually all major technology companies serving large numbers of users online have departments that routinely review and process such requests, which are typically granted as long as the proper documents are provided and the request appears to come from an email address connected to an actual police department domain name.

Scams 320

Scams Engineering Encryption Technology 320

Schneier on Security

JANUARY 27, 2020

This year : King County voters will be able to use their name and birthdate to log in to a Web portal through the Internet browser on their phones, says Bryan Finney, the CEO of Democracy Live, the Seattle-based voting company providing the technology. Another news article.

Internet 248

Internet Internet Technology Authentication 248

Security Boulevard

DECEMBER 20, 2022

An AI chatbot wrote the following article on AI in cybersecurity. No humans were harmed in the drafting of this article. Artificial intelligence (AI) and machine learning (ML) are rapidly advancing technologies that have the potential to greatly impact cybersecurity.

Artificial Intelligence 144

Artificial Intelligence Cybersecurity Technology Security Awareness 144

Schneier on Security

JUNE 13, 2023

The New York Times has a long article on the investigative techniques used to identify the person who stabbed and killed four University of Idaho students.

Technology 242

Technology 242

Schneier on Security

JULY 26, 2022

Web browsing: Certain complex web technologies, like just-in-time (JIT) JavaScript compilation, are disabled unless the user excludes a trusted site from Lockdown Mode. News article. At launch, Lockdown Mode includes the following protections: Messages: Most message attachment types other than images are blocked.

Spyware 271

Spyware Mobile Internet Internet 271

Security Boulevard

SEPTEMBER 24, 2024

Understanding these threats and the technologies designed to combat them is crucial. This article delves into the mechanics of a common application attack, using the well-known Log4Shell vulnerability as an example.

Technology 72

Technology Cyber threats 72

Schneier on Security

JANUARY 20, 2020

The New York Times has a long story about Clearview AI, a small company that scrapes identified photos of people from pretty much everywhere, and then uses unstated magical AI technology to identify people in other photos. Another article. His tiny company, Clearview AI, devised a groundbreaking facial recognition app.

Identity Theft 244

Identity Theft Government Technology 244

Krebs on Security

JUNE 29, 2023

In a statement provided to KrebsOnSecurity, Group-IB said Mr. Kislitsin is no longer an employee, and that he now works for a Russian organization called FACCT , which stands for “ Fight Against Cybercrime Technologies.” “The company is monitoring developments.”

Cybersecurity 287

Cybersecurity Cybercrime Hacking Technology 287

Krebs on Security

NOVEMBER 28, 2022

Edwards said Pushwoosh began as Arello-Mobile , and for several years the two co-branded — appearing side by side at various technology expos. used to outsource development parts of the product to the Russian company in Novosibirsk, mentioned in the article,” the company said. “Pushwoosh Inc. terminated the contract.”

Mobile 274

Mobile Malware Technology Government 274

The Last Watchdog

JANUARY 9, 2024

Augmented reality (AR) and virtual reality (VR) technologies provide intriguing opportunities for immersive and interactive experiences in cybersecurity training. Related: GenAI’ impact on DevSecOps Here’s how these technologies can bridge learning gaps in cybersecurity awareness and enhance the overall training experience.

Technology 203

Technology Cybersecurity Risk Mobile 203

The Last Watchdog

AUGUST 10, 2022

Technology provides opportunities to positively impact the world and improve lives. Some bad actors also use this technology to create synthetic audio. Some of the roles include: •Information technology (IT). Finance- and employment-related technology. Using technology to fight technology can take people only so far.

Education 229

Education Technology Banking Cybersecurity 229

The Hacker News

AUGUST 20, 2024

Understanding these threats and the technologies designed to combat them is crucial. This article delves into the mechanics of a common application attack, using the infamous Log4Shell vulnerability as an example, and demonstrates how Application Detection and

Cyber threats 133

Cyber threats Technology 133

Javvad Malik

JULY 12, 2022

Full story and details in this Vice article. But putting technologies aside, any time I see a keyless car, or any so-called smart / IoT device, I am reminded of Jeff Goldblums famous words. I was able to replicate the Rolling Pwn exploit using two different key captures from two different times. So, yes, it definitely works.

IoT 182

IoT Technology 182

The Last Watchdog

NOVEMBER 27, 2023

This technology promises to simplify tasks, boost accuracy and quicken responses. The synergy between human expertise and RPA technology will be crucial in defending against cyber adversaries. Follow him on Twitter or LinkedIn for more articles on emerging cybersecurity trends.

Cybersecurity 277

Cybersecurity Surveillance Data breaches Cyber threats 277

Joseph Steinberg

APRIL 7, 2021

Back in 2015 and 2017, I ran articles in Inc. For years, in articles, lectures, and books I have discussed how the spread of IoT and AI technologies – both individually and together – are dramatically increasing the danger to human life posed by cyberattacks on healthcare facilities. Axis Security.

Cybersecurity 246

Cybersecurity Small Business IoT Computers and Electronics 246

Schneier on Security

JULY 26, 2023

The European Telecommunications Standards Institute (ETSI), an organization that standardizes technologies across the industry, first created TETRA in 1995. Another news article. Seems that there is a deliberate backdoor in the twenty-year-old TErrestrial Trunked RAdio (TETRA) standard used by police forces around the world.

Telecommunications 240

Telecommunications Encryption Technology Software 240

Schneier on Security

MAY 26, 2020

This is new research on a Bluetooth vulnerability (called BIAS) that allows someone to impersonate a trusted device: Abstract: Bluetooth (BR/EDR) is a pervasive technology for wireless communication used by billions of devices. News articles.

Authentication 215

Authentication Wireless Manufacturing Technology 215