Blog - Cyber Security Informer

New Blog Moderation Policy

Schneier on Security

JUNE 19, 2024

There has been a lot of toxicity in the comments section of this blog. I’ve been able to maintain an anonymous comment section on this blog for almost twenty years. Recently, we’re having to delete more and more comments. Not just spam and off-topic comments, but also sniping and personal attacks. Maybe its time is up.

Accountability

Most Popular Cyber Blogs from 2024

Lohrman on Security

JANUARY 12, 2025

What were the top government technology and cybersecurity blog posts in 2024? The metrics tell us what cybersecurity and technology infrastructure topics were most popular.

Technology

Technology Government Cybersecurity

On Generative AI Security

Schneier on Security

FEBRUARY 5, 2025

” Their blog post lists “three takeaways,” but the eight lessons in the report itself are more useful: Understand what the system can do and where it is applied. Microsoft’s AI Red Team just published “ Lessons from Red Teaming 100 Generative AI Products.” AI red teaming is not safety benchmarking.

Risk

Security expert Troy Hunt hit by phishing attack

Malwarebytes

MARCH 26, 2025

Through an automated attack disguised as a notice from Hunts chosen newsletter provider Mailchimp, scammers stole roughly 16,000 records belonging to current and past subscribers of Hunts blog. The email claimed that Mailchimp was temporarily cutting service to Hunt because his blog had allegedly received a spam complaint. Hunt wrote.

Phishing

Phishing Data breaches Password Management Scams

Matthew Green on Telegram’s Encryption

Schneier on Security

AUGUST 28, 2024

Matthew Green wrote a really good blog post on what Telegram’s encryption is and is not.

Encryption

Weekly Update 445

Troy Hunt

MARCH 30, 2025

On that note, stay tuned for the promised "Passkeys for Normal People" blog post, I hope to be talking about that in next week's video (travel schedule permitting). I've no doubt whatsoever this is a net-positive event that will do way more good than harm.

Phishing

Phishing Data breaches Scams

ClickFix: How to Infect Your PC in Three Easy Steps

Krebs on Security

MARCH 14, 2025

. “This campaign delivers multiple families of commodity malware, including XWorm, Lumma stealer, VenomRAT, AsyncRAT, Danabot, and NetSupport RAT,” Microsoft wrote in a blog post on Thursday. “Depending on the specific payload, the specific code launched through mshta.exe varies.

Phishing

Phishing Malware Scams Passwords

Brett Solomon on Digital Rights

Schneier on Security

JULY 19, 2024

He’s written a blog post about what he’s learned and what comes next. Brett Solomon is retiring from AccessNow after fifteen years as its Executive Director.

A glimmer of good news on the ransomware front, as encryption rates plummet

Graham Cluley

OCTOBER 17, 2024

Read more in my article on the Tripwire State of Security blog. And boy do we need some good news - amid reports that 389 US-based healthcare institutions were hit by ransomware last year - more than one every single day.

Ransomware

Ransomware Encryption Healthcare Data breaches

NCSC Releases Post-Quantum Cryptography Timeline

Schneier on Security

MARCH 21, 2025

The UK’s National Computer Security Center (part of GCHQ) released a timeline —also see their blog post —for migration to quantum-computer-resistant cryptography. It even made The Guardian.

The Role of USB Security in Combating Insider Threats

Security Boulevard

DECEMBER 9, 2024

This blog post explores how maintaining USB security mitigates insider threats and fosters a secure workplace environment. The post The Role of USB Security in Combating Insider Threats appeared first on Security Boulevard.

Software

Software Security Awareness Cybersecurity

Live Video of Promachoteuthis Squid

Schneier on Security

SEPTEMBER 6, 2024

Blog moderation policy. The first live video of the Promachoteuthis squid, filmed at a newly discovered seamount off the coast of Chile.

Alleged Co-Founder of Garantex Arrested in India

Krebs on Security

MARCH 11, 2025

. “Garantex has been used in sanctions evasion by Russian elites, as well as to launder proceeds of crime including ransomware, darknet market trade and thefts attributed to North Koreas Lazarus Group,” Elliptic wrote in a blog post.

Ransomware

Ransomware Cryptocurrency Marketing Government

Squid Fishing in Japan

Schneier on Security

SEPTEMBER 27, 2024

Blog moderation policy. Fishermen are catching more squid as other fish are depleted.

A Day in the Life of a Prolific Voice Phishing Crew

Krebs on Security

JANUARY 7, 2025

The image that Lookout used in its blog post for Crypto Chameleon can be seen in the lower right hooded figure. That latter domain was created and deployed shortly after Lookout published its blog post on Crypto Chameleon. com and two other related control domains — thebackendserver[.]com com and lookoutsucks[.]com.

Phishing

Phishing Cryptocurrency Accountability Social Engineering

NotLockBit: ransomware discovery serves as wake-up call for Mac users

Graham Cluley

OCTOBER 24, 2024

Read more in my article on the Tripwire State of Security blog. And the recent discovery of a new malware strain emphasises that the threat - even if much smaller than on Windows - remains real.

Ransomware

Ransomware Malware

We're Backfilling and Cleaning Stealer Logs in Have I Been Pwned

Troy Hunt

MARCH 3, 2025

But the confusing nature of stealer logs coupled with an overtly long blog post explaining them and the conflation of which services needed a subscription versus which were easily accessible by anyone made for a very intense last 6 days. That was a bit intense, as is usually the way after any large incident goes into HIBP.

Passwords

Passwords Accountability Malware

Remotely Exploding Pagers

Schneier on Security

SEPTEMBER 17, 2024

On this blog, let’s stick to the tech and the security ramifications of the threat. And it seems to be a large detonation for an overloaded battery. This reminds me of the 1996 assassination of Yahya Ayyash using a booby trapped cellphone. EDITED TO ADD: I am deleting political comments.

Indian Fishermen Are Catching Less Squid

Schneier on Security

OCTOBER 11, 2024

Blog moderation policy. Fishermen in Tamil Nadu are reporting smaller catches of squid.

Secure by Design roundup - March 2024

Adam Shostack

JANUARY 2, 2025

That the White House is involved should not be a shocker to readers of this blog, and it represents a fascinating state of the evolution of the conversation around memory safety that it would reach that level. Blog overview or direct link.) Regulation The White House released a report on memory safe languages.

Software

Software Advertising Hacking

Staff Stories Spotlight Series: Cybersecurity Awareness Month 2024

NSTIC

OCTOBER 17, 2024

This blog is part of a larger NIST series during the month of October for Cybersecurity Awareness Month , called 'Staff Stories Spotlight.'

Cybersecurity

Microsoft Warns: Midnight Blizzard’s Ongoing Spear-Phishing Campaign with RDP Files

Heimadal Security

NOVEMBER 1, 2024

The same threat actors breached the tech giant earlier this week and are responsible for the notorious SolarWinds supply chain attack […] The post Microsoft Warns: Midnight Blizzard’s Ongoing Spear-Phishing Campaign with RDP Files appeared first on Heimdal Security Blog.

Phishing

Phishing Cybersecurity

My Philosophy and Recommendations Around the LastPass Breaches

Daniel Miessler

DECEMBER 24, 2022

It started back in August of 2022 as a fairly common breach notification on a blog, but it, unfortunately, turned into more of a blog series. If you follow Information Security at all you are surely aware of the LastPass breach situation.

Password Management

Password Management Passwords Encryption Backups

Celebrating 1 Year of CSF 2.0

NSTIC

FEBRUARY 26, 2025

To make improving your security posture even easier, in this blog we are: Sharing new CSF 2.0 It has been one year since the release of the NIST Cybersecurity Framework (CSF) 2.0 !

Cybersecurity

Taxonomy of Generative AI Misuse

Schneier on Security

AUGUST 12, 2024

Through this analysis, we illuminate key and novel patterns in misuse during this time period, including potential motivations, strategies, and how attackers leverage and abuse system capabilities across modalities (e.g. image, text, audio, video) in the wild. Note the graphic mapping goals with strategies.

Artificial Intelligence

Artificial Intelligence Risk

CISA: BianLian Ransomware Focus Switches to Data Theft

Heimadal Security

NOVEMBER 22, 2024

The same agencies issued a joint advisory in May that warned about BianLian’s shifting tactics, which […] The post CISA: BianLian Ransomware Focus Switches to Data Theft appeared first on Heimdal Security Blog.

Ransomware

Ransomware Cybersecurity

Your Ultimate Guide to NIS2 Compliance: Key Steps and Insights

Heimadal Security

JANUARY 16, 2025

This article outlines the crucial steps for aligning with NIS2 standards, drawn from our comprehensive NIS2 […] The post Your Ultimate Guide to NIS2 Compliance: Key Steps and Insights appeared first on Heimdal Security Blog.

Cyber Risk

Cyber Risk Risk Cybersecurity

Staff Stories Spotlight Series: Cybersecurity Awareness Month 2024

NSTIC

OCTOBER 23, 2024

This blog is part of a larger NIST series during the month of October for Cybersecurity Awareness Month , called 'Staff Stories Spotlight.'

Cybersecurity

Messaging Service Wiretap Discovered through Expired TLS Cert

Schneier on Security

OCTOBER 27, 2023

found no expired certificates on the server, as explained in a blog post by ValdikSS, a pseudonymous anti-censorship researcher based in Russia who collaborated on the investigation. However, jabber.ru

Encryption

Encryption Surveillance

EU Adopts New Cybersecurity Rules for Critical Infrastructure Under NIS2 Directive

Heimadal Security

NOVEMBER 1, 2024

The rules apply to key digital service providers, […] The post EU Adopts New Cybersecurity Rules for Critical Infrastructure Under NIS2 Directive appeared first on Heimdal Security Blog.

Cybersecurity

A New Hope for Threat Modeling, on The CyberTuesday Podcast

Adam Shostack

FEBRUARY 18, 2025

If youve read my recent blog post on Hoarding, Debt and Threat Modeling , youll hear me reiterate how people often try to model everything at once and get overwhelmed in the process. I wanted to share some key themes we explored. One of the core messages I emphasized is how we can make threat modeling more accessible.

Heimdal and COOLSPIRiT Team Up to Strengthen UK Business Cybersecurity

Heimadal Security

NOVEMBER 6, 2024

Recognizing […] The post Heimdal and COOLSPIRiT Team Up to Strengthen UK Business Cybersecurity appeared first on Heimdal Security Blog. Today’s organizations face sophisticated cyber threats targeting critical systems and data.

Cybersecurity

Cybersecurity Cyber threats Technology

Appsec Roundup - Oct 2024

Adam Shostack

JANUARY 2, 2025

Google has released information on their Secure by Design commitment, including a blog and white paper. Were launching a course, Scaling Threat Modeling , and theres a survey at the end of that blog announcement. Adam participated in the keynote, and we talked to lots of folks about how we can help them threat model. (If

Manufacturing

Manufacturing Data breaches Software Cybersecurity

Staff Stories Spotlight Series: Cybersecurity Awareness Month 2024

NSTIC

OCTOBER 28, 2024

This blog is part of a larger NIST series during the month of October for Cybersecurity Awareness Month , called 'Staff Stories Spotlight.'

Cybersecurity

The Social Security data breach compromised ‘billions’ of accounts. Here’s one easy, free way to protect yourself.

Heimadal Security

MARCH 20, 2025

appeared first on Heimdal Security Blog. While artificial intelligence has transformed the ability to prevent, detect, […] The post The Social Security data breach compromised ‘billions’ of accounts. Here’s one easy, free way to protect yourself.

Data breaches

Data breaches Artificial Intelligence Accountability Cybersecurity

Top 10 Patch My PC Alternatives for Automated Patching

Heimadal Security

APRIL 2, 2025

However, this tool also has its downsides: a reviewer on G2 says that only one user can be in […] The post Top 10 Patch My PC Alternatives for Automated Patching appeared first on Heimdal Security Blog.

Heimdal and Watsoft Team Up to Strengthen MSP Cybersecurity in France

Heimadal Security

JANUARY 13, 2025

This partnership will help MSPs in France deal with todays growing cybersecurity challenges by simplifying how they manage security and offering reliable tools from a […] The post Heimdal and Watsoft Team Up to Strengthen MSP Cybersecurity in France appeared first on Heimdal Security Blog.

Cybersecurity

Apple Announces Post-Quantum Encryption Algorithms for iMessage

Schneier on Security

FEBRUARY 26, 2024

There’s a lot of detail in the Apple blog post , and more in Douglas Stabila’s security analysis. Apple announced PQ3 , its post-quantum encryption standard based on the Kyber secure key-encapsulation protocol, one of the post-quantum algorithms selected by NIST in 2022. I am of two minds about this.

Encryption

Weekly Update 369

Troy Hunt

OCTOBER 14, 2023

here's a blog post about how stupid class actions like this are! Protect your identity now.

Data breaches

Data breaches Advertising Marketing Account Security

Google on Cyber Public Health

Adam Shostack

JANUARY 2, 2025

Google calls attention to our Cyber Public Health work Last week, Bill Reid and Taylor Lehmann, both in the Office of the CISO at Google Cloud, wrote a blog post, Cyber Public Health: A new approach to cybersecurity.

CISO

CISO Technology Cybersecurity

Fraud Network Operates 4,700 Fake Shopping Sites to Steal Credit Card Data

ZoneAlarm

NOVEMBER 18, 2024

These fraudulent websites … The post Fraud Network Operates 4,700 Fake Shopping Sites to Steal Credit Card Data appeared first on ZoneAlarm Security Blog. The SilkSpecter network orchestrated a massive operation involving thousands of fake e-commerce sites.

Phishing

Phishing Engineering Cybersecurity Data privacy

Change Healthcare Breach Hits 100M Americans

Krebs on Security

OCTOBER 30, 2024

“Affected insurance providers can contact us to prevent leaking of their own data and [remove it] from the sale,” RansomHub’s victim shaming blog announced on April 16. A few days after BlackCat imploded, the same stolen healthcare data was offered for sale by a competing ransomware affiliate group called RansomHub.

Healthcare

Healthcare Insurance Computers and Electronics Data breaches

Anna Jaques Hospital Ransomware Breach Exposes Patient Data

ZoneAlarm

DECEMBER 9, 2024

Recently, the incident returned to the spotlight due to new updates on the breachs scope … The post Anna Jaques Hospital Ransomware Breach Exposes Patient Data appeared first on ZoneAlarm Security Blog.

Ransomware

Ransomware Healthcare Cybersecurity

Heimdal and Interbel Partner to Secure Spanish Businesses Against Rising Cyber Threats

Heimadal Security

JANUARY 20, 2025

Together, they will deliver powerful and user-friendly cybersecurity solutions to businesses across Spain, addressing the rising challenges of sophisticated cyber threats and complex […] The post Heimdal and Interbel Partner to Secure Spanish Businesses Against Rising Cyber Threats appeared first on Heimdal Security Blog.

Cyber threats

Cyber threats Cybersecurity

New Blog Moderation Policy

Most Popular Cyber Blogs from 2024

Trending Sources

On Generative AI Security

Security expert Troy Hunt hit by phishing attack

Matthew Green on Telegram’s Encryption

Weekly Update 445

ClickFix: How to Infect Your PC in Three Easy Steps

Brett Solomon on Digital Rights

A glimmer of good news on the ransomware front, as encryption rates plummet

NCSC Releases Post-Quantum Cryptography Timeline

The Role of USB Security in Combating Insider Threats

Live Video of Promachoteuthis Squid

Alleged Co-Founder of Garantex Arrested in India

Squid Fishing in Japan

A Day in the Life of a Prolific Voice Phishing Crew

NotLockBit: ransomware discovery serves as wake-up call for Mac users

We're Backfilling and Cleaning Stealer Logs in Have I Been Pwned

Remotely Exploding Pagers

Indian Fishermen Are Catching Less Squid

Secure by Design roundup - March 2024

Staff Stories Spotlight Series: Cybersecurity Awareness Month 2024

Microsoft Warns: Midnight Blizzard’s Ongoing Spear-Phishing Campaign with RDP Files

My Philosophy and Recommendations Around the LastPass Breaches

Celebrating 1 Year of CSF 2.0

Taxonomy of Generative AI Misuse

CISA: BianLian Ransomware Focus Switches to Data Theft

Your Ultimate Guide to NIS2 Compliance: Key Steps and Insights

Staff Stories Spotlight Series: Cybersecurity Awareness Month 2024

Messaging Service Wiretap Discovered through Expired TLS Cert

EU Adopts New Cybersecurity Rules for Critical Infrastructure Under NIS2 Directive

A New Hope for Threat Modeling, on The CyberTuesday Podcast

Heimdal and COOLSPIRiT Team Up to Strengthen UK Business Cybersecurity

Appsec Roundup - Oct 2024

Staff Stories Spotlight Series: Cybersecurity Awareness Month 2024

The Social Security data breach compromised ‘billions’ of accounts. Here’s one easy, free way to protect yourself.

Top 10 Patch My PC Alternatives for Automated Patching

Heimdal and Watsoft Team Up to Strengthen MSP Cybersecurity in France

Apple Announces Post-Quantum Encryption Algorithms for iMessage

Weekly Update 369

Google on Cyber Public Health

Fraud Network Operates 4,700 Fake Shopping Sites to Steal Credit Card Data

Change Healthcare Breach Hits 100M Americans

Anna Jaques Hospital Ransomware Breach Exposes Patient Data

Heimdal and Interbel Partner to Secure Spanish Businesses Against Rising Cyber Threats

Stay Connected