Schneier on Security

OCTOBER 12, 2020

Lots of details in this blog post by one of the hackers. One of the worst of all the bugs they found would have allowed criminals to create a worm that would automatically steal all the photos, videos, and documents from someone’s iCloud account and then do the same to the victim’s contacts.

Hacking 362

Hacking Accountability 362

Schneier on Security

JULY 19, 2024

He’s written a blog post about what he’s learned and what comes next. Brett Solomon is retiring from AccessNow after fifteen years as its Executive Director.

277

277

Schneier on Security

JANUARY 7, 2021

From a blog post : We generated a total of 600,000 samples by querying GPT-2 with three different sampling strategies. The rest of the blog post discusses the types of data they found. For example, we find that larger models are more vulnerable than smaller models. Each sample contains 256 tokens, or roughly 200 words on average.

Internet 363

Internet Internet Cybersecurity 363

Schneier on Security

AUGUST 9, 2021

Original blog post. It’s the “evil maid attack.” ” It requires physical access to your computer, but you leave it in your hotel room all the time when you go out to dinner.

Encryption 363

Encryption Hacking 363

Troy Hunt

JULY 6, 2022

There'd be no open source Pwned Passwords if nobody wanted to contribute, no live streams or blog posts if people didn't want to watch them and no conference talks if nobody attended. Cool 😎 But it has to be said that all these things only happen through the support of the community.

Passwords 296

Passwords 296

Daniel Miessler

DECEMBER 24, 2022

It started back in August of 2022 as a fairly common breach notification on a blog, but it, unfortunately, turned into more of a blog series. If you follow Information Security at all you are surely aware of the LastPass breach situation.

Password Management 364

Password Management Passwords Encryption Backups 364

Schneier on Security

SEPTEMBER 17, 2024

On this blog, let’s stick to the tech and the security ramifications of the threat. And it seems to be a large detonation for an overloaded battery. This reminds me of the 1996 assassination of Yahya Ayyash using a booby trapped cellphone. EDITED TO ADD: I am deleting political comments.

67

67

Schneier on Security

FEBRUARY 26, 2024

There’s a lot of detail in the Apple blog post , and more in Douglas Stabila’s security analysis. Apple announced PQ3 , its post-quantum encryption standard based on the Kyber secure key-encapsulation protocol, one of the post-quantum algorithms selected by NIST in 2022. I am of two minds about this.

Encryption 331

Encryption 331

Schneier on Security

SEPTEMBER 27, 2024

Blog moderation policy. Fishermen are catching more squid as other fish are depleted.

216

216

Schneier on Security

JUNE 11, 2021

If there is any moral to this, it’s one that all of my blog readers should already know: trust is essential to security. We’ve seen law enforcement take over encrypted apps before: for example, EncroChat. This operation, code-named Trojan Shield, is the first time law enforcement managed an app from the beginning.

Encryption 361

Encryption Software 361

Schneier on Security

OCTOBER 5, 2020

I’ve blogged about risk-based authentication before. We also observed RBA usability problems and provide recommendations for mitigation.Our contribution provides a first deeper understanding of the users’perception of RBA and helps to improve RBA implementations for a broader user acceptance. Paper’s website.

Authentication 357

Authentication Risk Passwords 357

Schneier on Security

AUGUST 12, 2024

Through this analysis, we illuminate key and novel patterns in misuse during this time period, including potential motivations, strategies, and how attackers leverage and abuse system capabilities across modalities (e.g. image, text, audio, video) in the wild. Note the graphic mapping goals with strategies.

Artificial Intelligence 295

Artificial Intelligence Risk 295

Schneier on Security

OCTOBER 11, 2024

Blog moderation policy. Fishermen in Tamil Nadu are reporting smaller catches of squid.

211

211

Schneier on Security

NOVEMBER 3, 2021

They also said that the scammers were creating the fake accounts by signing up for online classes and then using the email address that process provided to infiltrate the university’s various blogging platforms.

Accountability 319

Accountability Advertising Scams 319

Schneier on Security

OCTOBER 27, 2023

found no expired certificates on the server, ­ as explained in a blog post by ValdikSS, a pseudonymous anti-censorship researcher based in Russia who collaborated on the investigation. However, jabber.ru

Encryption 297

Encryption Surveillance 297

Schneier on Security

SEPTEMBER 6, 2024

Blog moderation policy. The first live video of the Promachoteuthis squid, filmed at a newly discovered seamount off the coast of Chile.

216

216

Schneier on Security

FEBRUARY 3, 2021

Details are in the Microsoft blog: We have published our in-depth analysis of the Solorigate backdoor malware (also referred to as SUNBURST by FireEye), the compromised DLL that was deployed on networks as part of SolarWinds products, that allowed attackers to gain backdoor access to affected devices.

Computers and Electronics 358

Computers and Electronics Malware Software Government 358

Krebs on Security

APRIL 10, 2024

The domain mentioned at the beginning of this story — fedetwitter.com — redirects users to the blog of a Japanese technology enthusiast. The domain setwitter.com, which Twitter/X until very recently rendered as “sex.com,” redirects to this blog post warning about the recent changes and their potential use for phishing.

Phishing 342

Phishing Media Engineering Technology 342

Troy Hunt

MARCH 18, 2024

I linked to the story from the beginning of this blog post and got a handful of willing respondents for whom I sent their data and asked two simple questions: Does this data look accurate? As I said in the intro, this is not the conclusive end I wanted for this blog post.

Data breaches 343

Data breaches Encryption Identity Theft InfoSec 343

Troy Hunt

JUNE 8, 2021

I was pretty excited when I saw PRs coming in right after launching that last blog post. To be clear, this is a voluntary role and the main reason I'm here writing this blog post is for complete transparency and so that when someone other than me starts approving PRs, everyone knows why. Code enhancements. Framework updates.

Passwords 354

Passwords Accountability 354

Troy Hunt

OCTOBER 14, 2023

here's a blog post about how stupid class actions like this are! Protect your identity now.

Data breaches 281

Data breaches Advertising Marketing Account Security 281

Troy Hunt

OCTOBER 28, 2020

Everything becomes clear(er) if I manually change the font in the browser dev tools to a serif version: The victim I was referring to in the opening of this blog post? Obviously, the image is resized to the width of paragraphs on this blog, give it a click if you want to check it out at 1:1 size.

Phishing 361

Phishing Password Management Passwords Internet 361

Krebs on Security

MAY 14, 2021

“A few hours ago, we lost access to the public part of our infrastructure,” the message continues, explaining the outage affected its victim shaming blog where stolen data is published from victims who refuse to pay a ransom. This word has become dangerous and toxic.”

Ransomware 364

Ransomware Cryptocurrency Cybercrime Healthcare 364

Troy Hunt

MAY 19, 2022

We pushed out the code, published the blog post, dusted ourselves off and that was that. The k-anonymity API is lovely and that's not just me saying that, that's people voting with their feet: That's already 58% by volume from my December blog post, only 5 months ago to the day.

Passwords 305

Passwords 305

Troy Hunt

FEBRUARY 23, 2024

I've since written up the blog post, so I'll talk more about that next week)

Phishing 275

Phishing 275

Anton on Security

SEPTEMBER 28, 2023

This blog series was written jointly with Amine Besson, Principal Cyber Engineer, Behemoth CyberDefence and one more anonymous collaborator. In this blog (#3 in the series), we will start to define and refine our detection engineering machinery to avoid the problems covered in Parts 1 and 2. Stay tuned!

Engineering 246

Engineering Education Government Threat Detection 246

Troy Hunt

DECEMBER 7, 2023

I wrote up a blog post on the highlights earlier this week (it still feels like I've missed a million things)

Malware 277

Malware 277

Schneier on Security

OCTOBER 15, 2021

Ross Anderson wrote a great blog post on the paper. (It’s We had been working on the paper well before Apple’s announcement. And while we do talk about Apple’s system, our focus is really on the idea in general. It’s always great when Ross writes something. It means I don’t have to.) So did Susan Landau.

Risk 327

Risk Encryption 327

Anton on Security

FEBRUARY 7, 2024

This is my completely informal, uncertified, unreviewed and otherwise completely unofficial blog inspired by my reading of our seventh Threat Horizons Report ( full version ) that we just released ( the official blog for #1 report , my unofficial blogs for #2 , #3 , #4 , #5 , #6 , #7 and #8 ).

Cybersecurity 246

Cybersecurity Ransomware Passwords Cryptocurrency 246

Schneier on Security

MAY 23, 2022

There’s a lot more in the blog post. As this verification does not take place, an attacker is able to display the edited data on the Service NSW application without any preventative factors.

Encryption 307

Encryption Backups Passwords 307

Troy Hunt

FEBRUARY 5, 2022

except for the email addresses which belonged to real people and were misused to create a fake site) Sponsored by: Kolide enables cross-platform fleet visibility for your Linux, Mac, and Windows devices.

307

307

Krebs on Security

MARCH 8, 2021

29: Trend Micro publishes a blog post about “ Chopper ” web shells being dropped via Exchange flaws. Microsoft credits Volexity with reporting the same two Exchange flaws as DEVCOR. Danish security firm Dubex says it first saw clients hit on Jan. 18, and reported their incident response findings to Microsoft on Jan.

Hacking 362

Hacking Technology Software 362

Tech Republic Security

JUNE 14, 2024

An upcoming blog post for members of the Windows Insider Program will explain how to get the AI-powered Recall feature.

Artificial Intelligence 169

Artificial Intelligence Software 169

Troy Hunt

JULY 24, 2024

Things like speaking at events, writing blog posts, and, of course, running Have I Been Pwned. Indulge me while I go off on a bit of a tangent here: like the other things in my professional life that have turned into a success, the things I did to earn that first MVP award were things I was going to do anyway.

Data breaches 271

Data breaches 271

Schneier on Security

AUGUST 15, 2023

On Monday, the company said in a blog post that there’s no need to worry about that. This is why we need regulation: Zoom updated its Terms of Service in March, spelling out that the company reserves the right to train AI on user data with no mention of a way to opt out.

Technology 245

Technology Artificial Intelligence Surveillance 245

Krebs on Security

JANUARY 24, 2023

Inspired by that takedown, KrebsOnSecurity followed clues from the RSOCKS botnet master’s identity on the cybercrime forums to Emelyantsev’s personal blog , where he went by the name Denis Kloster. Kloster’s blog enthused. “We “Thanks to you, we are now developing in the field of information security and anonymity!

Cybercrime 259

Cybercrime Advertising IoT Malware 259

Troy Hunt

AUGUST 18, 2024

This blog shows how. See what you make of this one, I'm sure there'll be insights come to light on this yet. References Sponsored by: SentinelOne: Our agentless Offensive Security Engine automates red-teaming, without the false positives. The National Public Data (NPD) breach is bad, but it's also not 2.x

Data breaches 254

Data breaches Engineering 254