Document - Cyber Security Informer

Russian Cyberwarfare Documents Leaked

Schneier on Security

MARCH 30, 2023

Now this is interesting: Thousands of pages of secret documents reveal how Vulkan’s engineers have worked for Russian military and intelligence agencies to support hacking operations, train operatives before attacks on national infrastructure, spread disinformation and control sections of the internet. Lots more at the link.

Engineering

Engineering Internet Internet Hacking

FBI warns of malicious free online document converters spreading malware

Security Affairs

MARCH 24, 2025

The FBI warns of a significant increase in scams involving free online document converters to infect users with malware. The FBI warns that threat actors use malicious online document converters to steal users sensitive information and infect their systems with malware. ” reads the alert. ” reads the alert.

Malware

Malware Scams Identity Theft Antivirus

New Revelations from the Snowden Documents

Schneier on Security

SEPTEMBER 21, 2023

Jake Appelbaum’s PhD thesis contains several new revelations from the classified NSA documents provided to journalists by Edward Snowden. At this point, those documents are more historical than anything else. Nothing major, but a few more tidbits. Kind of amazing that that all happened ten years ago.

Surveillance

Documents about the NSA’s Banning of Furby Toys in the 1990s

Schneier on Security

FEBRUARY 6, 2024

Via a FOIA request, we have documents from the NSA about their banning of Furby toys.

Redacting Documents with a Black Sharpie Doesn’t Work

Schneier on Security

JUNE 29, 2023

Microsoft hearing , Sony supplied a document from PlayStation chief Jim Ryan that includes redacted details on the margins Sony shares with publishers, its Call of Duty revenues, and even the cost of developing some of its games. We have learned this lesson again : As part of the FTC v.

AI chatbot provider exposes 346,000 customer files, including ID documents, resumes, and medical records

Malwarebytes

DECEMBER 3, 2024

Some of the records that were found included: Identification documents including passports, which contain information like full names, dates of birth, passport numbers, and other information cybercriminals love to get their hands on.

Identity Theft

Identity Theft Education Risk Phishing

Roger Grimes on Prioritizing Cybersecurity Advice

Schneier on Security

OCTOBER 31, 2024

. […] This specific CISA document has at least 21 main recommendations, many of which lead to two or more other more specific recommendations. Any person following this document is…rightly…going to be expected to evaluate and implement all those recommendations.

Cybersecurity

Cybersecurity Risk Authentication

NSO Group Spies on People on Behalf of Governments

Schneier on Security

NOVEMBER 27, 2024

Legal documents released in ongoing US litigation between NSO Group and WhatsApp have revealed for the first time that the Israeli cyberweapons maker and not its government customers is the party that “installs and extracts” information from mobile phones targeted by the company’s hacking software.

Government

Government Spyware Mobile Hacking

What Graykey Can and Can’t Unlock

Schneier on Security

NOVEMBER 26, 2024

which are two recently released versions of Apple’s mobile operating system, according to documents describing the tool’s capabilities in granular detail obtained by 404 Media. The documents do not appear to contain information about what Graykey can access from the public release of iOS 18.1,

Media

Media Manufacturing Mobile Hacking

DDoSecrets Unveils Massive “Library of Leaks” Search Engine with Millions of Leaked Documents

Penetration Testing

DECEMBER 8, 2024

This searchable database... The post DDoSecrets Unveils Massive “Library of Leaks” Search Engine with Millions of Leaked Documents appeared first on Cybersecurity News.

Engineering

Engineering Cybersecurity

NIST Draft Document on Post-Quantum Cryptography Guidance

Schneier on Security

MAY 2, 2023

NIST has release a draft of Special Publication1800-38A: Migration to Post-Quantum Cryptography: Preparation for Considering the Implementation and Adoption of Quantum Safe Cryptography.”

Why Italy Sells So Much Spyware

Schneier on Security

NOVEMBER 19, 2024

According to an Italian Ministry of Justice document , as of December 2022 law enforcement in the country could rent spyware for €150 a day, regardless of which vendor they used, and without the large acquisition costs which would normally be prohibitive.

Spyware

Spyware Marketing Hacking

ClickFix: How to Infect Your PC in Three Easy Steps

Krebs on Security

MARCH 14, 2025

Malicious macros became such a common malware threat that Microsoft was forced to start blocking macros by default in Office documents that try to download content from the web.

Phishing

Phishing Malware Scams Passwords

FBI: Spike in Hacked Police Emails, Fake Subpoenas

Krebs on Security

NOVEMBER 9, 2024

The trouble is, these EDRs largely bypass any official review and do not require the requester to supply any court-approved documents. Others simply sell access to hacked government or police email accounts, and leave it up to the buyer to forge any needed documents. “Unlimited Emergency Data Requests. . Reset as you please.

Hacking

Hacking Accountability Government Social Engineering

Scam Alert: FBI ‘Increasingly Seeing’ Malware Distributed In Document Converters

Tech Republic Security

MARCH 19, 2025

FBI warns computer users to keep an eye out for malware, including ransomware, distributed through working document converters.

Malware

Malware Scams Ransomware Identity Theft

Former CIA analyst pleaded guilty to leaking top-secret documents

Security Affairs

JANUARY 21, 2025

On October 17, 2024, Rahman stole and leaked Top-Secret documents on a U.S. The CIA analyst photographed the classified documents and transmitted them to individuals he knew were not authorized to view them. Rahman has access to Sensitive Compartmented Information (SCI). “After Oct.

Media

Media Mobile Internet Internet

PayPal scam abuses Docusign API to spread phishy emails

Malwarebytes

MARCH 4, 2025

Also, it seems weird that Docusign has been used to send a document that doesnt require a signature. I’ve you’ve received an email like this and want to verify if it’s genuine, go directly to Docusign.com, click ‘Access Documents’ (upper right-hand corner), and enter the security code displayed in the email.

Scams

Scams Accountability Phishing Banking

Iran’s Digital Surveillance Tools Leaked

Schneier on Security

NOVEMBER 1, 2022

It’s Iran’s turn to have its digital surveillance tools leaked : According to these internal documents, SIAM is a computer system that works behind the scenes of Iranian cellular networks, providing its operators a broad menu of remote commands to alter, disrupt, and monitor how customers use their phones.

Surveillance

Surveillance Telecommunications Mobile Encryption

Apple indeed added a feature called “inactivity reboot” in iOS 18.1 that reboots locked devices

Security Affairs

NOVEMBER 12, 2024

Law enforcement warned that securely stored iPhones awaiting forensic examination are mysteriously rebooting, making them much harder to unlock, per a document obtained by 404 Media. 404 Media obtained the document from a mobile forensics source and verified it with another source. Three iPhones running iOS 18.0

Media

Media Wireless Mobile Encryption

Data Exfiltration Using Indirect Prompt Injection

Schneier on Security

DECEMBER 22, 2023

Interesting attack on a LLM: In Writer, users can enter a ChatGPT-like session to edit or create their documents. In this chat session, the LLM can retrieve information from sources on the web to assist users in creation of their documents.

iPhones in a law enforcement forensics lab mysteriously rebooted losing their After First Unlock (AFU) state

Security Affairs

NOVEMBER 8, 2024

Law enforcement warns that securely stored iPhones awaiting forensic examination are mysteriously rebooting, making them much harder to unlock, per a document obtained by 404 Media. 404 Media obtained the document from a mobile forensics source and verified it with another source. Below is the hypothesis reported in the document.

Media

Media Mobile Passwords Hacking

Threat Modeling the Genomic Data Sequencing Workflow (Threat Model Thursday)

Adam Shostack

FEBRUARY 12, 2025

This is a big, complex document. The apparent complexity is exacerbated by the intermingling of how to conduct with sample output and perhaps the document might be improved by breaking it into two: a how to guide and a sample output document or documents. What makes this level of detail right for this document?

Risk

Risk Manufacturing Encryption Surveillance

News alert: INE Security announces new initiative to help companies accelerate CMMC 2.0 compliance

The Last Watchdog

JANUARY 27, 2025

demands a structured approach to implementation and preparation. demands a structured approach to implementation and preparation. demands a structured approach to implementation and preparation.

Password Management

Password Management Architecture Threat Detection Cybersecurity

Snowden Ten Years Later

Schneier on Security

JUNE 6, 2023

In 2013 and 2014, I wrote extensively about new revelations regarding NSA surveillance based on the documents provided by Edward Snowden. It’s a surreal experience, paging through hundreds of top-secret NSA documents. Both Greenwald and his employer, the Guardian , are careful about whom they show the documents to.

Surveillance

Surveillance Computers and Electronics Government Encryption

SideWinder targets the maritime and nuclear sectors with an updated toolset

SecureList

MARCH 10, 2025

The document uses the remote template injection technique to download an RTF file stored on a remote server controlled by the attacker. The documents used various themes to deceive victims into believing they are legitimate. Some documents concerned nuclear power plants and nuclear energy agencies. pro document-viewer[.]info

Energy and Utilities

Energy and Utilities Malware Government Phishing

Cisco states that data published on cybercrime forum was taken from public-facing DevHub environment

Security Affairs

OCTOBER 21, 2024

It provides a range of development resources, including SDKs (Software Development Kits), documentation, sample code, and learning materials for networking, security, and cloud infrastructure. DevHub is a platform designed for developers to access resources, tools, and APIs to build and integrate applications with Cisco’s technologies.

Cybercrime

Cybercrime Data breaches Technology Banking

Best Policy Templates for Compliance: Essential Documents for Regulatory Success

Centraleyes

FEBRUARY 17, 2025

This document should outline governance structures, approval workflows, and ownership responsibilities to maintain consistency across the board. The post Best Policy Templates for Compliance: Essential Documents for Regulatory Success appeared first on Centraleyes.

Architecture

Architecture Government Risk Technology

Lessons Learned from a High-Stakes Data Breach

SecureWorld News

NOVEMBER 11, 2024

Following a documented protocol keeps you on solid ground, especially when the stakes are high and the pressure is on. Document every decision and action Documentation may seem tedious in the middle of a breach response, but it's critical. Detailed records can protect your team by demonstrating a transparent, ethical response.

Data breaches

Data breaches Accountability Cybersecurity Account Security

2017 ODNI Memo on Kaspersky Labs

Schneier on Security

JULY 23, 2024

Many more ODNI documents here. It’s heavily redacted , but still interesting.

New Information Supplement: Payment Page Security and Preventing E-Skimming

PCI perspectives

MARCH 10, 2025

This document provides direction for merchants and service providers implementing controls to protect payment card data during e-commerce transactions. The PCI Security Standards Council (PCI SSC) has introduced a new information supplement: Payment Page Security and Preventing E-Skimming Guidance for PCI DSS Requirements 6.4.3 and 11.6.1.

eCommerce

8Base ransomware group hacked Croatia’s Port of Rijeka

Security Affairs

DECEMBER 7, 2024

Allegedly, invoice receipts, accounting documents, personal data, certificates, employment contracts, a huge amount of confidential information, confidentiality pic.twitter.com/Tad7LeOcsk — HackManac (@H4ckManac) December 6, 2024 According to the announcement published by the group on its Tor leak site, stolen data includes: Invoice Receipts (..)

Ransomware

Ransomware Hacking Accountability Cyber Attacks

New NSA Information from (and About) Snowden

Schneier on Security

OCTOBER 26, 2023

Interesting article about the Snowden documents, including comments from former Guardian editor Ewen MacAskill MacAskill, who shared the Pulitzer Prize for Public Service with Glenn Greenwald and Laura Poitras for their journalistic work on the Snowden files, retired from The Guardian in 2018.

Surveillance

Surveillance Government Marketing

Mudge Files Whistleblower Complaint against Twitter

Schneier on Security

AUGUST 24, 2022

The Washington Post has the scoop (with documents) and companion backgrounder. Peiter Zatko, aka Mudge, has filed a whistleblower complaint with the SEC against Twitter, claiming that they violated an eleven-year-old FTC settlement by having lousy security. This CNN story is also comprehensive.

Cybersecurity

Threat Modeling Google Cloud (Threat Model Thursday)

Adam Shostack

JANUARY 2, 2025

Ill add that not everything in the document is introduced in methodology, and Ill list those as we go. As always, and especially in these Threat Model Thursday posts, my goal is to point out interesting work in a constructive way. Let me start by saying that I love that theres a methodology section at the top.

Engineering

Engineering Authentication

FBI deleted China-linked PlugX malware from over 4,200 US computers

Security Affairs

JANUARY 14, 2025

According to court documents, the Chinese government paid Mustang Panda to develop PlugX malware, used since 2014 to target U.S., The malware was operated by a China-linked threat actor, known as Mustang Panda (aka Twill Typhoon, to steal sensitive information from victim computers. European, and Asian entities. systems. .”

Malware

Malware Government Hacking Cybersecurity

Microsoft Executives Hacked

Schneier on Security

JANUARY 29, 2024

The investigation indicates they were initially targeting email accounts for information related to Midnight Blizzard itself.

Hacking

Hacking Accountability Passwords Cybersecurity

Black Basta ransomware gang hit BT Group

Security Affairs

DECEMBER 4, 2024

The group claimed to have stolen 500GB of data including Finacial data, Organisation data, Users data and personal documents, NDA’s, Confidential data, and more. As proof of the data breach, the group published multiple screenshots, including pictures of passports and other documents.

Ransomware

Ransomware Telecommunications Healthcare Insurance

Identifying People Using Cell Phone Location Data

Schneier on Security

JANUARY 9, 2023

This is the interesting part: Investigators identified Greenwood and Crahan almost immediately after the attacks took place by using cell phone data that allegedly showed both men in the vicinity of all four substations, according to court documents.

Surveillance

Surveillance Internet Internet Risk

CERT-UA warns of cyber espionage against the Ukrainian defense industry using Dark Crystal RAT

Security Affairs

MARCH 20, 2025

The RAR archive analyzed by the Ukrainian CERT-UA contains the document Algorithm_LegalAid.xlsm.Upon opening the document and enabling the macro, a PowerShell command will be executed. The script will download and run the.NET bootloader MSCommondll.exe,which in turn will download and run the malware DarkCrystal RAT.

Computers and Electronics

Computers and Electronics Telecommunications Malware Surveillance

Hyundai Uses Example Keys for Encryption System

Schneier on Security

AUGUST 22, 2022

“Turns out the [AES] encryption key in that script is the first AES 128-bit CBC example key listed in the NIST document SP800-38A [PDF]” […]. Luck held out, in a way. “Greenluigi1” found within the firmware image the RSA public key used by the updater, and searched online for a portion of that key.

Encryption

Encryption Firmware Manufacturing Software

Data Wallets Using the Solid Protocol

Schneier on Security

JULY 25, 2024

Details are here , but basically a digital wallet is a repository for personal data and documents. I am the Chief of Security Architecture at Inrupt, Inc. , the company that is commercializing Tim Berners-Lee’s Solid open W3C standard for distributed data ownership. Right now, there are hundreds of different wallets, but no standard.

Architecture

Architecture Data privacy

A data leak exposes the operations of the Chinese private firm TopSec, which provides Censorship-as-a-Service

Security Affairs

FEBRUARY 24, 2025

Some documents detail the use of web content monitoring services to enforce censorship for public and private sector customers. ” The leaked documents show that TopSec worked on projects for China’s Ministry of Public Security in Dandong, Songjiang, and Pudong, including a Cloud Monitoring Service Project in Shanghai. .

Government

Government Cybersecurity Hacking Internet

U.S. CISA adds Cisco ASA and FTD, and RoundCube Webmail bugs to its Known Exploited Vulnerabilities catalog

Security Affairs

OCTOBER 25, 2024

The company published a document containing recommendations against password spray attacks aimed at Remote Access VPN (RAVPN) services. The content of the email was empty, and the message only included an attached document that was not visible in the email client. The researchers also published PoC exploit code for this vulnerability.

VPN

VPN Firewall Technology Passwords

U.S. Court rules against NSO Group in WhatsApp spyware Lawsuit

Security Affairs

DECEMBER 23, 2024

Court documents state that on October 29, 2019, plaintiffs filed this lawsuit, alleging that the defendants used WhatsApp to target approximately 1,400 mobile phones and devices to infect them with the surveillance software. ” reads the court document. WhatsApp won a legal case against NSO Group in a U.S. ” The U.S.

Spyware

Spyware Surveillance Software Hacking

Russian Cyberwarfare Documents Leaked

FBI warns of malicious free online document converters spreading malware

Trending Sources

New Revelations from the Snowden Documents

Documents about the NSA’s Banning of Furby Toys in the 1990s

Redacting Documents with a Black Sharpie Doesn’t Work

AI chatbot provider exposes 346,000 customer files, including ID documents, resumes, and medical records

Roger Grimes on Prioritizing Cybersecurity Advice

NSO Group Spies on People on Behalf of Governments

What Graykey Can and Can’t Unlock

DDoSecrets Unveils Massive “Library of Leaks” Search Engine with Millions of Leaked Documents

NIST Draft Document on Post-Quantum Cryptography Guidance

Why Italy Sells So Much Spyware

ClickFix: How to Infect Your PC in Three Easy Steps

FBI: Spike in Hacked Police Emails, Fake Subpoenas

Scam Alert: FBI ‘Increasingly Seeing’ Malware Distributed In Document Converters

Former CIA analyst pleaded guilty to leaking top-secret documents

PayPal scam abuses Docusign API to spread phishy emails

Iran’s Digital Surveillance Tools Leaked

Apple indeed added a feature called “inactivity reboot” in iOS 18.1 that reboots locked devices

Data Exfiltration Using Indirect Prompt Injection

iPhones in a law enforcement forensics lab mysteriously rebooted losing their After First Unlock (AFU) state

Threat Modeling the Genomic Data Sequencing Workflow (Threat Model Thursday)

News alert: INE Security announces new initiative to help companies accelerate CMMC 2.0 compliance

Snowden Ten Years Later

SideWinder targets the maritime and nuclear sectors with an updated toolset

Cisco states that data published on cybercrime forum was taken from public-facing DevHub environment

Best Policy Templates for Compliance: Essential Documents for Regulatory Success

Lessons Learned from a High-Stakes Data Breach

2017 ODNI Memo on Kaspersky Labs

New Information Supplement: Payment Page Security and Preventing E-Skimming

8Base ransomware group hacked Croatia’s Port of Rijeka

New NSA Information from (and About) Snowden

Mudge Files Whistleblower Complaint against Twitter

Threat Modeling Google Cloud (Threat Model Thursday)

FBI deleted China-linked PlugX malware from over 4,200 US computers

Microsoft Executives Hacked

Black Basta ransomware gang hit BT Group

Identifying People Using Cell Phone Location Data

CERT-UA warns of cyber espionage against the Ukrainian defense industry using Dark Crystal RAT

Hyundai Uses Example Keys for Encryption System

Data Wallets Using the Solid Protocol

A data leak exposes the operations of the Chinese private firm TopSec, which provides Censorship-as-a-Service

U.S. CISA adds Cisco ASA and FTD, and RoundCube Webmail bugs to its Known Exploited Vulnerabilities catalog

U.S. Court rules against NSO Group in WhatsApp spyware Lawsuit

Stay Connected