Schneier on Security

JANUARY 6, 2022

The privacy-oriented search engine netted more than 35 billion search queries in 2021 , a 46.4% It’s not as a good a search engine as Google. To solve that, I use use the feature that allows me to use Google’s search engine through DuckDuckGo: prepend “!Google” jump over 2020 (23.6 That’s big.

Engineering 331

Engineering Internet Internet 331

Schneier on Security

APRIL 2, 2024

An intentionally placed backdoor in xz Utils, an open-source compression utility, was pretty much accidentally discovered by a Microsoft engineer—weeks before it would have been incorporated into both Debian and Red Hat Linux. The cybersecurity world got really lucky last week. modified the way the software functions.

Social Engineering 351

Social Engineering Engineering Software Encryption 351

Tech Republic Security

SEPTEMBER 24, 2024

The Secure Future Initiative was created around the same time the U.S. Cyber Safety Review Board chided Redmond for having a poor security culture.

Engineering 184

Engineering Cybersecurity Data breaches 184

Malwarebytes

NOVEMBER 4, 2024

We identified a new wave of phishing for banking credentials that targets consumers via Microsoft’s search engine. While Microsoft’s Bing only has about 4% of the search engine market share , crooks are drawn to it as an alternative to Google. We have reported the fraudulent sites to Microsoft already.

Engineering 110

Engineering Phishing Banking Authentication 110

Schneier on Security

DECEMBER 2, 2024

Here are the technical details , discovered through reverse engineering. I recently wrote about the new iOS feature that forces an iPhone to reboot after it’s been inactive for a longish period of time. The feature triggers after seventy-two hours of inactivity, even it is remains connected to Wi-Fi.

Engineering 305

Engineering 305

The Hacker News

NOVEMBER 28, 2024

A popular open-source game engine called Godot Engine is being misused as part of a new GodLoader malware campaign, infecting over 17,000 systems since at least June 2024.

Engineering 115

Engineering Malware 115

Digital Shadows

OCTOBER 25, 2024

During the investigation, we discovered a wider trend: a campaign of escalated social engineering tactics originally associated with the ransomware group “Black Basta.” There has been a significant rise in ransomware actors using social engineering techniques to gain unauthorized access to sensitive systems and data. What Happened?

Social Engineering 128

Social Engineering Engineering Phishing Accountability 128

Schneier on Security

JULY 27, 2021

Meanwhile, since the structure of the neural network models remains unchanged, they can pass the security scan of antivirus engines. With the widespread application of artificial intelligence, utilizing neural networks becomes a forwarding trend of malware.

Malware 363

Malware Artificial Intelligence Antivirus Engineering 363

Schneier on Security

APRIL 25, 2024

In response, a multibillion-dollar industry—search-engine optimization, or SEO—has emerged to cater to Google’s shifting preferences, strategizing new ways for websites to rank higher on search-results pages and thus attain more traffic and lucrative ad impressions. It is too late to stop the emergence of AI.

Engineering 348

Engineering Internet Internet Artificial Intelligence 348

Lohrman on Security

OCTOBER 1, 2023

Sophisticated social engineering attacks have led to hundreds of data breaches this year. What can be done? And what new resources can help?

Cyber Attacks 308

Cyber Attacks Social Engineering Data breaches Engineering 308

Schneier on Security

AUGUST 29, 2024

Listening to it, and thinking about the audience of NSA engineers, I wonder how much of what she’s talking about as the future of computing—miniaturization, parallelization—was being done in the present and in secret. She was a remarkable person.

Engineering 321

Engineering Internet Internet 321

Krebs on Security

OCTOBER 20, 2023

BeyondTrust’s security team detected that someone was trying to use an Okta account assigned to one of their engineers to create an all-powerful administrator account within their Okta environment. He said that on Oct 2.,

Social Engineering 329

Social Engineering Engineering Accountability Hacking 329

Schneier on Security

MAY 16, 2024

ZTDNS aims to solve this decades-old problem by integrating the Windows DNS engine with the Windows Filtering Platform—the core component of the Windows Firewall—directly into client devices.

DNS 299

DNS Firewall Engineering Network Security 299

Schneier on Security

APRIL 22, 2024

Interesting social-engineering attack vector : McAfee released a report on a new LUA malware loader distributed through what appeared to be a legitimate Microsoft GitHub repository for the “C++ Library Manager for Windows, Linux, and MacOS,” known as vcpkg.

Malware 316

Malware Social Engineering Engineering Software 316

Schneier on Security

SEPTEMBER 17, 2024

Interesting social engineering attack: luring potential job applicants with fake recruiting pitches, trying to convince them to download malware.

Malware 277

Malware Social Engineering Engineering Hacking 277

Schneier on Security

MARCH 15, 2021

To this end, we recover the specifications of the closed-source OF protocols by means of reverse engineering. This paper presents the first comprehensive security and privacy analysis of OF.

Engineering 359

Engineering Internet Internet 359

Schneier on Security

MARCH 30, 2023

Now this is interesting: Thousands of pages of secret documents reveal how Vulkan’s engineers have worked for Russian military and intelligence agencies to support hacking operations, train operatives before attacks on national infrastructure, spread disinformation and control sections of the internet.

Engineering 324

Engineering Internet Internet Hacking 324

Schneier on Security

NOVEMBER 29, 2023

They’re not that good : Security researchers Jesse D’Aguanno and Timo Teräs write that, with varying degrees of reverse-engineering and using some external hardware, they were able to fool the Goodix fingerprint sensor in a Dell Inspiron 15, the Synaptic sensor in a Lenovo ThinkPad T14, and the ELAN sensor in one of Microsoft’s own (..)

Engineering 327

Engineering Authentication 327

Schneier on Security

NOVEMBER 10, 2021

Decrypted firmware ­ which is possible through Fail0verflow’s keys ­ would potentially allow for hackers to further reverse engineer the PS5 software and potentially develop the sorts of hacks that allowed for things like installing Linux, emulators, or even pirated games on past Sony consoles.

Hacking 311

Hacking Firmware Engineering Software 311

The Last Watchdog

OCTOBER 30, 2023

Unfortunately, most SOCs are still understaffed so detection engineering often goes on the back burner in favor of managing the alert queue. I think the biggest problem is in reactivity and how it forces us to use our more experienced engineers. Right now, the impact an engineer has is typically limited to their own organization.

Engineering 311

Engineering Mobile Internet Internet 311

Schneier on Security

SEPTEMBER 20, 2023

For example, hiring managers will want a network security engineer with knowledge of networks or an identity management analyst with experience in identity systems. Nor is there a shortage of thought leaders, advisors, or self-proclaimed cyber subject matter experts. They are not looking for someone interested in security.

Cybersecurity 322

Cybersecurity Engineering CISO Architecture 322

Schneier on Security

JUNE 5, 2023

Now engineers and designers are rationalizing the way they go about building new models, taking advantage of much more powerful hardware to consolidate all those discrete functions into a small number of domain controllers. The behavior of new cars is increasingly defined by software, too.

Software 278

Software Engineering Internet Internet 278

Schneier on Security

SEPTEMBER 16, 2022

By reverse-engineering the communications between a Tesla Model Y and its credit card key, they were able to properly execute a range-extending relay attack against the crossover. While this specific use case focuses on Tesla, it’s a proof of concept—NFC handshakes can, and eventually will, be reverse-engineered.

Engineering 282

Engineering Hacking 282

Schneier on Security

APRIL 11, 2024

This backdoor is the result of a years-long engineering effort. Banning open source won’t work; it’s precisely because XZ Utils is open source that an engineer discovered the problem in time. SSH runs as root, so that code could have done anything. Let your imagination run wild. This isn’t something a hacker just whips up.

Software 348

Software Engineering Internet Internet 348

Schneier on Security

SEPTEMBER 16, 2022

“They pretty much have full access to Uber,” said Sam Curry, a security engineer at Yuga Labs who corresponded with the person who claimed to be responsible for the breach. “This is a total compromise, from what it looks like.”

Data breaches 276

Data breaches Engineering Phishing Hacking 276

Schneier on Security

MAY 21, 2024

Apple and Google said they will continue collaborating with the Internet Engineering Task Force to further develop this technology and address the issue of unwanted tracking. Several Bluetooth tag companies have committed to making their future products compatible with the new standard.

Engineering 284

Engineering Internet Internet Technology 284

Joseph Steinberg

OCTOBER 24, 2022

An online cybersecurity event with 2,500 people already logged in had to be cancelled after suspected cybercriminals launched a social engineering attack in the event’s chat window.

Cybersecurity 362

Cybersecurity Social Engineering Artificial Intelligence Scams 362

Schneier on Security

MARCH 31, 2024

He was a cryptographer and security engineer, but also very much a generalist. His masterwork book, Security Engineering —now in its Third Edition—is as comprehensive a tome on cybersecurity and related topics as you could imagine. He analyzed block ciphers in the 1990s, and attacks against large-language models last year.

Surveillance 329

Surveillance Engineering Encryption Government 329

Schneier on Security

JUNE 4, 2024

Grand and Bruno spent months reverse engineering the version of the RoboForm program that they thought Michael had used in 2013 and found that the pseudo-random number generator used to generate passwords in that version­and subsequent versions until 2015­did indeed have a significant flaw that made the random number generator not so random.

Password Management 320

Password Management Passwords Cryptocurrency Engineering 320

Schneier on Security

NOVEMBER 17, 2022

Since then, engineers, operations specialists, IT staff, and security teams have been stretched thin attempting to adapt Twitter’s offerings and build new features per new owner Elon Musk’s agenda. The meltdown comes less than two weeks after Twitter laid off about half of its workers , roughly 3,700 people.

Authentication 351

Authentication Passwords Accountability Media 351

Tech Republic Security

AUGUST 23, 2024

A new malware called NGate allows cybercriminals to steal near field communication data from Android phones via sophisticated social engineering. The data is relayed to the fraudsters before being used to steal cash.

Social Engineering 205

Social Engineering Malware Engineering Banking 205

Tech Republic Security

DECEMBER 3, 2024

The exposed database creates opportunities for staging convincing phishing and social engineering attacks, among other issues.

Social Engineering 193

Social Engineering Engineering Phishing Cybersecurity 193

The Last Watchdog

NOVEMBER 19, 2023

Using routine social engineering strategies, the cyber-thieves gathered information about key employees. Defeating MFA Their social engineering chops seem to indicate the relatively youthful thieves possessed significant skills. How they steamrolled multi-factor authentication is a reason for pause.

Social Engineering 310

Social Engineering Passwords Authentication Marketing 310

Krebs on Security

DECEMBER 10, 2024

. “Ransomware authors who have abused previous CLFS vulnerabilities will be only too pleased to get their hands on a fresh one,” wrote Adam Barnett , lead software engineer at Rapid7.

Engineering 211

Engineering Authentication Software Ransomware 211

Krebs on Security

OCTOBER 8, 2024

One of the zero-day flaws — CVE-2024-43573 — stems from a security weakness in MSHTML , the proprietary engine of Microsoft’s Internet Explorer web browser. If that sounds familiar it’s because this is the fourth MSHTML vulnerability found to be exploited in the wild so far in 2024.

Engineering 236

Engineering Internet Internet System Administration 236

Schneier on Security

JULY 25, 2024

Each piece of software depends on dozens of others, typically written by other engineering teams sometimes years earlier on the other side of the planet. Netflix is famous for its Chaos Monkey tool , which intentionally causes failures to force the systems (and, really, the engineers) to be more resilient.

Marketing 322

Marketing Software Internet Internet 322

Tech Republic Security

NOVEMBER 5, 2024

About a year after Broadcom’s acquisition of VMware, the company released VMware Tanzu Data Services to make connections to some third-party data engines easier.

Engineering 182

Engineering Artificial Intelligence Software 182