Schneier on Security

AUGUST 29, 2024

Remember that talk was given in 1982, less than a year before the ARPANET switched to TCP/IP and the internet went operational. It’s a wonderful talk: funny, engaging, wise, prescient. She was a remarkable person.

Engineering 321

Engineering Internet Internet 321

Schneier on Security

APRIL 2, 2024

An intentionally placed backdoor in xz Utils, an open-source compression utility, was pretty much accidentally discovered by a Microsoft engineer—weeks before it would have been incorporated into both Debian and Red Hat Linux. The cybersecurity world got really lucky last week. modified the way the software functions.

Social Engineering 351

Social Engineering Engineering Software Encryption 351

Schneier on Security

APRIL 25, 2024

In just a few decades, much of human knowledge has been collectively written up and made available to anyone with an internet connection. The internet initially promised to change this process. Large language models, or LLMs, are trained on massive troves of material—nearly the entire internet in some cases.

Engineering 348

Engineering Internet Internet Artificial Intelligence 348

Schneier on Security

MARCH 30, 2023

Now this is interesting: Thousands of pages of secret documents reveal how Vulkan’s engineers have worked for Russian military and intelligence agencies to support hacking operations, train operatives before attacks on national infrastructure, spread disinformation and control sections of the internet.

Engineering 324

Engineering Internet Internet Hacking 324

Schneier on Security

APRIL 11, 2024

Last week, the internet dodged a major nation-state attack that would have had catastrophic cybersecurity repercussions worldwide. There are libraries for everything: displaying objects in 3D, spell-checking, performing complex mathematics, managing an e-commerce shopping cart, moving files around the internet—everything.

Software 348

Software Engineering Internet Internet 348

Krebs on Security

AUGUST 27, 2024

Malicious hackers are exploiting a zero-day vulnerability in Versa Director , a software product used by many Internet and IT service providers. ” Ryan English , an information security engineer at Lumen, said it’s disappointing his employer didn’t at least garner an honorable mention in Versa’s security advisory.

Internet 313

Internet Internet Technology Engineering 313

Schneier on Security

MARCH 15, 2021

OF leverages online finder devices to detect the presence of missing offline devices using Bluetooth and report an approximate location back to the owner via the Internet. To this end, we recover the specifications of the closed-source OF protocols by means of reverse engineering.

Engineering 359

Engineering Internet Internet 359

The Last Watchdog

DECEMBER 11, 2022

The Internet of Everything ( IoE ) is on the near horizon. For instance, very visibly over the past decade, Internet of Things ( IoT ) computing devices and sensors have become embedded everywhere. For instance, very visibly over the past decade, Internet of Things ( IoT ) computing devices and sensors have become embedded everywhere.

Internet 189

Internet Internet Energy and Utilities IoT 189

Graham Cluley

OCTOBER 16, 2024

WordPress's emperor, Matt Mullenweg, demands a hefty tribute from WP Engine, and a battle erupts, leaving millions of websites hanging in the balance. Meanwhile, the Internet Archive, a digital library preserving our online history, is under siege from hackers.

Engineering 84

Engineering Internet Internet Cybersecurity 84

Schneier on Security

MAY 21, 2024

Apple and Google said they will continue collaborating with the Internet Engineering Task Force to further develop this technology and address the issue of unwanted tracking. Several Bluetooth tag companies have committed to making their future products compatible with the new standard.

Engineering 284

Engineering Internet Internet Technology 284

Schneier on Security

JULY 25, 2024

Friday’s massive internet outage, caused by a mid-sized tech company called CrowdStrike, disrupted major airlines, hospitals, and banks. The catastrophe is yet another reminder of how brittle global internet infrastructure is. Compare the internet with ecological systems. Nearly 7,000 flights were canceled.

Marketing 322

Marketing Software Internet Internet 322

Security Affairs

MARCH 9, 2024

The researchers scanned the Internet for Internet-facing Fortinet FortiOS and FortiProxy secure web gateway systems vulnerable to CVE-2024-21762. The researchers scanned the Internet for Internet-facing Fortinet FortiOS and FortiProxy secure web gateway systems vulnerable to CVE-2024-21762.

Internet 145

Internet Internet VPN Engineering 145

Krebs on Security

OCTOBER 4, 2021

We don’t yet know why this happened, but the how is clear: Earlier this morning, something inside Facebook caused the company to revoke key digital records that tell computers and other Internet-enabled devices how to find these destinations online. Kentik’s view of the Facebook, Instagram and WhatsApp outage. Update, 6:16 p.m.

Internet 363

Internet Internet DNS Marketing 363

Krebs on Security

SEPTEMBER 10, 2021

The assault came from “ Meris ,” the same new “Internet of Things” (IoT) botnet behind record-shattering attacks against Russian search giant Yandex this week and internet infrastructure firm Cloudflare earlier this summer. Cloudflare recently wrote about its attack , which clocked in at 17.2 Image: Qrator.

IoT 317

IoT DDOS Internet Internet 317

Malwarebytes

NOVEMBER 4, 2024

We identified a new wave of phishing for banking credentials that targets consumers via Microsoft’s search engine. While Microsoft’s Bing only has about 4% of the search engine market share , crooks are drawn to it as an alternative to Google. We have reported the fraudulent sites to Microsoft already.

Engineering 110

Engineering Phishing Banking Authentication 110

Krebs on Security

AUGUST 21, 2020

” The perpetrators focus on social engineering new hires at the targeted company, and impersonate staff at the target company’s IT helpdesk. The internet is a public resource; only post information you are comfortable with anyone seeing. authenticate the phone call before sensitive information can be discussed.

VPN 362

VPN Social Engineering Authentication Engineering 362

Krebs on Security

OCTOBER 8, 2024

One of the zero-day flaws — CVE-2024-43573 — stems from a security weakness in MSHTML , the proprietary engine of Microsoft’s Internet Explorer web browser. Cemerikic noted that while Internet Explorer is being retired on many platforms, its underlying MSHTML technology remains active and vulnerable.

Engineering 236

Engineering Internet Internet System Administration 236

Schneier on Security

JUNE 5, 2023

Now engineers and designers are rationalizing the way they go about building new models, taking advantage of much more powerful hardware to consolidate all those discrete functions into a small number of domain controllers. The behavior of new cars is increasingly defined by software, too.

Software 278

Software Engineering Internet Internet 278

Schneier on Security

SEPTEMBER 29, 2020

As expected, IoT devices are filled with vulnerabilities : As a thought experiment, Martin Hron, a researcher at security company Avast, reverse engineered one of the older coffee makers to see what kinds of hacks he could do with it. After just a week of effort, the unqualified answer was: quite a lot.

Hacking 360

Hacking IoT Engineering Internet 360

The Last Watchdog

OCTOBER 30, 2023

Unfortunately, most SOCs are still understaffed so detection engineering often goes on the back burner in favor of managing the alert queue. I think the biggest problem is in reactivity and how it forces us to use our more experienced engineers. Right now, the impact an engineer has is typically limited to their own organization.

Engineering 311

Engineering Mobile Internet Internet 311

Krebs on Security

JANUARY 29, 2020

leaked internal customer support data to the Internet, mobile provider Sprint has addressed a mix-up in which posts to a private customer support community were exposed to the Web. Perhaps more importantly for Sprint and its customers, the forum also included numerous links and references to internal tools and procedures.

Social Engineering 282

Social Engineering Telecommunications Engineering Data privacy 282

Schneier on Security

FEBRUARY 14, 2020

Interesting collision of real-world and Internet security: The ceremony sees several trusted internet engineers (a minimum of three and up to seven) from across the world descend on one of two secure locations -- one in El Segundo, California, just south of Los Angeles, and the other in Culpeper, Virginia -- both in America, every three months.

Internet 261

Internet Internet Engineering DNS 261

Krebs on Security

MARCH 9, 2021

Top of the heap this month (apart from the ongoing, global Exchange Server mass-compromise ) is a patch for an Internet Explorer bug that is seeing active exploitation. “We strongly encourage all organizations that rely on Internet Explorer and Microsoft Edge (EdgeHTML-Based) to apply these patches as soon as possible.”

DNS 346

DNS Internet Internet Software 346

Krebs on Security

JULY 9, 2024

The other zero-day is CVE-2024-38112 , which is a weakness in MSHTML , the proprietary engine of Microsoft’s Internet Explorer web browser. ” Satnam Narang , senior staff research engineer at Tenable , called special attention to CVE-2024-38021 , a remote code execution flaw in Microsoft Office.

Internet 267

Internet Internet Engineering Software 267

Krebs on Security

FEBRUARY 5, 2020

Many modern vehicles let owners use the Internet or a mobile device to control the car’s locks, track location and performance data, and start the engine. But he can still remotely track its location and usage, lock and unlock it, and start the engine.

Mobile 309

Mobile Engineering Internet Internet 309

Krebs on Security

NOVEMBER 21, 2020

NiceHash founder Matjaz Skorjanc said the unauthorized changes were made from an Internet address at GoDaddy, and that the attackers tried to use their access to its incoming NiceHash emails to perform password resets on various third-party services, including Slack and Github. GoDaddy said the outage between 7:00 p.m. and 11:00 p.m.

Cryptocurrency 363

Cryptocurrency VPN Scams Social Engineering 363

Krebs on Security

JANUARY 24, 2020

In the case of e-hawk.net, however, the scammers managed to trick an OpenProvider customer service rep into transferring the domain to another registrar with a fairly lame social engineering ruse — and without triggering any verification to the real owners of the domain. ” REGISTRY LOCK.

DNS 288

DNS Social Engineering Engineering Accountability 288

Krebs on Security

SEPTEMBER 27, 2023

The victim shaming site operated by the Snatch ransomware group is leaking data about its true online location and internal operations, as well as the Internet addresses of its visitors, KrebsOnSecurity has found. Probably the most active Internet address accessing Snatch’s darknet site is 193.108.114[.]41 top , sntech2ch[.]top

Ransomware 293

Ransomware Internet Internet Phishing 293

Krebs on Security

MAY 11, 2021

On deck this month are patches to quash a wormable flaw, a creepy wireless bug, and yet another reason to call for the death of Microsoft’s Internet Explorer (IE) web browser. Four of these weaknesses can be exploited by malware and malcontents to seize complete, remote control over vulnerable systems without any help from users.

Wireless 315

Wireless Internet Internet Backups 315

Krebs on Security

NOVEMBER 14, 2023

“This is typically achieved through social engineering attacks with spear phishing to gain initial access to a host before searching for other vulnerable internal targets – just because your Exchange Server doesn’t have internet-facing authentication doesn’t mean it’s protected,” Breen said.

Social Engineering 287

Social Engineering Internet Internet Phishing 287

Krebs on Security

NOVEMBER 12, 2024

Satnam Narang , senior staff research engineer at Tenable , says the danger with stolen NTLM hashes is that they enable so-called “pass-the-hash” attacks, which let an attacker masquerade as a legitimate user without ever having to log in or know the user’s password.

Authentication 237

Authentication Engineering Malware Passwords 237

Schneier on Security

JANUARY 4, 2021

From an interview with an Amazon Web Services security engineer: So when you use AWS, part of what you’re paying for is security. Right; it’s part of what we sell. Let’s say a prospective customer comes to AWS. They say, “I like pay-as-you-go pricing. Tell me more about that.”

Engineering 353

Engineering Internet Internet 353

Krebs on Security

JULY 13, 2021

CVE-2021-34448 is a critical remote code execution vulnerability in the scripting engine built into every supported version of Windows — including server versions. Other products that got patches today include Microsoft Office , Bing , SharePoint Server , Internet Explorer , and Visual Studio.

DNS 313

DNS Engineering Internet Internet 313

Krebs on Security

APRIL 11, 2023

This could be via social engineering, spear phishing attacks, or exploitation of other services.” While not standard in all organizations, RAS servers typically have direct access from the Internet where most users and services are connected.

Social Engineering 274

Social Engineering Ransomware Internet Internet 274

Krebs on Security

FEBRUARY 14, 2023

13 released an update for iOS that resolves a zero-day vulnerability in Webkit , Apple’s open source browser engine. Johannes Ullrich at the SANS Internet Storm Center notes that in addition to the WebKit problem, Apple fixed a privilege escalation issue. Apple on Feb. Both flaws are fixed in iOS 16.3.1.

Internet 56

Internet Internet Malware Cyber threats 56

Krebs on Security

FEBRUARY 13, 2024

Top of the heap on this Fat Patch Tuesday is CVE-2024-21412 , a “security feature bypass” in the way Windows handles Internet Shortcut Files that Microsoft says is being targeted in active exploits. Microsoft Corp. It’s also smart to back up your data and/or image your Windows drive before applying new updates.

Engineering 264

Engineering Internet Internet Software 264

The Last Watchdog

AUGUST 29, 2023

In 2019, a cybersecurity firm demonstrated security risks that could allow an attacker to disrupt engine readings and altitude on an aircraft. Hilderman Many components and systems within an aircraft can exchange data and communicate with each other or with the external internet. There was another warning from the U.S.

Software 264

Software Risk Artificial Intelligence Engineering 264