Schneier on Security

JANUARY 6, 2022

The privacy-oriented search engine netted more than 35 billion search queries in 2021 , a 46.4% It’s not as a good a search engine as Google. To solve that, I use use the feature that allows me to use Google’s search engine through DuckDuckGo: prepend “!Google” jump over 2020 (23.6 That’s big.

Engineering 362

Engineering Internet Internet 362

Anton on Security

SEPTEMBER 21, 2023

This blog series was written jointly with Amine Besson, Principal Cyber Engineer, Behemoth CyberDefence and one more anonymous collaborator. Detection Engineering is Painful — and It Shouldn’t Be (Part 1) Contrary to what some may think, a detection and response (D&R) success is more about the processes and people than about the SIEM.

Engineering 221

Engineering Threat Detection Marketing Internet 221

Krebs on Security

FEBRUARY 11, 2025

Tenable senior staff research engineer Satnam Narang noted that since 2022, there have been nine elevation of privilege vulnerabilities in this same Windows component — three each year — including one in 2024 that was exploited in the wild as a zero day (CVE-2024-38193).

Artificial Intelligence 199

Artificial Intelligence Engineering Software Internet 199

Security Through Education

MARCH 3, 2025

When I first heard of social engineering, about 6 years ago, I couldnt define it clearly and concisely if you had offered me millions of dollars. ’ Lets re-visit what social engineering really means, how people use it, and how you can start protecting yourself from it. Either way, lets refresh and learn together!

Social Engineering 59

Social Engineering Engineering Scams Banking 59

Schneier on Security

AUGUST 29, 2024

Remember that talk was given in 1982, less than a year before the ARPANET switched to TCP/IP and the internet went operational. It’s a wonderful talk: funny, engaging, wise, prescient. She was a remarkable person.

Engineering 340

Engineering Internet Internet 340

The Last Watchdog

OCTOBER 19, 2022

Matter is intended to be the lingua franca for the Internet of Things. To get a full grasp on why Matter matters, I recently visited with Steve Hanna, distinguished engineer at Infineon Technologies , a global semiconductor manufacturer based in Neubiberg, Germany. It’s only a first step and there’s a long way to go. Baked-in security.

Internet 44

Internet Internet Manufacturing Technology 44

Krebs on Security

MARCH 27, 2025

Rather, it appears those responsible are promoting them by manipulating the search engine results shown when someone searches for one of these anti-Putin organizations.

Phishing 201

Phishing Government Engineering Internet 201

Schneier on Security

APRIL 25, 2024

In just a few decades, much of human knowledge has been collectively written up and made available to anyone with an internet connection. The internet initially promised to change this process. Large language models, or LLMs, are trained on massive troves of material—nearly the entire internet in some cases.

Engineering 359

Engineering Internet Internet Artificial Intelligence 359

Krebs on Security

MARCH 11, 2025

Rapid7’s lead software engineer Adam Barnett said Windows 11 and Server 2019 onwards are not listed as receiving patches, so are presumably not vulnerable. The SANS Internet Storm Center has a useful list of all the Microsoft patches released today, indexed by severity.

System Administration 224

System Administration Engineering Internet Internet 224

Schneier on Security

MARCH 30, 2023

Now this is interesting: Thousands of pages of secret documents reveal how Vulkan’s engineers have worked for Russian military and intelligence agencies to support hacking operations, train operatives before attacks on national infrastructure, spread disinformation and control sections of the internet.

Engineering 326

Engineering Internet Internet Hacking 326

Schneier on Security

MAY 21, 2024

Apple and Google said they will continue collaborating with the Internet Engineering Task Force to further develop this technology and address the issue of unwanted tracking. Several Bluetooth tag companies have committed to making their future products compatible with the new standard.

Engineering 316

Engineering Internet Internet Technology 316

Krebs on Security

AUGUST 27, 2024

Malicious hackers are exploiting a zero-day vulnerability in Versa Director , a software product used by many Internet and IT service providers. ” Ryan English , an information security engineer at Lumen, said it’s disappointing his employer didn’t at least garner an honorable mention in Versa’s security advisory.

Internet 335

Internet Internet Technology Engineering 335

Adam Shostack

JANUARY 2, 2025

Yahoo and Altavista were our gateways to the internet. We need to figure out what engineering software looks like for a twenty year lifespan, and part of that will be really doing such engineering, because theory will only take us to the limits of our imaginations. Steve Jobs just returned to Apple. Google didn't exist yet.

Engineering 130

Engineering Software Internet Internet 130

Schneier on Security

APRIL 2, 2024

An intentionally placed backdoor in xz Utils, an open-source compression utility, was pretty much accidentally discovered by a Microsoft engineer—weeks before it would have been incorporated into both Debian and Red Hat Linux. The cybersecurity world got really lucky last week. modified the way the software functions.

Social Engineering 350

Social Engineering Engineering Software Encryption 350

Schneier on Security

APRIL 11, 2024

Last week, the internet dodged a major nation-state attack that would have had catastrophic cybersecurity repercussions worldwide. There are libraries for everything: displaying objects in 3D, spell-checking, performing complex mathematics, managing an e-commerce shopping cart, moving files around the internet—everything.

Software 360

Software Engineering Internet Internet 360

Schneier on Security

JULY 25, 2024

Friday’s massive internet outage, caused by a mid-sized tech company called CrowdStrike, disrupted major airlines, hospitals, and banks. The catastrophe is yet another reminder of how brittle global internet infrastructure is. Compare the internet with ecological systems. Nearly 7,000 flights were canceled.

Marketing 347

Marketing Software Internet Internet 347

Schneier on Security

MARCH 15, 2021

OF leverages online finder devices to detect the presence of missing offline devices using Bluetooth and report an approximate location back to the owner via the Internet. To this end, we recover the specifications of the closed-source OF protocols by means of reverse engineering.

Engineering 363

Engineering Internet Internet 363

The Last Watchdog

DECEMBER 11, 2022

The Internet of Everything ( IoE ) is on the near horizon. For instance, very visibly over the past decade, Internet of Things ( IoT ) computing devices and sensors have become embedded everywhere. For instance, very visibly over the past decade, Internet of Things ( IoT ) computing devices and sensors have become embedded everywhere.

Internet 189

Internet Internet Energy and Utilities IoT 189

Krebs on Security

NOVEMBER 9, 2024

In the United States, when federal, state or local law enforcement agencies wish to obtain information about an account at a technology provider — such as the account’s email address, or what Internet addresses a specific cell phone account has used in the past — they must submit an official court-ordered warrant or subpoena.

Hacking 281

Hacking Accountability Government Social Engineering 281

Security Affairs

APRIL 1, 2025

Researchers at Microsofts Offensive Research and Security Engineering (MORSE) team have discovered a critical code execution vulnerability, tracked as CVE-2025-1268 (CVSS score of 9.4), impacting Canon printer drivers. Microsofts offensive security team discovered a critical code execution vulnerability impacting Canon printer drivers.

Engineering 127

Engineering Internet Internet Hacking 127

Krebs on Security

SEPTEMBER 10, 2021

The assault came from “ Meris ,” the same new “Internet of Things” (IoT) botnet behind record-shattering attacks against Russian search giant Yandex this week and internet infrastructure firm Cloudflare earlier this summer. Cloudflare recently wrote about its attack , which clocked in at 17.2 Image: Qrator.

IoT 344

IoT DDOS Internet Internet 344

Krebs on Security

OCTOBER 8, 2024

One of the zero-day flaws — CVE-2024-43573 — stems from a security weakness in MSHTML , the proprietary engine of Microsoft’s Internet Explorer web browser. Cemerikic noted that while Internet Explorer is being retired on many platforms, its underlying MSHTML technology remains active and vulnerable.

Engineering 260

Engineering Internet Internet System Administration 260

The Last Watchdog

MARCH 28, 2025

Instead, the browser has become the primary way through which employees conduct work and interact with the internet. In the case studies demonstrated by SquareX , these attacks leverage AI agents to automate the majority of the attack sequence, requiring minimal social engineering and interference from the attacker.

Antivirus 147

Antivirus Ransomware Social Engineering Engineering 147

Krebs on Security

OCTOBER 4, 2021

We don’t yet know why this happened, but the how is clear: Earlier this morning, something inside Facebook caused the company to revoke key digital records that tell computers and other Internet-enabled devices how to find these destinations online. Kentik’s view of the Facebook, Instagram and WhatsApp outage. Update, 6:16 p.m.

Internet 363

Internet Internet DNS Marketing 363

Security Affairs

MARCH 9, 2024

The researchers scanned the Internet for Internet-facing Fortinet FortiOS and FortiProxy secure web gateway systems vulnerable to CVE-2024-21762. The researchers scanned the Internet for Internet-facing Fortinet FortiOS and FortiProxy secure web gateway systems vulnerable to CVE-2024-21762.

Internet 145

Internet Internet VPN Engineering 145

Krebs on Security

JANUARY 29, 2020

leaked internal customer support data to the Internet, mobile provider Sprint has addressed a mix-up in which posts to a private customer support community were exposed to the Web. Perhaps more importantly for Sprint and its customers, the forum also included numerous links and references to internal tools and procedures.

Social Engineering 307

Social Engineering Telecommunications Data privacy Engineering 307

Schneier on Security

JUNE 5, 2023

Now engineers and designers are rationalizing the way they go about building new models, taking advantage of much more powerful hardware to consolidate all those discrete functions into a small number of domain controllers. The behavior of new cars is increasingly defined by software, too.

Software 286

Software Engineering Internet Internet 286

Krebs on Security

AUGUST 21, 2020

” The perpetrators focus on social engineering new hires at the targeted company, and impersonate staff at the target company’s IT helpdesk. The internet is a public resource; only post information you are comfortable with anyone seeing. authenticate the phone call before sensitive information can be discussed.

VPN 363

VPN Social Engineering Authentication Engineering 363

Schneier on Security

FEBRUARY 14, 2020

Interesting collision of real-world and Internet security: The ceremony sees several trusted internet engineers (a minimum of three and up to seven) from across the world descend on one of two secure locations -- one in El Segundo, California, just south of Los Angeles, and the other in Culpeper, Virginia -- both in America, every three months.

Internet 279

Internet Internet Engineering DNS 279

Schneier on Security

SEPTEMBER 29, 2020

As expected, IoT devices are filled with vulnerabilities : As a thought experiment, Martin Hron, a researcher at security company Avast, reverse engineered one of the older coffee makers to see what kinds of hacks he could do with it. After just a week of effort, the unqualified answer was: quite a lot.

Hacking 363

Hacking IoT Engineering Internet 363

The Last Watchdog

OCTOBER 30, 2023

Unfortunately, most SOCs are still understaffed so detection engineering often goes on the back burner in favor of managing the alert queue. I think the biggest problem is in reactivity and how it forces us to use our more experienced engineers. Right now, the impact an engineer has is typically limited to their own organization.

Engineering 311

Engineering Mobile Internet Internet 311

Krebs on Security

JULY 9, 2024

The other zero-day is CVE-2024-38112 , which is a weakness in MSHTML , the proprietary engine of Microsoft’s Internet Explorer web browser. ” Satnam Narang , senior staff research engineer at Tenable , called special attention to CVE-2024-38021 , a remote code execution flaw in Microsoft Office.

Internet 289

Internet Internet Engineering Software 289

Krebs on Security

NOVEMBER 14, 2024

Golubov later earned immunity from prosecution by becoming an elected politician and founding the Internet Party of Ukraine , which called for free internet for all, the creation of country-wide “hacker schools” and the “computerization of the entire economy.” He also apparently ran a business called click2dad[.]net

Retail 258

Retail Advertising Cryptocurrency Marketing 258

Krebs on Security

FEBRUARY 5, 2020

Many modern vehicles let owners use the Internet or a mobile device to control the car’s locks, track location and performance data, and start the engine. But he can still remotely track its location and usage, lock and unlock it, and start the engine.

Mobile 334

Mobile Engineering Internet Internet 334

Krebs on Security

NOVEMBER 21, 2024

Many of the hacking group’s phishing domains were registered through the registrar NameCheap , and FBI investigators said records obtained from NameCheap showed the person who managed those phishing websites did so from an Internet address in Scotland.

Identity Theft 254

Identity Theft Phishing Cryptocurrency Accountability 254

Krebs on Security

MARCH 9, 2021

Top of the heap this month (apart from the ongoing, global Exchange Server mass-compromise ) is a patch for an Internet Explorer bug that is seeing active exploitation. “We strongly encourage all organizations that rely on Internet Explorer and Microsoft Edge (EdgeHTML-Based) to apply these patches as soon as possible.”

DNS 353

DNS Internet Internet Software 353

Krebs on Security

JANUARY 24, 2020

In the case of e-hawk.net, however, the scammers managed to trick an OpenProvider customer service rep into transferring the domain to another registrar with a fairly lame social engineering ruse — and without triggering any verification to the real owners of the domain. ” REGISTRY LOCK.

DNS 316

DNS Social Engineering Engineering Accountability 316