Engineering, Internet and Technology - Cyber Security Informer

The Internet is Held Together With Spit & Baling Wire

Krebs on Security

NOVEMBER 26, 2021

A visualization of the Internet made using network routing data. Imagine being able to disconnect or redirect Internet traffic destined for some of the world’s biggest companies — just by spoofing an email. Lumen Technologies Inc. Image: Barrett Lyon, opte.org. Based in Monroe, La.,

Internet

Internet Internet Authentication Telecommunications

Crooks bank on Microsoft’s search engine to phish customers

Malwarebytes

NOVEMBER 4, 2024

We identified a new wave of phishing for banking credentials that targets consumers via Microsoft’s search engine. While Microsoft’s Bing only has about 4% of the search engine market share , crooks are drawn to it as an alternative to Google. We have reported the fraudulent sites to Microsoft already.

Engineering

Engineering Phishing Banking Authentication

MY TAKE: Securing the Internet of Everything: why self-healing devices are the next frontier

The Last Watchdog

FEBRUARY 10, 2025

Were just getting started down the road to the Internet of Everything (IoE.) I had an edifying conversation about this with Steve Hanna , distinguished engineer at Infineon Technologies , a global semiconductor leader in power systems and IoT, based in Neubiberg, Germany. Governments and standards bodies are taking note.

Internet

Internet Internet IoT Manufacturing

Policy vs Technology

Schneier on Security

FEBRUARY 21, 2020

I teach cybersecurity policy and technology at the Harvard Kennedy School of Government. My most recent two books, Data and Goliath -- about surveillance -- and Click Here to Kill Everybody -- about IoT security -- are really about the policy implications of technology. Technology is inherently future focused.

Technology

Technology Encryption Surveillance Government

FBI: Spike in Hacked Police Emails, Fake Subpoenas

Krebs on Security

NOVEMBER 9, 2024

based technology companies. “This is social engineering at the highest level and there will be failed attempts at times. Donahue said 60 technology companies are now routing all law enforcement data requests through Kodex, including an increasing number of financial institutions and cryptocurrency platforms.

Hacking

Hacking Accountability Government Social Engineering

Streamlining detection engineering in security operation centers

SecureList

APRIL 16, 2025

Triage and investigation The most typical issues at this stage are: Lack of a documented triage procedure analysts often rely on generic, high-level response playbooks sourced from the internet, especially from unreliable sources, which slows or hinders the process of qualifying alerts as potential incidents.

Engineering

Engineering Threat Detection Firewall Digital transformation

The CrowdStrike Outage and Market-Driven Brittleness

Schneier on Security

JULY 25, 2024

Friday’s massive internet outage, caused by a mid-sized tech company called CrowdStrike, disrupted major airlines, hospitals, and banks. The catastrophe is yet another reminder of how brittle global internet infrastructure is. Compare the internet with ecological systems. Nearly 7,000 flights were canceled.

Marketing

Marketing Software Internet Internet

Detecting Malicious Trackers

Schneier on Security

MAY 21, 2024

Apple and Google said they will continue collaborating with the Internet Engineering Task Force to further develop this technology and address the issue of unwanted tracking. Several Bluetooth tag companies have committed to making their future products compatible with the new standard.

Engineering

Engineering Internet Internet Technology

Videos and Links from the Public-Interest Technology Track at the RSA Conference

Schneier on Security

MARCH 8, 2019

Public Interest Tech in Silicon Valley : Mitchell Baker, Chairwoman, Mozilla Corporation; Cindy Cohn, EFF; and Lucy Vasserman, Software Engineer, Google. The Future of Public Interest Tech : Bruce Schneier, Fellow and Lecturer, Harvard Kennedy School; Ben Wizner, ACLU; and Jenny Toomey, Director, Internet Freedom, Ford Foundation (Moderator).

Technology

Technology Internet Internet Engineering

MY TAKE: Why the Matter smart home standard portends the coming of the Internet of Everything

The Last Watchdog

OCTOBER 19, 2022

Matter is intended to be the lingua franca for the Internet of Things. To get a full grasp on why Matter matters, I recently visited with Steve Hanna, distinguished engineer at Infineon Technologies , a global semiconductor manufacturer based in Neubiberg, Germany. It’s only a first step and there’s a long way to go.

Internet

Internet Internet Manufacturing Technology

New 0-Day Attacks Linked to China’s ‘Volt Typhoon’

Krebs on Security

AUGUST 27, 2024

Malicious hackers are exploiting a zero-day vulnerability in Versa Director , a software product used by many Internet and IT service providers. ” Ryan English , an information security engineer at Lumen, said it’s disappointing his employer didn’t at least garner an honorable mention in Versa’s security advisory.

Internet

Internet Internet Technology Engineering

Detection Engineering and SOC Scalability Challenges (Part 2)

Anton on Security

SEPTEMBER 21, 2023

This blog series was written jointly with Amine Besson, Principal Cyber Engineer, Behemoth CyberDefence and one more anonymous collaborator. Detection Engineering is Painful — and It Shouldn’t Be (Part 1) Contrary to what some may think, a detection and response (D&R) success is more about the processes and people than about the SIEM.

Engineering

Engineering Threat Detection Marketing Internet

NEW TECH: Exabeam positions SIEM technology to help protect IoT, OT systems

The Last Watchdog

MARCH 9, 2020

Their capacity to ingest threat feeds is becoming more relevant with the rise of IoT (Internet of Things) systems and the vulnerabilities of old and new OT (operational technology). Cloud Studio launch The good news is SIEMs continue to evolve to keep pace with accelerating technological advances.

IoT

IoT Technology Digital transformation Engineering

LW ROUNDTABLE: Predictive analytics, full-stack visualization to solidify cyber defenses in 2025

The Last Watchdog

DECEMBER 18, 2024

To wrap up our 2024 year-end roundtable, we turn our attention to new technologies and trends that are emerging to help bridge the gaps. Organizations face rising risks of AI-driven social engineering and personal device breaches. We can expect security teams feeling pressure to adopt new technology quickly.

Risk

Risk Threat Detection Technology Phishing

The Rise of Large-Language-Model Optimization

Schneier on Security

APRIL 25, 2024

In just a few decades, much of human knowledge has been collectively written up and made available to anyone with an internet connection. The internet initially promised to change this process. Large language models, or LLMs, are trained on massive troves of material—nearly the entire internet in some cases.

Engineering

Engineering Internet Internet Artificial Intelligence

LW ROUNDTABLE: Wrist slap or cultural shift? SEC fines cyber firms for disclosure violations

The Last Watchdog

NOVEMBER 12, 2024

Related: Technology and justice systems The U.S. Avaya Holdings , Check Point Software Technologies , and Mimecast Limited each minimized or obscured the extent of security breaches linked to the SolarWinds Orion hack, impacting investor trust and highlighting the critical importance of clear, truthful communication.

CISO

CISO CSO Risk Cyber threats

Artificial Intelligence: The Evolution of Social Engineering

Security Through Education

FEBRUARY 20, 2024

In the ever-evolving landscape of cybersecurity, social engineering has undergone significant transformations over the years, propelled by advancements in technology. This article delves into the historical shifts in social engineering tactics and explores how adversaries embrace new technologies to achieve their objectives.

Social Engineering

Social Engineering Artificial Intelligence Engineering Phishing

Patch Tuesday, October 2024 Edition

Krebs on Security

OCTOBER 8, 2024

One of the zero-day flaws — CVE-2024-43573 — stems from a security weakness in MSHTML , the proprietary engine of Microsoft’s Internet Explorer web browser. Cemerikic noted that while Internet Explorer is being retired on many platforms, its underlying MSHTML technology remains active and vulnerable.

Engineering

Engineering Internet Internet System Administration

MY TAKE: The role of semiconductors in bringing the ‘Internet of Everything’ into full fruition

The Last Watchdog

DECEMBER 11, 2022

The Internet of Everything ( IoE ) is on the near horizon. For instance, very visibly over the past decade, Internet of Things ( IoT ) computing devices and sensors have become embedded everywhere. For instance, very visibly over the past decade, Internet of Things ( IoT ) computing devices and sensors have become embedded everywhere.

Internet

Internet Internet Energy and Utilities IoT

Feds Charge Five Men in ‘Scattered Spider’ Roundup

Krebs on Security

NOVEMBER 21, 2024

technology companies between 2021 and 2023, including LastPass , MailChimp , Okta , T-Mobile and Twilio. Federal prosecutors in Los Angeles this week unsealed criminal charges against five men alleged to be members of a hacking group responsible for dozens of cyber intrusions at major U.S.

Identity Theft

Identity Theft Phishing Cryptocurrency Accountability

An Interview With the Target & Home Depot Hacker

Krebs on Security

NOVEMBER 14, 2024

“My nickname was MikeMike, and I worked with Dmitri Golubov and made technologies for him,” Shefel said. ” Mr. Shefel says he stopped selling stolen payment cards after being pushed out of the business, and invested his earnings in a now-defunct Russian search engine called tf[.]org. Image: U.S.

Retail

Retail Advertising Cryptocurrency Marketing

Seeing Like a Data Structure

Schneier on Security

JUNE 3, 2024

Technology was once simply a tool—and a small one at that—used to amplify human intent and capacity. That was the story of the industrial revolution: we could control nature and build large, complex human societies, and the more we employed and mastered technology, the better things got.

Technology

Technology Government Engineering Internet

Open-Source LLMs

Schneier on Security

JUNE 2, 2023

And their results have been immediate, innovative, and an indication of how the future of this technology is going to play out. The large corporations that had controlled these models warn that this free-for-all will lead to potentially dangerous developments, and problematic uses of the open technology have already been documented.

Technology

Technology Internet Internet Government

Story of the Year: global IT outages and supply chain attacks

SecureList

DECEMBER 9, 2024

This case underscores the serious risk that social engineering and supply chain attacks pose to open-source projects. was used by tens of millions of websites approximately 4% of all sites on the internet which highlights the severity of the incident, whose full impact is yet to be determined. Why does it matter? Why does it matter?

Internet

Internet Internet Risk Social Engineering

Xanthorox AI: A New Breed of Malicious AI Threat Hits the Darknet

eSecurity Planet

APRIL 8, 2025

Xanthorox reasoner advanced mimics human reasoning, helping attackers craft more believable phishing messages or manipulate targets through social engineering. It features a live web scraper tool that pulls data from over 50 search engines for real-time reconnaissance. But platforms like Xanthorox show the dark side of this technology.

Social Engineering

Social Engineering Phishing Engineering Education

Cybersecurity for the Public Interest

Schneier on Security

MAY 3, 2019

It's an impassioned debate, acrimonious at times, but there are real technologies that can be brought to bear on the problem: key-escrow technologies, code obfuscation technologies, and backdoors with different properties. Tim Berners-Lee has called them "philosophical engineers." Public-interest technology isn't new.

Cybersecurity

Cybersecurity Technology Government Internet

New IoT Security Regulations

Schneier on Security

NOVEMBER 13, 2018

Due to ever-evolving technological advances, manufacturers are connecting consumer goods -- from toys to lightbulbs to major appliances -- to the internet at breakneck speeds. This is the Internet of Things, and it's a security nightmare. But like nearly all innovation, there are risks involved. But software is different.

IoT

IoT Manufacturing Internet Internet

Cybersecurity for the Public Interest

Schneier on Security

MARCH 5, 2019

It's an impassioned debate, acrimonious at times, but there are real technologies that can be brought to bear on the problem: key-escrow technologies, code obfuscation technologies, and backdoors with different properties. Tim Berners-Lee has called them "philosophical engineers." Public-interest technology isn't new.

Cybersecurity

Cybersecurity Technology Government Internet

LW ROUNDTABLE — How 2024’s cyber threats will transform the security landscape in 2025

The Last Watchdog

DECEMBER 16, 2024

Chearis Karsten Chearis , US Security Sales Engineer Team Lead, XM Cyber Resiliency involves four stages, while compromise has three phases: about to be compromised, compromised, and recovering. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

Cyber threats

Cyber threats CISO IoT Phishing

Microsoft: Attackers Exploiting Windows Zero-Day Flaw

Krebs on Security

SEPTEMBER 8, 2021

According to a security advisory from Redmond, the security hole CVE-2021-40444 affects the “MSHTML” component of Internet Explorer (IE) on Windows 10 and many Windows Server versions. There is currently no official patch for the flaw, but Microsoft has released recommendations for mitigating the threat.

Software

Software Engineering Internet Internet

GUEST ESSAY: Scammers leverage social media, clever con games to carry out digital exploitation

The Last Watchdog

MARCH 20, 2023

Related: How Google, Facebook enable snooping In fact, a majority of scams occur through social engineering. As technology has rapidly exceeded all historical imaginings, opportunities for fraudsters to exploit their victims abound.

Media

Media Identity Theft Internet Internet

MY TAKE: Why email security desperately needs retooling in this post-Covid 19, GenAI era

The Last Watchdog

APRIL 2, 2024

It’s a digital swindle as old as the internet itself, and yet, as the data tells us, the vast majority of security incidents are still rooted in the low-tech art of social engineering. Some 74 percent of cyber breaches are caused by human factors, including errors, stolen credentials, misuse of access privileges, or social engineering.

Social Engineering

Social Engineering Technology Engineering Accountability

MY TAKE: ‘IOWN’ makes the business case for fostering diversity, respecting individual privacy

The Last Watchdog

JULY 10, 2023

Related: Using ‘Big Data’ to improve health and well-being But there’s yet another towering technology mountain to climb: we must also overcome the limitations of Moore’s Law. Optical technology can enable us to control energy consumption so we can support increasing capacity and increasing bandwidth,” Gomi summarizes.

Energy and Utilities

Energy and Utilities Technology Internet Internet

How to Protect Operational Technology (OT) from Cyber Threats

CyberSecurity Insiders

JUNE 2, 2023

By Jayakumar (Jay) Kurup, Global Sales Engineering Director at Morphisec Securing operational technology (OT) creates unique challenges. Sometimes this is due to cultural reasons (management’s fear of even the slightest chance of disruption); other times, it is technological.

Cyber threats

Cyber threats Technology Firewall Ransomware

More Details on Israel Sabotaging Hezbollah Pagers and Walkie-Talkies

Schneier on Security

OCTOBER 15, 2024

In a feat of engineering, the bomb component was so carefully hidden as to be virtually undetectable, even if the device was taken apart, the officials said. Technology alone has no ethics: the difference between a patch and an exploit is the method in which a technology is disclosed.

Marketing

Marketing Technology IoT Engineering

GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services

Krebs on Security

NOVEMBER 21, 2020

NiceHash founder Matjaz Skorjanc said the unauthorized changes were made from an Internet address at GoDaddy, and that the attackers tried to use their access to its incoming NiceHash emails to perform password resets on various third-party services, including Slack and Github. GoDaddy said the outage between 7:00 p.m. and 11:00 p.m.

Cryptocurrency

Cryptocurrency VPN Scams Social Engineering

Phish of GoDaddy Employee Jeopardized Escrow.com, Among Others

Krebs on Security

MARCH 31, 2020

Ueland said after hearing about the escrow.com hack Monday evening he pulled the domain name system (DNS) records for escrow.com and saw they were pointing to an Internet address in Malaysia — 111.90.149[.]49 The employee involved in this incident fell victim to a spear-fishing or social engineering attack.

Phishing

Phishing DNS Social Engineering Accountability

News alert: 360 Privacy secures $36M to deliver turnkey digital executive protection platform

The Last Watchdog

MARCH 11, 2025

11, 2025 360 Privacy , a leading digital executive protection platform, today announced that it has secured a $36 million growth equity investment from FTV Capital , a sector-focused growth equity firm with a successful track record of investing across the enterprise technology landscape. Nashville, TN Mar.

B2C

B2C Technology B2B Identity Theft

GUEST ESSAY: Where we stand on mitigating software risks associated with fly-by-wire jetliners

The Last Watchdog

AUGUST 29, 2023

In 2019, a cybersecurity firm demonstrated security risks that could allow an attacker to disrupt engine readings and altitude on an aircraft. Government Accountability Office in 2020 about increasing risk due to connected aircraft technology developments. There was another warning from the U.S.

Software

Software Risk Artificial Intelligence Cyber Attacks

Supply-Chain Security and Trust

Schneier on Security

SEPTEMBER 30, 2019

The United States government's continuing disagreement with the Chinese company Huawei underscores a much larger problem with computer technologies in general: We have no choice but to trust them completely, and it's impossible to verify that they're trustworthy. The engineers who design and program them come from over a hundred countries.

Government

Government Internet Internet Artificial Intelligence

My Take: Is Amazon’s Alexa+ a Gutenberg moment — or a corporate rerun of history’s greatest co-opt?

The Last Watchdog

APRIL 15, 2025

From Gutenbergs press to the steam engine, to the rise of semiconductorseach transformative leap began as an open revolution and was soon constrained by consolidation. Bezos launching Amazon with a single book, and Googles Brain Team engineering the transformer architecture that underpins todays GenAIthese are milestones on the same arc.

Artificial Intelligence

Artificial Intelligence Engineering Retail Government

LLMs’ Data-Control Path Insecurity

Schneier on Security

MAY 13, 2024

In some cases, we can use access-control mechanisms and other Internet security systems to limit who can access the LLM and what the LLM can do. Engineers will be tempted to grab for LLMs because they are general-purpose hammers; they’re easy to use, scale well, and are good at lots of different tasks.

Internet

Internet Internet Risk Technology

GUEST ESSAY: The case for leveraging hardware to shore up security — via a co-processor

The Last Watchdog

MARCH 31, 2022

The vulnerabilities of internet security, once mostly a nuisance, have become dangerous and costly. Second, the design of security solutions struggled to scale up properly or adapt to the technological changes in the industry, especially in disaggregated compute networks. About the essayist.

Artificial Intelligence

Artificial Intelligence Threat Detection Engineering Software

LLMs and Phishing

Schneier on Security

APRIL 10, 2023

Numerous other open-source LLMs are under development, with a community of thousands of engineers and scientists. And new mechanisms, from ChatGPT plugins to LangChain , will enable composition of AI with thousands of API-based cloud services and open source tools, allowing LLMs to interact with the internet as humans do.

Phishing

Phishing Scams Internet Internet

The Internet is Held Together With Spit & Baling Wire

Crooks bank on Microsoft’s search engine to phish customers

Trending Sources

MY TAKE: Securing the Internet of Everything: why self-healing devices are the next frontier

Policy vs Technology

FBI: Spike in Hacked Police Emails, Fake Subpoenas

Streamlining detection engineering in security operation centers

The CrowdStrike Outage and Market-Driven Brittleness

Detecting Malicious Trackers

Videos and Links from the Public-Interest Technology Track at the RSA Conference

MY TAKE: Why the Matter smart home standard portends the coming of the Internet of Everything

New 0-Day Attacks Linked to China’s ‘Volt Typhoon’

Detection Engineering and SOC Scalability Challenges (Part 2)

NEW TECH: Exabeam positions SIEM technology to help protect IoT, OT systems

LW ROUNDTABLE: Predictive analytics, full-stack visualization to solidify cyber defenses in 2025

The Rise of Large-Language-Model Optimization

LW ROUNDTABLE: Wrist slap or cultural shift? SEC fines cyber firms for disclosure violations

Artificial Intelligence: The Evolution of Social Engineering

Patch Tuesday, October 2024 Edition

MY TAKE: The role of semiconductors in bringing the ‘Internet of Everything’ into full fruition

Feds Charge Five Men in ‘Scattered Spider’ Roundup

An Interview With the Target & Home Depot Hacker

Seeing Like a Data Structure

Open-Source LLMs

Story of the Year: global IT outages and supply chain attacks

Xanthorox AI: A New Breed of Malicious AI Threat Hits the Darknet

Cybersecurity for the Public Interest

New IoT Security Regulations

Cybersecurity for the Public Interest

LW ROUNDTABLE — How 2024’s cyber threats will transform the security landscape in 2025

Microsoft: Attackers Exploiting Windows Zero-Day Flaw

GUEST ESSAY: Scammers leverage social media, clever con games to carry out digital exploitation

MY TAKE: Why email security desperately needs retooling in this post-Covid 19, GenAI era

MY TAKE: ‘IOWN’ makes the business case for fostering diversity, respecting individual privacy

How to Protect Operational Technology (OT) from Cyber Threats

More Details on Israel Sabotaging Hezbollah Pagers and Walkie-Talkies

GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services

Phish of GoDaddy Employee Jeopardized Escrow.com, Among Others

News alert: 360 Privacy secures $36M to deliver turnkey digital executive protection platform

GUEST ESSAY: Where we stand on mitigating software risks associated with fly-by-wire jetliners

Supply-Chain Security and Trust

My Take: Is Amazon’s Alexa+ a Gutenberg moment — or a corporate rerun of history’s greatest co-opt?

LLMs’ Data-Control Path Insecurity

GUEST ESSAY: The case for leveraging hardware to shore up security — via a co-processor

LLMs and Phishing

Stay Connected