Adam Shostack

JANUARY 2, 2025

A new paper on 'Pandemic Scale Cyber Events Josiah Dykstra and I have a new pre-print at Arxiv, Handling Pandemic-Scale Cyber Threats: Lessons from COVID-19. While the nature of these threats differs, the responses to COVID-19 illustrate valuable lessons that can guide preparation and response to cyber events.

Cyber threats 130

Cyber threats Government Cybersecurity 130

Joseph Steinberg

MARCH 24, 2025

In addition, Steinberg will discuss recent events, and explore how various government attempts to protect consumers have proven counterproductive worsening our collective cybersecurity posture instead of improving it and how governments can better keep us safe from cybercriminals.

Artificial Intelligence 130

Artificial Intelligence Cybersecurity Data breaches Government 130

Tech Republic Security

JULY 24, 2024

Remind employees to be wary of fake apps and too-good-to-be-true streaming options on the eve of the Games.

eCommerce 202

eCommerce Malware 202

Schneier on Security

JUNE 14, 2024

The event will also be available via Zoom. I’m speaking at the TEDxBillings Democracy Event in Billings, Montana, USA, on July 19, 2024. I’m speaking on “Reimagining Democracy in the Age of AI” at the Bozeman Library in Bozeman, Montana, USA, July 18, 2024. The list is maintained on this page.

302

302

Troy Hunt

FEBRUARY 25, 2025

Plus, I spent from then until now in Sydney at various meetings and events which was great, but didn't do a lot for my productivity. Yeah, so that didn't stop, and the stealer log processing and new feature building just absolutely swamped me.

166

166

Schneier on Security

SEPTEMBER 14, 2024

The event runs from September 24 through 26, 2024, and my keynote is at 8:45 AM ET on the 24th. The event will be held on October 22 and 23, 2024, and my talk is at 9:15 AM ET on October 22, 2024. This is a current list of where and when I am scheduled to speak: I’m speaking at eCrime 2024 in Boston, Massachusetts, USA.

287

287

Adam Shostack

JANUARY 21, 2025

We hope the pandemic was a once in a century event (the millions of deaths prevent me from writing once in a lifetime"). So this paper takes a clear-eyed look and encourages us all to think about what a pandemic-scale cyber event could be and how we might get ready for one. Check out the full paper at the ACM digital library !

Cyber threats 147

Cyber threats Phishing 147

Schneier on Security

JANUARY 8, 2024

The event is like that; the format results in a firehose of interesting. It’s a two-day event. This is important for an interdisciplinary event. The final piece of the workshop is the social events. And even though a shorter event would be easier to deal with, the numbers all fit together in a way that’s hard to change.

Technology 306

Technology 306

Security Affairs

NOVEMBER 11, 2024

Amazon and AWS systems remain secure, and we have not experienced a security event. We were notified about a security event at one of our property management vendors that impacted several of its customers including Amazon. Exposed data did not include Social Security numbers or financial information.

Data breaches 126

Data breaches Hacking Ransomware Technology 126

Schneier on Security

JULY 14, 2024

The event will also be available via Zoom. I’m speaking at the TEDxBillings Democracy Event in Billings, Montana, USA, on July 19, 2024. The list is maintained on this page.

264

264

Adam Shostack

JANUARY 28, 2025

Building on our recent paper about pandemic-scale cyber events , we submitted 14 recommendations to further improve the plan. Our comments on the National Cyber Incident Plan Josiah Dykstra and I have some comments on the National Cyber Incident Response Plan updates.

Government 147

Government 147

Schneier on Security

AUGUST 14, 2024

The event runs from September 24 through 26, 2024, and my keynote is on the 24th. This is a current list of where and when I am scheduled to speak: I’m speaking at eCrime 2024 in Boston, Massachusetts, USA. The list is maintained on this page.

294

294

Security Affairs

OCTOBER 24, 2024

On day two of Pwn2Own Ireland 2024 , hackers demonstrated attacks against 51 zero-day vulnerabilities, earning a total of $358,625, prizes that we have sum to the $516,250 earned by participants on the first day of the event. ” reads the announcement published by ZDI.

Hacking 128

Hacking Information Security 128

Security Affairs

OCTOBER 10, 2024

The Mongolian Skimmer captures final data entries using the beforeunload event, ensures cross-browser compatibility with various event-handling techniques, and employs anti-debugging tactics by monitoring formatting changes to detect and evade debugging attempts.

Data collection 127

Data collection Engineering Malware Hacking 127

Joseph Steinberg

DECEMBER 7, 2021

For more details, or to register for the event, please visit: [link]. Achieving this requires a structured approach and a positive cybersecurity culture that includes not just the IT team but everyone in the organization. What are the critical factors for cybersecurity success? What are the key challenges for security leaders now and beyond?

Artificial Intelligence 363

Artificial Intelligence Cybersecurity Technology 363

Schneier on Security

JUNE 2, 2022

Researchers have demonstrated controlling touchscreens at a distance, at least in a laboratory setting: The core idea is to take advantage of the electromagnetic signals to execute basic touch events such as taps and swipes into targeted locations of the touchscreen with the goal of taking over remote control and manipulating the underlying device.

Passwords 313

Passwords Software Malware 313

Schneier on Security

JULY 15, 2022

Currently, the police can only request historical footage from private cameras related to specific times and locations, rather than blanket monitoring.

Surveillance 333

Surveillance Technology 333

Trend Micro

MARCH 4, 2025

Trend Micro Managed XDR assisted in an investigation of a B2B BEC attack that unveiled an entangled mesh weaved by the threat actor with the help of a compromised server, ensnaring three business partners in a scheme that spanned for days.

B2B 124

B2B Cyber threats 124

Adam Shostack

JANUARY 2, 2025

How should we think about the risk of a unique event? Note that this isnt a coin flip, where we can measure across many events, and use those flips to test our theories. In fact, as the book Against the Gods discusses, folks like Pascal and Fermat had an extended conversation about the interrupted game problem. Consider the Sky Crane.

Risk 130

Risk Insurance Engineering Marketing 130

Security Boulevard

DECEMBER 17, 2024

CrowdStrike and Salt Security have extended their alliance to make it simpler to feed application programming interface (API) security data directly into a security information event management (SIEM) platform. The post CrowdStrike Allies With Salt Security to Improve API Security appeared first on Security Boulevard.

Security Awareness 114

Security Awareness Cybersecurity 114

Google Security

MARCH 7, 2025

Between these two events, our bug hunters were rewarded $370,000 (and plenty of swag). Follow the Google VRP channel on X to stay tuned on future events. This year, we had a heightened focus on Android Automotive OS and WearOS, bringing actual automotive devices to multiple live hacking events and conferences. for $50,000 .

Mobile 98

Mobile Hacking Engineering Technology 98

Schneier on Security

FEBRUARY 2, 2023

These days, dozens of teams from around the world compete in weekend-long marathon events held all over the world. In 2016, DARPA ran a similarly styled event for artificial intelligence (AI). There was a traditional human–team capture-the-flag event at DEFCON that same year. Inexplicably, DARPA never repeated the event.

Artificial Intelligence 321

Artificial Intelligence Technology Software Hacking 321

Security Affairs

OCTOBER 30, 2024

” FakeCall relies on the Monitoring Dialer Activity service to monitor events from the com.skt.prod.dialer package (the stock dialer app), potentially allowing it to detect when the user is attempting to make calls using apps other than the malware itself. Upon detecting specific events (e.g.,

Banking 131

Banking Malware Accountability Phishing 131

Zero Day

MARCH 25, 2025

Who needs Google Calendar when you can just share your family's schedule with Apple Calendar?

103

103

Adam Shostack

JANUARY 2, 2025

In this talk, we characterize what we mean by pandemic-scale cyber events. Human, process, and technological systems in 2024 are unprepared for pandemic-scale digital threats but timely and effective responses are possible by incorporating lessons from COVID-19.

Cybersecurity 130

Cybersecurity Cyber threats Technology 130

Security Affairs

JANUARY 2, 2025

” DoubleClickjacking exploits timing differences between mousedown and onclick events to hijack user actions. “By exploiting the event timing between clicks, attackers can seamlessly swap out benign UI elements for sensitive ones in the blink of an eye. ” concludes the post.

Accountability 118

Accountability Authentication Hacking Information Security 118

Schneier on Security

MAY 8, 2023

The DEF CON event will rely on an evaluation platform developed by Scale AI, a California company that produces training for AI applications. At DEF CON this year, Anthropic, Google, Hugging Face, Microsoft, NVIDIA, OpenAI and Stability AI will all open up their models for attack.

Hacking 284

Hacking Artificial Intelligence 284

Schneier on Security

DECEMBER 27, 2023

No passcode fallback is available in the event that the user is unable to complete Face ID or Touch ID authentication. For especially sensitive actions, including changing the password of the Apple ID account associated with the iPhone, the feature adds a security delay on top of biometric authentication.

Authentication 339

Authentication Passwords Accountability 339

Krebs on Security

SEPTEMBER 18, 2024

Recently, these scammers have branched out into offering fake streaming services for nearly any kind of event advertised on Facebook. Apkdownloadweb has a Facebook page , which shows a number of “live video” teasers for sports events that have already happened, and says its domain is apkdownloadweb[.]com. net for DNS.

Scams 63

Scams DNS Internet Internet 63

Schneier on Security

APRIL 1, 2022

These techniques are not new, but they’re increasingly popular : …some forms of MFA are stronger than others, and recent events show that these weaker forms aren’t much of a hurdle for some hackers to clear.

Authentication 363

Authentication Hacking Passwords 363

Joseph Steinberg

JULY 23, 2024

During this webinar, you will learn how this global outage happened, what other security risks may be on the horizon, what lessons we can all learn from recent events, and what individuals, businesses, and governments can do to avoid similar disasters in the future.

Artificial Intelligence 286

Artificial Intelligence Cybersecurity Government Technology 286

Security Affairs

JANUARY 5, 2025

The backdoor can drop additional payloads, block input, clear event logs, wipe clipboard, delete browser data, and erase profiles for apps like Skype and Telegram. Google researchers provided event rules within Google Security Operations to dete ctPLAYFULGHOST activity.

Malware 130

Malware Encryption Phishing Hacking 130

Schneier on Security

JUNE 9, 2023

The timestamps of the files, folders and the database records allow to roughly reconstruct the events happening to the device. The mvt-ios utility produces a sorted timeline of events into a file called “timeline.csv,” similar to a super-timeline used by conventional digital forensic tools.

Malware 278

Malware Backups Mobile 278

Security Boulevard

NOVEMBER 12, 2024

Originating from the conference’s events located at the Las Vegas Convention Center ; and via the organizations YouTube channel. Authors/Presenters: Samy Kamkar Our sincere appreciation to DEF CON , and the Presenters/Authors for publishing their erudite DEF CON 32 content.

Education 104

Education Cybersecurity 104

Schneier on Security

MAY 15, 2023

“Gaining the kind of control required to compromise a software build system is generally a non-trivial event that requires a great deal of skill and possibly some luck.” Consequently, MSI doesn’t provide the same kind of key revocation capabilities. Delivering a signed payload isn’t as easy as all that.

Software 306

Software Ransomware 306

Schneier on Security

JANUARY 12, 2022

Researchers have figured how how to intercept and fake an iPhone reboot: We’ll dissect the iOS system and show how it’s possible to alter a shutdown event, tricking a user that got infected into thinking that the phone has been powered off, but in fact, it’s still running.

Malware 361

Malware Software Hacking 361

Schneier on Security

JULY 24, 2024

“NEO carries an onboard computer and antenna array that will allow officers the ability to create a ‘denial-of-service’ (DoS) event to disable ‘Internet of Things’ devices that could potentially cause harm while entry is made.” ” Slashdot thread.

Internet 327

Internet Internet Computers and Electronics Media 327