Schneier on Security

JULY 15, 2024

Some scholars are inflating their reference counts by sneaking them into metadata: Citations of scientific work abide by a standardized referencing system: Each reference explicitly mentions at least the title, authors’ names, publication year, journal or conference name, and page numbers of the cited publication.

Hacking 331

Hacking 331

Schneier on Security

OCTOBER 1, 2024

This vulnerability hacks a feature that allows ChatGPT to have long-term memory, where it uses information from past conversations to inform future conversations with that same user. A researcher found that he could use that feature to plant “false memories” into that context window that could subvert the model.

Hacking 239

Hacking Artificial Intelligence 239

Schneier on Security

APRIL 28, 2023

My latest book, A Hacker’s Mind , is filled with stories about the rich and powerful hacking systems, but it was hard to find stories of the hacking by the less powerful. Here’s one I just found.

Hacking 246

Hacking Software 246

Schneier on Security

OCTOBER 13, 2023

Interesting New York Times article about high-school students hacking the grading system. ” It’s a basic math hack. I know this is a minor thing in the universe of problems with secondary education and grading, but I found the hack interesting. What’s not helping? A teacher from Chapel Hill, N.C.,

Hacking 269

Hacking Education 269

Schneier on Security

JULY 6, 2023

Here’s a fascinating tax hack from Belgium (listen to the details here , episode #484 of “No Such Thing as a Fish,” at 28:00). Basically, it’s about a music festival on the border between Belgium and Holland. The stage was in Holland, but the crowd was in Belgium.

Hacking 243

Hacking 243

Schneier on Security

APRIL 26, 2021

Hacking is as old as humanity. To date, hacking has exclusively been a human activity. After hacking humanity, AI systems will then hack other AI systems, and humans will be little more than collateral damage. Most of these hacks don’t even require major research breakthroughs in AI. Not for long.

Hacking 362

Hacking Artificial Intelligence Government Engineering 362

Schneier on Security

DECEMBER 9, 2022

But there’s a hack: Some hunters have long believed, however, that the publicly owned parcels on Elk Mountain can be legally reached using a practice called corner-crossing. This particular hack will be adjudicated in court. It’s the act of adjudicating hacks that allows systems to evolve.

Hacking 251

Hacking 251

Schneier on Security

OCTOBER 30, 2023

The islands of Åland are an important tax hack : Although Åland is part of the Republic of Finland, it has its own autonomous parliament. In areas where Åland has its own legislation, the group of islands essentially operates as an independent nation.

Hacking 261

Hacking 261

Schneier on Security

AUGUST 11, 2022

This is the first —of many, I assume—hack of Starlink. Leveraging a string of vulnerabilities, attackers can access the Starlink system and run custom code on the devices.

Hacking 256

Hacking 256

Schneier on Security

APRIL 21, 2023

Sports are filled with hacks, as players look for every possible advantage that doesn’t explicitly break the rules. My latest book, A Hacker’s Mind , has a lot of sports stories.

Hacking 219

Hacking 219

Schneier on Security

MARCH 26, 2021

Lukasz Olejnik has a good essay on hacking weapons systems. Basically, there is no reason to believe that software in weapons systems is any more vulnerability free than any other software. So now the question is whether the software can be accessed over the Internet. Increasingly, it is.

Hacking 358

Hacking Software Internet Internet 358

Schneier on Security

FEBRUARY 10, 2023

That’s not hacking the tax code. It’s hacking the processes that create them: the legislative process that creates tax law. This provision didn’t come into force in 2018, so someone came up with the clever hack to prepay 2018 property taxes in 2017. A hack subverts the intent of a system. The tax code can be hacked.

Hacking 236

Hacking Artificial Intelligence Government Software 236

Schneier on Security

OCTOBER 17, 2022

The article doesn’t say how the hacking tool got installed into cars. A fraudulent tool—marketed as an automotive diagnostic solution, was used to replace the original software of the vehicles, allowing the doors to be opened and the ignition to be started without the actual key fob.

Hacking 347

Hacking Manufacturing Marketing Software 347

Schneier on Security

JULY 20, 2021

NSO Group, the Israeli cyberweapons arms manufacturer behind the Pegasus spyware — used by authoritarian regimes around the world to spy on dissidents, journalists, human rights workers, and others — was hacked. Or, at least, an enormous trove of documents was leaked to journalists. There’s a lot to read out there.

Hacking 363

Hacking Spyware Manufacturing Software 363

Security Boulevard

NOVEMBER 1, 2024

China Hacks Canada too, Says CCCS appeared first on Security Boulevard. Plus brillants exploits: Canadian Centre for Cyber Security fingers Chinese state sponsored hackers. The post Ô!

Hacking 128

Hacking Social Engineering Cyber Attacks Data privacy 128

Schneier on Security

APRIL 14, 2023

Here’s a religious hack : You want to commit suicide, but it’s a mortal sin: your soul goes straight to hell, forever. It’s a clever hack. I didn’t learn about it in time to put it in my book, A Hacker’s Mind , but I have several other good hacks of religious rules. Problem solved.

Hacking 229

Hacking 229

The Last Watchdog

AUGUST 3, 2024

So, Martin taught herself ethical hacking skills and then founded Black Girls Hack to guide others down the trail she blazed. The post Black Hat Fireside Chat: ‘Black Girls Hack’ emphasizes diversity as effective force multiplier first appeared on The Last Watchdog. Acohido Pulitzer Prize-winning business journalist Byron V.

Hacking 246

Hacking Internet Internet Software 246

Schneier on Security

NOVEMBER 10, 2021

I just don’t think it’s possible to create a hack-proof computer system, especially when the system is physically in the hands of the hackers. In 1999, Adam Shostack and I wrote a paper discussing the security challenges of giving people devices that included embedded secrets that needed to be kept from those people.

Hacking 311

Hacking Firmware Engineering Software 311

Krebs on Security

JUNE 15, 2024

A 22-year-old man from the United Kingdom arrested this week in Spain is allegedly the ringleader of Scattered Spider , a cybercrime group suspected of hacking into Twilio , LastPass , DoorDash , Mailchimp , and nearly 130 other organizations over the past two years. man arrested was a SIM-swapper who went by the alias “ Tyler.”

Hacking 300

Hacking Cybercrime Phishing Passwords 300

Schneier on Security

DECEMBER 9, 2020

FireEye was hacked by — they believe — “a nation with top-tier offensive capabilities”: During our investigation to date, we have found that the attacker targeted and accessed certain Red Team assessment tools that we use to test our customers’ security. That group dumped the N.S.A.’s operator put it.

Hacking 331

Hacking Government Cyber threats Malware 331

Schneier on Security

SEPTEMBER 18, 2023

That’s a really profitable hack. (It’s Remember last November, when hackers broke into the network for LastPass—a password database—and stole password vaults with both encrypted and plaintext data for over 25 million users? It’s also bad opsec. The hackers need to move and launder all that money quickly.)

Cryptocurrency 296

Cryptocurrency Hacking Passwords Encryption 296

Schneier on Security

FEBRUARY 4, 2021

The sources, who spoke on condition of anonymity to discuss ongoing investigations, said the attackers used computer infrastructure and hacking tools previously deployed by state-backed Chinese cyberspies. […]. In other words, the same sloppy and corrupt practices that allowed this massive cybersecurity hack made Bravo a billionaire.

Hacking 356

Hacking Software Banking Risk 356

Schneier on Security

JUNE 28, 2023

The stalkerware company LetMeSpy has been hacked : TechCrunch reviewed the leaked data, which included years of victims’ call logs and text messages dating back to 2013. The database we reviewed contained current records on at least 13,000 compromised devices, though some of the devices shared little to no data with LetMeSpy.

Hacking 210

Hacking Spyware Accountability Data breaches 210

Schneier on Security

AUGUST 20, 2024

This is yet another insecure Internet-of-things story , this one about wireless gear shifters for bicycles. These gear shifters are used in big-money professional bicycle races like the Tour de France, which provides an incentive to actually implement this attack. Research paper. Another news story. Slashdot thread.

Wireless 254

Wireless Hacking Internet Internet 254

Security Boulevard

SEPTEMBER 6, 2024

The post Russian ‘WhisperGate’ Hacks: 5 More Indicted appeared first on Security Boulevard. Eaten by a GRU: Fake ransomware created by Russian GRU Unit 29155 attacked Ukraine and NATO—a month before the full scale invasion.

Hacking 137

Hacking Ransomware Social Engineering Cyber Attacks 137

Security Boulevard

DECEMBER 13, 2023

The post Russia Hacks Ukraine, Ukraine Hacks Russia — Day#658 appeared first on Security Boulevard. When will it end? Russia takes down Kyivstar cellular system, Ukraine destroys Russian tax system.

Hacking 131

Hacking Digital transformation Social Engineering Data privacy 131

Security Affairs

SEPTEMBER 29, 2024

Israel allegedly hacked Beirut airport ‘s control tower, warning an Iranian plane not to land, forcing it to return to Tehran. The Israeli cyber army on Saturday hacked into the control tower of Beirut Airport, the Rafic Hariri International Airport. We will not allow the transfer of weapons to Hezbollah in any form.

Hacking 144

Hacking Information Security 144

Security Affairs

FEBRUARY 26, 2024

Recently the leak of a collection of files apparently stolen from the Chinese government hacking contractor, I-Soon, exposed Chinese hacking capabilities. Recently someone has leaked on GitHub [ 1 , 2 ] a collection of files apparently stolen from the Chinese hacking firm, I-Soon.

Hacking 134

Hacking Government Spyware Marketing 134

Penetration Testing

OCTOBER 30, 2024

In a thrilling showdown at the recent Pwn2Own Ireland 2024 hacking competition, white hat hackers YingMuo (@YingMuo), in collaboration with the DEVCORE Internship Program, successfully exploited a critical zero-day vulnerability... The post CVE-2024-50387: Critical QNAP Flaw Exploited in Hacking Contest, Patch Now!

Hacking 127

Hacking Cybersecurity 127

Security Boulevard

NOVEMBER 6, 2024

The post Schneider Electric Confirms Ransom Hack — Hellcat Demands French Bread as ‘Joke’ appeared first on Security Boulevard. That’s a lot of pain: $125,000 ransom seems small—but why do the scrotes want it paid in baguettes?

Hacking 120

Hacking Cryptocurrency Data privacy Risk 120

Tech Republic Security

JUNE 21, 2024

Immersing yourself in best practices for ethical hacking, pen-testing and information security can set you up for a career or better-protected business.

Hacking 160

Hacking Information Security 160

WIRED Threat Level

NOVEMBER 4, 2024

When you download a piece of pirated software, you might also be getting a piece of infostealer malware, and entering a highly complex hacking ecosystem that’s fueling some of the biggest breaches on the planet.

Hacking 107

Hacking Malware Software 107

Security Affairs

OCTOBER 27, 2024

Four former members of the REvil ransomware group were sentenced in Russia for hacking and money laundering, marking a rare case of Russian gang members being convicted in the country. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, REvil ransomware gang )

Ransomware 142

Ransomware Hacking Malware Cybercrime 142

Security Affairs

NOVEMBER 2, 2024

A former Disney World employee hacked servers after being fired, altering prices, adding profanities, and mislabeling allergy info. A former Walt Disney World employee hacked servers after being fired by the company. He is accused of changing prices, adding profanities, and falsely labeling items as allergy-safe.

Hacking 139

Hacking Risk Cybercrime Information Security 139

Security Boulevard

MAY 2, 2024

The post Dropbox Hacked: eSignature Service Breached appeared first on Security Boulevard. Drop Dropbox? The company apologized as user details were leaked from its “Dropbox Sign” product.

Hacking 135

Hacking Social Engineering Data privacy Engineering 135

Tech Republic Security

MAY 27, 2024

Kickstart a lucrative career in pentesting and ethical hacking with this nine-course bundle from IDUNOVA, now on sale for just $49.99 for a limited time.

Hacking 155

Hacking Cybersecurity 155

Penetration Testing

FEBRUARY 27, 2024

This attack, attributed to the infamous Lazarus hacking group, leverages a dangerous tactic: preying on developers’... The post Lazarus Hacking Group’s Malicious Python Packages Uncovered appeared first on Penetration Testing.

Hacking 145

Hacking Penetration Testing Malware 145