Information and Internet - Cyber Security Informer

Surveillance of the Internet Backbone

Schneier on Security

AUGUST 25, 2021

Vice has an article about how data brokers sell access to the Internet backbone. It can show which server communicated with another, information that may ordinarily only be available to the server owner or the ISP carrying the traffic. This is netflow data.

Internet

Internet Internet Surveillance VPN

Robot Dog Internet Jammer

Schneier on Security

JULY 24, 2024

A transcript of Huffman’s speech was obtained by the Electronic Frontier Foundation’s Dave Maass using a Freedom of Information Act request and was shared with 404 Media. The Border Security Expo is open only to law enforcement and defense contractors. ” Slashdot thread. . ” Slashdot thread.

Internet

Internet Internet Computers and Electronics Media

The Internet is Held Together With Spit & Baling Wire

Krebs on Security

NOVEMBER 26, 2021

A visualization of the Internet made using network routing data. Imagine being able to disconnect or redirect Internet traffic destined for some of the world’s biggest companies — just by spoofing an email. Image: Barrett Lyon, opte.org. Based in Monroe, La., Lumen Technologies Inc.

Internet

Internet Internet Authentication Telecommunications

Internet Backbone Giant Lumen Shuns.RU

Krebs on Security

MARCH 8, 2022

Lumen Technologies , an American company that operates one of the largest Internet backbones and carries a significant percentage of the world’s Internet traffic, said today it will stop routing traffic for organizations based in Russia. ru) from the Internet. More information can help, even as disinformation circulates.

Internet

Internet Internet Government Technology

Extracting Personal Information from Large Language Models Like GPT-2

Schneier on Security

JANUARY 7, 2021

Researchers have been able to find all sorts of personal information within GPT-2. This information was part of the training data, and can be extracted with the right sorts of queries. Paper: “ Extracting Training Data from Large Language Models.”

Internet

Internet Internet Cybersecurity

MyBook Users Urged to Unplug Devices from Internet

Krebs on Security

JUNE 25, 2021

Hard drive giant Western Digital is urging users of its MyBook Live brand of network storage drives to disconnect them from the Internet, warning that malicious hackers are remotely wiping the drives using a critical flaw that can be triggered by anyone who knows the Internet address of an affected device.

Internet

Internet Internet Backups Small Business

The Internet Enabled Mass Surveillance. AI Will Enable Mass Spying.

Schneier on Security

DECEMBER 5, 2023

Before the internet, putting someone under surveillance was expensive and time-consuming. Surveillance has become the business model of the internet, and there’s no reasonable way for us to opt out of it. What was manual and individual has become bulk and mass. Spying is another matter. Corporations will spy on people.

Surveillance

Surveillance Internet Internet Government

GUEST ESSAY: The timing is ripe to instill trust in the open Internet — and why this must get done

The Last Watchdog

SEPTEMBER 14, 2023

In today’s digital age, trust has become a cornerstone of building a better Internet. Preserving privacy for a greater good The Internet was designed as a platform for peer research, not for the vast scale and diverse uses we see today. We possess the tools to craft a better, more trustworthy internet.

Internet

Internet Internet Technology Risk

Internet Archive data breach impacted 31M users

Security Affairs

OCTOBER 11, 2024

The Internet Archive disclosed a data breach, the security incident impacted more than 31 million users of its “The Wayback Machine.” As of September 5, 2024, the Internet Archive held more than 42.1 Starting from Wednesday, the website archive.org was displaying a message informing visitors that it was hacked.

Data breaches

Data breaches Internet Internet DDOS

Internet Archive was breached twice in a month

Security Affairs

OCTOBER 21, 2024

The Internet Archive was breached again, attackers hacked its Zendesk email support platform through stolen GitLab authentication tokens. The Internet Archive was breached via Zendesk, with users receiving warnings about stolen GitLab tokens due to improper token rotation after repeated alerts.

Internet

Internet Internet Data breaches Authentication

Facebook Is Down

Schneier on Security

OCTOBER 4, 2021

BGP is a mechanism by which Internet service providers of the world share information about which providers are responsible for routing Internet traffic to which specific groups of Internet addresses. So people can’t get into buildings and offices.

DNS

DNS Internet Internet Risk

Internet Archive suffers data breach and DDoS

Malwarebytes

OCTOBER 10, 2024

Internet Archive, most known for its Wayback Machine , is a digital library that allows users to look at website snapshots from the past. The stolen database contains authentication information for registered members, including their email addresses, screen names, password change timestamps, Bcrypt-hashed passwords, and other internal data.

Data breaches

Data breaches DDOS Internet Internet

Chinese Hackers Infiltrate U.S. Internet Providers in Cyber Espionage Campaign

The Hacker News

SEPTEMBER 25, 2024

internet service providers (ISPs) as part of a cyber espionage campaign orchestrated to glean sensitive information, The Wall Street Journal reported Wednesday. Nation-state threat actors backed by Beijing broke into a "handful" of U.S.

Internet

Internet Internet

Stark Industries Solutions: An Iron Hammer in the Cloud

Krebs on Security

MAY 23, 2024

Two weeks before Russia invaded Ukraine in February 2022, a large, mysterious new Internet hosting firm called Stark Industries Solutions materialized and quickly became the epicenter of massive distributed denial-of-service (DDoS) attacks on government and commercial targets in Ukraine and Europe. The homepage of Stark Industries Solutions.

DDOS

DDOS Internet Internet Government

Automakers Are Sharing Driver Data with Insurers without Consent

Schneier on Security

MARCH 14, 2024

Kasmir Hill has the story : Modern cars are internet-enabled, allowing access to services like navigation, roadside assistance and car apps that drivers can connect to their vehicles to locate them or unlock them remotely. In recent years, automakers, including G.M., In recent years, automakers, including G.M.,

Insurance

Insurance Internet Internet Surveillance

What Damage Can Happen If Data Leaks When Quantum Computing Breaks Today’s Encryption

Joseph Steinberg

JANUARY 19, 2022

People and organizations around the globe rely on encryption as the primary method of keeping data secure when transmitted across the Internet. But, with the arrival of powerful quantum computers, any data that is captured now can potentially be decrypted tomorrow. And those are just two of many pertinent laws.

Encryption

Encryption Backups Banking Artificial Intelligence

Welcoming the Czech Republic Government to Have I Been Pwned

Troy Hunt

SEPTEMBER 6, 2021

Today, I'm very happy to welcome the Czech Republic's National Cyber and Information Security Agency who can now query their government domains along with the 26 other nations that have come before them. Data breaches impact all of us in one way or another, and government agencies are no exception.

Government

Government Data breaches Internet Internet

Hoax Email Blast Abused Poor Coding in FBI Website

Krebs on Security

NOVEMBER 13, 2021

The Federal Bureau of Investigation (FBI) confirmed today that its fbi.gov domain name and Internet address were used to blast out thousands of fake emails about a cybercrime investigation. ” A review of the email’s message headers indicated it had indeed been sent by the FBI, and from the agency’s own Internet address.

Internet

Internet Internet Hacking Accountability

New 0-Day Attacks Linked to China’s ‘Volt Typhoon’

Krebs on Security

AUGUST 27, 2024

Malicious hackers are exploiting a zero-day vulnerability in Versa Director , a software product used by many Internet and IT service providers. ” Ryan English , an information security engineer at Lumen, said it’s disappointing his employer didn’t at least garner an honorable mention in Versa’s security advisory.

Internet

Internet Internet Technology Engineering

Report: Recent 10x Increase in Cyberattacks on Ukraine

Krebs on Security

MARCH 11, 2022

As their cities suffered more intense bombardment by Russian military forces this week, Ukrainian Internet users came under renewed cyberattacks, with one Internet company providing service there saying they blocked ten times the normal number of phishing and malware attacks targeting Ukrainians.

DNS

DNS Internet Internet Phishing

People Are Increasingly Choosing Private Web Search

Schneier on Security

JANUARY 6, 2022

Even so, the company, which bills itself as the “Internet privacy company,” offering a search engine and other products designed to “empower you to seamlessly take control of your personal information online without any tradeoffs,” remains a rounding error compared to Google in search. jump over 2020 (23.6

Engineering

Engineering Internet Internet

NSO Group’s Pegasus Spyware Used Against US State Department Officials

Schneier on Security

DECEMBER 13, 2021

NSO Group’s descent into Internet pariah status continues. Its Pegasus spyware was used against nine US State Department employees. We don’t know which NSO Group customer trained the spyware on the US. ” .

Spyware

Spyware Internet Internet Government

‘Snatch’ Ransom Group Exposes Visitor IP Addresses

Krebs on Security

SEPTEMBER 27, 2023

The victim shaming site operated by the Snatch ransomware group is leaking data about its true online location and internal operations, as well as the Internet addresses of its visitors, KrebsOnSecurity has found. Probably the most active Internet address accessing Snatch’s darknet site is 193.108.114[.]41 top , sntech2ch[.]top

Ransomware

Ransomware Internet Internet Phishing

Why You Should Opt Out of Sharing Data With Your Mobile Provider

Krebs on Security

MARCH 20, 2023

A new breach involving data from nine million AT&T customers is a fresh reminder that your mobile provider likely collects and shares a great deal of information about where you go and what you do with your mobile device — unless and until you affirmatively opt out of this data collection.

Mobile

Mobile Wireless Advertising Telecommunications

Scam ‘Funeral Streaming’ Groups Thrive on Facebook

Krebs on Security

SEPTEMBER 18, 2024

Friends and family who follow the links for the streaming services are then asked to cough up their credit card information. Clicking to view the “live stream” of the funeral takes one to a newly registered website that requests credit card information. The Internet address of livestreamnow[.]xyz Livestreamnow[.]xyz

Scams

Scams DNS Internet Internet

German Police Raid DDoS-Friendly Host ‘FlyHosting’

Krebs on Security

MARCH 31, 2023

Authorities in Germany this week seized Internet servers that powered FlyHosting , a dark web offering that catered to cybercriminals operating DDoS-for-hire services, KrebsOnSecurity has learned. The German authorities did not name the suspects or the Internet service in question. This post will be updated in the event they respond.

DDOS

DDOS Internet Internet Cybercrime

What Happened to Facebook, Instagram, & WhatsApp?

Krebs on Security

OCTOBER 4, 2021

We don’t yet know why this happened, but the how is clear: Earlier this morning, something inside Facebook caused the company to revoke key digital records that tell computers and other Internet-enabled devices how to find these destinations online. Kentik’s view of the Facebook, Instagram and WhatsApp outage. Update, 6:16 p.m.

Internet

Internet Internet DNS Marketing

ICANN Launches Service to Help With WHOIS Lookups

Krebs on Security

DECEMBER 6, 2023

ICANN made the policy change in response to the General Data Protection Regulation (GDPR), a law enacted by the European Parliament that requires companies to gain affirmative consent for any personal information they collect on people within the European Union.

Phishing

Phishing Internet Internet Scams

Using EM Waves to Detect Malware

Schneier on Security

JANUARY 14, 2022

” Abstract : The Internet of Things (IoT) is constituted of devices that are exponentially growing in number and in complexity. We will present a novel approach of using side channel information to identify the kinds of threats that are targeting the device.

Malware

Malware IoT Firmware Internet

The Missouri Governor Doesn’t Understand Responsible Disclosure

Schneier on Security

OCTOBER 18, 2021

The newspaper agreed to hold off publishing any story while the department fixed the problem and protected the private information of teachers around the state. […]. No private information was publicly visible, but teacher Social Security numbers were contained in HTML source code of the pages. .

Education

Education Internet Internet Hacking

Pro-Ukraine ‘Protestware’ Pushes Antiwar Ads, Geo-Targeted Malware

Krebs on Security

MARCH 17, 2022

The group also is tracking several code packages that were recently modified to erase files on computers that appear to be coming from Russian or Belarusian Internet addresses. For example, the popular library ES5-ext hadn’t updated its code in nearly two years. ’ Not a single good came out of this ‘protest.'”

Malware

Malware Internet Internet Software

China’s Olympics App Is Horribly Insecure

Schneier on Security

JANUARY 21, 2022

Health customs forms which transmit passport details, demographic information, and medical and travel history are also vulnerable. However, as the app collects a range of highly sensitive medical information, it is unclear with whom or which organization(s) it shares this information.

Surveillance

Surveillance Encryption Wireless Government

RSAC Fireside Chat: IRONSCALES utilizes LLM, superior intel to stay a step ahead of Deep Fakes

The Last Watchdog

MAY 21, 2024

We have access to public and non-public information, while the bad guys only have access to public information that anyone can get,” Benishti observes. “So Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be. (LW

Phishing

Phishing Banking Technology Internet

The CrowdStrike Outage and Market-Driven Brittleness

Schneier on Security

JULY 25, 2024

Friday’s massive internet outage, caused by a mid-sized tech company called CrowdStrike, disrupted major airlines, hospitals, and banks. The catastrophe is yet another reminder of how brittle global internet infrastructure is. Compare the internet with ecological systems. Nearly 7,000 flights were canceled.

Marketing

Marketing Software Internet Internet

Juniper Support Portal Exposed Customer Device Info

Krebs on Security

FEBRUARY 9, 2024

Until earlier this week, the support website for networking equipment vendor Juniper Networks was exposing potentially sensitive information tied to customer products, including which devices customers bought, as well as each product’s warranty status, service contracts and serial numbers. Sunnyvale, Calif. Update, 11:01 a.m.

Artificial Intelligence

Artificial Intelligence Healthcare Accountability Banking

Using Radar to Read Body Language

Schneier on Security

MARCH 8, 2022

All this rich radar information helps it better guess if you are indeed about to start an interaction with the device, and what the type of engagement might be. […]. They’re going to be an essential part of the Internet of Things. “Privacy-friendly” is a relative term. These technologies are coming.

Surveillance

Surveillance Internet Internet Technology

How.tk Became a TLD for Scammers

Schneier on Security

NOVEMBER 14, 2023

Sad story of Tokelau, and how its top-level domain “became the unwitting host to the dark underworld by providing a never-ending supply of domain names that could be weaponized against internet users. websites to do everything from harvesting passwords and payment information to displaying pop-up ads or delivering malware.”

Passwords

Passwords Internet Internet Malware

FBI Seizes BreachForums Website

Schneier on Security

MAY 17, 2024

. […] The FBI is requesting victims and individuals contact them with information about the hacking forum and its members to aid in their investigation. “From June 2023 until May 2024, BreachForums (hosted at breachforums.st/.cx/.is/.vc ” “Previously, a separate version of BreachForums (hosted at breached.vc/.to/.co

Hacking

Hacking Accountability Ransomware Internet

The Life Cycle of a Breached Database

Krebs on Security

JULY 29, 2021

But the reality is that in most cases by the time the victim organization discloses an incident publicly the information has already been harvested many times over by profit-seeking cybercriminals. When a website’s user database gets compromised, that information invariably turns up on hacker forums. TARGETED PHISHING.

Passwords

Passwords Password Management Phishing Scams

Don’t Let Encryption Become A Double-Edged Sword That Undermines Zero Trust CyberSecurity

Joseph Steinberg

APRIL 21, 2022

It is no secret that cybersecurity professionals universally recommend that people, businesses, and governments employ strong encryption as one of several methods of protecting sensitive information.

Encryption

Encryption Cybersecurity Artificial Intelligence Backups

‘Tis the Season for the Wayward Package Phish

Krebs on Security

NOVEMBER 4, 2021

Here’s a look at a fairly elaborate SMS-based phishing scam that spoofs FedEx in a bid to extract personal and financial information from unwary recipients. Those who click “Next Step” after providing that information are asked to add a payment card to cover the $2.20 “redelivery fee.”

Phishing

Phishing Scams Mobile DNS

REvil Ransom Arrest, $6M Seizure, and $10M Reward

Krebs on Security

NOVEMBER 8, 2021

Department of State is now offering up to $10 million for the name or location any key REvil leaders, and up to $5 million for information on REvil affiliates. get hacked just about as much as everyone else on the Internet, and when they do their user databases can reveal some very valuable secrets and connections.

Ransomware

Ransomware Cybercrime System Administration Passwords

CASMM (The Consumer Authentication Strength Maturity Model)

Daniel Miessler

MARCH 24, 2021

This post is an attempt to create an easy-to-use security model for the average internet user. The Real Internet of Things: Details and Examples. People like moving up rankings, so let’s use that! How to use this model. Thanks to Troy Hunt, Anton Chuvakin, and Tim Dierks for spawning the idea for this.

Authentication

Authentication Passwords Internet Internet

Zero Trust and the Failure of Sampling: Two Important Cybersecurity Trends

Joseph Steinberg

JUNE 10, 2022

While “ zero trust ” has been a buzzword for some time, the principle of zero trust, and expenditures toward getting organizational policies, procedures, and infrastructure closer to delivering it, is gaining acceptance as constituting a fundamental component of information security programs.

Cybersecurity

Cybersecurity Artificial Intelligence CISO Wireless

Surveillance of the Internet Backbone

Robot Dog Internet Jammer

Trending Sources

The Internet is Held Together With Spit & Baling Wire

Internet Backbone Giant Lumen Shuns.RU

Extracting Personal Information from Large Language Models Like GPT-2

MyBook Users Urged to Unplug Devices from Internet

The Internet Enabled Mass Surveillance. AI Will Enable Mass Spying.

GUEST ESSAY: The timing is ripe to instill trust in the open Internet — and why this must get done

Internet Archive data breach impacted 31M users

Internet Archive was breached twice in a month

Facebook Is Down

Internet Archive suffers data breach and DDoS

Chinese Hackers Infiltrate U.S. Internet Providers in Cyber Espionage Campaign

Stark Industries Solutions: An Iron Hammer in the Cloud

Automakers Are Sharing Driver Data with Insurers without Consent

What Damage Can Happen If Data Leaks When Quantum Computing Breaks Today’s Encryption

Welcoming the Czech Republic Government to Have I Been Pwned

Hoax Email Blast Abused Poor Coding in FBI Website

New 0-Day Attacks Linked to China’s ‘Volt Typhoon’

Report: Recent 10x Increase in Cyberattacks on Ukraine

People Are Increasingly Choosing Private Web Search

NSO Group’s Pegasus Spyware Used Against US State Department Officials

‘Snatch’ Ransom Group Exposes Visitor IP Addresses

Why You Should Opt Out of Sharing Data With Your Mobile Provider

Scam ‘Funeral Streaming’ Groups Thrive on Facebook

German Police Raid DDoS-Friendly Host ‘FlyHosting’

What Happened to Facebook, Instagram, & WhatsApp?

ICANN Launches Service to Help With WHOIS Lookups

Using EM Waves to Detect Malware

The Missouri Governor Doesn’t Understand Responsible Disclosure

Pro-Ukraine ‘Protestware’ Pushes Antiwar Ads, Geo-Targeted Malware

China’s Olympics App Is Horribly Insecure

RSAC Fireside Chat: IRONSCALES utilizes LLM, superior intel to stay a step ahead of Deep Fakes

The CrowdStrike Outage and Market-Driven Brittleness

Juniper Support Portal Exposed Customer Device Info

Using Radar to Read Body Language

How.tk Became a TLD for Scammers

FBI Seizes BreachForums Website

The Life Cycle of a Breached Database

Don’t Let Encryption Become A Double-Edged Sword That Undermines Zero Trust CyberSecurity

‘Tis the Season for the Wayward Package Phish

REvil Ransom Arrest, $6M Seizure, and $10M Reward

CASMM (The Consumer Authentication Strength Maturity Model)

Zero Trust and the Failure of Sampling: Two Important Cybersecurity Trends

Stay Connected