Schneier on Security

JANUARY 12, 2024

New law journal article : Smart Device Manufacturer Liability and Redress for Third-Party Cyberattack Victims Abstract: Smart devices are used to facilitate cyberattacks against both their users and third parties.

IoT 298

IoT Software Manufacturing Internet 298

Schneier on Security

MARCH 26, 2021

Basically, there is no reason to believe that software in weapons systems is any more vulnerability free than any other software. So now the question is whether the software can be accessed over the Internet. Lukasz Olejnik has a good essay on hacking weapons systems. Increasingly, it is.

Hacking 361

Hacking Software Internet Internet 361

The Last Watchdog

AUGUST 29, 2023

Related: Pushing the fly-by-wire envelope This is especially true because systems are more interconnected and use more complex commercial software than ever before, meaning a vulnerability in one system could lead to a malicious actor gaining access to more important systems. Risks delineated Still, there have been many other incidents since.

Software 264

Software Risk Artificial Intelligence Engineering 264

The Last Watchdog

OCTOBER 19, 2022

Matter is intended to be the lingua franca for the Internet of Things. The Internet of Things is a huge new platform for amazing innovation,” Hanna observes. Modern digital services are the product of far-flung software code interconnecting dynamically. It’s only a first step and there’s a long way to go. Baked-in security.

Internet 44

Internet Internet Manufacturing Technology 44

The Last Watchdog

OCTOBER 9, 2023

This software writing principle cropped up some 50 years ago and might seem quaint in today’s era of speedy software development. What’s more, Clean Code improves security — by reinforcing “ shift left ,” the practice of testing as early as feasible in the software development lifecycle. The transformation progresses.

Software 231

Software IoT Internet Internet 231

Schneier on Security

APRIL 11, 2024

Last week, the internet dodged a major nation-state attack that would have had catastrophic cybersecurity repercussions worldwide. There are libraries for everything: displaying objects in 3D, spell-checking, performing complex mathematics, managing an e-commerce shopping cart, moving files around the internet—everything.

Software 352

Software Engineering Internet Internet 352

The Last Watchdog

APRIL 18, 2023

One of the nascent security disciplines already getting a lot of buzz as RSA Conference 2023 gets ready to open next week at San Francisco’s Moscone Center is “software supply chain security,” or SSCS. Shift left advocates driving code testing and application performance evaluations as early as possible in the software development process.

Software 200

Software CISO Internet Internet 200

Schneier on Security

JULY 25, 2024

Friday’s massive internet outage, caused by a mid-sized tech company called CrowdStrike, disrupted major airlines, hospitals, and banks. The catastrophe is yet another reminder of how brittle global internet infrastructure is. The CrowdStrike failure was the result of a buggy software update.

Marketing 324

Marketing Software Internet Internet 324

Bleeping Computer

AUGUST 3, 2024

A Chinese hacking group tracked as StormBamboo has compromised an undisclosed internet service provider (ISP) to poison automatic software updates with malware. [.]

Software 139

Software Malware Internet Internet 139

Krebs on Security

MARCH 17, 2022

The group also is tracking several code packages that were recently modified to erase files on computers that appear to be coming from Russian or Belarusian Internet addresses. Holden said the real trouble starts when protestware is included in code packages that get automatically fetched by a myriad of third-party software products.

Malware 351

Malware Internet Internet Software 351

Schneier on Security

APRIL 2, 2024

modified the way the software functions. The following year, JiaT75 submitted a patch over the xz Utils mailing list, and, almost immediately, a never-before-seen participant named Jigar Kumar joined the discussion and argued that Lasse Collin, the longtime maintainer of xz Utils, hadn’t been updating the software often or fast enough.

Social Engineering 350

Social Engineering Engineering Software Encryption 350

The Hacker News

AUGUST 4, 2024

The China-linked threat actor known as Evasive Panda compromised an unnamed internet service provider (ISP) to push malicious software updates to target companies in mid-2023, highlighting a new level of sophistication associated with the group.

Software 142

Software Internet Internet 142

Krebs on Security

SEPTEMBER 27, 2023

The victim shaming site operated by the Snatch ransomware group is leaking data about its true online location and internal operations, as well as the Internet addresses of its visitors, KrebsOnSecurity has found. Probably the most active Internet address accessing Snatch’s darknet site is 193.108.114[.]41 top , sntech2ch[.]top

Ransomware 293

Ransomware Internet Internet Phishing 293

The Hacker News

JULY 24, 2024

The Internet Systems Consortium (ISC) has released patches to address multiple security vulnerabilities in the Berkeley Internet Name Domain (BIND) 9 Domain Name System (DNS) software suite that could be exploited to trigger a denial-of-service (DoS) condition. "A

DNS 135

DNS Software Cyber threats Internet 135

The Last Watchdog

AUGUST 19, 2024

President Biden’s call for the mainstreaming of Software Bill of Materials (SBOMs) is a major step forward. He drew a vivid parallel between food safety and software security. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be. (LW

Software 173

Software Internet Internet Accountability 173

Krebs on Security

SEPTEMBER 1, 2021

based Internet address for more than a decade — simply vanished. Like other anonymity networks marketed largely on cybercrime forums online, VIP72 routes its customers’ traffic through computers that have been hacked and seeded with malicious software. The domain Vip72[.]org

Malware 311

Malware Cybercrime Internet Internet 311

Schneier on Security

NOVEMBER 16, 2020

It’s basically incompatible with “software independence”, considered an essential property. But now I have this excellent paper from MIT researchers: “Going from Bad to Worse: From Internet Voting to Blockchain Voting” Sunoo Park, Michael Specter, Neha Narula, and Ronald L.

Computers and Electronics 345

Computers and Electronics Internet Internet Risk 345

Krebs on Security

MARCH 11, 2022

As their cities suffered more intense bombardment by Russian military forces this week, Ukrainian Internet users came under renewed cyberattacks, with one Internet company providing service there saying they blocked ten times the normal number of phishing and malware attacks targeting Ukrainians.

DNS 312

DNS Internet Internet Phishing 312

Tech Republic Security

OCTOBER 10, 2024

Patch Tuesday brings patches for hundreds of vulnerabilities. Plus, Apple makes sure Sequoia plays nice with third-party security tools.

Internet 181

Internet Internet Software 181

Adam Levin

JULY 6, 2022

A firewall is a network security device or program designed to prevent unauthorized and malicious internet traffic from entering a private network or device. Firewalls can be software- or hardware-based. A software firewall is a program installed on a computer that monitors incoming traffic entering through ports.

Firewall 298

Firewall Software Internet Internet 298

Krebs on Security

MARCH 9, 2021

On the off chance you were looking for more security to-dos from Microsoft today…the company released software updates to plug more than 82 security flaws in Windows and other supported software. The SANS Internet Storm Center no-frills breakdown of the fixes.

DNS 347

DNS Internet Internet Software 347

Krebs on Security

MAY 29, 2024

.” The arrest coincided with the seizure of the 911 S5 website and supporting infrastructure, which the government says turned computers running various “free VPN” products into Internet traffic relays that facilitated billions of dollars in online fraud and cybercrime. Cloud Router was previously called 911 S5.

VPN 317

VPN Government Cybercrime Internet 317

The Last Watchdog

JUNE 3, 2024

The focus is on providing a software testing solution that does not impede innovation, provides clear guidance to developers and identifies software vulnerabilities long before public release. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be. (LW

Software 147

Software Mobile Engineering Internet 147

Tech Republic Security

OCTOBER 17, 2023

The number of devices exposing the web UI on the internet, a timeline and technical details about this malicious activity, and tips for mitigating this zero-day threat are featured.

Software 188

Software Internet Internet Cybersecurity 188

Schneier on Security

DECEMBER 2, 2021

A hacker stole $31 million from the blockchain company MonoX Finance , by exploiting a bug in software the service uses to draft smart contracts. Human-based adjudication systems are not useless pre-Internet human baggage, they’re vital. MonoX updates prices after each swap by calculating new prices for both tokens.

Internet 353

Internet Internet Hacking Software 353

Krebs on Security

AUGUST 27, 2024

Malicious hackers are exploiting a zero-day vulnerability in Versa Director , a software product used by many Internet and IT service providers. Researchers believe the activity is linked to Volt Typhoon , a Chinese cyber espionage group focused on infiltrating critical U.S. In a security advisory published Aug.

Internet 314

Internet Internet Technology Engineering 314

Security Affairs

JULY 26, 2024

The Internet Systems Consortium (ISC) released BIND security updates that fixed several remotely exploitable DoS bugs in the DNS software suite. The Internet Systems Consortium (ISC) released security updates for BIND that address DoS vulnerabilities that could be remotely exploited.

DNS 145

DNS Software Internet Internet 145

Krebs on Security

MAY 23, 2024

Two weeks before Russia invaded Ukraine in February 2022, a large, mysterious new Internet hosting firm called Stark Industries Solutions materialized and quickly became the epicenter of massive distributed denial-of-service (DDoS) attacks on government and commercial targets in Ukraine and Europe. The homepage of Stark Industries Solutions.

DDOS 305

DDOS Internet Internet Government 305

Security Affairs

SEPTEMBER 26, 2024

internet service providers (ISPs) as part of a cyber espionage campaign code-named Salt Typhoon. internet service providers in recent months as part of a cyber espionage campaign code-named Salt Typhoon. internet-service providers in recent months in pursuit of sensitive information, according to people familiar with the matter.”

Internet 136

Internet Internet DNS Telecommunications 136

Krebs on Security

MARCH 2, 2021

today released software updates to plug four security holes that attackers have been using to plunder email communications at companies that use its Exchange Server products. “HAFNIUM has previously compromised victims by exploiting vulnerabilities in internet-facing servers. . Microsoft Corp.

Internet 326

Internet Internet Software Education 326

Krebs on Security

JULY 29, 2022

The abrupt closure comes ten days after KrebsOnSecurity published an in-depth look at 911 and its connections to shady pay-per-install affiliate programs that secretly bundled 911’s proxy software with other titles, including “free” utilities and pirated software. A cached copy of flashupdate[.]net

Cybercrime 302

Cybercrime Software VPN Backups 302

Krebs on Security

AUGUST 10, 2021

Microsoft today released software updates to plug at least 44 security vulnerabilities in its Windows operating systems and related products. Top of the heap again this month: Microsoft also took another stab at fixing a broad class of weaknesses in its printing software.

Software 335

Software Internet Internet Backups 335

Krebs on Security

OCTOBER 12, 2020

A court in Virginia granted Microsoft control over many Internet servers Trickbot uses to plunder infected systems, based on novel claims that the crime machine abused the software giant’s trademarks. Microsoft Corp. However, it appears the operation has not completely disabled the botnet.

Healthcare 362

Healthcare Internet Internet Ransomware 362

Krebs on Security

NOVEMBER 14, 2023

Microsoft today released updates to fix more than five dozen security holes in its Windows operating systems and related software, including three “zero day” vulnerabilities that Microsoft warns are already being exploited in active attacks.

Social Engineering 287

Social Engineering Phishing Internet Internet 287

Daniel Miessler

MAY 14, 2020

In that piece I wanted to link to some safe internet practices—which some used to call Safe Hex—but I couldn’t find anything newer than nine years old. A password manager is a piece of software that creates all these for you, keeps them stored safely, and then fills them in for you automatically when you need to log in.

Risk 345

Risk Password Management Passwords Accountability 345

Schneier on Security

MAY 3, 2023

Suspicions were triggered when the department detected unusual traffic emanating from one of its servers that was running a trial version of the Orion software suite made by SolarWinds, according to sources familiar with the incident. The DOJ asked the security firm Mandiant to help determine whether the server had been hacked.

System Administration 240

System Administration Software Engineering Internet 240

Krebs on Security

DECEMBER 18, 2020

government cybersecurity agencies warned this week that the attackers behind the widespread hacking spree stemming from the compromise at network software firm SolarWinds used weaknesses in other, non-SolarWinds products to attack high-value targets. National Security Agency (NSA) warned on Dec.

Software 362

Software Authentication Hacking Government 362