The Present and Future of TV Surveillance
Schneier on Security
AUGUST 27, 2024
Ars Technica has a good article on what’s happening in the world of television surveillance. More than even I realized.
This site uses cookies to improve your experience. To help us insure we adhere to various privacy regulations, please select your country/region of residence. If you do not select a country, we will assume you are from the United States. Select your Cookie Settings or view our Privacy Policy and Terms of Use.
Cookies and similar technologies are used on this website for proper function of the website, for tracking performance analytics and for marketing purposes. We and some of our third-party providers may use cookie data for various purposes. Please review the cookie settings below and choose your preference.
Used for the proper function of the website
Used for monitoring website traffic and interactions
Cookies and similar technologies are used on this website for proper function of the website, for tracking performance analytics and for marketing purposes. We and some of our third-party providers may use cookie data for various purposes. Please review the cookie settings below and choose your preference.
Schneier on Security
AUGUST 27, 2024
Ars Technica has a good article on what’s happening in the world of television surveillance. More than even I realized.
SecureList
FEBRUARY 18, 2025
Introduction On December 31, cybercriminals launched a mass infection campaign, aiming to exploit reduced vigilance and increased torrent traffic during the holiday season. Our telemetry detected the attack, which lasted for a month and affected individuals and businesses by distributing the XMRig cryptominer.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Security Boulevard
MARCH 26, 2025
Titled Timelines for Migration to Post-Quantum Cryptography, this guidance is important for two key reasons: A) It sets a clear roadmap for [] The post The UKs National Cyber Security Centre Presents Timeline and Roadmap for PQC Migration appeared first on Security Boulevard.
The Last Watchdog
FEBRUARY 5, 2024
Even in the cloud era, Microsoft Exchange Server remains a staple business communications tool across the globe. Related: The need for robust data recovery policies. One critical issue faced by organizations that rely on Exchange Server is the risk of a corrupt Exchange Server database cropping up.
Security Boulevard
APRIL 2, 2025
The post Strata Identity CEO to Present Session on Identity Resilience at CyberArk Impact 2025 Conference appeared first on Strata.io. The post Strata Identity CEO to Present Session on Identity Resilience at CyberArk Impact 2025 Conference appeared first on Security Boulevard. The session.
Schneier on Security
JULY 15, 2024
References in a scientific publication allow authors to justify methodological choices or present the results of past studies, highlighting the iterative and collaborative nature of science. Some legitimate references were also lost, meaning they were not present in the metadata.
Schneier on Security
MAY 1, 2024
Scammers tricked a company into believing they were dealing with a BBC presenter. They faked her voice, and accepted money intended for her.
Security Boulevard
DECEMBER 22, 2024
Understanding Cyber Threats During the Holiday Season Understanding Cyber Threats During the Holiday Season The holiday season, while festive, presents heightened cybersecurity risks for businesses. Cybercriminals exploit increased online activity and reduced vigilance during this period.
Adam Shostack
MARCH 26, 2025
Im proud to be a member of this community and grateful to present The DEF CON 32 Hackers Almanack. The Hackers Almanack compiles the most interesting, impactful, and innovative research and vulnerabilities identified at DEF CON typically presented in extraordinary fashion.
Schneier on Security
AUGUST 29, 2024
Listening to it, and thinking about the audience of NSA engineers, I wonder how much of what she’s talking about as the future of computing—miniaturization, parallelization—was being done in the present and in secret.
Schneier on Security
JANUARY 19, 2023
We present seven different attacks against the protocol in three different threat models. As one example, we present a cross-protocol attack which breaks authentication in Threema and which exploits the lack of proper key separation between different sub-protocols. It also said the researchers were overselling their findings.
Schneier on Security
OCTOBER 11, 2022
Next, we demonstrate that some backdoors, such as ImpNet, can only be reliably detected at the stage where they are inserted and removing them anywhere else presents a significant challenge.
Krebs on Security
FEBRUARY 26, 2025
“Wagenius should also be detained because he presents a serious risk of flight, has the means and intent to flee, and is aware that he will likely face additional charges,” the Seattle prosecutors asserted. million customers.
Schneier on Security
SEPTEMBER 2, 2024
The KCM process is fairly simple: the employee uses the dedicated lane and presents their KCM barcode or provides the TSA agent their employee number and airline. Various forms of ID need to be presented while the TSA agent’s laptop verifies the employment status with the airline.
Security Boulevard
NOVEMBER 12, 2024
Authors/Presenters: Samy Kamkar Our sincere appreciation to DEF CON , and the Presenters/Authors for publishing their erudite DEF CON 32 content. Originating from the conference’s events located at the Las Vegas Convention Center ; and via the organizations YouTube channel.
Security Boulevard
NOVEMBER 6, 2024
Hackers are acutely aware that basic corporate account credentials present a significant vulnerability, increasing the stakes for SMBs in particular. The post Securing SMBs in a Cloud-Driven World: Best Practices for Cost-Effective Digital Hygiene Through Verified Authentication appeared first on Security Boulevard.
Krebs on Security
MARCH 11, 2025
However, ESET notes the vulnerability itself also is present in newer Windows OS versions, including Windows 10 build 1809 and the still-supported Windows Server 2016. Although still used by millions, security support for these products ended more than a year ago, and mainstream support ended years ago.
Adam Shostack
JANUARY 2, 2025
In Threat Modelling Cloud Platform Services by Example: Google Cloud Storage Ken Wolstencroft of NCC presents a threat model for Google Cloud Storage, and Id like to take a look at it to see what we can learn. NCC has released a threat model for Google Cloud Platform. What can it teach us?
Security Boulevard
OCTOBER 30, 2024
Cybersecurity firm Proofpoint, which is eyeing an IPO in the next 18 months, is buying startup Normalyze to improve its data protection capabilities and mitigate the threat humans present in an increasingly fast-paced, interconnected, and AI-focus world.
NetSpi Executives
MARCH 12, 2025
Michelle Eggers and David Bryan Presenting their talk. This year at SHARE, NetSPI presented two notable talks. Titled, Mainframe Blackbox Network Pentesting , the presentation explored various vulnerabilities encountered during past mainframe penetration tests. Philip Young (right) presenting his talk with Chad Rikansrud (left).
Adam Shostack
JANUARY 2, 2025
Threat Modeling Jamie Dicken presented Teaching Software Engineers to Threat Model: We Did It, and So Can You at RSA, and her talk made Security Boulevards 8 hot talks list.
Adam Shostack
JANUARY 2, 2025
We provide a framework for action by presenting the characteristics of a pandemic-scale cyber event and differentiating it from smaller-scale incidents the world has previously experienced. The framework is focused on the United States.
Security Boulevard
DECEMBER 4, 2024
China's growing presence in the global market for LiDAR, a remote sensing technology widely used in defense and commercial system, presents a national security risk for the United States, which already is dealing with intrusions into critical infrastructure networks by China-backed threat groups, according to a reporte.
Schneier on Security
JANUARY 10, 2024
“BK presents Hangover Whopper, a technology that scans your hangover level and offers a discount on the ideal combo to help combat it.” ” The stunt runs until January 2nd.
Security Affairs
JANUARY 24, 2025
While some cd00r functions share the same non-standard names, this latest sample contains an embedded certificate that presents a challenge which was not present in previous examples found in VirusTotal, indicating an evolution in operational security and tradecraft.” ” concludes the report.
Adam Shostack
APRIL 2, 2025
Adam will be co-presenting with Tanya Janca at RSA: Red Teaming AI: 50 Years of Failure, But This Time, For Sure! - [IAIS-R03]. Shostack + Associates updates Were sponsoring the Threat Modeling Connect #hackathon , going on now. Adam will be keynoting BSides Seattle (April 18/19, Seattle).
Schneier on Security
APRIL 15, 2024
A new paper presents a polynomial-time quantum algorithm for solving certain hard lattice problems. This could be a big deal for post-quantum cryptographic algorithms, since many of them base their security on hard lattice problems. A few things to note. One, this paper has not yet been peer reviewed.
Schneier on Security
SEPTEMBER 17, 2024
Now, though, there are also attacks involving “coding tests” that only exist to get the end user to install hidden malware on their system (cleverly hidden with Base64 encoding) that allows remote execution once present.
Schneier on Security
AUGUST 12, 2024
In this paper, we present a taxonomy of GenAI misuse tactics, informed by existing academic literature and a qualitative analysis of approximately 200 observed incidents of misuse reported between January 2023 and March 2024.
Adam Shostack
JANUARY 2, 2025
Finally, we present ideas for developing a new playbook for a pandemic-scale cyber threat. In this talk, we characterize what we mean by pandemic-scale cyber events. Next, using insights from published analyses, we offer six core lessons from Covid as an informative guide for thinking about pandemic-scale cyber threats.
Javvad Malik
DECEMBER 16, 2024
I had the chance to present at Blackhat and also caught up with Quentyn Taylor, who somehow social-engineered me into agreeing to a 5k run in the new year The vendor area felt a bit smaller compared to previous years, but that wasnt necessarily a bad thing. Blackhat was held at the ExCeL and featured all the usual suspects.
Adam Shostack
JANUARY 2, 2025
And while an emergency stop may certainly be a risk minimizing action in some circumstances, describing it as such is surprising, especially when presented in contrast to a "safe stop" maneuver. One of the "minimal risk" maneuvers listed (table 4) is an emergency stop. It's important to remember that driving is incredibly dangerous.
Schneier on Security
JULY 3, 2024
It’s a serious one : The vulnerability, which is a signal handler race condition in OpenSSH’s server (sshd), allows unauthenticated remote code execution (RCE) as root on glibc-based Linux systems; that presents a significant security risk.
Tech Republic Security
OCTOBER 22, 2024
A study at Rensselaer Polytechnic Institute presented at ISC2 Security Congress compared ChatGPT-written training prompted by security experts and prompt engineers.
SecureWorld News
NOVEMBER 17, 2024
The interplay of domestic and international regulations presents significant challenges for organizations, demanding significant investments in technology, personnel, and processes. The UK has a complex regulatory landscape for businesses, particularly in the realms of cybersecurity and privacy. of the UK's business population, 5.5
Schneier on Security
MAY 25, 2022
If an adversary can manipulate the order in which batches of training data are presented to the model, they can undermine both its integrity (by poisoning it) and its availability (by causing training to be less effective, or take longer). Our latest paper shows that’s not necessary at all.
Schneier on Security
DECEMBER 22, 2022
Microsoft fixed CVE-2022-37958 in September during its monthly Patch Tuesday rollout of security fixes.
Schneier on Security
JANUARY 17, 2023
Someone at the NSA gave a presentation on this ten years ago. (I Without the FBI deploying some form of surveillance technique, or Al-Azhari using another method to visit the site which exposed their IP address, this should not have been possible. There are lots of ways to de-anonymize Tor users.
Schneier on Security
MARCH 8, 2024
We also present a comprehensive taxonomical ontology of the types of adversarial prompts. We elicit 600K+ adversarial prompts against three state-of-the-art LLMs. We describe the dataset, which empirically verifies that current LLMs can indeed be manipulated via prompt hacking.
Schneier on Security
NOVEMBER 16, 2022
On social media and in US regulatory filings, however, it presents itself as a US company, based at various times in California, Maryland, and Washington, DC, Reuters found. It employs around 40 people and reported revenue of 143,270,000 rubles ($2.4 mln) last year. Pushwoosh is registered with the Russian government to pay taxes in Russia.
Penetration Testing
NOVEMBER 24, 2024
In a comprehensive report by Intrinsec, the cybersecurity community is presented with detailed insights into the connection between two Russian autonomous systems (ASNs), PROSPERO (AS200593) and Proton66 (AS198953).
Joseph Steinberg
MARCH 24, 2025
We all know that we face increased threats from costly hacker attacks and data breaches unfortunately, however, much of what we have been taught about how to protect ourselves is simply wrong.
Krebs on Security
FEBRUARY 18, 2025
” said Merrill, who presented about his findings at the M3AAWG security conference in Lisbon earlier today. In August 2024, security researcher Grant Smith gave a presentation at the DEFCON security conference about tracking down the Smishing Triad after scammers spoofing the U.S. “Who says carding is dead?,”
eSecurity Planet
MARCH 24, 2025
The fact that the affected subdomain was captured on the Wayback Machine in February 2025 further points to the longstanding vulnerability present in legacy Oracle systems.
Expert insights. Personalized for you.
We have resent the email to
Are you sure you want to cancel your subscriptions?
Let's personalize your content