Adam Shostack

MARCH 26, 2025

Im proud to be a member of this community and grateful to present The DEF CON 32 Hackers Almanack. The Hackers Almanack compiles the most interesting, impactful, and innovative research and vulnerabilities identified at DEF CON typically presented in extraordinary fashion.

Data breaches 130

Data breaches Passwords Technology Hacking 130

Schneier on Security

JANUARY 19, 2023

We present seven different attacks against the protocol in three different threat models. As one example, we present a cross-protocol attack which breaks authentication in Threema and which exploits the lack of proper key separation between different sub-protocols. It also said the researchers were overselling their findings.

Encryption 338

Encryption Authentication Advertising Government 338

Schneier on Security

AUGUST 29, 2024

Listening to it, and thinking about the audience of NSA engineers, I wonder how much of what she’s talking about as the future of computing—miniaturization, parallelization—was being done in the present and in secret.

Engineering 339

Engineering Internet Internet 339

Krebs on Security

FEBRUARY 26, 2025

“Wagenius should also be detained because he presents a serious risk of flight, has the means and intent to flee, and is aware that he will likely face additional charges,” the Seattle prosecutors asserted. million customers.

Hacking 247

Hacking Government Identity Theft Accountability 247

Schneier on Security

OCTOBER 11, 2022

Next, we demonstrate that some backdoors, such as ImpNet, can only be reliably detected at the stage where they are inserted and removing them anywhere else presents a significant challenge.

Architecture 363

Architecture Software 363

Schneier on Security

SEPTEMBER 2, 2024

The KCM process is fairly simple: the employee uses the dedicated lane and presents their KCM barcode or provides the TSA agent their employee number and airline. Various forms of ID need to be presented while the TSA agent’s laptop verifies the employment status with the airline.

Authentication 311

Authentication 311

Security Boulevard

NOVEMBER 12, 2024

Authors/Presenters: Samy Kamkar Our sincere appreciation to DEF CON , and the Presenters/Authors for publishing their erudite DEF CON 32 content. Originating from the conference’s events located at the Las Vegas Convention Center ; and via the organizations YouTube channel.

Education 104

Education Cybersecurity 104

Security Boulevard

NOVEMBER 6, 2024

Hackers are acutely aware that basic corporate account credentials present a significant vulnerability, increasing the stakes for SMBs in particular. The post Securing SMBs in a Cloud-Driven World: Best Practices for Cost-Effective Digital Hygiene Through Verified Authentication appeared first on Security Boulevard.

Authentication 124

Authentication Accountability Cybersecurity 124

Adam Shostack

JANUARY 2, 2025

In Threat Modelling Cloud Platform Services by Example: Google Cloud Storage Ken Wolstencroft of NCC presents a threat model for Google Cloud Storage, and Id like to take a look at it to see what we can learn. NCC has released a threat model for Google Cloud Platform. What can it teach us?

Engineering 246

Engineering Authentication 246

Security Boulevard

OCTOBER 30, 2024

Cybersecurity firm Proofpoint, which is eyeing an IPO in the next 18 months, is buying startup Normalyze to improve its data protection capabilities and mitigate the threat humans present in an increasingly fast-paced, interconnected, and AI-focus world.

Cybersecurity 110

Cybersecurity Social Engineering Engineering Security Awareness 110

Adam Shostack

JANUARY 2, 2025

Threat Modeling Jamie Dicken presented Teaching Software Engineers to Threat Model: We Did It, and So Can You at RSA, and her talk made Security Boulevards 8 hot talks list.

Engineering 130

Engineering Software Cybersecurity Risk 130

Adam Shostack

JANUARY 2, 2025

We provide a framework for action by presenting the characteristics of a pandemic-scale cyber event and differentiating it from smaller-scale incidents the world has previously experienced. The framework is focused on the United States.

Cyber threats 130

Cyber threats Government Cybersecurity 130

Security Boulevard

DECEMBER 4, 2024

China's growing presence in the global market for LiDAR, a remote sensing technology widely used in defense and commercial system, presents a national security risk for the United States, which already is dealing with intrusions into critical infrastructure networks by China-backed threat groups, according to a reporte.

Risk 113

Risk Marketing Technology Malware 113

Schneier on Security

JANUARY 10, 2024

“BK presents Hangover Whopper, a technology that scans your hangover level and offers a discount on the ideal combo to help combat it.” ” The stunt runs until January 2nd.

Marketing 325

Marketing Technology 325

Adam Shostack

APRIL 2, 2025

Adam will be co-presenting with Tanya Janca at RSA: Red Teaming AI: 50 Years of Failure, But This Time, For Sure! - [IAIS-R03]. Shostack + Associates updates Were sponsoring the Threat Modeling Connect #hackathon , going on now. Adam will be keynoting BSides Seattle (April 18/19, Seattle).

147

147

Security Affairs

JANUARY 24, 2025

While some cd00r functions share the same non-standard names, this latest sample contains an embedded certificate that presents a challenge which was not present in previous examples found in VirusTotal, indicating an evolution in operational security and tradecraft.” ” concludes the report.

Malware 120

Malware VPN Encryption Hacking 120

Schneier on Security

APRIL 15, 2024

A new paper presents a polynomial-time quantum algorithm for solving certain hard lattice problems. This could be a big deal for post-quantum cryptographic algorithms, since many of them base their security on hard lattice problems. A few things to note. One, this paper has not yet been peer reviewed.

320

320

Schneier on Security

AUGUST 12, 2024

In this paper, we present a taxonomy of GenAI misuse tactics, informed by existing academic literature and a qualitative analysis of approximately 200 observed incidents of misuse reported between January 2023 and March 2024.

Artificial Intelligence 318

Artificial Intelligence Risk 318

Adam Shostack

JANUARY 2, 2025

Finally, we present ideas for developing a new playbook for a pandemic-scale cyber threat. In this talk, we characterize what we mean by pandemic-scale cyber events. Next, using insights from published analyses, we offer six core lessons from Covid as an informative guide for thinking about pandemic-scale cyber threats.

Cybersecurity 130

Cybersecurity Cyber threats Technology 130

Schneier on Security

SEPTEMBER 17, 2024

Now, though, there are also attacks involving “coding tests” that only exist to get the end user to install hidden malware on their system (cleverly hidden with Base64 encoding) that allows remote execution once present.

Malware 300

Malware Social Engineering Engineering Hacking 300

Javvad Malik

DECEMBER 16, 2024

I had the chance to present at Blackhat and also caught up with Quentyn Taylor, who somehow social-engineered me into agreeing to a 5k run in the new year The vendor area felt a bit smaller compared to previous years, but that wasnt necessarily a bad thing. Blackhat was held at the ExCeL and featured all the usual suspects.

Social Engineering 130

Social Engineering Engineering Cybersecurity 130

Krebs on Security

MARCH 11, 2025

However, ESET notes the vulnerability itself also is present in newer Windows OS versions, including Windows 10 build 1809 and the still-supported Windows Server 2016. Although still used by millions, security support for these products ended more than a year ago, and mainstream support ended years ago.

System Administration 229

System Administration Engineering Internet Internet 229

Adam Shostack

JANUARY 2, 2025

And while an emergency stop may certainly be a risk minimizing action in some circumstances, describing it as such is surprising, especially when presented in contrast to a "safe stop" maneuver. One of the "minimal risk" maneuvers listed (table 4) is an emergency stop. It's important to remember that driving is incredibly dangerous.

Risk 189

Risk Architecture Manufacturing Cybersecurity 189

Schneier on Security

JULY 3, 2024

It’s a serious one : The vulnerability, which is a signal handler race condition in OpenSSH’s server (sshd), allows unauthenticated remote code execution (RCE) as root on glibc-based Linux systems; that presents a significant security risk.

Firewall 346

Firewall Data breaches Malware Risk 346

NetSpi Executives

MARCH 12, 2025

Michelle Eggers and David Bryan Presenting their talk. This year at SHARE, NetSPI presented two notable talks. Titled, Mainframe Blackbox Network Pentesting , the presentation explored various vulnerabilities encountered during past mainframe penetration tests. Philip Young (right) presenting his talk with Chad Rikansrud (left).

Penetration Testing 96

Penetration Testing Passwords Accountability Cybersecurity 96

SecureWorld News

NOVEMBER 17, 2024

The interplay of domestic and international regulations presents significant challenges for organizations, demanding significant investments in technology, personnel, and processes. The UK has a complex regulatory landscape for businesses, particularly in the realms of cybersecurity and privacy. of the UK's business population, 5.5

Cybersecurity 120

Cybersecurity Risk Healthcare Accountability 120

Tech Republic Security

OCTOBER 22, 2024

A study at Rensselaer Polytechnic Institute presented at ISC2 Security Congress compared ChatGPT-written training prompted by security experts and prompt engineers.

Engineering 213

Engineering Artificial Intelligence Technology Cybersecurity 213

Schneier on Security

DECEMBER 22, 2022

Microsoft fixed CVE-2022-37958 in September during its monthly Patch Tuesday rollout of security fixes.

Authentication 71

Authentication 71

Schneier on Security

JANUARY 17, 2023

Someone at the NSA gave a presentation on this ten years ago. (I Without the FBI deploying some form of surveillance technique, or Al-Azhari using another method to visit the site which exposed their IP address, this should not have been possible. There are lots of ways to de-anonymize Tor users.

Surveillance 363

Surveillance Media Hacking 363

Schneier on Security

NOVEMBER 16, 2022

On social media and in US regulatory filings, however, it presents itself as a US company, based at various times in California, Maryland, and Washington, DC, Reuters found. It employs around 40 people and reported revenue of 143,270,000 rubles ($2.4 mln) last year. Pushwoosh is registered with the Russian government to pay taxes in Russia.

Software 331

Software Media Government 331

Schneier on Security

MARCH 8, 2024

We also present a comprehensive taxonomical ontology of the types of adversarial prompts. We elicit 600K+ adversarial prompts against three state-of-the-art LLMs. We describe the dataset, which empirically verifies that current LLMs can indeed be manipulated via prompt hacking.

Hacking 329

Hacking Artificial Intelligence 329

Krebs on Security

FEBRUARY 18, 2025

” said Merrill, who presented about his findings at the M3AAWG security conference in Lisbon earlier today. In August 2024, security researcher Grant Smith gave a presentation at the DEFCON security conference about tracking down the Smishing Triad after scammers spoofing the U.S. “Who says carding is dead?,”

Phishing 291

Phishing Mobile Scams Banking 291

Joseph Steinberg

MARCH 24, 2025

We all know that we face increased threats from costly hacker attacks and data breaches unfortunately, however, much of what we have been taught about how to protect ourselves is simply wrong.

Artificial Intelligence 130

Artificial Intelligence Cybersecurity Data breaches Government 130

eSecurity Planet

MARCH 24, 2025

The fact that the affected subdomain was captured on the Wayback Machine in February 2025 further points to the longstanding vulnerability present in legacy Oracle systems.

Risk 120

Risk Passwords Hacking Encryption 120

Security Boulevard

MARCH 1, 2025

Author/Presenter: Max 'Libra' Kersten Our sincere appreciation to DEF CON , and the Authors/Presenters for publishing their erudite DEF CON 32 content. Originating from the conferences events located at the Las Vegas Convention Center ; and via the organizations YouTube channel.

Education 89

Education Cybersecurity 89

Schneier on Security

OCTOBER 10, 2023

Many versions of this problem have been studied over the last 30 years, and the best current attack on ReLU-based deep neural networks was presented at Crypto’20 by Carlini, Jagielski, and Mironov.

329

329

Security Boulevard

APRIL 6, 2025

Author/Presenter: Mea Clift Our sincere appreciation to BSidesLV , and the Presenters/Authors for publishing their erudite Security BSidesLV24 content. Originating from the conferences events located at the Tuscany Suites & Casino ; and via the organizations YouTube channel.

Cybersecurity 64

Cybersecurity Education 64