cyberattack – Page 5 – SSL and internet security news

Details of the REvil Ransomware Attack

July 8, 2021 infossl

cyberattack, malware, ransomware, russia, Security technology, supply chain, Uncategorized, vulnerabilities, zero-day

ArsTechnica has a good story on the REvil ransomware attack of last weekend, with technical details: This weekend’s attack was carried out with almost surgical precision. According to Cybereason, the REvil affiliates first gained access to targeted environments and then used the zero-day in the Kaseya Agent Monitor to gain administrative control over the target’s … Read More “Details of the REvil Ransomware Attack” »

Vulnerabilities in Weapons Systems

June 8, 2021 infossl

cyberattack, cyberwar, cyberweapons, essays, military, Security technology, supply chain, Uncategorized

“If you think any of these systems are going to work as expected in wartime, you’re fooling yourself.” That was Bruce’s response at a conference hosted by US Transportation Command in 2017, after learning that their computerized logistical systems were mostly unclassified and on the Internet. That may be necessary to keep in touch with … Read More “Vulnerabilities in Weapons Systems” »

The Misaligned Incentives for Cloud Security

May 28, 2021 infossl

certificates, cloud computing, cyberattack, cyberespionage, essays, externalities, hacking, russia, Security technology, Uncategorized

Russia’s Sunburst cyberespionage campaign, discovered late last year, impacted more than 100 large companies and US federal agencies, including the Treasury, Energy, Justice, and Homeland Security departments. A crucial part of the Russians’ success was their ability to move through these organizations by compromising cloud and local network identity systems to then access cloud accounts … Read More “The Misaligned Incentives for Cloud Security” »

On North Korea’s Cyberattack Capabilities

April 22, 2021 infossl

crime, cyberattack, cybercrime, North Korea, Security technology, Uncategorized

Excellent New Yorker article on North Korea’s offensive cyber capabilities. Powered by WPeMatico

Google’s Project Zero Finds a Nation-State Zero-Day Operation

April 8, 2021 infossl

cyberattack, google, Security technology, terrorism, Uncategorized, zero-day

Google’s Project Zero discovered, and caused to be patched, eleven zero-day exploits against Chrome, Safari, Microsoft Windows, and iOS. This seems to have been exploited by “Western government operatives actively conducting a counterterrorism operation”: The exploits, which went back to early 2020 and used never-before-seen techniques, were “watering hole” attacks that used infected websites to … Read More “Google’s Project Zero Finds a Nation-State Zero-Day Operation” »

Hacking Weapons Systems

March 26, 2021 infossl

cyberattack, cyberweapons, hacking, infrastructure, military, national security policy, Security technology, Uncategorized, weapons

Lukasz Olejnik has a good essay on hacking weapons systems. Basically, there is no reason to believe that software in weapons systems is any more vulnerability free than any other software. So now the question is whether the software can be accessed over the Internet. Increasingly, it is. This is likely to become a bigger … Read More “Hacking Weapons Systems” »

The Unintended Harms of Cybersecurity

June 26, 2020 infossl

academicpapers, cyberattack, cybercrime, cybersecurity, riskassessment, risks, Security technology

Interesting research: “Identifying Unintended Harms of Cybersecurity Countermeasures“: Abstract: Well-meaning cybersecurity risk owners will deploy countermeasures (technologies or procedures) to manage risks to their services or systems. In some cases, those countermeasures will produce unintended consequences, which must then be addressed. Unintended consequences can potentially induce harm, adversely affecting user behaviour, user inclusion, or the … Read More “The Unintended Harms of Cybersecurity” »

Examining the US Cyber Budget

June 15, 2020 infossl

cyberattack, cybersecurity, defense, homelandsecurity, nationalsecuritypolicy, Security technology

Jason Healey takes a detailed look at the US federal cybersecurity budget and reaches an important conclusion: the US keeps saying that we need to prioritize defense, but in fact we prioritize attack. To its credit, this budget does reveal an overall growth in cybersecurity funding of about 5 percent above the fiscal 2019 estimate. … Read More “Examining the US Cyber Budget” »

On Marcus Hutchins

May 15, 2020 infossl

cyberattack, cybercrime, hacking, historyofsecurity, Security technology

Long and nuanced story about Marcus Hutchins, the British hacker who wrote most of the Kronos malware and also stopped WannaCry in real time. Well worth reading. Powered by WPeMatico

New US Electronic Warfare Platform

May 13, 2020 infossl

cyberattack, cyberwar, drones, jamming, Security technology

The Army is developing a new electronic warfare pod capable of being put on drones and on trucks. …the Silent Crow pod is now the leading contender for the flying flagship of the Army’s rebuilt electronic warfare force. Army EW was largely disbanded after the Cold War, except for short-range jammers to shut down remote-controlled … Read More “New US Electronic Warfare Platform” »