Rolling Stone is reporting that the UK government has hired the M&C Saatchi advertising agency to launch an anti-encryption advertising campaign. Presumably they’ll lean heavily on the “think of the children!” rhetoric we’re seeing in this current wave of the crypto wars. The technical eavesdropping mechanisms have shifted to client-side scanning, which won’t actually help — but since that’s not really the point, it’s not argued on its merits.
Powered by WPeMatico
infossl
January 18, 2022
child pornography, children, crypto wars, cybersecurity, encryption, marketing, privacy, propaganda, Security technology, Uncategorized
Read more >
Google took steps to shut down the Glupteba botnet, at least for now. (The botnet uses the bitcoin blockchain as a backup command-and-control mechanism, making it hard to get rid of it permanently.) So Google is also suing the botnet’s operators.
It’s an interesting strategy. Let’s see if it’s successful.
Powered by WPeMatico
infossl
December 9, 2021
bitcoin, blockchain, botnets, cybersecurity, google, Security technology, Uncategorized
Read more >
This is part 3 of Sean Gallagher’s advice for “securing your digital life.”
Powered by WPeMatico
infossl
November 15, 2021
cybersecurity, phishing, risk assessment, security analysis, Security technology, smartphones, threat models, Uncategorized
Read more >
Google researchers discovered a MacOS zero-day exploit being used against Hong Kong activists. It was a “watering hole” attack, which means the malware was hidden in a legitimate website. Users visiting that website would get infected.
From an article:
Google’s researchers were able to trigger the exploits and study them by visiting the websites compromised by the hackers. The sites served both iOS and MacOS exploit chains, but the researchers were only able to retrieve the MacOS one. The zero-day exploit was similar to another in-the-wild vulnerability analyzed by another Google researcher in the past, according to the report.
In addition, the zero-day exploit used in this hacking campaign is “identical” to an exploit previously found by cybersecurity research group Pangu Lab, Huntley said. Pangu Lab’s researchers presented the exploit at a security conference in China in April of this year, a few months before hackers used it against Hong Kong users.
The exploit was discovered in August. Apple patched the vulnerability in September. China is, of course, the obvious suspect, given the victims.
Powered by WPeMatico
infossl
November 12, 2021
activism, apple, china, cybersecurity, exploits, google, hacking, Security technology, Uncategorized, zero-day
Read more >
ArsTechnica’s Sean Gallagher has a two–part article on “securing your digital life.”
It’s pretty good.
Powered by WPeMatico
infossl
November 11, 2021
cybersecurity, risk assessment, security analysis, Security technology, threat models, Uncategorized
Read more >
This is interesting:
A company that is a critical part of the global telecommunications infrastructure used by AT&T, T-Mobile, Verizon and several others around the world such as Vodafone and China Mobile, quietly disclosed that hackers were inside its systems for years, impacting more than 200 of its clients and potentially millions of cellphone users worldwide.
I’ve never heard of the company.
No details about the hack. It could be nothing. It could be a national intelligence service looking for information.
Powered by WPeMatico
infossl
October 6, 2021
cybersecurity, data breaches, hacking, Security technology, Uncategorized
Read more >
Robert Chesney wrote up the Solar Winds story as a case study, and it’s a really good summary.
Powered by WPeMatico
infossl
August 30, 2021
breaches, cybersecurity, data breaches, reports, Security technology, Uncategorized
Read more >
Vice has an article about how data brokers sell access to the Internet backbone. This is netflow data. It’s useful for cybersecurity forensics, but can also be used for things like tracing VPN activity.
At a high level, netflow data creates a picture of traffic flow and volume across a network. It can show which server communicated with another, information that may ordinarily only be available to the server owner or the ISP carrying the traffic. Crucially, this data can be used for, among other things, tracking traffic through virtual private networks, which are used to mask where someone is connecting to a server from, and by extension, their approximate physical location.
In the hands of some governments, that could be dangerous.
Powered by WPeMatico
infossl
August 25, 2021
cybersecurity, forensics, internet, privacy, Security technology, surveillance, tracking, traffic analysis, Uncategorized
Read more >
This is an interesting development:
Just days after President Biden demanded that President Vladimir V. Putin of Russia shut down ransomware groups attacking American targets, the most aggressive of the groups suddenly went off-line early Tuesday.
[…]
Gone was the publicly available “happy blog” the group maintained, listing some of its victims and the group’s earnings from its digital extortion schemes. Internet security groups said the custom-made sites - think of them as virtual conference rooms — where victims negotiated with REvil over how much ransom they would pay to get their data unlocked also disappeared. So did the infrastructure for making payments.
Okay. So either the US took them down, Russia took them down, or they took themselves down.
Powered by WPeMatico
infossl
July 16, 2021
cybercrime, cybersecurity, ransomware, russia, Security technology, Uncategorized
Read more >
Interesting attack:
Masquerading as UK scholars with the University of London’s School of Oriental and African Studies (SOAS), the threat actor TA453 has been covertly approaching individuals since at least January 2021 to solicit sensitive information. The threat actor, an APT who we assess with high confidence supports Islamic Revolutionary Guard Corps (IRGC) intelligence collection efforts, established backstopping for their credential phishing infrastructure by compromising a legitimate site of a highly regarded academic institution to deliver personalized credential harvesting pages disguised as registration links. Identified targets included experts in Middle Eastern affairs from think tanks, senior professors from well-known academic institutions, and journalists specializing in Middle Eastern coverage.
These connection attempts were detailed and extensive, often including lengthy conversations prior to presenting the next stage in the attack chain. Once the conversation was established, TA453 delivered a “registration link” to a legitimate but compromised website belonging to the University of London’s SOAS radio. The compromised site was configured to capture a variety of credentials. Of note, TA453 also targeted the personal email accounts of at least one of their targets. In subsequent phishing emails, TA453 shifted their tactics and began delivering the registration link earlier in their engagement with the target without requiring extensive conversation. This operation, dubbed SpoofedScholars, represents one of the more sophisticated TA453 campaigns identified by Proofpoint.
The report details the tactics.
News article.
Powered by WPeMatico
infossl
July 13, 2021
cybersecurity, hacking, iran, phishing, Security technology, Uncategorized
Read more >
