cybersecurity – Page 10 – SSL and internet security news

DNI’s Annual Threat Assessment

April 15, 2021 infossl

cybersecurity, national security policy, Security technology, supply chain, threat models, Uncategorized

The office of the Director of National Intelligence released its “Annual Threat Assessment of the U.S. Intelligence Community.” Cybersecurity is covered on pages 20-21. Nothing surprising: Cyber threats from nation states and their surrogates will remain acute. States’ increasing use of cyber operations as a tool of national power, including increasing use by militaries around … Read More “DNI’s Annual Threat Assessment” »

More Biden Cybersecurity Nominations

April 13, 2021 infossl

cybersecurity, national security policy, nsa, Security technology, Uncategorized

News: President Biden announced key cybersecurity leadership nominations Monday, proposing Jen Easterly as the next head of the Cybersecurity and Infrastructure Security Agency and John “Chris” Inglis as the first ever national cyber director (NCD). I know them both, and think they’re both good choices. More news. Powered by WPeMatico

More on the Chinese Zero-Day Microsoft Exchange Hack

March 10, 2021 infossl

china, cybersecurity, hacking, microsoft, patching, Security technology, Uncategorized, zero-day

Nick Weaver has an excellent post on the Microsoft Exchange hack: The investigative journalist Brian Krebs has produced a handy timeline of events and a few things stand out from the chronology. The attacker was first detected by one group on Jan. 5 and another on Jan. 6, and Microsoft acknowledged the problem immediately. During … Read More “More on the Chinese Zero-Day Microsoft Exchange Hack” »

National Security Risks of Late-Stage Capitalism

March 1, 2021 infossl

china, cybersecurity, essays, hacking, national security policy, russia, Security technology, Uncategorized

Early in 2020, cyberspace attackers apparently working for the Russian government compromised a piece of widely used network management software made by a company called SolarWinds. The hack gave the attackers access to the computer networks of some 18,000 of SolarWinds’s customers, including US government agencies such as the Homeland Security Department and State Department, … Read More “National Security Risks of Late-Stage Capitalism” »

GPS Vulnerabilities

February 22, 2021 infossl

cybersecurity, gps, infrastructure, national security policy, Security technology, Uncategorized

Really good op-ed in the New York Times about how vulnerable the GPS system is to interference, spoofing, and jamming — and potential alternatives. The 2018 National Defense Authorization Act included funding for the Departments of Defense, Homeland Security and Transportation to jointly conduct demonstrations of various alternatives to GPS, which were concluded last March. … Read More “GPS Vulnerabilities” »

Chinese Supply-Chain Attack on Computer Systems

February 13, 2021 infossl

backdoors, china, cybersecurity, fbi, fisa, intelligence, Internet of Things, national security policy, reports, Security technology, supply chain, Uncategorized

Bloomberg News has a major story about the Chinese hacking computer motherboards made by Supermicro, Levono, and others. It’s been going on since at least 2008. The US government has known about it for almost as long, and has tried to keep the attack secret: China’s exploitation of products made by Supermicro, as the U.S. … Read More “Chinese Supply-Chain Attack on Computer Systems” »

Vaccine for Emotet Malware

August 18, 2020 infossl

cybersecurity, malware, Security technology

Interesting story of a vaccine for the Emotet malware: Through trial and error and thanks to subsequent Emotet updates that refined how the new persistence mechanism worked, Quinn was able to put together a tiny PowerShell script that exploited the registry key mechanism to crash Emotet itself. The script, cleverly named EmoCrash, effectively scanned a … Read More “Vaccine for Emotet Malware” »

UAE Hack and Leak Operations

August 13, 2020 infossl

academicpapers, cybersecurity, hacking, leaks, nationalsecuritypolicy, qatar, saudiarabia, Security technology, unitedarabemirates

Interesting paper on recent hack-and-leak operations attributed to the UAE: Abstract: Four hack-and-leak operations in U.S. politics between 2016 and 2019, publicly attributed to the United Arab Emirates (UAE), Qatar, and Saudi Arabia, should be seen as the “simulation of scandal” – deliberate attempts to direct moral judgement against their target. Although “hacking” tools enable … Read More “UAE Hack and Leak Operations” »

The NSA on the Risks of Exposing Location Data

August 6, 2020 infossl

cybersecurity, geolocation, military, nsa, riskassessment, risks, Security technology, smartphones, tracking

The NSA has issued an advisory on the risks of location data. Mitigations reduce, but do not eliminate, location tracking risks in mobile devices. Most users rely on features disabled by such mitigations, making such safeguards impractical. Users should be aware of these risks and take action based on their specific situation and risk tolerance. … Read More “The NSA on the Risks of Exposing Location Data” »

Twitter Hacker Arrested

July 31, 2020 infossl

cybersecurity, hacking, scams, Security technology, socialmedia, twitter

A 17-year-old Florida boy was arrested and charged with last week’s Twitter hack. News articles. Boing Boing post. Florida state attorney press release. This is a developing story. Post any additional news in the comments. Powered by WPeMatico