cybersecurity, risk assessment, security analysis, Security technology, threat models, Uncategorized
ArsTechnica’s Sean Gallagher has a two–part article on “securing your digital life.” It’s pretty good. Powered by WPeMatico
Category: cybersecurity
Auto Added by WPeMatico
cybersecurity, data breaches, hacking, Security technology, Uncategorized
This is interesting: A company that is a critical part of the global telecommunications infrastructure used by AT&T, T-Mobile, Verizon and several others around the world such as Vodafone and China Mobile, quietly disclosed that hackers were inside its systems for years, impacting more than 200 of its clients and potentially millions of cellphone users … Read More “Syniverse Hack” »
breaches, cybersecurity, data breaches, reports, Security technology, Uncategorized
Robert Chesney wrote up the Solar Winds story as a case study, and it’s a really good summary. Powered by WPeMatico
cybersecurity, forensics, internet, privacy, Security technology, surveillance, tracking, traffic analysis, Uncategorized
Vice has an article about how data brokers sell access to the Internet backbone. This is netflow data. It’s useful for cybersecurity forensics, but can also be used for things like tracing VPN activity. At a high level, netflow data creates a picture of traffic flow and volume across a network. It can show which … Read More “Surveillance of the Internet Backbone” »
cybercrime, cybersecurity, ransomware, russia, Security technology, Uncategorized
This is an interesting development: Just days after President Biden demanded that President Vladimir V. Putin of Russia shut down ransomware groups attacking American targets, the most aggressive of the groups suddenly went off-line early Tuesday. […] Gone was the publicly available “happy blog” the group maintained, listing some of its victims and the group’s … Read More “REvil is Off-Line” »
cybersecurity, hacking, iran, phishing, Security technology, Uncategorized
Interesting attack: Masquerading as UK scholars with the University of London’s School of Oriental and African Studies (SOAS), the threat actor TA453 has been covertly approaching individuals since at least January 2021 to solicit sensitive information. The threat actor, an APT who we assess with high confidence supports Islamic Revolutionary Guard Corps (IRGC) intelligence collection … Read More “Iranian State-Sponsored Hacking Attempts” »
cybersecurity, hacking, malware, microsoft, russia, Security technology, Uncategorized
Two reports this week. The first is from Microsoft, which wrote: As part of our investigation into this ongoing activity, we also detected information-stealing malware on a machine belonging to one of our customer support agents with access to basic account information for a small number of our customers. The actor used this information in … Read More “More Russian Hacking” »
academic papers, cybercrime, cybersecurity, insurance, mitigation, ransomware, reports, Security technology, Uncategorized
As ransomware becomes more common, I’m seeing more discussions about the ethics of paying the ransom. Here’s one more contribution to that issue: a research paper that the insurance industry is hurting more than it’s helping. However, the most pressing challenge currently facing the industry is ransomware. Although it is a societal problem, cyber insurers … Read More “Insurance and Ransomware” »
courts, cybersecurity, false positives, forensics, Security technology, Uncategorized, vulnerabilities
Over at Lawfare, Susan Landau has an excellent essay on the risks posed by software used to collect evidence (a Breathalyzer is probably the most obvious example). Bugs and vulnerabilities can lead to inaccurate evidence, but the proprietary nature of software makes it hard for defendants to examine it. The software engineers proposed a three-part … Read More “Risks of Evidentiary Software” »
cybersecurity, machine learning, reports, Security technology, Uncategorized
The Center for Security and Emerging Technology has a new report: “Machine Learning and Cybersecurity: Hype and Reality.” Here’s the bottom line: The report offers four conclusions: Machine learning can help defenders more accurately detect and triage potential attacks. However, in many cases these technologies are elaborations on long-standing methods — not fundamentally new approaches … Read More “The Future of Machine Learning and Cybersecurity” »