cybersecurity – Page 8 – SSL and internet security news

MacOS Zero-Day Used against Hong Kong Activists

November 12, 2021 infossl

activism, apple, china, cybersecurity, exploits, google, hacking, Security technology, Uncategorized, zero-day

Google researchers discovered a MacOS zero-day exploit being used against Hong Kong activists. It was a “watering hole” attack, which means the malware was hidden in a legitimate website. Users visiting that website would get infected. From an article: Google’s researchers were able to trigger the exploits and study them by visiting the websites compromised … Read More “MacOS Zero-Day Used against Hong Kong Activists” »

Advice for Personal Digital Security

November 11, 2021 infossl

cybersecurity, risk assessment, security analysis, Security technology, threat models, Uncategorized

ArsTechnica’s Sean Gallagher has a two–part article on “securing your digital life.” It’s pretty good. Powered by WPeMatico

Syniverse Hack

October 6, 2021 infossl

cybersecurity, data breaches, hacking, Security technology, Uncategorized

This is interesting: A company that is a critical part of the global telecommunications infrastructure used by AT&T, T-Mobile, Verizon and several others around the world such as Vodafone and China Mobile, quietly disclosed that hackers were inside its systems for years, impacting more than 200 of its clients and potentially millions of cellphone users … Read More “Syniverse Hack” »

Excellent Write-up of the SolarWinds Security Breach

August 30, 2021 infossl

breaches, cybersecurity, data breaches, reports, Security technology, Uncategorized

Robert Chesney wrote up the Solar Winds story as a case study, and it’s a really good summary. Powered by WPeMatico

Surveillance of the Internet Backbone

August 25, 2021 infossl

cybersecurity, forensics, internet, privacy, Security technology, surveillance, tracking, traffic analysis, Uncategorized

Vice has an article about how data brokers sell access to the Internet backbone. This is netflow data. It’s useful for cybersecurity forensics, but can also be used for things like tracing VPN activity. At a high level, netflow data creates a picture of traffic flow and volume across a network. It can show which … Read More “Surveillance of the Internet Backbone” »

REvil is Off-Line

July 16, 2021 infossl

cybercrime, cybersecurity, ransomware, russia, Security technology, Uncategorized

This is an interesting development: Just days after President Biden demanded that President Vladimir V. Putin of Russia shut down ransomware groups attacking American targets, the most aggressive of the groups suddenly went off-line early Tuesday. […] Gone was the publicly available “happy blog” the group maintained, listing some of its victims and the group’s … Read More “REvil is Off-Line” »

Iranian State-Sponsored Hacking Attempts

July 13, 2021 infossl

cybersecurity, hacking, iran, phishing, Security technology, Uncategorized

Interesting attack: Masquerading as UK scholars with the University of London’s School of Oriental and African Studies (SOAS), the threat actor TA453 has been covertly approaching individuals since at least January 2021 to solicit sensitive information. The threat actor, an APT who we assess with high confidence supports Islamic Revolutionary Guard Corps (IRGC) intelligence collection … Read More “Iranian State-Sponsored Hacking Attempts” »

More Russian Hacking

July 2, 2021 infossl

cybersecurity, hacking, malware, microsoft, russia, Security technology, Uncategorized

Two reports this week. The first is from Microsoft, which wrote: As part of our investigation into this ongoing activity, we also detected information-stealing malware on a machine belonging to one of our customer support agents with access to basic account information for a small number of our customers. The actor used this information in … Read More “More Russian Hacking” »

Insurance and Ransomware

July 1, 2021 infossl

academic papers, cybercrime, cybersecurity, insurance, mitigation, ransomware, reports, Security technology, Uncategorized

As ransomware becomes more common, I’m seeing more discussions about the ethics of paying the ransom. Here’s one more contribution to that issue: a research paper that the insurance industry is hurting more than it’s helping. However, the most pressing challenge currently facing the industry is ransomware. Although it is a societal problem, cyber insurers … Read More “Insurance and Ransomware” »

Risks of Evidentiary Software

June 29, 2021 infossl

courts, cybersecurity, false positives, forensics, Security technology, Uncategorized, vulnerabilities

Over at Lawfare, Susan Landau has an excellent essay on the risks posed by software used to collect evidence (a Breathalyzer is probably the most obvious example). Bugs and vulnerabilities can lead to inaccurate evidence, but the proprietary nature of software makes it hard for defendants to examine it. The software engineers proposed a three-part … Read More “Risks of Evidentiary Software” »