ProPublica is reporting on companies that pretend to recover data locked up by ransomware, but just secretly pay the hackers and then mark up the cost to the victims. Powered by WPeMatico
Category: hacking
Auto Added by WPeMatico
The digital forensics company Cellebrite now claims it can unlock any iPhone. I dithered before blogging this, not wanting to give the company more publicity. But I decided that everyone who wants to know already knows, and that Apple already knows. It’s all of us that need to know. Powered by WPeMatico
MongoDB now has the ability to encrypt data by field: MongoDB calls the new feature Field Level Encryption. It works kind of like end-to-end encrypted messaging, which scrambles data as it moves across the internet, revealing it only to the sender and the recipient. In such a “client-side” encryption scheme, databases utilizing Field Level Encryption … Read More “MongoDB Offers Field Level Encryption” »
Learning from the huge expenses Atlanta and Baltimore incurred by refusing to pay ransomware, the Florida City of Riveria Beach decided to pay up. The ransom amount of almost $600,000 is a lot, but much cheaper than the alternative. Powered by WPeMatico
Security researchers Gabriel Campana and Jean-Baptiste BĂ©drune are giving a hardware security module (HSM) talk at BlackHat in August: This highly technical presentation targets an HSM manufactured by a vendor whose solutions are usually found in major banks and large cloud service providers. It will demonstrate several attack paths, some of them allowing unauthenticated attackers … Read More “Hacking Hardware Security Modules” »
In 2016, a hacker group calling itself the Shadow Brokers released a trove of 2013 NSA hacking tools and related documents. Most people believe it is a front for the Russian government. Since, then the vulnerabilities and tools have been used by both government and criminals, and put the NSA’s ability to secure its own … Read More “Leaked NSA Hacking Tools” »
To better understand influence attacks, we proposed an approach that models democracy itself as an information system and explains how democracies are vulnerable to certain forms of information attacks that autocracies naturally resist. Our model combines ideas from both international security and computer security, avoiding the limitations of both in explaining how influence attacks may … Read More “Defending Democracies Against Information Attacks” »
Someone is stealing millions of dollars worth of Ethereum by guessing users’ private keys. Normally this should be impossible, but lots of keys seem to be very weak. Researchers are unsure how those weak keys are being generated and used. Their paper is here. Powered by WPeMatico
From a G7 meeting of interior ministers in Paris this month, an “outcome document“: Encourage Internet companies to establish lawful access solutions for their products and services, including data that is encrypted, for law enforcement and competent authorities to access digital evidence, when it is removed or hosted on IT servers located abroad or encrypted, … Read More “G7 Comes Out in Favor of Encryption Backdoors” »
The source code of a set of Iranian cyberespionage tools was leaked online. Powered by WPeMatico