reports – Page 4 – SSL and internet security news

On Chinese-Owned Technology Platforms

February 25, 2021 infossl

china, national security policy, reports, Security technology, threat models, Uncategorized

I am a co-author on a report published by the Hoover Institution: “Chinese Technology Platforms Operating in the United States.” From a blog post: The report suggests a comprehensive framework for understanding and assessing the risks posed by Chinese technology platforms in the United States and developing tailored responses. It starts from the common view … Read More “On Chinese-Owned Technology Platforms” »

Router Security

February 19, 2021 infossl

hardware, Internet of Things, linux, mitigation, patching, reports, Security technology, Uncategorized, vulnerabilities

This report is six months old, and I don’t know anything about the organization that produced it, but it has some alarming data about router security. Conclusion: Our analysis showed that Linux is the most used OS running on more than 90% of the devices. However, many routers are powered by very old versions of … Read More “Router Security” »

Chinese Supply-Chain Attack on Computer Systems

February 13, 2021 infossl

backdoors, china, cybersecurity, fbi, fisa, intelligence, Internet of Things, national security policy, reports, Security technology, supply chain, Uncategorized

Bloomberg News has a major story about the Chinese hacking computer motherboards made by Supermicro, Levono, and others. It’s been going on since at least 2008. The US government has known about it for almost as long, and has tried to keep the attack secret: China’s exploitation of products made by Supermicro, as the U.S. … Read More “Chinese Supply-Chain Attack on Computer Systems” »

Survey of Supply Chain Attacks

July 28, 2020 infossl

reports, Security technology, supplychain

The Atlantic Council has a released a report that looks at the history of computer supply chain attacks. Key trends from their summary: Deep Impact from State Actors: There were at least 27 different state attacks against the software supply chain including from Russia, China, North Korea, and Iran as well as India, Egypt, the … Read More “Survey of Supply Chain Attacks” »

Nation-State Espionage Campaigns against Middle East Defense Contractors

June 23, 2020 infossl

attribution, cyberespionage, espionage, impersonation, linkedin, malware, reports, Security technology

Report on espionage attacks using LinkedIn as a vector for malware, with details and screenshots. They talk about “several hints suggesting a possible link” to the Lazarus group (aka North Korea), but that’s by no means definite. As part of the initial compromise phase, the Operation In(ter)ception attackers had created fake LinkedIn accounts posing as … Read More “Nation-State Espionage Campaigns against Middle East Defense Contractors” »

New Hacking-for-Hire Company in India

June 19, 2020 infossl

hacking, india, phishing, reports, Security technology

Citizen Lab has a new report on Dark Basin, a large hacking-for-hire company in India. Key Findings: Dark Basin is a hack-for-hire group that has targeted thousands of individuals and hundreds of institutions on six continents. Targets include advocacy groups and journalists, elected and senior government officials, hedge funds, and multiple industries. Dark Basin extensively … Read More “New Hacking-for-Hire Company in India” »

Theft of CIA’s “Vault Seven” Hacking Tools Due to Its Own Lousy Security

June 18, 2020 infossl

breaches, cia, leaks, reports, Security technology, wikileaks

The Washington Post is reporting on an internal CIA report about its “Vault 7” security breach: The breach — allegedly committed by a CIA employee — was discovered a year after it happened, when the information was published by WikiLeaks, in March 2017. The anti-secrecy group dubbed the release “Vault 7,” and U.S. officials have … Read More “Theft of CIA’s “Vault Seven” Hacking Tools Due to Its Own Lousy Security” »

AI and Cybersecurity

May 19, 2020 infossl

artificialintelligence, attribution, cybersecurity, nationalsecuritypolicy, reports, Security technology

Ben Buchanan has written “A National Security Research Agenda for Cybersecurity and Artificial Intelligence.” It’s really good — well worth reading. Powered by WPeMatico

The DoD Isn’t Fixing Its Security Problems

April 17, 2020 infossl

accountability, compliance, cybersecurity, departmentofdefense, reports, Security technology

It has produced several reports outlining what’s wrong and what needs to be fixed. It’s not fixing them: GAO looked at three DoD-designed initiatives to see whether the Pentagon is following through on its own goals. In a majority of cases, DoD has not completed the cybersecurity training and awareness tasks it set out to. … Read More “The DoD Isn’t Fixing Its Security Problems” »

Bug Bounty Programs Are Being Used to Buy Silence

April 3, 2020 infossl

bribes, coverups, disclosure, reports, Security technology

Investigative report on how commercial bug-bounty programs like HackerOne, Bugcrowd, and SynAck are being used to silence researchers: Used properly, bug bounty platforms connect security researchers with organizations wanting extra scrutiny. In exchange for reporting a security flaw, the researcher receives payment (a bounty) as a thank you for doing the right thing. However, CSO’s … Read More “Bug Bounty Programs Are Being Used to Buy Silence” »