Informations about SSL certificates and networks security
Auto Added by WPeMatico
There’s a new malware called BrickerBot that permanently disables vulnerable IoT devices by corrupting their storage capability and reconfiguring kernel parameters. Right now, it targets devices with open Telnet ports, but we should assume that future versions will have other infection mechanisms. Slashdot thread. Powered by WPeMatico
WikiLeaks is obviously playing their Top Secret CIA data cache for as much press as they can, leaking the documents a little at a time. On Friday they published their fourth set of documents from what they call “Vault 7”: 27 documents from the CIA’s Grasshopper framework, a platform used to build customized malware payloads … Read More “Fourth WikiLeaks CIA Attack Tool Dump” »
Last August, an unknown group called the Shadow Brokers released a bunch of NSA tools to the public. The common guesses were that the tools were discovered on an external staging server, and that the hack and release was the work of the Russians (back then, that wasn’t controversial). This was me: Okay, so let’s … Read More “Shadow Brokers Releases the Rest of Their NSA Hacking Tools” »
This is just plain weird: Rosenthal, a neurobiologist at the Marine Biological Laboratory, was a grad student studying a specific protein in squid when he got an an inkling that some cephalopods might be different. Every time he analyzed that protein’s RNA sequence, it came out slightly different. He realized the RNA was occasionally substituting … Read More “Friday Squid Blogging: Squid Can Edit Their Own RNA” »
NSA Deputy Director Richard Ledgett described a 2014 Russian cyberattack against the US State Department as “hand-to-hand” combat: “It was hand-to-hand combat,” said NSA Deputy Director Richard Ledgett, who described the incident at a recent cyber forum, but did not name the nation behind it. The culprit was identified by other current and former officials. … Read More “Incident Response as “Hand-to-Hand Combat”” »
There’s a blog post from Google’s Project Zero detailing an attack against Android phones over Wi-Fi. From Ars Technica: The vulnerability resides in a widely used Wi-Fi chipset manufactured by Broadcom and used in both iOS and Android devices. Apple patched the vulnerability with Monday’s release of iOS 10.3.1. “An attacker within range may be … Read More “Many Android Phones Vulnerable to Attacks Over Malicious Wi-Fi Networks” »
There’s a new report of a nation-state attack, presumed to be from China, on a series of managed ISPs. From the executive summary: Since late 2016, PwC UK and BAE Systems have been assisting victims of a new cyber espionage campaign conducted by a China-based threat actor. We assess this threat actor to almost certainly … Read More “APT10 and Cloud Hopper” »
This is an interesting combination of computer and physical attack: Researchers from the Russian security firm Kaspersky on Monday detailed a new ATM-emptying attack, one that mixes digital savvy with a very precise form of physical penetration. Kaspersky’s team has even reverse engineered and demonstrated the attack, using only a portable power drill and a … Read More “Clever Physical ATM Attack” »
Interesting law journal article: “Encryption and the Press Clause,” by D. Victoria Barantetsky. Abstract: Almost twenty years ago, a hostile debate over whether government could regulate encryption — later named the Crypto Wars — seized the country. At the center of this debate stirred one simple question: is encryption protected speech? This issue touched all … Read More “Encryption Policy and Freedom of the Press” »