Uncategorized – Page 89 – SSL and internet security news

Interview with the Head of the NSA’s Research Directorate

February 3, 2022 infossl

data collection, interviews, nsa, Security technology, Uncategorized

MIT Technology Review published an interview with Gil Herrera, the new head of the NSA’s Research Directorate. There’s a lot of talk about quantum computing, monitoring 5G networks, and the problems of big data: The math department, often in conjunction with the computer science department, helps tackle one of NSA’s most interesting problems: big data. … Read More “Interview with the Head of the NSA’s Research Directorate” »

Finding Vulnerabilities in Open Source Projects

February 2, 2022 infossl

google, microsoft, open source, Security technology, Uncategorized, vulnerabilities

The Open Source Security Foundation announced $10 million in funding from a pool of tech and financial companies, including $5 million from Microsoft and Google, to find vulnerabilities in open source projects: The “Alpha” side will emphasize vulnerability testing by hand in the most popular open-source projects, developing close working relationships with a handful of … Read More “Finding Vulnerabilities in Open Source Projects” »

Me on App Store Monopolies and Security

February 1, 2022 infossl

apple, cybersecurity, laws, monoculture, privacy, Security technology, Uncategorized

There are two bills working their way through Congress that would force companies like Apple to allow competitive app stores. Apple hates this, since it would break its monopoly, and it’s making a variety of security arguments to bolster its argument. I have written a rebuttal: I would like to address some of the unfounded … Read More “Me on App Store Monopolies and Security” »

Twelve-Year-Old Linux Vulnerability Discovered and Patched

January 31, 2022 infossl

linux, privilege escalation, rootkits, Security technology, Uncategorized, vulnerabilities

It’s a privilege escalation vulnerability: Linux users on Tuesday got a major dose of bad news — a 12-year-old vulnerability in a system tool called Polkit gives attackers unfettered root privileges on machines running most major distributions of the open source operating system. Previously called PolicyKit, Polkit manages system-wide privileges in Unix-like OSes. It provides … Read More “Twelve-Year-Old Linux Vulnerability Discovered and Patched” »

Friday Squid Blogging: Cephalopods Thirty Million Years Older Than Previously Thought

January 28, 2022 infossl

Security technology, squid, Uncategorized

New fossils from Newfoundland push the origins of cephalopods to 522 million years ago. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here. Powered by WPeMatico

Tracking Secret German Organizations with Apple AirTags

January 28, 2022 infossl

apple, geolocation, intelligence, Security technology, Uncategorized

A German activist is trying to track down a secret government intelligence agency. One of her research techniques is to mail Apple AirTags to see where they actually end up: Wittmann says that everyone she spoke to denied being part of this intelligence agency. But what she describes as a “good indicator,” would be if … Read More “Tracking Secret German Organizations with Apple AirTags” »

New DeadBolt Ransomware Targets NAT Devices

January 26, 2022 infossl

cyberattack, encryption, ransomware, Security technology, Uncategorized, zero-day

There’s a new ransomware that targets NAT devices made by QNAP: The attacks started today, January 25th, with QNAP devices suddenly finding their files encrypted and file names appended with a .deadbolt file extension. Instead of creating ransom notes in each folder on the device, the QNAP device’s login page is hijacked to display a … Read More “New DeadBolt Ransomware Targets NAT Devices” »

Merck Wins Insurance Lawsuit re NotPetya Attack

January 25, 2022 infossl

courts, cyberattack, data destruction, insurance, russia, Security technology, Uncategorized

The insurance company Ace American has to pay for the losses: On 6th December 2021, the New Jersey Superior Court granted partial summary judgment (attached) in favour of Merck and International Indemnity, declaring that the War or Hostile Acts exclusion was inapplicable to the dispute. Merck suffered US$1.4 billion in business interruption losses from the … Read More “Merck Wins Insurance Lawsuit re NotPetya Attack” »

Linux-Targeted Malware Increased by 35%

January 24, 2022 infossl

linux, malware, Security technology, Uncategorized

Crowdstrike is reporting that malware targeting Linux has increased considerably in 2021: Malware targeting Linux systems increased by 35% in 2021 compared to 2020. XorDDoS, Mirai and Mozi malware families accounted for over 22% of Linux-targeted threats observed by CrowdStrike in 2021. Ten times more Mozi malware samples were observed in 2021 compared to 2020. … Read More “Linux-Targeted Malware Increased by 35%” »

San Francisco Police Illegally Spying on Protesters

January 20, 2022 infossl

courts, eff, EPIC, police, privacy, Security technology, surveillance, Uncategorized

Last summer, the San Francisco police illegally used surveillance cameras at the George Floyd protests. The EFF is suing the police: This surveillance invaded the privacy of protesters, targeted people of color, and chills and deters participation and organizing for future protests. The SFPD also violated San Francisco’s new Surveillance Technology Ordinance. It prohibits city … Read More “San Francisco Police Illegally Spying on Protesters” »