Informations about SSL certificates and networks security
In a 6-3 ruling, the Supreme Court just narrowed the scope of the Computer Fraud and Abuse Act: In a ruling delivered today, the court sided with Van Buren and overturned his 18-month conviction. In a 37-page opinion written and delivered by Justice Amy Coney Barrett, the court explained that the “exceeds authorized access” language … Read More “The Supreme Court Narrowed the CFAA” »
NASA is sending baby bobtail squid into space. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here. Powered by WPeMatico
Today is the second day of the fourteenth Workshop on Security and Human Behavior. The University of Cambridge is the host, but we’re all on Zoom. SHB is a small, annual, invitational workshop of people studying various aspects of the human side of security, organized each year by Alessandro Acquisti, Ross Anderson, and myself. The … Read More “Security and Human Behavior (SHB) 2021” »
The New York Times has a long story on the DarkSide ransomware gang. A glimpse into DarkSide’s secret communications in the months leading up to the Colonial Pipeline attack reveals a criminal operation on the rise, pulling in millions of dollars in ransom payments each month. DarkSide offers what is known as “ransomware as a … Read More “The DarkSide Ransomware Gang” »
The website for the M1racles security vulnerability is an excellent demonstration that not all vulnerabilities are exploitable. Be sure to read the FAQ through to the end. EDITED TO ADD: Wired article. Powered by WPeMatico
Interesting research paper. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here. Powered by WPeMatico
Russia’s Sunburst cyberespionage campaign, discovered late last year, impacted more than 100 large companies and US federal agencies, including the Treasury, Energy, Justice, and Homeland Security departments. A crucial part of the Russians’ success was their ability to move through these organizations by compromising cloud and local network identity systems to then access cloud accounts … Read More “The Misaligned Incentives for Cloud Security” »
Really good long article about the Chinese hacking of RSA, Inc. They were able to get copies of the seed values to the SecurID authentication token, a harbinger of supply-chain attacks to come. Powered by WPeMatico
Apostle seems to be a new strain of malware that destroys data. In a post published Tuesday, SentinelOne researchers said they assessed with high confidence that based on the code and the servers Apostle reported to, the malware was being used by a newly discovered group with ties to the Iranian government. While a ransomware … Read More “New Disk Wiping Malware Targets Israel” »
This month, the New York state attorney general issued a report on a scheme by “U.S. Companies and Partisans [to] Hack Democracy.” This wasn’t another attempt by Republicans to make it harder for Black people and urban residents to vote. It was a concerted attack on another core element of US democracy – the ability … Read More “AIs and Fake Comments” »