Blogroll | Communications of the ACM

From Schneier on Security

Friday Squid Blogging: Amazing Video of a Black-Eyed Squid Trying to Eat an Owlfish

From the Monterey Bay Aquarium. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting... Bruce Schneier
From Schneier on Security | February 5, 2021 at 10:17 AM

From Schneier on Security

Friday Squid Blogging: Flying Squid

How squid fly. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines... Bruce Schneier
From Schneier on Security | February 5, 2021 at 10:13 AM

From Schneier on Security

Ransomware Profitability

Analyzing cryptocurrency data, a research group has estimated a lower-bound on 2020 ransomware revenue: $350 million, four times more than in 2019. Based on the... Bruce Schneier
From Schneier on Security | February 3, 2021 at 03:25 PM

From Schneier on Security

SonicWall Zero-Day

Hackers are exploiting zero-day in SonicWall: In an email, an NCC Group spokeswoman wrote: “Our team has observed signs of an attempted exploitation of a vulnerabilitythat... Bruce Schneier
From Schneier on Security | February 3, 2021 at 03:24 PM

From Schneier on Security

Web Credit Card Skimmer Steals Data from Another Credit Card Skimmer

MalwareBytes is reporting a weird software credit card skimmer. It harvests credit card data stolen by another, different skimmer: Even though spotting multiple... Bruce Schneier
From Schneier on Security | February 3, 2021 at 03:24 PM

From Schneier on Security

NoxPlayer Android Emulator Supply-Chain Attack

It seems to be the season of sophisticated supply-chain attacks. This one is in the NoxPlayer Android emulator: ESET says that based on evidence its researchers... Bruce Schneier
From Schneier on Security | February 3, 2021 at 03:23 PM

From Schneier on Security

Presidential Cybersecurity and Pelotons

President Biden wants his Peloton in the White House. For those who have missed the hype, it’s an Internet-connected stationary bicycle. It has a screen, a camera... Bruce Schneier
From Schneier on Security | February 3, 2021 at 03:23 PM

From Schneier on Security

Another SolarWinds Orion Hack

At the same time the Russians were using a backdoored SolarWinds update to attack networks worldwide, another threat actor — believed to be Chinese in origin —penetrate... Bruce Schneier
From Schneier on Security | February 3, 2021 at 03:22 PM

From Schneier on Security

More SolarWinds News

Microsoft analyzed details of the SolarWinds attack: Microsoft and FireEye only detected the Sunburst or Solorigate malware in December, but Crowdstrike reported... Bruce Schneier
From Schneier on Security | February 2, 2021 at 10:54 PM

From Schneier on Security

Georgia’s Ballot-Marking Devices

Andrew Appel discusses Georgia’s voting machines, how the paper ballots facilitated a recount, and the problem with automatic ballot-marking devices: Suppose the... Bruce Schneier
From Schneier on Security | February 1, 2021 at 11:09 AM

From Schneier on Security

Including Hackers in NATO Wargames

This essay makes the point that actual computer hackers would be a useful addition to NATO wargames: The international information security community is filled... Bruce Schneier
From Schneier on Security | January 29, 2021 at 01:03 PM

From Schneier on Security

New iMessage Security Features

Apple has added added security features to mitigate the risk of zero-click iMessage attacks. Apple did not document the changes but Groß said he fiddled around... Bruce Schneier
From Schneier on Security | January 29, 2021 at 10:21 AM

From Schneier on Security

Police Have Disrupted the Emotet Botnet

A coordinated effort has captured the command-and-control servers of the Emotet botnet: Emotet establishes a backdoor onto Windows computer systems via automated... Bruce Schneier
From Schneier on Security | January 27, 2021 at 05:04 PM

From Schneier on Security

Dutch Insider Attack on COVID-19 Data

Insider data theft: Dutch police have arrested two individuals on Friday for allegedly selling data from the Dutch health ministry’s COVID-19 systems on the criminal... Bruce Schneier
From Schneier on Security | January 27, 2021 at 09:59 AM

From Schneier on Security

Massive Brazilian Data Breach

I think this is the largest data breach of all time: 220 million people. (Lots more stories are in Portuguese.) Bruce Schneier
From Schneier on Security | January 25, 2021 at 02:58 PM

From Schneier on Security

Insider Attack on Home Surveillance Systems

No one who reads this blog regularly will be surprised: A former employee of prominent home security company ADT has admitted that he hacked into the surveillance... Bruce Schneier
From Schneier on Security | January 25, 2021 at 10:33 AM

From Schneier on Security

SVR Attacks on Microsoft 365

FireEye is reporting the current known tactics that the SVR used to compromise Microsoft 365 cloud data as part of its SolarWinds operation: Mandiant has observed... Bruce Schneier
From Schneier on Security | January 20, 2021 at 11:57 PM

From Schneier on Security

Sophisticated Watering Hole Attack

Google’s Project Zero has exposed a sophisticated watering-hole attack targeting both Windows and Android: Some of the exploits were zero-days, meaning they targeted... Bruce Schneier
From Schneier on Security | January 19, 2021 at 04:05 PM

From Schneier on Security

Injecting a Backdoor into SolarWinds Orion

Crowdstrike is reporting on a sophisticated piece of malware that was able to inject malware into the SolarWinds build process: Key Points SUNSPOT is StellarParticle... Bruce Schneier
From Schneier on Security | January 18, 2021 at 05:19 PM

From Schneier on Security

Click Here to Kill Everybody Sale

For a limited time, I am selling signed copies of Click Here to Kill Everybody in hardcover for just $6, plus shipping. Note that I have had occasional problems... Bruce Schneier
From Schneier on Security | January 15, 2021 at 12:27 PM