Hacking groups throughout the world are increasing their activities as a result of the Russian invasion of Ukraine on February 24, 2022. Some of these groups are supporting a particular side, while others simply want to take advantage of the resulting chaos.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued a warning concerning the growing threat of advanced persistent threat (APT) actors resulting from the invasion. While world superpowers have fought each other by proxy in the past, the current conflict in Ukraine may be the first cyber proxy war. More…
Tamara Scott predicts that Apple won’t release their augmented reality product this year because they’re waiting for it to be perfect—or at least paradigm changing. [about Augmented Reality (AR) Virtual Reality (VR), and the Metaverse]
The NSA already has classified quantum-resistant algorithms of its own that it developed over many years, said Joyce. But it didn’t enter any of its own in the contest. The agency’s mathematicians, however, worked with NIST to support the process, trying to crack the algorithms in order to test their merit.
“Those candidate algorithms that NIST is running the competitions on all appear strong, secure, and what we need for quantum resistance,” Joyce said. “We’ve worked against all of them to make sure they are solid.”
Bruce Schneier [2022.05.17] CISA, NSA, FBI, and similar organizations in the other Five Eyes countries are warning that attacks on MSPs — as a vector to their customers — are likely to increase. No details about what this prediction is based on. Makes sense, though. The SolarWinds attack was incredibly successful for the Russian SVR, and a blueprint for future attacks.
Bruce Schneier [2022.05.20] Locks that use Bluetooth Low Energy to authenticate keys are vulnerable to remote unlocking. The research focused on Teslas, but the exploit is generalizable. Another news article.
Most IT leaders are worried about passwords being stolen at their organization, according to a survey from Ping Identity. [Bob says, Only half? What’s wrong with the other half?] Article discusses passwordless authentication.
This is a new vulnerability against Apple’s M1 chip. Researchers say that it is unpatchable.
Researchers from MIT’s Computer Science and Artificial Intelligence Laboratory, however, have created a novel hardware attack, which combines memory corruption and speculative execution attacks to sidestep the security feature. The attack shows that pointer authentication can be defeated without leaving a trace, and as it utilizes a hardware mechanism, no software patch can fix it. More…
Here is a good resource for anyone concerned with cellphone privacy issues.
SolarWinds Security Announcement
The December 2020 SUNBURST cyberattack on the SolarWinds® software build environment shows sophisticated attacks are becoming more common, and what was once industry-standard is no longer sufficient. As a result, we created our Secure by Design principles with a focus on people, infrastructure, and software development.
Starting in 2021, we rolled out incremental changes to elevate the strength and integrity of our build environment. As a result, we’ve created a new standard for the secure software development life cycle.
Download our whitepaper to learn about the SolarWinds next-generation build system, how it meets the four tenets of Secure by Design principles, and how this affects software development in 2022 and beyond.
Interesting research: “Sponge Examples: Energy-Latency Attacks on Neural Networks“:
VIRGINIA BEACH, Va. — Virginia Beach Police are investigating an incident where people reportedly hacked into a gas station pump and stole more than $13,600 worth of gas. Two men have been charged in connection with the crime.
Police said it happened at the CITGO gas station on 1405 North Great Neck Road in Virginia Beach.
Officers said the individuals used a remote device to hack the pump and steal over 400 gallons of fuel in the span of a few hours. The devices allowed them to bypass the computer and not register the sale. More…
At Mullvad VPN we strive to know as little as possible about our users. We are constantly looking for ways to reduce the amount of data we store while still providing a usable service. Nowhere is the tension between privacy and usability more apparent than in the area of payments. More…
Almost every cybercriminal service is on sale on the Dark Web’s marketplaces and forums. Learn more about these service’s prices in 2022 and how to protect from being exposed on the Dark Web.