Security News Archive: 2014 to 2016

Page Links: 201620152014

2016 News

  • 29-12-2016: Your 5 totally achievable security resolutions for the New Year.  [Wired]
  • 23-12-2016: The year encryption won.  [Wired]
  • 22-12-2016: Encryption backdoors are against US national interest.  [HardOCP]  [ZDNet]
  • 22-12-2016: NIST requests ideas for crypto that can survive quantum computers.  [The Register]  [THG]  [Schneier]
  • 21-12-2016: Don't pay up to decrypt – cure found for CryptXXX ransomware, again.  [The Register]
  • 20-12-2016: How to safely delete private data forever.  [Gizmodo]
  • 20-12-2016: Hackers suspected of causing power outage in Ukraine.  [Graham Cluley]
  • 16-12-2016: DDoS in 2017: Strap yourself in for a bumpy ride.  [The Register]
  • 15-12-2016: The new security normal.  [Russ White]  [MarketWatch]
  • 15-12-2016: One billion affected by Yahoo hack.  [BBC News]  [Krebs]  [The Register]  [Lifehacker]  [HardOCP]  [Reuters]  [Wired]  [Ars Technica]  [Graham Cluley]  [ExtremeTech]  [Hexus]  [THG]
    • 15-12-2016: Stolen Yahoo data includes government employee information.  [DC Knowledge]
    • 15-12-2016: Yahoo hack: Should I panic?  [BBC News]  [Krebs]
    • 15-12-2016: Were Yahoo hackers state-sponsored?  [BBC News]
    • 15-12-2016: Security experts slam Yahoo management for using old crypto.  [The Register]
    • 15-12-2016: What can you do with a billion Yahoo passwords? Lots of bad things.  [Ars Technica]
    • 15-12-2016: In wake of billion-account hack, Verizon reportedly not so hot for Yahoo.  [Ars Technica]
    • 16-12-2016: Pressure on Yahoo grows after massive hack attack.  [BBC News]
    • 22-12-2016: Response: important security information for Yahoo users.  [EtherealMind]
    • 15-03-2017: Russian spies indicted in massive Yahoo account breach.  [Engadget]  [NZ Herald]  [BBC News]  [The Register]  [HardOCP]  [NYT]  [Wired]  [ExtremeTech]  [Krebs]  [Graham Cluley]
      • 16-03-2017: How Russian hackers took hold of Yahoo.  [Gizmodo]  [NZ Herald]
      • 16-03-2017: Russia denies Yahoo hack involvement.  [BBC News]
    • 20-03-2017: Lessons from Yahoo hack: Simple tips to safeguard your email.  [NZ Herald]
  • 13-12-2016: DDoS-for-hire takedown: 34 arrests made by Europol, FBI, and others.  [Graham Cluley]  [BBC News]
  • 09-12-2016: The Mirai botnet that broke the Internet isn't going away.  [Wired]
  • 08-12-2016: Can ISPs step up and solve the DDoS problem?  [The Register]
  • 07-12-2016: Terabit-scale multivector DDoS attacks: the new normal in 2017.  [DC Journal]
  • 03-12-2016: There’s a new DDoS army, and it could soon rival record-setting Mirai.  [Ars Technica]
  • 02-12-2016: Canada wants software backdoors, mandatory decryption capability and records storage.  [THG]
  • 02-12-2016: Feds bust huge 'Avalanche' hacker network in global sting operation.  [Gizmodo]
  • 26-11-2016: Locky ransomware uses decoy image files to ambush Facebook, LinkedIn accounts.  [Ars Technica]  [Gizmodo]  [Check Point]  [Engadget]
  • 22-11-2016: Akamai on the record KrebsOnSecurity attack.  [Krebs]
  • 17-11-2016: The encryption conundrum: Should tech compromise or double down?  [The Register]
  • 16-11-2016: Clever USB stick installs backdoor on locked PCs.  [Wired]  [Gizmodo]  [Schneier]  [Russ White]
  • 16-11-2016: Experts to Congress: You must act on IoT security.  [The Register]
  • 14-11-2016: IoT goes nuclear.  [Russ White]  [eyalro]
  • 13-11-2016: New attack reportedly lets 1 modest laptop knock big servers offline.  [Ars Technica]
  • 11-11-2016: Russian banks floored by withering DDoS attacks.  [The Register]
  • 04-11-2016: Cheap IoT threatens the Internet.  [Russ White]  [Monday Note]
  • 04-11-2016: Mirai IoT botnet blamed for 'taking Liberia off the internet'.  [BBC News]
  • 01-11-2016: This office printer is actually a rogue cell tower.  [Gizmodo]  [The Register]  [Wired]  [Ars Technica]
  • 01-11-2016: The Dark Web isn't all guns and drugs.  [Engadget]
  • 29-10-2016: U.S. feds hope cyberattacks will wither under new “strategic principles”.  [ReadWriteWeb]
  • 28-10-2016: AI learns how to craft crude crypto all by itself.  [The Register]  [Schneier]
  • 28-10-2016: Eavesdropping on typing over VoIP.  [Schneier]  [Cornell arXiv: PDF]
  • 28-10-2016: Web devs want to make the Internet of S**t worse -- much worse.  [The Register]
  • 28-10-2016: That Botnet-of-Things malware is getting a nasty makeover.  [Ars Technica]  [Arbor Networks]
  • 27-10-2016: Internet of S**t things claims another scalp: DNS DDoS smashes StarHub.  [The Register]
  • 25-10-2016: Multiple DNS providers and DDoS.  [Russ White]  [ISOC]
  • 25-10-2016: Corero warns of impending 'tens of terabits per second' DDoS attacks.  [THG]
  • 24-10-2016: The Internet needs a security update.  [Russ White]  [CircleID]
  • 22-10-2016: Why cybersecurity certifications suck.  [ipSpace]  [Errata Security]
  • 20-10-2016: Some perspective on IoT devices and DDoS attacks.  [Russ White]  [Arbor Networks]
  • 20-10-2016: Attackers logging your keystrokes via Skype.  [Graham Cluley]  [THG]
  • 19-10-2016: Spreading the DDoS disease and selling the cure.  [Krebs]
  • 18-10-2016: SHA3-256 is quantum-proof, should last billions of years.  [The Register]
  • 17-10-2016: Virtual kidnapping.  [Schneier]  [Washington Post]
  • 15-10-2016: How a chunk of the web disappeared this week: GlobalSign's global HTTPS mistake explained.  [The Register]
  • 14-10-2016: Hackers hit a nuclear plant.  [Wired]
  • 14-10-2016: Huge DDoS attacks are about to get bigger: Mirai bots infect Sierra Wireless gateways.  [The Register]  [Ars Technica]
    • 02-12-2016: Meet the two hackers behind October’s big DDoS attack.  [ReadWriteWeb]
  • 12-10-2016: Internet routing security initiative gains traction.  [Network Computing]
  • 11-10-2016: NSA could put undetectable “trapdoors” in millions of crypto keys.  [Ars Technica]
  • 10-10-2016: These 60 dumb passwords can hijack over 500,000 IoT devices into the Mirai botnet.  [Graham Cluley]
  • 05-10-2016: CloudFlare shows Tor users the way out of CAPTCHA hell.  [The Register]
  • 03-10-2016: The venerable, vulnerable firewall.  [Russ White]  [CircleID]
  • 29-09-2016: The biggest attack in internet history.  [Russ White]  [LawFare]
  • 29-09-2016: The growing problem of bots that fight on line.  [Russ White]  [MIT Technology Review]
  • 27-09-2016: 152k cameras in 990Gbps record-breaking dual DDoS.  [The Register]  [Ars Technica]
  • 25-09-2016: Australian border cops say they've cracked 'dark net' drug sales.  [The Register]
  • 23-09-2016: Malware figures out it's running on VMs and refuses to execute.  [The Register]  [Schneier]  [SentinelOne]
  • 20-09-2016: CloudFlare launches a three-pronged attack to encrypt the entire web.  [Wired]
  • 20-09-2016: Quantum comms succeed over metro-scale fibre networks.  [The Register]
  • 19-09-2016: Some Cisco customers are being hacked with NSA's exploit tools.  [THG]  [Graham Cluley]
  • 19-09-2016: Dark web drug sellers shutter location-tracking EXIF data from photos.  [The Register]
  • 18-09-2016: Arbor Networks marks 20 years of DDoS attacks targeting ISP networks.  [Geekzone]
  • 13-09-2016: Someone is learning how to take down the Internet.  [Schneier]  [BBC News]  [Russ White]  [LawFare]  [ExtremeTech]
  • 12-09-2016: How 911 emergency services across the United States could be knocked offline by a mobile botnet.  [Graham Cluley]
  • 08-09-2016: Verisign DDoS report Q2 2016.  [Russ White]  [Verisign]
  • 07-09-2016: The limits of SMS for 2-factor authentication.  [Krebs]
  • 31-08-2016: FBI Director wants 'adult conversation' about backdooring encryption.  [The Register]  [HardOCP]  [AP]
  • 31-08-2016: Building a new Tor that can resist next-generation state surveillance.  [Ars Technica]
  • 30-08-2016: Your browser's password manager probably isn't enough.  [Wired]
  • 29-08-2016: iPhone zero-day used by UAE government.  [Schneier]
  • 26-08-2016: The NSA is hoarding vulnerabilities.  [Schneier]
  • 25-08-2016: A hacking group is selling iPhone spyware to governments.  [Wired]
  • 23-08-2016: Boffins design security chip to spot hidden hardware trojans in processors.  [The Register]
  • 23-08-2016: Password strength meters still aren't trustworthy.  [Lifehacker]  [Sophos]
  • 23-08-2016: FBI improved a dark web child pornography site.  [Engadget]  [Gizmodo]
  • 19-08-2016: Lawless government hacking.  [Russ White]  [EFF]
  • 17-08-2016: Cisco confirms NSA-linked zeroday targeted its firewalls for years.  [Ars Technica]
    • 17-08-2016: The Shadow Brokers mess is what happens when the NSA hoards zero-days.  [Wired]
    • 24-08-2016: NSA-linked Cisco exploit poses bigger threat than previously thought.  [Ars Technica]
  • 15-08-2016: Hackers claim to auction data they stole from the NSA-linked spies.  [Wired]  [Ars Technica]  [Gizmodo]
    • 16-08-2016: Major NSA/Equation Group leak.  [Schneier]
    • 16-08-2016: No-one wants to buy those stolen NSA-linked cyber weapons.  [Wired]  [HardOCP]  [Washington Post]
    • 16-08-2016: Confirmed: hacking tool leak came from “omnipotent” NSA-tied group.  [Ars Technica]
    • 16-08-2016: Snowden speculates leak of NSA spying tools is tied to Russian DNC hack.  [Ars Technica]  [Engadget]  [The Register]  [BBC News]  [The Register]
    • 17-08-20916: NSA website goes down as hackers auction stolen ‘cyber weapons’.  [Graham Cluley]
    • 19-08-2016: Your guide to the ‘Shadow Brokers’ NSA theft, which puts the Snowden leaks to shame.  [ExtremeTech]
    • 19-08-2016: New Snowden docs suggest Shadow Broker leak was real.  [Engadget]  [Gizmodo]
    • 22-08-2016: This hacker says he stole more NSA hacking tools.  [Gizmodo]
    • 24-08-2016: Equation Group exploit hits newer Cisco ASA, Juniper Netscreen.  [The Register]
    • 23-09-2016: NSA operative might have accidentally leaked its hacking tools.  [Engadget]  [Reuters]
    • 16-12-2016: Shadow Brokers re-emerge, with NSA’s secret exploits for sale.  [Graham Cluley]
  • 15-08-2016: Someone seems to be trying to spy on VeraCrypt's security audit.  [Graham Cluley]  [The Register]
  • 15-08-2016: Tor users in the States were hacked by Australian authorities.  [Graham Cluley]
  • 15-08-2016: Blogger turns tables on cyber-scammer by infecting them with ransomware.  [Graham Cluley]  [Kwiatkowsi]  [BBC News]
  • 13-08-2016: NTP is still a security risk.  [Russ White]  [CircleID]
  • 12-08-2016: The new way to make strong passwords - it's way easier.  [NZ Herald]  [Stuff]
  • 10-08-2016: Tor promises not to build backdoors into its services.  [Engadget]
  • 09-08-2016: How the Iranian government hacks dissidents.  [Schneier]  [Washington Post]
  • 04-08-2016: Hacking US infrastructure: How vulnerable is it?  [ExtremeTech]
  • 03-08-2016: Forget security training, it's never going to solve Layer 8 - people.  [The Register]
  • 02-08-2016: Frequent password changes are the enemy of security.  [Ars Technica]  [Graham Cluley]
  • 02-08-2016: Meet the men who spy on women through their webcams.  [Graham Cluley]  [Ars Technica]
  • 02-08-2016: 200 million Yahoo passwords being sold on the Dark Web?  [Graham Cluley]
  • 02-08-2016: The AdGholas malvertising network used steganography.  [Graham Cluley]
  • 02-08-2016: Australian spooks' email guide banishes MS Word macros, JavaScript.  [The Register]
  • 01-08-2016: Russia claims it can collect encryption keys.  [Engadget]  [HardOCP]  [DailyDot]
  • 01-08-2016: Secure email service GhostMail shutting down in fear of being abused.  [Graham Cluley]
  • 01-08-2016: Meet the chaps who run the Black Hat NoC and let malware roam free.  [The Register]
  • 31-07-2016: Moxie Marlinspike, the anarchist bringing encryption to us all.  [Wired]
  • 31-07-2016: U.S. Government says SMS codes aren’t safe.  [HardOCP]  [VentureBeat]  [Ars Technica]
  • 28-07-2016: Your wireless keyboard could be giving your secrets away.  [Stuff]  [Schneier]  [Wired]
  • 27-07-2016: New attack bypasses HTTPS protection on Macs, Windows, and Linux.  [Ars Technica]  [Russ White]
  • 27-07-2016: Choosing a next-generation firewall: 7 factors.  [Network Computing]
  • 26-07-2016: Millions of wireless keyboards can let hackers see what you're typing.  [Gizmodo]
  • 26-07-2016: Crypto-heist threatens to tank blockchain-based future.  [ExtremeTech]
  • 22-07-2016: Malicious computers caught snooping on Tor-anonymized Dark Web sites.  [Ars Technica]  [ExtremeTech]
    • 26-07-2016: Boffins snoop on snooping Tor nodes.  [The Register]
  • 20-07-2016: Now you can hide your smart home on the Darknet.  [Wired]
  • 19-07-2016: DDoS trends: Bigger, badder but not longer.  [The Register]  [HardOCP]  [ZDNet]
  • 13-07-2016: Meet Riffle, the next-gen anonymity network that hopes to trounce Tor.  [The Register]  [Graham Cluley]  [ExtremeTech]
  • 12-07-2016: The FBI says its malware isn’t malware because the FBI is good.  [Gizmodo]  [Graham Cluley]
  • 12-07-2016: SCADA malware caught infecting European energy company.  [The Register]  [Ars Technica]
    • 18-07-2016: Security firm clarifies power-station 'SCADA' malware claim.  [The Register]
  • 11-07-2016: MIT anonymity network promises to be more secure than Tor.  [Engadget]
  • 11-07-2016: HTTPS is not a magic bullet for Web security.  [Ars Technica]
  • 11-07-2016: Amazingly insecure industrial control systems + internet = no.  [The Register]
  • 09-07-2016: HTTPS crypto’s days are numbered. Here’s how Google wants to save it.  [Ars Technica]  [ExtremeTech]  [Schneier]
  • 08-07-2016: Researchers discover Tor nodes designed to spy on hidden services.  [Schneier]  [BoingBoing]
  • 01-07-2016: Chinese gambling site served near record-breaking complex DDoS.  [The Register]
  • 30-06-2016: LizardStresser recruits an army of zombie webcams to launch DDoS attacks.  [Graham Cluley]  [Russ White]  [Arbor Networks]
  • 29-06-2016: Interview with an NSA hacker.  [Schneier]  [The Intercept]
  • 28-06-2016: 25,000 malware-riddled CCTV cameras form network-crashing botnet.  [The Register]  [Engadget]
  • 27-06-2016: Researchers steal data using noise from your PC's fans.  [HardOCP]  [PCWorld]  [Wired]  [ExtremeTech]
  • 26-06-2016: Stop using SMS for 2FA.  [Wired]
  • 24-06-2016: How malware could steal data from an air-gapped PC – via its fan.  [Graham Cluley]
  • 23-06-2016: Tor onion hardening will be tear-inducing for feds.  [The Register]
  • 22-06-2016: Fraudsters are buying IPv4 addresses.  [Schneier]  [The Register]
  • 22-06-2016: Stuxnet was the opening shot of decades of non-stop cyber warfare.  [The Register]
  • 20-06-2016: Fishing for a cure to DDoS attacks.  [DC Journal]  [Russ White]
  • 17-06-2016: Non-US encryption is 'theoretical,' claims CIA chief in backdoor debate.  [The Register]  [Schneier]
  • 09-06-2016: Massive DDoS attacks reach record levels.  [HardOCP]  [Network World]
  • 06-06-2016: TeamViewer confirms number of hacked user accounts is “significant".  [Ars Technica]  [The Register]
  • 04-06-2016: How spies, anyone can grab crypto keys from the air.  [The Register]
  • 02-06-2016: Cisco warns IPv6 ping-of-death vulnerability is everyone's problem.  [The Register]
    • 08-06-2016: IPv6 ping-of-death hits Junos, too.  [The Register]
  • 01-06-2016: Hardware backdoor hides in a tiny slice of a computer chip.  [Wired]
  • 01-06-2016: The impossible task of creating a “Best VPNs” list today.  [Ars Technica]
  • 31-05-2016: Tor Browser 6.0 released with DuckDuckGo search engine support enabled by default.  [THG]
  • 25-05-2016: Major DNS provider hit by mysterious, focused DDoS attack.  [Ars Technica]
  • 24-05-2016: Poisoned Word document attack refuses to work if it believes it is being watched.  [Graham Cluley]
  • 18-05-2016: Mozilla fails to get the details on the FBI's malware hack.  [Engadget]
    • 26-05-2016: Judge throws out evidence after FBI refuses to reveal Tor vulnerability.  [THG]
    • 04-06-2016: FBI: Exploit that revealed Tor-enabled child porn users wasn’t malware.  [Ars Technica]
    • 25-06-2016: FBI’s use of Tor exploit is like peering through “broken blinds".  [Ars Technica]  [Engadget]
  • 18-05-2016: LinkedIn password breach much bigger than thought: 117 million.  [Ars Technica]  [BBC News]  [Graham Cluley]  [The Register]  [Krebs]  [HardOCP]  [Kaspersky]  [Stuff]
    • 19-05-2016: LinkedIn plays down '117 million users' breach data sale.  [The Register]
    • 23-05-2016: LinkedIn's poor handling of 2012 data breach comes back to haunt it.  [Graham Cluley]
    • 01-06-2016: How LinkedIn’s password sloppiness hurts us all.  [Ars Technica]
  • 17-05-2016: Lego robots versus gesture security.  [Russ White]  [Motherboard]
  • 17-05-2016: Random number generator 'improved'.  [BBC News]  [The Register]  [THG]  [Russ White]  [TheNewStack]
  • 12-05-2016: The Ukrainian hacker who became the FBI’s best weapon - and worst nightmare.  [Wired]
  • 12-05-2016: FBI director warns that feds will bring more encryption-related cases.  [Ars Technica]
  • 09-05-2016: NIST starts planning for post-quantum cryptography.  [Schneier]  [NIST PDF]  [The Register]  [ComputerWorld]  [ExtremeTech]
  • 08-05-2016: FBI can obtain a warrant if you run Tor come December.  [HardOCP]  [The Merkle]
  • 05-05-2016: Stop resetting your passwords, says UK govt's spy network.  [The Register]
  • 03-05-2016: Privacy and cybercrime update.  [Russ White]
  • 03-05-2016: The future of encryption is in these politicians hands.  [Wired]
  • 03-05-2016: Global Threat Intelligence report ahead of Government Cyber Security Summit.  [Stuff]
  • 27-04-2016: Hacking group “PLATINUM” used Windows’ own patching system against it.  [Ars Technica]
  • 25-04-2016: Hackers who got caught by a typo were trying to take over the world.  [Gizmodo]  [Reuters]
  • 25-04-2016: Clapper: Snowden sped up sophistication of crypto, “it’s not a good thing”.  [Ars Technica]
  • 22-04-2016: Over 1 million Facebook users login anonymously over Tor.  [THG]
  • 21-04-2016: Lock-hackers crack restricted keys used to secure data centres.  [The Register]
  • 14-04-2016: A scheme to encrypt the entire web is actually working.  [Wired]
  • 14-04-2016: The US is attacking Islamic State with 'cyber bombs'.  [Gizmodo]  [Reuters]  [Ars Technica]  [Engadget]  [ExtremeTech]
    • 28-04-2016: As US drops “cyber bombs,” ISIS retools its own cyber army.  [Ars Technica]
  • 12-04-2016: Are cryptoworms the future of ransomware?  [Graham Cluley]
  • 08-04-2016: Is this how a hacker got the Panama papers?  [Gizmodo]
  • 08-04-2016: Security experts react negatively to Burr-Feinstein anti-encryption bill.  [THG]  [Gizmodo]  [Wired]  [HardOCP]  [TechDirt]  [Engadget]  [The Register]  [Schneier]  [Monday Note]
    • 12-04-2016: What you should know about Congress's latest attempt to criminalize encryption.  [Lifehacker]
    • 13-04-2016: Read the full Senate bill requiring encryption backdoors.  [Engadget]
    • 14-04-2016: Burr-Feinstein anti-encryption draft officially released, Wyden promises filibuster.  [THG]
    • 14-04-2016: US anti-encryption law is so 'braindead' it will outlaw file compression.  [The Register]
    • 03-05-2016: Julian Sanchez on the Feinstein-Burr bill.  [Schneier]  [Just Security]  [Just Security]  [Russ White]
    • 29-05-2016: Senate anti-encryption bill is effectively dead, for now.  [Engadget]  [The Register]
  • 07-04-2016: Reuters: White House refuses to openly back encryption law.  [Engadget]
  • 07-04-2016: Bypassing phone security through social engineering.  [Schneier]
  • 05-04-2016: WhatsApp adds end-to-end encryption.  [BBC News]  [Ars Technica]  [Wired]  [Stuff]  [Graham Cluley]  [Schneier]  [Android Police]  [Engadget]
  • 04-04-2016: Gmail, Facebook Messenger BREACHed once again.  [The Register]
  • 03-04-2016: Tor accuses CloudFlare of blocking its anonymizing network.  [Engadget]
  • 01-04-2016: The artist using museums to amplify Tor’s anonymity network.  [Wired]
  • 31-03-2016: Why do the Feds usually try to unlock phones? It’s drugs, not terrorism.  [Wired]
  • 31-03-2016: UK cops tell suspect to hand over crypto keys in US hacking case.  [Ars Technica]
  • 31-03-2016: ISIS encryption opsec.  [Schneier]
  • 30-03-2016: Senator Wyden recalls SOPA fight in bid to defeat encryption-weakening efforts.  [The Register]  [THG]
  • 30-03-2016: CloudFlare: 94 percent of the Tor traffic we see is “per se malicious".  [Ars Technica]
  • 30-03-2016: The Apple-FBI battle is over, but the new crypto wars have just begun.  [Wired]  [Schneier]
  • 30-03-2016: The anatomy of a nation-state hack attack.  [BBC News]
  • 30-03-2016: Poll results: Internet users don't understand security or privacy.  [The Register]  [Stuff]
  • 29-03-2016: FBI: No, we won't tell you how we unmask and torpedo illegal Tor users.  [The Register]  [BBC News]  [Gizmodo]
    • 25-10-2016: Judge orders FBI to reveal whether White House launched 'Tor pedo' torpedo exploits.  [The Register]
  • 25-03-2016: Stealthy malware targeting air-gapped PCs leaves no trace of infection.  [Ars Technica]
  • 23-03-2016: Google, Microsoft, and others publish new email security standard.  [HardOCP]  [InfoWorld]
  • 22-03-2016: Tor Project works on anti-FBI defenses amid iOS row with Apple.  [The Register]
  • 22-03-2016: FBI's Most Wanted: Syrian Electronic Army hacktivists.  [The Register]  [Engadget]  [Schneier]  [Graham Cluley]
  • 21-03-2016: Paris terrorists used burner phones, not encryption, to evade detection.  [Ars Technica]
  • 17-03-2016: HTTPS is not enough: boffins fingerprint user environments without cracking crypto.  [The Register]
  • 17-03-2016: New NIST encryption guidelines.  [Schneier]  [NIST PDF]
  • 16-03-2016: Thoughts on encryption.  [Networking Nerd]
  • 16-03-2016: Reaction: more encryption is bad?  [Russ White]
  • 14-03-2016: In the FBI’s crypto war, apps may be the next target.  [Wired]  [THG]  [Schneier]
  • 11-03-2016: Hackers target anti-DDoS firm Staminus.  [Krebs]  [Ars Technica]  [Gizmodo]
  • 10-03-2016: Using mouse movements to track you on the Tor network.  [HardOCP]  [ZDNet]
  • 09-03-2016: Trivial path for DDoS amplification attacks found by infosec bods.  [The Register]
  • 07-03-2016: Apple Macs hit with first-ever ransomware.  [ExtremeTech]  [Hexus]  [THG]
  • 07-03-2016: GCHQ boss: Tech firms should co-operate over encryption.  [BBC News]  [The Register]
  • 06-03-2016: DDoS attacks up 149% from last quarter.  [HardOCP]  [TweakTown]
  • 05-03-2016: Quantum computer could mean end of encryption.  [HardOCP]  [MIT]
  • 03-03-2016: New attack steals secret crypto keys from Android and iOS phones.  [Ars Technica]
  • 03-03-2016: Next-generation firewalls put to the test.  [Network Computing]
  • 02-03-2016: Schneier: We're sleepwalking towards digital disaster and are too dumb to stop.  [The Register]
  • 01-03-2016: What exactly do we mean by 'backdoor'?  [The Register]
  • 01-03-2016: DDoS attacks up 149 percent as brassy booter kids make bank.  [The Register]
  • 29-02-2016: Tor takes aim against malicious nodes on the network.  [The Register]
  • 27-02-2016: Most software already has a “golden key” backdoor: the system update.  [Ars Technica]
  • 26-02-2016: Hackers caused Ukrainian power outage, US report concludes.  [Ars Technica]  [Schneier]
  • 25-02-2016: Tor users are actively discriminated against by website operators.  [The Register]
  • 24-02-2016: CloudFlare may consider binning CAPTCHAs for Tor users.  [The Register]  [Ars Technica]
  • 23-02-2016: Flaws in wireless mice and keyboards let hackers type on your PC.  [Wired]  [HardOCP]  [Bastille]  [The Register]  [Graham Cluley]  [Gizmodo]
  • 23-02-2016: Practical TEMPEST attack.  [Schneier]  [IACR PDF]
  • 19-02-2016: Tor: 'Mystery' spike in hidden addresses.  [BBC News]
    • 04-03-2016: Number of Tor hidden sites spikes - along with paranoia.  [Ars Technica]
  • 19-02-2016: FBI must reveal the code it used to hack Dark Web pedophiles.  [Engadget]
  • 18-02-2016: NSA’s director says Paris attacks “would not have happened” without crypto.  [Ars Technica]
  • 15-02-2016: Survey of the dark web.  [Schneier]  [Taylor & Francis Online]
  • 15-02-2016: US intelligence chief: the Internet of Things will be used to spy and hack.  [Graham Cluley]
  • 13-02-2016: FBI wants $38 million in funding to break encryption.  [HardOCP]  [ZDNet]
  • 11-02-2016: Global crypto survey proves govt backdoors completely pointless.  [The Register]  [Schneier]  [Ars Technica]  [Wired]
  • 10-02-2016: GSMA outlines thoroughly sensible IoT security rules.  [The Register]  [GSMA]
  • 09-02-2016: How to hack the power grid through home air conditioners.  [Wired]
  • 09-02-2016: Senator McCain calls for end-to-end encryption ban in US.  [THG]
    • 11-02-2016: U.S. encryption ban would force companies to migrate, say researchers.  [THG]
  • 05-02-2016: The 8 worst data breaches of all time.  [Network Computing]
  • 02-02-2016: More details on the NSA switching to quantum-resistant cryptography.  [Schneier]  [NSA IAD]
    • 03-02-2016: Study shows Fed encryption fears overblown — but that’s not good news.  [ExtremeTech]
    • 04-02-2016: NSA plans to 'Act Now' to ensure quantum computers can't break encryption.  [Gizmodo]  [NSA IAD]
  • 01-02-2016: Feds don’t need crypto backdoors to spy - your TV and toothbrush will do.  [Ars Technica]
  • 30-01-2016: How anti-encryption laws put everyone at risk.  [PocketNow]
  • 28-01-2016: Israeli academics claim they can predict botnet attacks.  [The Register]
  • 27-01-2016: Tails 2.0 emerges with major new features, security improvements.  [THG]  [Tails]  [Engadget]
  • 27-01-2016: 500Gbps DDoS attack flattens world record.  [The Register]  [HardOCP]  [ZDNet]
  • 23-01-2016: Internet of Things security is so bad, there’s a search engine for sleeping kids.  [Ars Technica]
  • 23-01-2016: After FBI briefly ran Tor-hidden child-porn site, investigations went global.  [Ars Technica]  [Engadget]
  • 22-01-2016: NSA director: 'Encryption is foundational to the future'.  [Engadget]
  • 21-01-2016: NSA chief stakes out pro-encryption position.  [HardOCP]  [The Intercept]
  • 21-01-2016: The end of work passwords.  [Stuff]
  • 19-01-2016: Australia and America working on global no-state-hacking pact.  [The Register]
  • 17-01-2016: Here’s what Tor’s data looks like as it flows around the world.  [Wired]
  • 15-01-2016: Google's creepy plan to kill the password.  [Engadget]  [HardOCP]  [Stuff]
  • 14-01-2016: New York bill would ban strong encryption, mandate backdoors in all devices.  [ExtremeTech]  [Ars Technica]  [HardOCP]  [Inedependent]
  • 13-01-2016: Cisco admits hardcoded password in wireless points.  [The Register]
  • 13-01-2016: The debate over government 'backdoors' into encryption isn't just happening in the US.  [NZ Herald]
  • 12-01-2016: French government may try to ban strong encryption.  [THG]
    • 14-01-2016: France doesn't think encryption backdoors are the answer.  [Engadget]  [THG]  [Schneier]
  • 12-01-2016: Dutch police claim they can crack PGP-encrypted BlackBerrys.  [ExtremeTech]  [The Register]
  • 12-01-2016: Fortinet explains SSH 'backdoor' discovered in firewalls.  [The Register]  [Ars Technica]
    • 23-01-2016: Thought you were safe from the Fortinet SSH backdoor? Think again.  [The Register]
  • 12-01-2016: DD4BC DDoS extortion gang smashed by international cops.  [Graham Cluley]
  • 08-01-2016: Facebook, Google, Microsoft, Twitter, Yahoo slag Snooper’s Charter.  [Ars Technica]  [HardOCP]  [ZDNet]  [The Register]
  • 08-01-2016: Power grid vulnerability threatens national security.  [DC Knowledge]
  • 08-01-2016: Checkpoint hacks across air-gaps.  [The Register]
  • 07-01-2016: US leaders meet with tech CEOs to fight terrorism online.  [Engadget]  [Wired]
  • 07-01-2016: ProPublica launches dark web's first major news site.  [Wired]  [Engadget]
  • 07-01-2016: FBI hacked the Dark Web to bust 1,500 pedophiles.  [Engadget]
  • 07-01-2016: Trend Micro: Internet scum grab Let's Encrypt certs to shield malware.  [The Register]
  • 06-01-2016: The father of online anonymity has a plan to end the crypto war.  [Wired]
  • 06-01-2016: Hackers cause a blackout for the first time.  [HardOCP]  [Washington Post]  [Engadget]
  • 04-01-2016: Dutch govt says no to backdoors, gives $540k to OpenSSL.  [The Register]  [BBC News]  [Schneier]
  • 04-01-2016: Irked train hackers talk derailment flaws, drop SCADA password list.  [The Register]

2015 News

  • 31-12-2015: Forget anonymity, we can remember you wholesale with machine intel, hackers warned.  [The Register]
  • 31-12-2015: Trustworthy x86 laptops? There is a way, says system-level security ace.  [The Register]
  • 31-12-2015: Cory Doctorow on software security and the Internet of Things.  [Schneier]  [The Guardian]
  • 31-12-2015: Microsoft to warn of nation-state hacks.  [BBC News]
  • 31-12-2015: Web attack knocks BBC websites offline.  [BBC News]  [Graham Cluley]
    • 02-01-2016: 'Anti-IS group' claims BBC website attack.  [BBC News]
  • 30-12-2015: John McAfee rattles tin for password replacement tech.  [The Register]
  • 28-12-2015: 2016 reality: lazy authentication still the norm.  [Krebs]  [HardOCP]
  • 27-12-2015: Destroying a hard drive permanently.  [HardOCP]  [Scientific American]
  • 27-12-2015: North Korea’s computer operating system revealed.  [HardOCP]  [The Guardian]  [Engadget]  [Hexus]  [Stuff]  [ExtremeTech]  [BBC News]  [The Register]
  • 27-12-2015: China anti-terrorism law makes firms give up encryption keys.  [Engadget]  [ReadWriteWeb]  [The Register]
  • 26-12-2015: Researchers propose using patterns and icons for passwords.  [Engadget]  [HardOCP]  [Plymouth University]
  • 22-12-2015: Oracle ordered to admit it deceived users over Java security updates for years.  [Graham Cluley]
  • 21-12-2015: Iranian hackers 'targeted' New York dam.  [BBC News]  [Graham Cluley]  [The Register]
    • 18-03-2016: America accuses Iran of hacking the dam, cyber-squirrels rejoice.  [Engadget]  [The Register]
    • 25-03-2016: Federal grand jury indicts 7 Iranians for “campaign of cyber attacks".  [Ars Technica]  [Wired]
  • 20-12-2015: The CIA secret to cybersecurity that no-one seems to get.  [Wired]
  • 19-12-2015: Clinton wants a Manhattan Project for encryption.  [Gizmodo]  [The Register]  [Ars Technica]
  • 19-12-2015: A cybersecurity bill loathed by tech companies is now law.  [Gizmodo]
  • 19-12-2015: Xbox Live pummeled by DDoS attack; hacker group claims responsibility.  [Ars Technica]
  • 18-12-2015: Users their own worst enemy when it comes to encrypted messaging apps.  [Graham Cluley]
  • 18-12-2015: “Unauthorized code” in Juniper firewalls decrypts encrypted VPN traffic.  [Ars Technica]  [The Register]  [Engadget]  [BBC News]  [DC Knowledge]  [Graham Cluley]  [Gizmodo]  [Schneier]
    • 18-12-2015: FBI is investigating the Juniper Networks security hole.  [Engadget]
    • 20-12-2015: Juniper admits up to two attacks from 'unauthorised code'.  [The Register]
    • 21-12-2015: How to log into any backdoored Juniper firewall – hard-coded password published.  [The Register]
    • 22-12-2015: Researches solve Juniper backdoor -- signs point to NSA.  [Wired]  [THG]
    • 22-12-2015: Cisco probes self for Juniper-style backdoors.  [The Register]
    • 23-12-2015: Juniper's VPN security hole is proof that govt backdoors are bonkers.  [The Register]
    • 23-12-2015: Juniper backdoors and vendor stone throwing.  [Network Inferno]
    • 23-12-2015: NSA helped GCHQ find security holes in Juniper firewalls.  [The Intercept]
    • 28-12-2015: NSA/GCHQ exploits against Juniper networking equipment.  [Schneier]
    • 08-01-2016: New discovery around Juniper backdoor raises more questions about the company.  [Wired]
    • 10-01-2016: Juniper drops NSA-developed code following new backdoor revelations.  [Ars Technica]  [Graham Cluley]
    • 10-01-2016: Juniper resets 'days since last rogue code incident' clock.  [The Register]
    • 19-04-2016: Details about Juniper's firewall backdoor.  [Schneier]
    • 28-04-2016: A systematic analysis of the Juniper Dual EC incident.  [Russ White]  [IACR]
    • 14-07-2016: Crypto flaw made it easy for attackers to snoop on Juniper customers.  [Ars Technica]
  • 16-12-2015: Former national security officials urge government to embrace rise of encryption.  [NZ Herald]
  • 16-12-2015: Meet CISA, a de facto cyber patriot act.  [THG]  [The Register]
  • 16-12-2015: Unisys predicts entirely new classes of cyberthreats will require fresh countermeasures in 2016.  [Stuff]
  • 16-12-2015: Fact-checking the debate on encryption.  [Ars Technica]
  • 15-12-2015: Dumb human errors can undermine the security of encrypted communication apps.  [Gizmodo]
  • 14-12-2015: Moonfruit takes customers’ sites offline, as it prepares for DDoS attack.  [Graham Cluley]
  • 14-12-2015: Twitter warns users of possible 'state sponsored' attacks.  [Graham Cluley]  [Stuff]  [Ars Technica]
  • 14-12-2015: A Tor alternative uses spam traffic to hide messages.  [Gizmodo]
  • 13-12-2015: Tor's new executive director is a digital privacy legend.  [Engadget]
  • 12-12-2015: Your VPN may be worthless.  [Engadget]
  • 11-12-2015: Silicon Valley's Congresswoman comes to the defense of Tor.  [The Register]  [Wired]
  • 10-12-2015: FBI Director: Silicon Valley’s encryption is a “business model problem".  [Ars Technica]  [Gizmodo]
  • 08-12-2015: Internet's root servers take hit in DDoS attack.  [The Register]  [Ars Technica]  [Schneier]
  • 08-12-2015: Getting a Linux box corralled into a DDoS botnet is easier than many think.  [Ars Technica]
  • 08-12-2015: How Israel regulates encryption.  [Schneier]  [LawFare]
  • 08-12-2015: Europe agrees response to cyber-attacks.  [BBC News]
  • 07-12-2015: Bank refuses to pay $3,000,000 ransom, hacker exposes customer account details.  [Graham Cluley]
  • 07-12-2015: UK research network Janet under ongoing and persistent DDoS attack.  [The Register]
    • 08-12-2015: Day 2: Janet still being hit by DDoS attack.  [The Register]
    • 15-12-2015: Janet pulls open network info for good after DDoSers exploit it.  [The Register]
  • 06-12-2015: France mulls tighter noose around crypto.  [The Register]  [Gizmodo]  [ExtremeTech]  [Ars Technica]
  • 04-12-2015: White hats, FBI and cops team up for Dorkbot botnet takedown.  [The Register]  [HardOCP]  [Engadget]
  • 03-12-2015: Watching amateur coders foil a 'bioterrorist plot'.  [Engadget]
  • 03-12-2015: Seven years on, the Conficker worm is not dead... but dominating.  [Graham Cluley]
  • 03-12-2015: Fake LinkedIn profiles used by hackers.  [BBC News]
  • 03-12-2015: Industrial control system gateway fix opens Heartbleed, Shellshock.  [The Register]
  • 01-12-2015: Sued for using HTTPS: big brands told to cough up in crypto patent fight.  [The Register]  [Ars Technica]  [Gizmodo]
    • 04-12-2015: Big names settle out of court with CryptoPeak in HTTPS patent spat.  [The Register]
  • 25-11-2015: Encryption stops criminals -- weakening it doesn't make sense.  [Graham Cluley]
  • 23-11-2015: Dell does a Superfish, ships PCs with easily cloneable root certificates.  [Ars Technica]  [The Register]  [ExtremeTech]  [Engadget]  [Graham Cluley]  [Krebs]  [THG]
    • 23-11-2015: Dell's dodgy security certificate is an hard to remove.  [The Register]
    • 24-11-2015: Dell acknowledges security hole in new laptops.  [HardOCP]  [Reuters]  [The Register]  [BBC News]
    • 24-11-2015: Dell apologizes for HTTPS certificate fiasco, provides removal tool.  [Ars Technica]  [Graham Cluley]  [ExtremeTech]
    • 24-11-2015: Dell promised security -- then delivered a huge security hole.  [Wired]
    • 25-11-2015: Dell computers bundled with backdoor that blurts hardware fingerprint to websites.  [The Register]  [Ars Technica]
    • 25-11-2015: Second Dell backdoor root cert found.  [The Register]
  • 21-11-2015: TrueCrypt is safer than previously reported, detailed analysis concludes.  [Ars Technica]  [HardOCP]  [The Register]
  • 20-11-2015: Price list for secret hacker techniques.  [HardOCP]  [Wired]
  • 19-11-2015: The internet of insecure, untrustworthy things.  [Graham Cluley]
  • 19-11-2015: KilerRat spying software takes njrat to the next level.  [Graham Cluley]
  • 18-11-2015: Tor is getting a major security upgrade.  [ExtremeTech]
  • 18-11-2015: DoD head enlists Silicon Valley to transform the military.  [Wired]
  • 18-11-2015: UK says it will hit back against Internet attacks.  [Graham Cluley]
  • 17-11-2015: Congress considers letting US companies hack Chinese attackers.  [Engadget]  [HardOCP]  [AP]
  • 17-11-2015: Why the G20’s new “anti-hacking” agreement is pointless.  [Ars Technica]
  • 16-11-2015: Paris attacks blamed on strong encryption and Snowden.  [Schneier]  [Gizmodo]  [NZ Herald]  [Wired]  [Krebs]
    • 16-11-2015: ISIS encrypted communications with Paris attackers.  [Ars Technica]  [BBC News]
    • 17-11-2015: Islamic State is plotting deadly cyber-attacks.  [BBC News]
    • 18-11-2015: Congressmen want parts of the Internet ISIS use shut down.  [The Register]
    • 18-11-2015: UK to create cybersecurity forces to fight off ISIS hackers.  [Engadget]  [Gizmodo]
    • 18-11-2015: Paris terrorists didn't use encryption.  [Schneier]
    • 18-11-2015: Encryption row intensifies.  [BBC News]
    • 19-11-2015: Telegram encrypted messaging service cracks down on ISIS broadcasts.  [Ars Technica]  [Engadget]  [BBC News]
    • 19-11-2015: Tech firms fight anti-encryption demands after Paris murders.  [The Register]  [BBC News]
    • 19-11-2015: ISIS' opsec manual reveals how it handles cybersecurity.  [Wired]
    • 19-11-2015: Let's have an argument about encryption.  [Engadget]
    • 20-11-2015: Clinton, others: stop helping terrorists, Silicon Valley – weaken your encryption.  [The Register]  [ExtremeTech]  [Wired]  [Engadget]  [Gizmodo]  [Wired]
    • 20-11-2015: Tech goliaths stand firm against demands for weaker encryption after Paris terror attacks.  [The Register]
    • 20-11-2015: Politicians to Silicon Valley: the government is not your adversary.  [HardOCP]  [cNet]
    • 07-12-2015: Obama calls out encryption in terror strategy speech.  [The Register]
  • 16-11-2015: Police body cams found pre-installed with notorious Conficker worm.  [Ars Technica]
  • 15-11-2015: Op-ed: (How) did they break Diffie-Hellman?  [Ars Technica]
  • 13-11-2015: Beware of ads that use inaudible sound to link your phone, TV, tablet, and PC.  [Ars Technica]  [Schneier]
  • 13-11-2015: 'Let's Encrypt' service available to everyone on December 3, as public beta opens.  [THG]
    • 03-12-2015: Free HTTPS certs for all – Let's Encrypt opens doors to everyone.  [The Register]  [THG]
    • 08-03-2016: Let’s Encrypt has issued 1 million certificates and counting, boosting HTTPS adoption.  [THG]
  • 13-11-2015: Jail for British DDoS attacker, who said too much on Twitter.  [Graham Cluley]
  • 12-11-2015: Pay or we’ll knock your site offline -- DDoS-for-ransom attacks surge.  [Ars Technica]
  • 11-11-2015: ToR says Feds paid Carnegie Mellon $1M to help unmask users.  [THG]  [The Register]  [Ars Technica]  [BBC News]  [Gizmodo]
    • 12-11-2015: Why the attack on Tor matters.  [Ars Technica]
    • 13-11-2015: FBI: “The allegation that we paid CMU $1M to hack into Tor is inaccurate”.  [Ars Technica]
    • 16-11-2015: Did Carnegie Mellon attack Tor for the FBI?  [Schneier]
    • 17-11-2015: The million-dollar hole in the FBI 'paying CMU to crack Tor' story.  [The Register]
    • 10-01-2015: Two months after FBI debacle, Tor Project still can’t get an answer from CMU.  [Ars Technica]
    • 24-02-20-16: Judge confirms what many suspected: Feds hired CMU to break Tor.  [Ars Technica]  [BBC News]  [Gizmodo]  [Wired]
  • 11-11-2015: How the FBI got basic security wrong.  [HardOCP]  [ZDNet]
  • 10-11-2015: Outrageous OPSEC: What happens when skiddies play natsec.  [The Register]
  • 10-11-2015: Buggy ransomware locks up your data, then throws away the encryption key.  [Graham Cluley]
  • 09-11-2015: Cryptowall 4.0: Update makes world's worst ransomware worse still.  [The Register]
  • 08-11-2015: NSA discloses most security flaws, but that's not the whole story.  [Engadget]  [HardOCP]  [NSA]
  • 06-11-2015: CIA email hackers return with major law enforcement breach.  [Wired]
  • 06-11-2015: Hackers have infiltrated the US arrest records database.  [Engadget]  [HardOCP]
  • 06-11-2015: Crypto e-mail service pays $6,000 ransom, gets taken out by DDoS anyway.  [Ars Technica]  [Graham Cluley]  [The Register]
    • 07-11-2015: ProtonMail says it won't ever again pay ransom to DDoS blackmailers.  [Graham Cluley]
    • 09-11-2015: ProtonMail DDoS wipeout: Day 6. Yes, we're still under attack.  [The Register]
    • 10-11-2015: ProtonMail 'mitigates' DDoS attacks, says security not breached.  [The Register]
    • 10-11-2015: More websites hit by Armada Collective DDoS blackmail attacks, but won't pay up.  [Graham Cluley]
  • 06-11-2015: Booming crypto ransomware industry employs new tricks to befuddle victims.  [Ars Technica]
  • 05-11-2015: Teen hackers strike again, leak info of government employees.  [Gizmodo]
  • 05-11-2015: WSJ: Iran hacked the Obama administration after arresting American citizen.  [Gizmodo]  [WSJ]
  • 05-11-2015: User data plundering by Android and iOS apps is as rampant as you suspected.  [Ars Technica]  [BBC News]
  • 04-11-2015: Stuxnet-style code signing of malware becomes darknet cottage industry.  [The Register]
  • 03-11-2015: Hackers use anti-adblocking service to deliver nasty malware attack.  [Ars Technica]
  • 03-11-2015: Hacking tool swipes encrypted credentials from KeePass.  [Ars Technica]  [The Register]
  • 02-11-2015: The rise of political doxing.  [Schneier]
  • 02-11-2015: E-mail crypto is as usable as it ever was, say boffins.  [The Register]
  • 02-11-2015: Kim Dotcom is building his own private internet.  [Stuff]
  • 01-11-2015: Crypto is for everyone - and American history proves it.  [Gizmodo]
  • 30-10-2015: America’s crypto battles.  [BBC News]
  • 28-10-2015: It's official: Tor's .onion domains will be kept off the public internet.  [The Register]
  • 28-10-2015: The doxing trend.  [Schneier]  [CNN]
  • 27-10-2015: Is the NSA trying to warn us that cryptography is dead?  [ExtremeTech]  [Schneier]
  • 27-10-2015: Hacked shopping mall CCTV cameras are launching DDoS attacks.  [Graham Cluley]
  • 27-10-2015: NSA warns of growing danger of cyber-attack by nation states.  [BBC News]
  • 26-10-2015: This 11-year-old is selling cryptographically secure passwords for $2 each.  [Ars Technica]
  • 24-10-2015: What's the internet community doing about the NSA cracking VPN, HTTPS encryption?  [The Register]
  • 24-10-2015: The perfect password that's also easy to remember.  [Stuff]
  • 23-10-2015: Microsoft runs the largest botnets to protect Azure customers.  [DC Knowledge]
  • 23-10-2015: Chattering Wi-Fi devices are a short hop away from the crown jewels of your network.  [Graham Cluley]
  • 23-10-2015: NSA advisory sparks concern of secret advance ushering in cryptoapocalypse.  [Ars Technica]
  • 22-10-2015: UK/China cyber security deal: National security attacks still OK.  [The Register]
    • 30-03-2016: Former FBI spy hunter: Don’t trust China on ‘no hack’ pact.  [The Register]
  • 22-10-2015: The challenges of Internet retailing - DDoS attacks.  [Hexus]
  • 22-10-2015: New attacks on NTP can defeat HTTPS and create chaos.  [Ars Technica]  [The Register]
  • 22-10-2015: 'Get a VPN to defeat metadata retention' is good advice. Sometimes.  [The Register]
  • 21-10-2015: German infosec bureaucrats want mail providers to encrypt.  [The Register]
  • 20-10-2015: One step closer to an encrypted web. Next stop: HTTPS for everyone.  [Graham Cluley]
  • 20-10-2015: Hacker releases new purported personal data for top CIA, DHS officials.  [Ars Technica]
  • 19-10-2015: The Australian cyber security report.  [Russ White]  [Palo Alto]
  • 19-10-2015: GCHQ to pore over blueprints of Chinese built Brit nuke plants.  [The Register]
  • 16-10-2015: How to protect yourself from the NSA if you use 1024-bit DH encryption.  [Gizmodo]
  • 16-10-2015: How the NSA can break trillions of encrypted Web and VPN connections.  [Ars Technica]
  • 15-10-2015: Inside Mandiant's biggest forensics breach battle: Is this Anthem?  [The Register]
  • 15-10-2015: Ingenious attack shows how Siri could be hijacked silently from 16 feet away.  [Graham Cluley]
  • 14-10-2015: FBI takes down Dridex botnet, seizes servers, arrests suspect.  [The Register]
  • 14-10-2015: Encryption is the only guarantee of data destruction in the cloud.  [Graham Cluley]
  • 13-10-2015: SYNful Knock is no Stuxnet.  [The Register]
  • 12-10-2015: Soviet spying on IBM Selectric typewriters.  [Schneier]  [NSA PDF]  [Ars Technica]
  • 12-10-2015: Where do major tech companies stand on encryption?  [Gizmodo]
  • 10-10-2015: China arrests hacking suspects on behalf of the US.  [Engadget]  [Gizmodo]
    • 13-10-2015: Arrest of Chinese hackers not a first for US.  [Krebs]
    • 14-10-2015: FireEye: US-China cyber espionage treaty 'will do nothing'.  [The Register]
    • 19-10-2015: China accused of hacking US firms even after cyber-peace treaty.  [Engadget]  [HardOCP]  [Reuters]
  • 08-10-2015: DDoS defences spiked by CloudPiercer tool - paper.  [The Register]
  • 07-10-2015: Cisco disrupts $30m Angler hacking operation.  [BBC News]  [DC Knowledge]
  • 05-10-2015: How to tackle the network intruders.  [BBC News]
  • 02-10-2015: Home routers 'vaccinated' by benign virus.  [BBC News]  [HardOCP]  [TechWeek]
  • 01-10-2015: When security experts gather to talk consensus, chaos ensues.  [Wired]
  • 01-10-2015: Identifying CIA officers in the field.  [Schneier]  [Salon]
  • 29-09-2015: Botnet preying on Linux computers delivers potent DDoS attacks.  [Ars Technica]  [Engadget]  [Gizmodo]  [HardOCP]  [ZDNet]
  • 29-09-2015: Here are the God-mode holes that gave TrueCrypt audit the slip.  [The Register]  [ExtremeTech]  [Engadget]
  • 28-09-2015: How to send and receive encrypted email for free.  [ExtremeTech]
  • 26-09-2015: US and China have an 'understanding' to fight cyber economic espionage.  [Engadget]
    • 27-09-2015: Analysis: China-US hacking accord is tall on rhetoric, short on substance.  [Ars Technica]
    • 30-03-2016: Former FBI spy hunter: Don’t trust China on ‘no hack’ pact.  [The Register]
  • 24-09-2015: How the mysterious Dark Net is going mainstream.  [TED YouTube]
  • 23-09-2015: Obama administration explored backdoors for bypassing smartphone crypto.  [Ars Technica]  [Engadget]  [HardOCP]  [Washington Post]
  • 23-09-2015: How the mysterious Dark Net is going mainstream.  [TED: YouTube]
  • 23-09-2015: Bidding for breaches, redefining targeted attacks.  [Krebs]
  • 22-09-2015: US Navy develops new system to defend against internet attacks.  [Graham Cluley]
  • 21-09-2015: History of hacktivism.  [Schneier]  [Georgetown Journal]
  • 21-09-2015: SYNful knock attack against Cisco routers.  [Schneier]  [FireEye: execpart 1]
  • 21-09-2015: FireEye: The face of hacking is changing – and it's getting uglier.  [The Register]
  • 20-09-2015: The rate of Chinese hacking attempts is slowing down.  [Engadget]
  • 19-09-2015: The tricky encryption that could stump quantum computers.  [Wired]
  • 18-09-2015: MI5's website uses obsolete encryption protocol.  [Graham Cluley]
  • 17-09-2015: A guide to ransomware, the scary hack that’s on the rise.  [Wired]
  • 17-09-2015: Seven years of malware linked to Russian state-backed cyber espionage.  [Ars Technica]  [Graham Cluley]  [Gizmodo]
  • 17-09-2015: Schneider patches yet another dumb vulnerability.  [The Register]
  • 16-09-2015: Obama edges toward full support for encryption – but does he understand what that means?  [The Register]
  • 15-09-2015: Cisco routers in at least 4 countries infected by highly stealthy backdoor.  [Ars Technica]
  • 15-09-2015: Microsoft throws crypto foes an untouchable elliptic curveball.  [The Register]
  • 14-09-2015: How to avoid surveillance... with your phone.  [TED YouTube]
  • 14-09-2015: Serious cyber attacks against NZ surge, GCSB figures show.  [NZ Herald]
  • 13-09-2015: Near-perfect computer security may be surprisingly close.  [Wired]
  • 11-09-2015: How to pick the perfect password.  [BBC News]
  • 11-09-2015: 2FA has finally become more convenient.  [ReadWriteWeb]
  • 10-09-2015: Library gets cop visit for running exit relay in US.  [The Register]
  • 10-09-2015: Monsters defeated in quest to free .onion from clutches of DNS-snooping demons.  [The Register]  [BBC News]  [Gizmodo]
  • 09-09-2015: How highly advanced hackers (ab)used satellites to stay under the radar.  [Ars Technica]  [The Register]
  • 08-09-2015: Researchers respond to developer’s accusation that they used crypto wrong.  [Ars Technica]
  • 08-09-2015: Our insecure Internet of Things is becoming terrifying.  [ExtremeTech]
  • 07-09-2015: Why Security Experts Are Using An Ancient Email Format In 2015.  [HardOCP]  [Motherboard]
  • 07-09-2015: Kill the password.  [HardOCP]  [TechCrunch]
  • 04-09-2015: Bored Brazilian skiddie claims DDoS against Essex Police.  [The Register]
  • 03-09-2015: The declining half-life of secrets.  [Schneier]  [Peter Swire: PDF]
  • 03-09-2015: Greater Manchester plod site targeted by nuisance DDoS attack.  [The Register]
  • 03-09-2015: Vulnerabilities found in Siemens SIMATIC HMI devices.  [Graham Cluley]
  • 01-09-2015: Cyberwar: a global guide to nation-state digital attacks.  [Wired]
  • 01-09-2015: NSA boss: encrypted software needs government backdoors.  [Wired]
    • 04-09-2015: FTC commissioners call for strong encryption, push back against FBI, NSA.  [ExtremeTech]  [The Register]
    • 06-09-2015: US trade watchdog to FBI: you think the crims won't know about the back door too?  [The Register]
  • 30-08-2015: NSA wants encryption that fends off quantum computing hacks.  [Engadget]
  • 28-08-2015: LizardStresser: Six people arrested in connection with Lizard Squad’s DDoS attack tool.  [Graham Cluley]  [BBC News]  [Krebs]  [HardOCP]  [ZDNet]  [Engadget]
  • 27-08-2015: BitTorrent patched against flaw that allowed crippling DoS attacks.  [Ars Technica]
  • 27-08-2015: Cisco's RAT-catchers spot sysadmin-targeted phish.  [The Register]
  • 27-08-2015: Iranian phishing.  [Schneier]  [Citizen Lab]
  • 26-08-2015: Concerns new Tor weakness is being exploited prompt dark market shutdown.  [Ars Technica]  [BBC News]  [Tripwire]
  • 26-08-2015: Tor is being cut up and making security pros cry.  [The Register]
  • 25-08-2015: System routes Internet traffic around countries you don't trust.  [HardOCP]  [IEEE Spectrum]
  • 25-08-2015: Are data breaches getting larger?  [Schneier]
  • 24-08-2015: Samsung smart fridge leaves Gmail logins open to attack.  [The Register]  [Schneier]  [Pen Test Partners]
  • 21-08-2015: China using cyberspies in border disputes with India and neighbours.  [The Register]
  • 21-08-2015: NSA preps quantum-resistant algorithms to head off crypto-apocalypse  [Ars Technica]  [Schneier]
  • 21-08-2015: SS7 phone-switch flaw enabled surveillance.  [Schneier]  [Engadget]
  • 21-08-2015: How firms are fighting off spies and hackers.  [BBC News]
  • 20-08-2015: Researchers can steer your emails away from hostile nations.  [Engadget]
  • 19-08-2015: Schneier: 'We're in early years of a cyber arms race'.  [The Register]
  • 19-08-2015: Hackers exploiting wide-open Portmap to amp up DDoS attacks.  [The Register]  [DC Knowledge]
  • 17-08-2015: Your torrent client could help hackers hijack your computer.  [ExtremeTech]
  • 17-08-2015: The noise around you could strengthen your passwords.  [HardOCP]  [Wired]  [Gizmodo]
  • 16-08-2015: How BitTorrent could let lone DDoS attackers bring down big sites.  [Ars Technica]
  • 13-08-2015: NSA funds $300k to build a safer Internet of Things.  [The Register]
  • 12-08-2015: Attackers are hijacking critical networking gear from Cisco.  [Ars Technica]  [Schneier]
  • 12-08-2015: Another salvo in the second crypto war (of words).  [Schneier]
  • 12-08-2015: Five years after Stuxnet, your USB drive is still being patched.  [Graham Cluley]
  • 12-08-2015: Apple and Google are killing kids with encryption, complain lawyers.  [The Register]
  • 11-08-2015: Security tool tricks workers into revealing company secrets.  [Wired]
  • 11-08-2015: Random numbers aren't, says infosec expert.  [The Register]
  • 10-08-2015: I watched hackers pull off a real life Ocean's 11 heist .  [Gizmodo]  [DefCon]
  • 07-08-2015: Imperva demos cloud man-in-the-middle attack.  [The Register]  [HardOCP]  [BlackHat]
  • 06-08-2015: Pentagon email hacked, Russia already blamed.  [The Register]  [HardOCP]  [CNBC]  [Gizmodo]  [Wired]  [Gizmodo]
  • 06-08-2015: How the Arab Spring blew the lid off the commercial spyware.  [The Register]
  • 04-08-2015: TrueCrypt 'decrypted' by FBI to nail doc-stealing sysadmin.  [The Register]
  • 04-08-2015: Chinese VPN service as attack platform?  [Krebs]
  • 04-08-2015: Hackers target internet address bug to disrupt sites.  [BBC News]
  • 03-08-2015: Next-gen secure email using internet's own DNS – your help needed.  [The Register]
  • 31-07-2015: New attack on Tor can deanonymize hidden services with surprising accuracy.  [Ars Technica]
  • 31-07-2015: NSA report shows China hacked 600+ US targets over 5 years.  [Ars Technica]
  • 31-07-2015: Back doors won't solve Comey's going dark problem.  [Schneier]
  • 30-07-2015: Derelict TrueCrypt Russia portal 'is command hub for Ukraine spying op'.  [The Register]  [Graham Cluley]
  • 30-07-2015: Reports shows Russians hackers used Twitter, photos to breach US computers.  [Stuff]
  • 29-07-2015: Bizarre high-tech kidnapping.  [Schneier]  [Wired]
  • 28-07-2015: Firewalls can't protect today's connected cars.  [HardOCP]  [Network World]
  • 28-07-2015: Hackers break into Brinks ultra secure safe.  [HardOCP]  [Network World]  [The Register]  [Schneier]
  • 28-07-2015: How the way you type can shatter anonymity -- even on Tor.  [Ars Technica]  [Graham Cluley]
  • 28-07-2015: New RC4 attack.  [Schneier]  [PDF]
  • 27-07-2015: Researchers hack air-gapped computer with simple cell phone.  [Wired]  [Engadget]  [The Register]
  • 27-07-2015: Even former heads of NSA, DHS think crypto backdoors are stupid.  [Ars Technica]  [Schneier]
  • 26-07-2015: Websites, please stop blocking password managers -- it’s 2015.  [Wired]  [HardOCP]
  • 25-07-2015: What amateurs can learn from security pros about staying safe online.  [Ars Technica]
  • 24-07-2015: US Treasury's intelligence network was susceptible to cyberattacks.  [Engadget]
  • 23-07-2015: Watch how malicious apps can secretly devour your data.  [Gizmodo]  [Bloomberg]
  • 23-07-2015: Researchers claim they’ve developed a better, faster Tor.  [Ars Technica]  [Engadget]  [BBC News]  [The Register]  [HardOCP]
  • 22-07-2015: Nigerian prince swaps the sweet talk for keyloggers and exploits.  [The Register]
  • 22-07-2015: Google, Facebook, and co launch web blacklist to nail ad scammers.  [The Register]
  • 21-07-2015: Black Hat 2015: 32 SCADA, mobile zero-day vulns will drop.  [The Register]
  • 18-07-2015: Cyber-security's dirty little secret: It's not as bad as you think.  [The Register]
  • 16-07-2015: You need to speak up for Internet security -- right now.  [Wired]
  • 16-07-2015: Once-theoretical crypto attack against HTTPS now verges on practicality.  [Ars Technica]  [The Register]
  • 15-07-2015: "Hornets nest of criminal hackers" destryed by Feds.  [Gizmodo]  [ExtremeTech]
    • 15-07-2015: The Darkode cybercrime forum, up close.  [Krebs]
  • 14-07-2015: Telegram messaging app cops 200Gbps DDoS.  [The Register]
  • 11-07-2015: The crypto wars aren't over.  [Wired]
  • 10-07-2015: Brit teen who unleashed 'biggest ever DDoS' walks free from court.  [The Register]
  • 10-07-2015: Cybercrime kingpin pleads guilty.  [Krebs]
  • 09-07-2015: UK politicos easily pwned on insecure Wi-Fi networks.  [The Register]  [Graham Cluley]
  • 09-07-2015: The risks of mandating backdoors in encryption products.  [Schneier]
  • 09-07-2015: Multi-billion dollar corporations hit by mystery hacking gang.  [Graham Cluley]
  • 08-07-2015: Encryption backdoors for cops put Internet security at risk.  [HardOCP]  [ZDNet]
  • 06-07-2015: DDoSers call 1988 and want its routing protocol hacked.  [The Register]
  • 03-07-2015: UK’s Cameron wants to ban encryption.  [ExtremeTech]
  • 30-06-2015: VPNs may not protect your information as well as you think.  [Engadget]
  • 29-06-2015: Chinese hackers take up white hats, become internet gatekeepers.  [Stuff]
  • 27-06-2015: Tougher encryption guidelines close a back door for NSA spies.  [Engadget]
  • 26-06-2015: US spy chief James Clapper says China lead suspect in cyber hack.  [BBC News]
  • 26-06-2015: FBI says crypto ransomware has raked in >$18 million for cybercriminals.  [Ars Technica]
  • 25-06-2015: DDoS attacks evolve and skyrocket on the Internet.  [Cisco]
  • 24-06-2015: What is the DoD's position on backdoors in security systems?  [Schneier]
  • 22-06-2015: “Free” proxies aren’t necessarily free.  [Krebs]
  • 22-06-2015: US the world's botnet mothership says Level 3.  [The Register]
  • 18-06-2015: Reddit, Wikipedia, Bing and the FBI agree - an encrypted web is a safer web.  [Graham Cluley]  [Ars Technica]
  • 16-06-2015: Emoji passcodes promise more security than numbers.  [Engadget]
    • 17-06-2015: Maybe emoji passwords aren't such a good idea.  [Wired]
  • 15-06-2015: Hack of cloud-based LastPass exposes hashed master passwords.  [Ars Technica]
    • 16-06-2015: Am I an idiot for still using a password manager?   [Gizmodo]
    • 16-06-2015: When breaches happen: LastPass hack showcases the value of strong encryption.  [DailyTech]
    • 16-06-2015: Don’t let the LastPass hack destroy your faith in password managers.  [Graham Cluley]
  • 15-06-2015: Encrypting Windows hard drives.  [Schneier]
  • 12-06-2015: Even with a VPN, open Wi-Fi exposes users.  [Ars Technica]
  • 12-06-2015: Europol operation crushes phiendish global phishing ring.  [The Register]
  • 11-06-2015: The latest hack lesson? Great defense is never enough.  [Wired]
  • 11-06-2015: Decrypted WhatsApp chats laid groundwork for Belgian terror raids.  [The Register]
  • 11-06-2015: Mystery continues to surround the nude celebrity iCloud hack.  [Graham Cluley]
    • 11-06-2015: FBI seized computers linked to celeb photo leak scandal.  [Engadget]
  • 11-06-2015: German parliament cyber-attack still 'live'.  [BBC News]
  • 10-06-2014: Russia's to blame for pro-ISIS megahack on French TV network.  [The Register]
  • 10-06-2015: Techies to Obama: keep your hands off encryption.  [Stuff]
  • 09-06-2015: If the FBI has a backdoor to Facebook or Apple encryption, we are less safe.  [BoingBoing]  [The Guardian]
  • 09-06-2015: CIA cybersecurity guru Dan Geer doesn’t use a cell phone.  [Wired]
  • 09-06-2015: Obama issues HTTPS-only order to US Federal sysadmins.  [The Register]  [BoingBoing]  [TechDirt]  [Graham Cluley]  [The Register]
  • 09-06-2015: Undetectable NSA-linked hybrid malware hits Intel Security radar.  [The Register]
  • 09-06-2015: US Army website defaced by Syrian Electronic Army hackers.  [Graham Cluley]
  • 05-06-2015: FBI: Apple and Google are helping ISIS by offering strong crypto.  [The Register]
  • 04-06-2015: Russia behind German govt cyber attack -- report.  [The Register]
  • 04-06-2015: We stand on the brink of global cyber war, warns encryption guru.  [The Register]
  • 01-06-2015: Hola VPN used to perform DDoS attacks, violate user privacy.  [Ars Technica]  [BBC News]  [Graham Cluley]  [The Register]  [NZ Herald]
    • 10-06-2015: Do you use Hola VPN? You could be part of a DDoS, content theft – or worse.  [The Register]
  • 30-04-2015: SHA-1 crypto hash retirement fraught with problems.  [The Register]
  • 30-04-2015: Another layer of defence against cyberattacks.  [DC Knowledge]
  • 28-04-2015: DDoSsers use reflection amplification to crank up the volume to 100Gbps+.  [The Register]
  • 28-04-2015: A day in the life of a stolen healthcare record.  [Krebs]
  • 27-04-2015: 'Use 1 capital' password prompts make them too predictable – study.  [The Register]
  • 27-04-2015: Thirty Meter Telescope website falls over in hacktivist DDoS attack.  [Graham Cluley]
  • 27-04-2015: Hackers hijack Tesla’s website, Twitter account and email – but how?  [Graham Cluley]
  • 26-04-2015: Your Tor-based email isn't as secure as you think.  [Engadget]  [Tor Project]
  • 25-04-2015: Russian hackers scooped up the President's unclassified email.  [Engadget]  [Ars Technica]  [Gizmodo]  [BoingBoing]
  • 24-04-2015: DoD’s new ‘transparent’ policy on cybersecurity is still opaque.  [Wired]  [Gizmodo]
  • 24-04-2015: Here's why the Pentagon is publishing its cyber-warfare rulebook – if China hasn't already hacked in and read it.  [The Register]
  • 24-04-2015: Ransomware decryptor.  [BoingBoing]  [Kaspersky]
  • 24-04-2015: The further democratization of QUANTUM.  [Schneier]
  • 24-04-2015: Federal Trade Commissioner Julie Brill on obscurity  [Schneier]  [CS Monitor]
  • 24-04-2015: Security researcher: it's "trivial to bypass security tools on Macs".  [Gizmodo]  [Threat Post]
  • 23-04-2015: Cash register maker used same password – 166816 – non-stop since 1990.  [The Register]  [BoingBoing]  [CSO]  [HardOCP]
  • 21-04-2015: White House cyber-general says US must be able to cyber-nuke the cyber-worst.  [The Register]
  • 21-04-2015: RSA supremo rips into 'failed' security industry, warns of 'super-mega hack'.  [The Register]
  • 21-04-2015: The secrets of webcam hackers.  [Graham Cluley]
  • 19-04-2015: Every version of Windows is affected by this vulnerability.  [HardOCP]  [MakeUseOf]
  • 19-04-2015: Inside Islamic State's spookocracy.  [BoingBoing]  [Der Spiegel]
  • 18-04-2015: Russians are using undiscovered exploits to hack the US government.  [Engadget]
  • 16-04-2015: IBM’s 700TB security threat database enters the cloud.  [The Register]  [DC Knowledge]
  • 16-04-2015: APT group hacks cyber-spy gang in spy-on-spy pwnage.  [The Register]
  • 15-04-2015: Hackers could commandeer new planes through passenger WiFi.  [Wired]  [HardOCP]
    • 18-04-2015: FBI accosts security researcher over fear that he hacked his flight.  [Gizmodo]  [HardOCP]  [Security Ledger]
    • 20-04-2015: Researcher who joked about hacking a jet plane barred from United flight.  [Ars Technica]  [BBC News]
    • 21-04-2015: Hacking airplanes.  [Schneier]  [CNN]  [Stuff]
    • 21-04-2015: Feds warn airlines to look out for passengers hacking jets.  [Wired]  [Engadget]  [Gizmodo]  [BBC News]  [The Register]
    • 26-04-2015: Security researcher discovers vulnerabilities: detained by FBI.  [HardOCP]  [TechDirt]
    • 15-05-2015: FBI: Security researcher claimed to hack, control plane in flight.  [Engadget]  [Ars Technica]  [Stuff]  [The Register]  [Graham Cluley]  [HardOCP]  [Wired]
    • 18-05-2015: FBI flight hacker claims queried by security experts.  [BBC News]
    • 19-05-2015: Airplane hacking panic -- why it’s surely a storm in a teacup.  [The Register]
    • 19-05-2015: More on Chris Roberts and avionics security.  [Schneier]
    • 20-05-2015: How a hacker could hijack an airplane from their seat.  [Gizmodo]
    • 20-05-2015: FBI probe of plane hack sparks worries over flight safety.  [NZ Herald]
    • 26-05-2015: Is it possible for passengers to hack commercial aircraft?  [Wired]
  • 15-04-2015: Meet the e-voting machine so easy to hack, it will take your breath away.  [Ars Technica]  [The Register]  [Schneier]  [BradBlog]
  • 15-04-2015: Malware attack discovered - what does Kaspersky do? Call in a comic strip artist.  [Graham Cluley]
  • 15-04-2015: Elite cyber crime group strikes back after attack by rival APT gang.  [Ars Technica]
  • 14-04-2015: The number of people who fall for phishing emails is staggering.  [Gizmodo]  [Wired]
  • 13-04-2015: Researchers accuse China of over 10 years' cyber espionage and attack.  [Gizmodo]  [FireEye PDF]
  • 13-04-2015: Anyone can buy the malware used to hack Sony.  [Gizmodo]  [HardOCP]  [cNet]
  • 11-04-2015: Police operation disrupts Beebone Botnet used for malware distribution.  [HardOCP]  [PCWorld]
  • 10-04-2015: More defenses against psuedo random subdomain attacks.  [Secure64]
  • 10-04-2015: BitTorrent's P2P browser for decentralized websites now in beta.  [THG]
  • 10-04-2015: Don’t be fodder for China’s ‘Great Cannon'.  [Krebs]  [Schneier]  [CitizenLab]
  • 09-04-2015: Edward Snowden says your password should be MargaretThatcherIs110%SEXY.  [Graham Cluley]  [Gizmodo]  [Lifehacker]
    • 13-04-2015: Snowden's "sexy Margaret Thatcher" password isn't so secure.  [Wired]
  • 09-04-2015: Attacking researchers who expose voting vulnerabilities.  [Schneier]  [EFF]
  • 09-04-2015: Denial of service attacks pour through rift in Network Time Protocol.  [The Register]
  • 09-04-2015: Motorola cable modem has hardcoded 'technician' backdoor.  [The Register]
  • 08-04-2015: Your home automation things are a security nightmare.  [The Register]
  • 07-04-2015: Russia might have hacked the White House.  [Engadget]  [Stuff]
    • 08-04-2015: White House hackers allegedly accessed sensitive data.  [HardOCP]  [cNet]
  • 07-04-2015: UK government website hijacked by Islamist hackers.  [Graham Cluley]
  • 04-04-2015: Bugs in Tor network used in attacks against underground markets.  [Ars Technica]
  • 03-04-2015: TrueCrypt security audit is good news, so why all the glum faces?  [Ars Technica]  [Lifehacker]  [NCC Group PDF]  [The Register]  [Gizmodo]  [Schneier]  [ExtremeTech]
  • 02-04-2015: Google exiles a Chinese certificate authority from the web.  [ReadWriteWeb]  [THG]
    • 02-04-2015: Mozilla piles on China's SSL cert overlord: we don't trust you either.  [The Register]
  • 02-04-2015: Snowden didn't scare many out of US clouds says Forrester.  [The Register]
  • 02-04-2015: China DDoS attacks used unencrypted websites to hijack browsers.  [Gizmodo]
  • 02-04-2015: Google shares staggering adware infection stats.  [Graham Cluley]
  • 01-04-2015: President's order lets the US sanction foreign cyberattackers.  [Engadget]  [Gizmodo]  [The Register]
  • 01-04-2015: Mystery 'Explosive' cyber-spy campaign traced back to Lebanon.  [The Register]
  • 01-04-2015: Energy companies around the world infected by newly discovered malware.  [Ars Technica]
  • 31-03-2015: Feds subpoena reddit in effort to learn about users behind Dark Web chatter.  [Ars Technica]
  • 31-03-2015: GitHub battles “largest DDoS” in site’s history, targeted at anti-censorship tools.  [Ars Technica]  [THG]
    • 31-03-2015: Massive denial-of-service attack on GitHub tied to Chinese government.  [Ars Technica]  [DC Knowledge]
    • 03-04-2015: DDoS attacks that crippled GitHub linked to Great Firewall of China.  [Ars Technica]
  • 26-03-2015: As crypto wars begin, FBI silently removes sensible advice to encrypt your devices.  [BoingBoing]  [TechDirt]
  • 26-03-2015: New router DNS attack delivers porn and game ads on mainstream websites.  [ExtremeTech]
  • 25-03-2015: DDoS attacks reduce in frequency but grow in volume.  [HardOCP]  [BetaNews]
    • 27-03-2015: As GitHub is hit hard, experts disagree whether DDoS attacks are becoming more or less frequent.  [Graham Cluley]
  • 24-03-2015: Google discovers new security holes -- is the entire system fundamentally  flawed?  [ExtremeTech]
  • 23-03-2015: The trick to hacking top-secret computers: just add heat.  [Gizmodo]  [The Register]  [Schneier]
  • 23-03-2015: Hilton Honors flaw exposed all accounts.  [Krebs]  [Ars Technica]  [Graham Cluley]
  • 22-03-2015: LightEater malware attacks millions of BIOS chips.  [HardOCP]  [BetaNews]
  • 21-05-2015: China finally admits it has an army of hackers for cyberwar.  [HardOCP]  [Gizmodo]
  • 21-03-2015: Automating remote BIOS attacks.  [BoingBoing]  [Forbes]
  • 20-03-2015: Hacking BIOS chips isn't just the NSA's domain anymore.  [Wired]  [Schneier]
  • 20-03-2015: Massive DDoS racks up $30,000-a-day Amazon bill for China activists.  [The Register]
  • 19-03-2015: Kaspersky Lab hits back at Bloomberg's Russian spy link hit piece.  [The Register]  [Graham Cluley]
    • 24-03-2015: Kaspersky hit by new below-the-belt sauna spy attack in the WSJ.  [Graham Cluley]
  • 19-03-2015: OpenSSL warns of two high-severity bugs, but no Heartbleed.  [Ars Technica]  [Graham Cluley]
  • 19-03-2015: GCHQ: Ensure biz security by stopping everyone from talking.  [The Register]
  • 18-03-2015: OpenSSL patch to plug severe security holes.  [Krebs]
  • 18-03-2015: Dark web’s ‘Evolution Market’ vanishes.  [Krebs]  [Wired]  [Graham Cluley]
  • 18-03-2015: 'Dark web' keeps criminals out of reach of metadata retention laws.  [Stuff]
  • 17-03-2015: The NSA is going to love these USB-C charging cables.  [Gizmodo]
  • 16-03-2015: China has hacked every major US corporation, former NSA head says.  [DC Knowledge]
  • 16-03-2015: ‘AntiDetect’ helps thieves hide digital fingerprints.  [Krebs]
  • 16-03-2015: Princeton boffins sniff Tor users' IDs from TCP ACKs and server sweat.  [The Register]
  • 14-03-2015: Fearing hackers, US State Dept. has shut off part of its email system.  [Gizmodo]
  • 14-03-2015: Computer terror simulation used to recruit 'cyber defenders'.  [BBC News]
  • 13-03-2015: CloudFlare keyless SSL scales down internet connections.  [EtherealMind]
  • 13-03-2015: Epic Google snafu leaks hidden whois data for 280,000 domains.  [Ars Technica]  [ExtremeTech]  [Engadget]
  • 12-03-2015: CryptoLocker look-alike searches for and encrypts PC game files.  [Ars Technica]
  • 11-03-2015: CloudFlare launches nameserver DDoS shield.  [The Register]
  • 10-03-2015: Spammers charged over 'largest' email breach.  [BBC News]
  • 10-03-2015: Banning Tor unwise and infeasible, MPs told  [BBC News]  [BoingBoing]  [Parliament]  [The Daily Dot]  [Ars Technica]
  • 10-03-2015: Cutting-edge hack gives super user status by exploiting DRAM weakness.  [Ars Technica]  [Wired]  [Schneier]
  • 10-03-2015: OpenSSL audit kicks off for post-Heartbleed strengthening programme.  [The Register]
  • 09-03-2015: Ethiopia is hacking US journalists with commercial spyware.  [Engadget]
    • 17-03-2015: Details on hacking team software used by Ethiopian government.  [Schneier]  [Citizen Lab]
  • 09-03-2015: Tor doesn't want to depend on US government money anymore.  [Gizmodo]  [The Daily Dot]
  • 09-03-2015: Identifying when someone is operating a computer remotely.  [Schneier]  [BioCatch]
  • 08-03-2015: UK man arrested on suspicion of US DoD hacking.  [Ars Technica]  [Engadget]
  • 07-03-2015: Give biometrics the finger: horror tales from the ENCRYPT.  [The Register]
  • 06-03-2015: France fingered as source of Syria-spying Babar malware.  [The Register]
  • 05-03-2015: DNS enhancement catches malware sites by understanding sneaky domain names.  [Ars Technica]
  • 04-03-2015: US air traffic control computer system vulnerable to terrorist hackers.  [Ars Technica]  [HardOCP]  [Engadget]
  • 04-03-2015: FREAK attack: what is it, and what you need to know.  [Graham Cluley]  [Gizmodo]  [ExtremeTech]  [Engadget]  [Gizmodo]  [Stuff]  [Schneier]
  • 04-03-2015: Tom Ridge can find terrorists anywhere.  [Schneier]
  • 02-03-2015: Would you trust 'spyproof' mobes made in Putin's Russia?  [The Register]
  • 02-03-2015: Silent Circle revamps secure smartphone.  [The Register]  [Gizmodo]
    • 05-03-2015: How Blackphone turned a security fail into a win.  [ReadWriteWeb]
  • 02-03-2015: The democratization of cyberattack.  [Schneier]  [Motherboard]
  • 01-03-2015: VPNs: which ones value your privacy?  [BoingBoing]  [TorrentFreak]
  • 28-02-2015: The U.S. doesn't like it when China wants to build encryption backdoors.  [Gizmodo]  [HardOCP]  [ZDNet]  [Engadget]  [Graham Cluley]
  • 27-02-2015: Ramnit botnet shut down.  [HardOCP]  [Europol]
  • 26-02-2015: It took police three years to fully shut down a money-stealing botnet.  [Gizmodo]
  • 26-02-2015: FinFisher, the spyware loved by cruel dictators, stomps all over human rights, says UK govt.  [The Register]
  • 26-02-2015: Everyone wants you to have security, but not from them.  [Schneier]
  • 26-02-2015: Spam uses default passwords to hack routers.  [Krebs]
  • 26-02-2015: PrivDog chews HTTPS, hurls clear text.  [The Register]
  • 25-02-2015: "Surreptitiously Weakening Cryptographic Systems".  [Schneier]  [IACRPDF]
  • 25-02-2015: Anthem hack puts at least 8.8 million non-customers at risk.  [Graham Cluley]
  • 25-02-2015: Police shut down network 'used to steal bank details'.  [BBC News]
  • 25-02-2015: FBI says sixty different hacker groups linked to nation-states.  [Stuff]
  • 25-02-2015: Feds offer $3m reward for 'CryptoLocker baron'.  [The Register]
  • 24-02-2015: Banking malware spreading via Microsoft Word macros.  [Graham Cluley]
  • 24-02-2015: Lizard Squad disrupts Google in Vietnam to promote DDoS-for-hire service.  [Graham Cluley]
  • 23-02-2015: Ad-blocking software is 'worse than Superfish'.  [BBC News]  [Lumension]
  • 23-02-2015: Security software found using Superfish-style code, as attacks get simpler.  [Ars Technica]
  • 21-02-2015: Accused British hacker, wanted for crimes in US, won’t give up crypto keys.  [Ars Technica]
  • 20-02-2015: Hello, NSA? The US State Department can't kick hackers out of its networks – report.  [The Register]
  • 20-02-2015: Cybersecurity: Tackling the threat from within.  [BBC News]
  • 20-02-2015: Horrors of murky TrueCrypt to be probed once more.  [The Register]  [IsTrueCryptAuditedYet]
  • 19-02-2015: Lenovo pre-installed malware on laptops.  [BoingBoing]  [BBC News]  [Graham Cluley]  [ExtremeTech]  [Schneier]  [Gizmodo]
    • 19-02-2015: Lenovo ditches adware - but that doesn't fix SSL mega-vulnerability.  [The Register]  [Engadget]  [Ars Technica]
    • 19-02-2015: How to test your PC for the new "Superfish" security vulnerability.  [Lifehacker]
    • 19-02-2015: Lenovo honestly thought you’d enjoy that Superfish HTTPS spyware.  [Ars Technica]
    • 19-02-2015: How to get unhooked from Lenovo's dangerous Superfish spyware.  [ReadWriteWeb]  [ExtremeTech]  [Gizmodo]
    • 19-02-2015: Lenovo CTO says “We didn’t do enough,” promises to wipe Superfish off PCs.  [Ars Technica]
    • 20-02-2015: US cyber-cops declare WAR on Superfish ad-spewing malware lurking in Lenovo laptops.  [The Register]
    • 20-02-2015: How could Lenovo miss its Superfish security hole?  [Engadget]
    • 21-02-2015: Superfish doubles down, says HTTPS-busting adware poses no security risk.  [Ars Technica]
    • 21-02-2015: “SSL hijacker” behind Superfish debacle imperils large number of users.  [Ars Technica]
    • 21-02-2015: Windows Defender now removes Superfish malware… if you’re lucky.  [Ars Technica]
    • 21-02-2015: Lenovo offers tool to remove hidden adware 'Superfish'.  [BBC News]  [Gizmodo]  [HardOCP]  [The Verge]  [The Register]
    • 22-02-2015: Microsoft, McAfee vs. SuperFish.  [HardOCP]  [Mashable]
    • 23-02-2015: Mozilla mulls Superfish torpedo.  [The Register]
    • 23-02-2015: Superfish points fingers over ad software.  [Stuff]
    • 23-02-2015: Facebook security chap finds 10 Superfish sub-species.  [The Register]
    • 23-02-2015: Lenovo CTO: we have no intention of shipping a Superfish product again.  [Gizmodo]
    • 24-02-2015: Still smarting from HTTPS-busting Superfish debacle, Lenovo says sorry.  [Ars Technica]
    • 24-02-2015: Lenovo users lawyer up over hole-filled, HTTPS-breaking Superfish adware.  [Ars Technica]  [The Register]
    • 24-02-2015: Give us a week to clean the Superfish, begs Lenovo CTO.  [The Register]
    • 25-02-2015: Lenovo falls on its sword as Superfish impact spreads.  [ExtremeTech]
    • 25-02-2015: Lenovo's website hacked, apparently by Lizard Squad.  [Engadget]  [The Register]  [The Register]  [Graham Cluley]  [Ars Technica]  [Gizmodo]
    • 26-02-2015: Lenovo's Superfishing trip.  [NZ Herald]
    • 27-02-2015: Bruised Lenovo promises 'a cleaner, safer PC'.  [Graham Cluley]  [ExtremeTech]  [THG]
    • 07-03-2015: Two weeks on, Superfish debacle still causing pain for some Lenovo customers.  [Ars Technica]
    • 09-03-2015: Lenovo still shipping infected systems as customers grapple with removal.  [ExtremeTech]
    • 06-05-2015: There's another 'massive security risk' in Lenovo's computers.  [Gizmodo]
    • 12-08-2015: Lenovo crams unremovable crapware on Windows laptops – by hiding it in the BIOS.  [The Register]  [Lifehacker]
  • 18-02-2015: America already has a Manhattan Project for developing cyber attacks.  [Wired]
  • 16-02-2015: How “omnipotent” hackers tied to NSA hid for 14 years -- and were found at last.  [Ars Technica]
  • 14-02-2015: Hackers stole hundreds of millions in massive malware bank heist.  [Gizmodo]  [NYT]  [Engadget]  [Ars Technica]  [Graham Cluley]  [The Register]  [Krebs]
  • 13-02-2015: Obama’s new order urges companies to share cyber-threat info with the government.  [Wired]  [Engadget]  [The Register]
  • 13-02-2015: Biter bitten as hacker leaks source code for popular exploit kit.  [The Register]
  • 12-02-2015: Electronic surveillance failures leading up to the 2008 Mumbai terrorist attacks.  [Schneier]
  • 12-02-2015: 1 billion data records stolen last year due to poor security.  [HardOCP]  [ZDNet]
  • 12-02-2015: Cyber attack takes down Dutch government sites.  [BBC News]  [The Register]
  • 11-02-2015: A crypto trick that makes software nearly impossible to reverse-engineer.  [Wired]
  • 11-02-2015: The consumer data revolt is coming.  [HardOCP]  [Bloomberg]
  • 11-02-2015: Facebook helps online services warn each other about security threats.  [Engadget]  [The Register]  [HardOCP]  [ThreatExchange]
  • 11-02-2015: Jeb Bush redacts correspondents' leaked information.  [BBC News]  [DailyTech]
    • 13-02-2015: Jeb Bush is sorry he published social security numbers.  [Gizmodo]
  • 11-02-2015: Air gaps: Happy gas for infosec or a noble but inert idea?  [The Register]
  • 11-02-2015: Steal the hackers' thunder by revealing yourself online.  [Stuff]
  • 10-02-2015: Hackers unknowingly gather intel for the NSA.  [HardOCP]  [Computer World]
  • 10-02-2015: NSA claims Iran learned from Western cyberattacks.  [The Intercept]  [Wired]  [Engadget]
    • 10-02-2015: Did the NSA and the UK’s spy agency launch a joint cyberattack on Iran?  [Wired]
  • 10-02-2015: Uber left its lost-and-found database open to anyone on the internet.  [Graham Cluley]  [The Register]
  • 10-02-2015: US launching a new cyberwarfare agency in wake of Sony attacks.  [Engadget]  [DC Knowledge]  [HardOCP]  [Stuff]
  • 10-02-2015: Take a security checkup on Safer Internet Day.  [Google]
    • 10-02-2015: It’s Safer Internet Day. So where is our Internet of Secure Things?  [Graham Cluley]
  • 10-02-0215: Fearing an FBI raid, researcher publishes 10 million passwords/usernames.  [Ars Technica]  [The Register]  [HardOCP]  [BGR]  [Schneier]  [Gizmodo]  [The Guardian]  [Xato]
  • 09-02-2015: DARPA's Memex for searching the deep Web.  [BoingBoing]  [Scientific American]  [DARPA]  [Wired]
  • 06-02-2015: The world’s email encryption relies on a guy who is going broke.  [Gizmodo]
  • 06-02-2015: Why even strong crypto wouldn’t protect SSNs exposed in Anthem breach.  [Ars Technica]
    • 06-02-2015: China to blame in Anthem attack?  [Krebs]
    • 07-02-2015: Phishers pounce on Anthem breach.  [Krebs]  [Graham Cluley]  [Gizmodo]  [Ars Technica]
    • 08-02-2015: Anthem's stolen customer data not encrypted.  [HardOCP]  [cNet]
    • 09-02-2015: Anthem breach may have started in April 2014.  [Krebs]
  • 05-02-2015: Siemens: SCADA bugs abound.  [The Register]
  • 05-02-2015: Your crypto apps are useless unless you check them for backdoors.  [Ars Technica]
  • 04-02-2015: Here's why your bank account is less secure than your Gmail.  [Gizmodo]
  • 04-02-2015: The utterly crazy story of the death threat hacker.  [Graham Cluley]  [The Register]
  • 03-02-2015: The Hells Angels are old pros at encryption .  [Gizmodo]
  • 03-02-2015: Cybersecurity: Defending 'unpreventable' cyber attacks.  [BBC News]
  • 02-02-2015: Femmes fatales steal Syrian opposition’s Skype chats and military plans.  [Graham Cluley]  [BBC News]  [The Register]  [Ars Technica]  [Gizmodo]
  • 01-02-2015: The British Army is creating a battalion of "Facebook Warriors".  [Gizmodo]  [HardOCP]  [Neowin]
  • 31-01-2015: The army just open-sourced its security software.  [Gizmodo]  [Engadget]
  • 30-01-2015: WhatsApp privacy hole exposes users’ private profile photos.  [Graham Cluley]  [The Register]
  • 29-01-2015: China, FBI and UK all want backdoors in Western technology.  [The Register]  [Graham Cluley]
    • 29-01-2015: China’s new rules for selling tech to banks have US companies spooked.  [Wired]
  • 29-01-2015: The Internet of Dangerous Things.  [Krebs]
  • 29-01-2015: Mozilla dusts off old servers, lights up Tor relays.  [The Register]
  • 29-01-2015: IT vendors cry foul at new Chinese security rules requiring built-in backdoors.  [Ars Technica]
  • 28-01-2015: Use a Raspberry Pi as a Tor/VPN router for anonymous browsing.  [Lifehacker]  [Make]
  • 28-01-2015: No, Department of Justice, 80% of Tor traffic is not child porn.  [Wired]  [HardOCP]
  • 28-01-2015: Bug in ultra secure BlackPhone let attackers decrypt texts, stalk users.  [Ars Technica]  [HardOCP]  [Security Week]
  • 27-01-2015: FTC warns of the huge security risks in the Internet of Things.  [Wired]  [FTC]  [The Register]
  • 27-01-2015: Hacktivists step up web attack volumes.  [BBC News]  [Stuff]
  • 27-01-2015: Facebook and Instagram get knocked offline... for about an hour.  [BBC News]  [Engadget]  [The Register]
    • 27-01-2015: Facebook back up after site crash.  [Stuff]
    • 27-01-2015: Lizard Squad claims to take down Facebook, Instagram, Tinder (briefly).  [Gizmodo]
    • 27-01-2015: Lizard Squad blamed for Facebook downtime. Facebook says “Err... no”.  [Graham Cluley]
    • 27-01-2015: Facebook outage affects sites that used social network’s login system.  [DC Knowledge]
    • 28-01-2015: Facebook blames internal glitch for blackout.  [NZ Herald]  [Stuff]  [The Register]  [HardOCP]  [Chicago Tribune]
  • 27-01-2015: 'Path to Hell': Davos elites warned about catastrophic cyber attacks.  [Stuff]
  • 26-01-2015: Lizard Squad threatens Malaysia Airlines with data dump: We did too hack your site.  [The Register]
  • 23-01-2015: Internet attack could shut down US gas stations.  [Ars Technica]  [HardOCP]
  • 22-01-2015: A brief attempt at explaining the madness of cryptocurrency.  [Engadget]
  • 22-01-2015: Did feds mount a sustained attack on Tor to decloak crime suspects?  [Ars Technica]
  • 21-01-2015: What Obama gets wrong about digital security.  [Gizmodo]
  • 21-01-2015: Playing NSA, hardware hackers build USB cable that can attack.  [Ars Technica]
  • 21-01-2015: The 25 most popular passwords of 2014.  [Lifehacker]  [Engadget]  [HardOCP]  [PRWeb]  [BBC News]  [Stuff]
  • 20-01-2015: Life inside a DDOS "booter site".  [BoingBoing]  [Ars Technica]
  • 20-01-2015: NSA: We're in your botnet.  [The Register]
  • 19-01-2015: The daunting challenge of reporting on cyberwar.  [BBC News]
  • 18-01-2015: New "Skeleton Key" malware allows bypassing of passwords.  [HardOCP]  [Neowin]
  • 17-01-2015: NSA brags about turning the tables on cyberwarfare hackers.  [Engadget]
  • 17-01-2015: Need a hacker? Check out Hacker's List.  [HardOCP]  [PCMag]
  • 17-01-2015: New Snowden documents show scope of United States' cyber war plans: infiltrate and control or destroy enemy systems and networks.  [Der Spiegel]
  • 16-01-2015: 'Cyber attack war games' to be staged by UK and US.  [BBC News]
  • 16-01-2015: Here are some dummies giving Jimmy Kimmel their passwords on national TV.  [Gizmodo]
  • 16-01-2015: Freelance hackers will bust into your boyfriend's email... for a fee.  [ReadWriteWeb]
  • 16-01-2015: The problem with the White House cybersecurity proposals.  [BoingBoing]  [UoC]
  • 15-01-2015: Thousands of French websites face DDoS attacks since Charlie Hebdo massacre.  [DC Knowledge]  [BBC News]
  • 15-01-2015: Got a GE industrial Ethernet switch? Get patching.  [The Register]
  • 15-01-2015: Cryptolocker 3.0 scum bounce victims over Invisible net.  [The Register]  [PCWorld]
  • 14-01-2015: NSA official: Support of backdoored Dual_EC_DRBG was “regrettable”.  [Ars Technica]  [The Register]
  • 13-01-2015: Obama renews push for comprehensive cybersecurity legislation.  [Engadget]  [HardOCP]  [Yahoo News]  [Gizmodo]  [BBC News]  [Wired]  [BoingBoing]
    • 14-01-2015: Obama's proposed laws against hacking will negatively impact cybersecurity professionals, create a cyber police state.  [Errata Security]
    • 15-01-2015: Mr President, is this a war on hackers – or a war on people stopping hackers?  [The Register]
  • 13-01-2015: Thunderstrike! How a radar-proof rootkit could infect your Mac.  [Graham Cluley]
  • 13-01-2015: Attackers planting banking Trojans in industrial systems.  [The Register]
  • 12-01-2015: Keysweeper: creepy keystroke logger camouflaged as USB charger.  [BoingBoing]  [Keysweeper]  [Ars Technica]  [Coolest Gadgets]
  • 12-01-2015: Hackers claiming ties to ISIS take control of Pentagon social accounts.  [Engadget]  [BBC News]  [Stuff]  [Gizmodo]  [The Register]  [Wired]  [HardOCP]  [Fox News]  [BoingBoing]  [Ars Technica]
    • 13-01-2015: US military’s CENTCOM Twitter account hacked – were they not using 2FA?  [Graham Cluley]
    • 13-01-2015: It doesn’t really matter if ISIS sympathizers hacked Central Command’s Twitter.  [Wired]
    • 13-01-2015: What are the odds CENTCOM really was hacked by ISIS? Next to zero.  [BoingBoing]  [The Daily Beast]
    • 13-01-2015: Centcom - a PR disaster, not cyberwar.  [BBC News]
  • 09-01-2015: Security hole found in North Korea’s home-grown OS.  [Ars Technica]  [The Register]
    • 12-01-2015: Hands-on with North Korea's web browser.  [WhiteHatSec]
    • 12-01-2015: North Korea’s official news site delivers malware.  [Ars Technica]
  • 09-01-2015: Lizard stresser runs on hacked home routers.  [Krebs]  [Ars Technica]
  • 09-01-2015: MI5 boss: We need to break securo-tech, get 'assistance' from data-slurp firms.  [The Register]
  • 09-01-2015: Post-POODLE, OpenSSL shakes off some fleas.  [The Register]
  • 08-01-2015: 8chan, related sites go down in Lizard Squad-powered DDoS.  [Ars Technica]
  • 08-01-2015: Browsing in privacy mode isn't as secure as you think.  [ReadWriteWeb]
  • 08-01-2015: Pro-Russian cyberattacks bring down German government websites.  [Engadget]
  • 07-01-2015: Immobilise national property register left 28 million doors wide open for burglars to plunder data.  [Graham Cluley]  [The Register]
  • 07-01-2015: Spies do 'happy dance' after encryption cracked.  [Stuff]
  • 06-01-2015: The biggest security threats we’ll face in 2015.  [HardOCP]  [Wired]
  • 06-01-2015: Lavabit founder wants to make “dark” e-mail secure by default.  [Ars Technica]  [BoingBoing]
  • 05-01-2015: Why today's security measures just don't cut it.  [Wired]  [HardOCP]  [cNet]
  • 05-01-2015: Gogo Inflight Internet is intentionally issuing fake SSL certificates.  [Neowin]
  • 03-01-2015: 2014 was the biggest year for malware yet.  [HardOCP]  [Digital Trends]
    • 09-01-2015: 2014: the year of infrastructure vulnerability.  [DC Knowledge]
  • 03-01-2015: Cyber criminals demand a modern approach to security.  [Stuff]
  • 01-01-2015: North Korea/Sony story shows how eagerly US media still regurgitate government claims.  [The Intercept]
  • 01-01-2015: The most dangerous people on the internet right now.  [Wired]

2014 News

  • 28-11-2014: World's best threat detection pwned by BAB0.  [The Register]
  • 27-11-2014: Siemens issues emergency SCADA patch.  [The Register]
  • 27-11-2014: Syrian hacking group places pop-up message on websites.  [BBC News]  [Stuff]  [The Register]  [GigaOM]  [Gizmodo]
  • 24-11-2014: Security bill: The challenge of identifying internet users.  [BBC News]
  • 24-11-2014: Crypto protocols held back by legacy, says ENISA.  [The Register]
  • 23-11-2014: 15 arrested in new European crackdown of peeping tom malware users.  [Ars Technica]  [The Guardian]  [Stuff]  [NZ Herald]
  • 21-11-2014: Detekt: a new malware detection tool.  [HardOCP]  [EFF]  [Gizmodo]
  • 21-11-2014: DDoS attacks of more than 10Gbps rise significantly in Q3.  [DC Knowledge]
  • 20-11-2014: Cloudflare: 500 Gbps DDoS carried out against independent Hong Kong news sites.  [Forbes]
  • 20-11-2014: FTC announces crackdown on computer speedup/tech support scams.  [DailyTech]  [HardOCP]  [FTC]
  • 20-11-2014: Malware’s new target: your password manager’s password.  [Ars Technica]  [Schneier]
  • 19-11-2014: US government insists it doesn’t stockpile zero-day exploits.  [HardOCP]  [Wired]
  • 19-11-2014: Fake antivirus scams: It's a $120m business – and alleged ringleaders have just been frozen.  [The Register]
  • 19-11-2014: Beefed up iPhone crypto will lead to a child dying, DOJ warned Apple execs.  [Ars Technica]  [Pocketnow]  [WSJ]  [DailyTech]
  • 19-11-2014: Asian mobiles the DDOS threat of 2015, security mob says.  [The Register]
  • 19-11-2014: The real lesson from recent cyberattacks: let's break up the NSA.  [ReadWriteWeb]
  • 18-11-2014: Snarky 1992 NSA report on academic cryptography.  [Schneier]  [Scott Aaronson]
  • 18-11-2014: New free CA.  [Schneier]
  • 18-11-2014: Many Tor-anonymized domains seized by police belonged to imposter sites.  [Ars Technica]  [New Web Order]  [Gizmodo]
  • 17-11-2014: Hackers are building and open-sourcing spy tools based on leaked NSA documents.  [Motherboard]
  • 17-11-2014: The NSA's efforts to ban cryptographic research in the 1970s.  [Schneier]  [Medium]
  • 17-11-2014: Link found in Staples, Michaels breaches.  [Krebs]
  • 17-11-2014: Attack reveals 81% of Tor users but admins call for calm.  [The Register]  [Engadget]
  • 17-11-2014: US State Dept hacked, email shut down.  [Stuff]  [Washington Post]  [Engadget]  [HardOCP]  [Gizmodo]  [BoingBoing]  [Yahoo]
  • 16-11-2014: Everything needs crypto, says IAB.  [The Register]
  • 14-11-2014: For a year, gang operating rogue Tor node infected Windows executables.  [Ars Technica]
  • 14-11-2014: ‘Microsoft partner’ claims fuel support scams.  [Krebs]
  • 14-11-2014: The return of crypto export controls?  [Schneier]  [The Register]
  • 13-11-2014: Network hijackers exploit technical loophole.  [Krebs]
  • 12-11-2014: Hackers use DNS TXT records to amplify DDoS attacks:.  [DC Knowledge]  [Akamai PDF]
  • 12-11-2014: FBI’s most wanted cybercriminal used his cat’s name as a password.  [Ars Technica]  [Gizmodo]  [Stuff]
  • 12-11-2014: Target, Home Depot and UPS attacks: need to rethink point-of-sale security.  [The Register]
  • 12-11-2014: Why are ISPs removing their customers' email encryption?  [Gizmodo]  [BoingBoing]  [EFF]  [The Register]  [Schneier]
    • 13-11-2014: Condemnation mounts against ISP that sabotaged users’ e-mail encryption.  [Ars Technica]
  • 11-11-2014: Don’t blame Obama, but DDoS attacks are now using his press releases.  [Ars Technica]
  • 11-11-2014: German spies want millions of Euros to buy zero-day code holes.  [The Register]
  • 11-11-2014: “DarkHotel” uses bogus crypto certificates to snare Wi-Fi-connected execs.  [Ars Technica]  [Wired]  [NZ Herald]  [HardOCP]  [Kaspersky]  [The Register]  [Stuff]  [BBC News]  [Gizmodo]  [Schneier]
  • 10-11-2014: Google reveals alarming success rates for manual hijacking of accounts.  [DC Knowledge]  [Whir]
  • 10-11-2014: China suspected of breaching US Postal Service computer networks.  [Washington Post]  [Engadget]  [The Register]  [Gizmodo]  [Lifehacker]  [BoingBoing]  [LA Times]  [Reuters]  [Ars Technica]
  • 10-11-2014: Mozilla will start hosting Tor relays as part of Polaris privacy push.  [GigaOM]
  • 08-11-2014: Another reminder on why you need to change default passwords.  [HardOCP]  [Network World]
  • 07-11-2014: Aussie spooks warn of state-sponsored online attacks during G20.  [The Register]
  • 06-11-2014: Crypto attack that hijacked Windows Update goes mainstream in Amazon Cloud.  [Ars Technica]
  • 05-11-2014: Still spamming after all these years.  [Krebs]
  • 05-11-2014: This system will self destruct: Crimeware gets powerful new functions.  [Ars Technica]
  • 04-11-2014: How hackers can smuggle out your company’s data, via video.  [Collaborista]
  • 03-11-2014: Flaw in new ‘secure’ credit cards would let hackers steal $1M per card.  [Wired]  [Gizmodo]  [HardOCP]  [BoingBoing]
  • 03-11-2014: Pro-democracy Hong Kong sites DDoS'd with Chinese cyber-toolkit.  [The Register]
  • 01-11-2014: The Amazons of the dark net.  [The Economist]
  • 30-10-2014: Chip & PIN vs chip & signature.  [Krebs]
  • 30-10-2014: Sandworm uses PowerPoint against Swiss bank customers.  [The Register]
  • 29-10-2014: Hackers are using Gmail drafts to update their malware and steal data.  [Wired]  [BoingBoing]
  • 29-10-2014: White House hit by “sustained” cyber attack, hackers breach unclassified network.  [Graham Cluley]  [ReadWriteWeb]  [The Register]
  • 28-10-2014: Security Avengers team up to take down Chinese hacking group.  [The Register]
  • 28-10-2014: Leader of “most sophisticated cybercrime ring” sentenced to 11 years.  [Ars Technica]
  • 27-10-2014: Targeted attacks against businesses on the rise.  [HardOCP]  [ZDNet]
  • 27-10-2014: 'Replay’ attacks spoof chip card charges.  [Krebs]
  • 27-10-2014: Exposing the hidden history of computer hacking.  [BBC News]
  • 25-10-2014: Hackers target military, embassy and defense workers in Operation Pawn Storm.  [Graham Cluley]
  • 24-10-2014: Now everyone wants to sell you a magical anonymity router -- choose wisely.  [Wired]
  • 21-10-2014: What's the best way to weaken crypto?  [BoingBoing]  [PDF]
  • 20-10-2014: Credit card breach at Staples stores.  [Krebs]  [BBC News]  [The Register]  [Ars Technica]
  • 20-10-2014: GCHQ spokesperson says cyber terrorism is 'not a concer'.  [Tripwire]
  • 20-10-2014: Spike in malware attacks on aging ATMs.  [Krebs]  [Gizmodo]
  • 17-10-2014: How Facebook uses leaked passwords to keep your account safe.  [Gizmodo]  [The Register]
  • 16-10-2014: Tor Browser goes 4.0.  [BoingBoing]  [Tor Project]
  • 16-10-2014: NSA classification ECI = Exceptionally Controlled Information.  [Schneier]
  • 15-10-2014: Meet the Internet's nasty new "Poodle" attack.  [ReadWriteWeb]  [Graham Cluley]  [HardOCP]  [7 News]  [Google]  [Ars Technica]  [Wired]  [The Register]
    • 17-10-2014: How to protect yourself against Poodle attack.  [ReadWriteWeb]
    • 11-12-2014: 'Poodle’ bug returns, bites big bank sites.  [Krebs]
    • 29-04-2015: Barclays, Halifax and Tesco banks still vulnerable to POODLE attack.  [Graham Cluley]
  • 14-10-2014: It's time to enable two-step authentication on everything -- here’s how.  [Gizmodo]
  • 13-10-2014: With this tiny box, you can anonymize everything you do online.  [Wired]  [ReadWriteWeb]  [THG]
  • 13-10-2014: Bahraini activists hacked by their government go after UK spyware maker.  [Wired]
  • 12-10-2014: SEANux – a version of Linux from the Syrian Electronic Army.  [Graham Cluley]
  • 10-10-2014: Malware-based credit card breach at Kmart.  [Krebs]  [Buzzfeed]  [Engadget]  [Graham Cluley]  [BBC News]
  • 10-10-2014: Online activism and the computer fraud and abuse act.  [Schneier]  [BoingBoing]
  • 10-10-2014: Malware analysts tell crooks to shape up and write decent code.  [The Register]
  • 09-10-2014: Gadgets held as evidence being remotely wiped.  [BoingBoing]
  • 08-10-2014: America must end its paranoid war on hackers.  [Wired]
  • 08-10-2014: Sir Tim Berners-Lee defends decision not to bake security into web.  [The Register]
  • 08-10-2014: FBI director sees progress in the US' ability to fight cyberattacks.  [Engadget]
  • 07-10-2014: Russian cybercrime group compromised half a million computers.  [ComputerWorld]
  • 07-10-2014: Monster banking Trojan botnet claims 500,000 victims.  [The Register]
  • 07-10-2014: Huge data leak at largest US bond insurer.  [Krebs]
  • 07-10-2014: FBI director says Chinese hackers are like a “drunk burglar”.  [Ars Technica]  [HardOCP]  [CBS News]
  • 06-10-2014: iPhone encryption and the return of the crypto wars.  [Schneier]
  • 02-10-2014: 76 million households affected by JPMorgan Chase data breach.  [Gizmodo]  [HardOCP]  [ZDNet]  [The Register]
  • 02-10-2014: The unpatchable malware that infects USBs is now on the loose.  [Wired]  [Gizmodo]  [Engadget]  [BoingBoing]  [ExtremeTech]  [BBC News]  [Graham Cluley]  [HardOCP]  [Schneier]
    • 07-10-2014: The only fix for that terrible USB malware requires epoxy.  [Gizmodo]
    • 08-10-2014: Fixing the unfixable USB bug.  [BoingBoing]  [Wired]
    • 18-11-2014: USB coding anarchy: Consider all sticks vulnerable.  [The Register]
  • 02-10-2014: 17,000 Macs recruited into malware botnet, with a little help from Reddit.  [Graham Cluley]
  • 01-10-2014: The criminal indictment that could finally hit spyware makers hard.  [Wired]
  • 30-09-2014: Hacked security plugin firm stored customer passwords in plaintext.  [TripWire]
  • 30-09-2014: A teenage hacker ring stole $100 Million in army and Xbox tech.  [Gizmodo]  [The Guardian]  [Engadget]  [HardOCP]  [Stuff]  [Ars Technica]  [BBC News]
  • 30-09-2014: How RAM scrapers work: the sneaky tools behind the latest credit card hacks.  [Wired]
  • 30-09-2014: Global IPv6 traffic is growing, DDoS dying, says Akamai.  [The Register]
  • 29-09-2014: We take your privacy and security. Seriously.  [Krebs]
  • 29-09-2014: CloudFlare introduces Universal SSL.  [CloudFlare]  [THG]  [Ars Technica]
  • 29-09-2014: Insider hacking a big threat for employers.  [NZ Herald]
  • 25-09-2014: Security tradeoffs of cloud backup.  [Schneier]  [Daring Fireball]
  • 22-09-2014: Google’s war on spam and how encryption could finally win it – for the spammers.  [ExtremeTech]
  • 22-09-2014: Security for vehicle-to-vehicle communications.  [Schneier]
  • 19-09-2014: Millennials don’t care about mobile security, and here’s what to do about it.  [Wired]
  • 19-09-2014: Tor users become FBI's no.1 hacking target after legal power grab.  [The Register]
  • 19-09-2014: Google and Apple to introduce default encryption.  [BBC News]
  • 18-09-2014: The Dark Web gets darker with rise of the ‘Evolution’ drug market.  [Wired]
  • 18-09-2014: This new Internet security tool guards Goldman Sachs from eavesdroppers.  [Wired]
  • 18-09-2014: Terrible article on Vernam ciphers.  [Schneier]  [io9]
  • 18-09-2014: US military contractors 'hit by Chinese hackers'.  [BBC News]
  • 17-09-2014: No evidence Snowden leaks inspired jihadists to up their crypto game.  [BoingBoing]  [Flashpoint Partners]
  • 17-09-2014: Middle-school dropout codes clever chat program that foils NSA spying.  [Wired]
  • 17-09-2014: Identifying Dread Pirate Roberts.  [Schneier]  [Krebs]
  • 15-09-2014: Several Massachusetts libraries installing Tor on all public PCs, coordinating privacy classes.   [BoingBoing]
  • 13-09-2014: Turning the tables on "Windows Support" scammers by compromising their PCs.  [Ars Technica]
  • 12-09-2014: Connected home: a next-gen botnet army?  [Wired]
  • 12-09-2014: CryptoLocker-style ransomware booms 700% this year.  [The Register]
  • 10-09-2014: Safeplug security analysis.  [Schneier]  [Freedom-to-Tinker]  [USENIX PDF]
  • 10-09-2014: Consumers worried about call centre security, new survey reveals.  [Graham Cluley]
  • 09-09-2014: Use home networking kit? DDoS bot is back... and it has evolved.  [The Register]
  • 05-09-2014: The security of password managers.  [Schneier]
  • 04-09-2014: Scared of brute force password attacks? Just 'GIVE UP' says Microsoft.  [The Register]
  • 04-09-2014: Military kill switches: a great idea that won't happen soon.  [Gizmodo]
  • 03-09-2014: The open source tool that lets you send encrypted emails to anyone.  [Wired]
  • 03-09-2014: Hackers using same tools as police to hack into iCloud accounts.  [THG]
  • 02-09-2014: Fake cell towers could be attacking your cellphone up to 80-90 times per hour.  [THG]  [Gizmodo]
  • 01-09-2014: Second hacking crew joins Syrian Electronic Army on Team Assad.  [The Register]
  • 01-09-2014: HP: NORKS' cyber spying efforts actually a credible cyberthreat.  [The Register]
  • 31-08-2014: Decryptolocker saves you from the popular Cryptolocker ransomware.  [Lifehacker]  [Decryptolocker]
  • 30-08-2014: Cyberattacks: perpetual state of siege for US companies.  [Stuff]
  • 29-08-2014: Improved Cryptolocker clone "Cryptowall" has locked over half a million PCs, 5 billion files.  [THG]  [SC Magazine]
  • 29-08-2014: Kaspersky Lab “accidentally” defends monitoring of innocent internet users in online article.  [Graham Cluley]
  • 29-08-2014: Even Homeland Security isn't immune from hackers -- details of 25,000 workers exposed.  [Collaborista]
  • 29-08-2014: ISIS threatens US with terrorism.  [Schneier]
  • 29-08-2014: JPMorgan and other US banks get hacked. Why is Russia getting the blame?  [Graham Cluley]
  • 29-08-2014: The cost of DNSSEC.  [Geoff Huston]
  • 29-08-2014: How the internet may be taken down.  [DC Knowledge]
  • 28-08-2014: Mozilla left thousands of email addresses and passwords lying around - again.  [HotForSecurity]
  • 28-08-2014: Feds warn first responders of dangerous hacking tool: Google Search.  [Ars Technica]
  • 26-08-2014: Security by obscurity at Healthcare.gov site.  [Schneier]  [TechDirt]
  • 25-08-2014: NIST to sysadmins: clean up your SSH mess.  [The Register]
  • 25-08-2014: The problems with PGP.  [Schneier]  [Cryptography Engineering]
  • 25-08-2014: Sony Online Entertainment hit by 'large scale DDoS attack'.  [The Register]  [Engadget]  [DC Knowledge]  [ExtremeTech]
  • 23-08-2014: Check your credit cards: that Target hack is running wild.  [Gizmodo]
  • 22-08-2014: UPS Store data breach – the post mortem can wait, it’s time to warn and advise the victims.  [HotForSecurity]
  • 21-08-2014: NSA and GCHQ agents 'leak Tor bugs' alleges developer.  [BBC News]  [The Register]  [Engadget]
  • 21-08-2014: The NSA is scaring people away from Tor.  [Gizmodo]
  • 21-08-2014: How hackers could mess with 911 systems and put you at risk.  [Wired]
  • 21-08-2014: Hacking Gmail with 92 percent success.  [HardOCP]  [Phys.org]
  • 20-08-2014: US Air Force is focusing on cyber deception.  [Schneier]
  • 19-08-2014: Hacking into traffic lights with a plain old laptop is scary simple.  [Gizmodo]  [UoM PDF]  [Schneier]
  • 19-08-2014: Think crypto hides you from spooks on Facebook? Think again.  [The Register]
  • 18-08-2014: QUANTUM technology sold by cyberweapons arms manufacturers.  [Schneier]
  • 16-08-2014: Time to ditch HTTP – govt malware injection kit thrust into spotlight.  [The Register]
  • 14-08-2014: It's time for PGP to die, says... no, not the NSA – a US crypto prof.  [The Register]  [Cryptography Engineering]
  • 14-08-2014: A portable router that conceals your Internet traffic.  [Ars Technica]  [ExtremeTech]
  • 13-08-2014: Fifteen zero days found in hacker router comp romp.  [The Register]
  • 11-08-2014: Yahoo ads network helps hackers spread CryptoWall ransomware.  [Graham Cluley]
  • 11-08-2014: How to hack an aeroplane's satellite communications system.  [Stuff]
    • 10-08-2014: Why hackers won't be able to hijack your next flight - the facts.  [The Register]
  • 10-08-2014: Security experts: car hacking is real and we need to prepare.  [Gizmodo]  [cNet]
  • 10-08-2014: Father of PGP encryption: Telcos need to get out of bed with governments.  [Ars Technica]
  • 10-08-2014: Hacking is simple, says author claiming role in breach of spyware firm.  [Ars Technica]
  • 08-08-2014: US spying brings German encryption boom.  [NZ Herald]
  • 07-08-2014: Hacker redirects traffic from 19 internet providers to steal Bitcoins.  [Wired]
  • 07-08-2014: Yahoo to join Gmail in offering users end-to-end encryption.  [Forbes]  [Stuff]  [DailyTech]  [THG]  [Stuff]
  • 06-08-2014: CIA insider: US should buy all security exploits, then disclose them.  [Wired]  [The Register]  [Ars Technica]  [BBC News]
  • 06-08-2014: PayPal left red-faced after more security holes found in two factor authentication.  [Graham Cluley]
  • 06-08-2014: How to recover files from a CryptoLocker attack for free.  [Graham Cluley]  [The Register]  [HardOCP]  [BBC News]  [Ars Technica]  [Krebs]
  • 06-08-2014: Snowden leaks spur new secure communications.  [Stuff]
  • 06-08-2014: Shadowy Russian hacker group hijacked 1.2 billion usernames, passwords.  [Ars Technica]  [Lifehacker]  [NYT]  [Gizmodo]  [The Register]  [BBC News]  [Stuff]  [HardOCP]  [NZ Herald]  [NZ Herald]  [BGR]  [Graham Cluley]  [THG]
    • 06-08-2014: Firm that exposed breach of 'billion passwords' quickly offered $120 service to find out if you're affected.  [Forbes]  [Graham Cluley]
    • 06-08-2014: Q&A on the reported theft of 1.2B email accounts.  [Krebs]
    • 06-08-2014: The Russian 'hack of the century' doesn't add up.  [The Verge]
    • 07-08-2014: Over a billion passwords stolen?  [Schneier]  [BoingBoing]  [The Register]
  • 04-08-2014: Researcher can hack airplanes through in-flight entertainment systems.  [Gizmodo]  [BGR]
  • 04-08-2014: Chinese government drops foreign security software.  [Engadget]  [DC Knowledge]
    • 06-08-2014: Chinese government bans Apple products.  [BGR]  [ExtremeTech]  [Gizmodo]
    • 09-08-2014: Chinese government denies it banned Apple purchases.  [HardOCP]  [Neowin]
  • 03-08-2014: 70% of Internet of Things devices vulnerable to hacking.  [HardOCP]  [Mashable]
  • 02-08-2014: Terrorists embracing new Android crypto in wake of Snowden revelations.  [Ars Technica]
  • 01-08-2014: Gambling website Paddy Power took four years to tell 650,000 customers their data had been stolen.  [Graham Cluley]
  • 01-08-2014: Cyber extortionists pose growing threat to tech firms.  [BBC News]
  • 31-07-2014: The security of USB is fundamentally broken.  [Wired]  [Ars Technica]  [Gizmodo]  [Schneier]  [HardOCP]  [BGR]  [Stuff]  [Engadget]  [Tripwire]  [BBC News]
  • 31-07-2014: Multipath TCP speeds up the Internet so much that security breaks.  [The Register]
  • 31-07-2014: Active attack on Tor network tried to decloak users for five months.  [Ars Technica]  [The Register]  [Security Week]  [Gizmodo]  [BBC News]  [HardOCP]  [Tor Project]  [Stuff]
  • 30-07-2014: Survey reveals critical infrastructure providers in New Zealand and Australia have been breached.  [Geekzone]  [Unisys]
  • 30-07-2014: Android crypto blunder exposes users to highly privileged malware.  [Ars Technica]
  • 29-07-2014: Canada National Research Council 'hacked by Chinese spies'.  [BBC News]
  • 29-07-2014: US government increases funding for Tor, giving $1.8m in 2013.  [The Guardian]
  • 29-07-2014: Former NSA chief to profit from patented hacker detection tech, charging clients $1M a month.  [BoingBoing]
  • 28-07-2014: Hackers plundered Israeli defense firms that built ‘Iron Dome’ missile defense system.  [Krebs]  [The Register]  [BBC News]
    • 30-07-2014: Firm issues soft denial against Iron Dome hack.  [The Register]
  • 25-07-2014: Putin: crack Tor for me and I'll make you a millionaire.  [The Register]  [Hexus]  [HardOCP]  [VentureBeat]  [Schneier]  [Engadget]  [Gizmodo]  [Graham Cluley]
  • 23-07-2014: Google banks on its own tech to protect Chrome users from another Heartbleed.  [Engadget]  [Ars Technica]  [The Register]
  • 23-07-2014: Attackers raid Swiss banks with DNS and malware bombs.  [The Register]
  • 23-07-2014: Tor developers vow to fix bug that can uncloak users.  [Ars Technica]  [BBC News]
  • 22-07-2014: Nigerian email swindlers using more sophisticated hacks.  [BoingBoing]  [NYT]  [The Register]  [SecurityWatch]
  • 22-07-2014: Talk on cracking Tor cancelled.  [Stuff]
  • 21-07-2014: Security biz chases Tails with zero-day flaws alert.  [The Register]  [Engadget]  [Schneier]  [The Verge]
    • 23-07-2014: Tails-hacking Exodus: We have video proof of code-injection attack.  [The Register]
  • 21-07-2014: Fingerprinting computers by making them draw images.  [Schneier]  [BBC News]  [The Register]  [BGR]
    • 23-07-2014: Adblock Plus: We can stop canvas fingerprinting, the ‘unstoppable’ new browser tracking technique.  [BGR]
  • 18-07-2014: Even script kids have a right to be forgotten.  [Krebs]
  • 15-07-2014: Chinese hackers extending reach to smaller US agencies.  [NYT]
  • 15-07-2014: Legal attacks against Tor.  [Schneier]  [EFF]
  • 15-07-2014: CNET hacked: registered users details stolen by gang demanding 1 Bitcoin.  [HotForSecurity]
  • 14-07-2014: GameOver Zeus malware returns from the dead.  [Graham Cluley]
  • 14-07-2014: Beware keyloggers at hotel business centers.  [Krebs]  [Graham Cluley]  [Ars Technica]  [Schneier]
  • 12-07-2014: LastPass security holes found by researcher, says password management firm – but no need to panic.  [WeLiveSecurity]  [The Register]
    • 15-07-2014: “Severe” password manager attacks steal digital keys and data en masse.  [Ars Technica]
  • 11-07-2014: FBI and pals grab banking Trojan zombielord's joystick.  [The Register]
  • 11-07-2014: Computer cops strike at the heart of Shylock malware.  [HotForSecurity]
  • 11-07-2014: Microsoft says cybercrime bust frees 4.7 million infected PCs.  [Stuff]
  • 10-07-2014: Digital First Aid Kit: where to turn when you're DoSed or have your accounts hijacked.  [BoingBoing]  [EFF]  [Digital Defenders]
  • 10-07-2014: Crypto certificates impersonating Google and Yahoo pose threat to Windows users.  [Ars Technica]
  • 10-07-2014: Wall Street wants cyber-war council.  [Stuff]
  • 08-07-2014: Computing student jailed after failing to hand over crypto keys.  [The Register]  [Engadget]  [HardOCP]
  • 07-07-2014: Password confessions of a security professional.  [Graham Cluley]
  • 07-07-2014: NORKS hacker corps reaches 5,900 sworn cyber soldiers - report.  [The Register]
  • 04-07-2014: Crypto thwarts tiny minority of Feds' snooping efforts.  [The Register]
  • 03-07-2014: Private crypto key stashed in Cisco VoIP manager allows network hijacking.  [Ars Technica]
  • 02-07-2014: Rising use of encryption foiled the cops a record 9 times in 2013.  [Wired]
  • 02-07-2014: Brazilian ‘Boleto’ bandits bilk billions.  [Krebs]  [BBC News]  [Schneier]
  • 02-07-2014: EFF sues NSA over snoops 'hoarding' zero-day security bugs.  [The Register]
  • 01-07-2014: Microsoft expands the use of encryption on Outlook, OneDrive.  [Ars Technica]  [iMore]  [The Register]  [Engadget]
    • 01-07-2014: Microsoft: we're advancing our encryption and transparency efforts.  [HardOCP]  [TechNet]
  • 01-07-2014: Millions of dynamic DNS users suffer after Microsoft seizes No-IP domains.  [Ars Technica]  [The Register]  [Krebs]  [BBC News]
  • 30-06-2014: Cryptowall ransomware: what you need to know.  [Collaborista]
  • 30-06-2014: How Air Force One's communications are kept private.  [HardOCP]  [cNet]
  • 30-06-2014: London teen charged over Spamhaus mega-DDoS attacks.  [The Register]
  • 30-06-2014: Blackphone review.  [Schneier]  [Ars Technica]  [BoingBoing]
  • 27-06-2014: Battling the botnets.  [BBC News]
  • 27-06-2014: Tired of passwords? You aren't alone.  [NZ Herald]  [Stuff]
  • 25-06-2014: World-class password fail of the day.  [HardOCP]  [Twitter]  [Gizmodo]
  • 25-06-2014: How to bypass PayPal 2FA.  [Lumension]  [HardOCP]  [Dark Reading]
  • 25-06-2014: Experts reveal police hacking methods.  [NZ Herald]
  • 25-06-2014: Sysadmins rejoice: patch rampage killing off nasty DDoS attack vector.  [The Register]
  • 24-06-2014: Got a botnet? Thinking of using it to mine Bitcoin? Don't bother.  [The Register]
  • 24-06-2014: Exposed: massive mobile malware network used by cops globally  [The Register]
  • 23-06-2014: 'Most sophisticated DDoS' ever strikes Hong Kong democracy poll.  [The Register]
  • 22-06-2014: Reuters website ‘hacked’ by the Syrian Electronic Army.  [HotForSecurity]  [Ars Technica]  [The Register]
  • 21-06-2014: Internet firm goes out of business after DDoS extortion attack.  [WeLiveSecurity]
  • 21-06-2014: DARPA: the Internet of Things needs better security.  [HardOCP]  [GigaOM]
  • 21-06-2014: Fundraiser to support "NSA-proof" email gets off to a roaring start.  [HardOCP]  [VentureBeat]
  • 19-06-2014: World still standing? It's been two weeks since Cryptolocker, Gameover Zeus takedown by feds.  [The Register]
    • 10-07-2014: Crooks seek revival of 'Gameover Zeus' botnet.  [Krebs]
  • 18-06-2014: Would your company pay millions to internet blackmailers? Nokia did.  [F-Secure]
  • 18-06-2014: State-sponsored hackers breached UK government network, claims minister.  [Graham Cluley]
  • 18-06-2014: Terror suspect can’t get NSA evidence gathered against him.  [Ars Technica]
  • 17-06-2014: New app kills the world’s scariest Android malware for free.  [BGR]
    • 18-06-2014: Undergrad breaks Android crypto ransomware.  [Ars Technica]
  • 17-06-2014: FBI arrests claims NullCrew hacker in Tennessee takedown.  [The Register]  [Sophos]
    • 19-06-2014: Hacker taunts arrested comrade after someone drops dime to FBI.  [Ars Technica]
  • 17-06-2014: Story of a $10 million remote scam.  [Schneier]  [BoingBoing]
  • 17-06-2014: GCHQ to share threat intel – and declassify secret inventions.  [The Register]
  • 17-06-2014: Chinese Android smartphone comes with malware pre-installed.  [Graham Cluley]
  • 16-06-2014: Domino’s Pizza refuses to pay ransom after customer database hacked.  [WeLiveSecurity]  [Stuff]
  • 16-06-2014: AT&T confirms inside job responsible for customer data breach.  [BGR]
  • 16-06-2014: Listen to the results of our Internet spy project.  [Ars Technica]
  • 14-06-2014: Hacked restaurant chain goes back to the 1970s, to protect itself from hackers.  [HotForSecurity]
  • 13-06-2014: Apple: we’ll ‘soon’ begin encrypting iCloud email in transit between providers.  [9to5Mac]
  • 12-06-2014: Powerful worm on Twitter unleashes torrent of out-of-control tweets.  [Ars Technica]
  • 11-06-2014: Feedly refuses to give in to blackmail demands, gets hit by DDoS attack.  [Graham Cluley]  [Schneier]  [TNW]  [Ars Technica]
  • 11-06-2014: Evernote cloud service brought down by denial-of-service attack.  [Graham Cluley]  [The Register]
  • 11-06-2014: It’s official: mMalicious hackers have crappy password hygiene, too.  [Ars Technica]
  • 11-06-2014: Web giants encrypt their services - but leaks remain.  [Ars Technica]
  • 10-06-2014: Whistleblower org says it will go to jail rather than turning over its keys.  [BoingBoing]  [Ars Technica]
  • 10-06-2014: iOS 8 randomising MAC addresses.  [Schneier]  [Ars Technica]
    • 10-06-2014: Randomize your computer's MAC address with this script.  [Lifehacker]  [Zdziarski]
  • 10-06-2014: Report: there's a new Chinese hacker army attacking the US.  [Gizmodo]
  • 10-06-2014: After Heartbleed, we're overreacting to bugs that aren't a big deal.  [Wired]
  • 10-06-2014: Chinese military tied to prolific hacking group targeting US aerospace industry.  [Ars Technica]
  • 10-06-2014: Crypto-boffins propose safer buddy list protocol.  [The Register]
  • 09-06-2014: To defeat encryption, feds deploy the subpoena.  [Ars Technica]
  • 09-06-2014: The man behind the biggest cyberscam the world has seen.  [NZ Herald]
  • 09-06-2014: Punching the clock for a darknet kingpin.  [Ars Technica]
  • 08-06-2014: We “will be paying no ransom,” vows town hit by Cryptowall ransom malware.  [Ars Technica]
  • 07-06-2014: NSA-proof server Protonet smashes crowdfunding record.  [HardOCP]  [IB Times]
  • 07-06-2014: Crypto ransomware makes its debut on Android.  [Ars Technica]
  • 05-06-2014: They hack because they can.  [Krebs]
  • 04-06-2014: China threatens "severe" punishments for Google, Apple over NSA spying.  [DailyTech]
    • 06-06-2014: Microsoft tells Chinese customers it's not helping US gov't spy on them.  [DailyTech]  [HardOCP]  [Neowin]
  • 04-06-2014: UK proposes life sentences for hackers who threaten national security.  [The Guardian]  [BoingBoing]  [Gizmodo]  [HotForSecurity]
  • 03-06-2014: Remember Anna Kournikova? Come with us on a tour of bug-squishing history.  [The Register]
  • 02-06-2014: ‘Operation Tovar’ targets ‘Gameover’ ZeuS botnet, CryptoLocker scourge.  [Krebs]  [Graham Cluley]  [BBC News]  [Graham Cluley]
    • 16-06-2014: Police tell UK public they have only hours to combat GameOver Zeus malware.  [Graham Cluley]
  • 02-06-2014: Chinese hacking of the US.  [Schneier]
  • 30-05-2014: Google, Amazon among tech companies trying to prevent the next Heartbleed.  [BGR]
  • 29-05-2014: Iranian hackers set up fake news website, and posed as journalists on Facebook to spy on United States and others.  [HotForSecurity]  [Stuff]  [BoingBoing]  [The Register]
  • 29-05-2014: Cyber crims smash through Windows into the great beyond.  [The Register]
  • 28-05-2014: Police at the door? Hit the PANIC button to erase your RAM.  [The Register]
  • 28-05-2014: TrueCrypt's web site updates with ominous warning, details unknown.  [Lifehacker]  [The Register]  [Ars Technica]  [BoingBoing]  [Krebs]  [Graham Cluley]  [Schneier]  [Engadget]
    • 29-05-2014: TrueCrypt turmoil latest: Bruce Schneier reveals what he'll use instead.  [The Register]
    • 29-05-2014: Snowden's crypto software may be tainted forever.  [Wired]
    • 29-05-2014: Security enthusiasts may revive encryption tool after mystery shutdown.  [Reuters]
    • 30-05-2014: Bombshell TrueCrypt advisory: Backdoor? Hack? Hoax? None of the above?  [Ars Technica]
    • 30-05-2014: The mystery of TrueCrypt's disappearance.  [HardOCP]  [TechArp]
    • 30-05-2014: TrueCrypt security audit presses on, despite developers jumping ship.  [Ars Technica]
    • 03-06-2014: TrueCrypt “must not die”.  [Graham Cluley]  [The Register]
    • 11-06-2014: Troubled Truecrypt the only option for S3, but Amazon stays silent.  [The Register]
    • 16-06-2014: Did TrueCrypt’s developers embed a hidden Latin message for us all?  [Graham Cluley]  [BoingBoing]  [Live Business Chat]
    • 17-06-2014: TrueCrypt – a matter of assurance.  [Graham Cluley]
    • 20-06-2014: Following TrueCrypt’s bombshell advisory, developer says fork is “impossible”.  [Ars Technica]
  • 28-05-2014: Backdoor in call monitoring, surveillance gear.  [Krebs]  [The Register]  [Schneier]
  • 27-05-2014: Inside the FBI's fight against Chinese cyber-espionage.  [Foreign Policy]
  • 27-05-2014: China cites US for “unscrupulous” spying, wants IBM out of banks.  [Ars Technica]  [NZ Herald]
    • 28-05-2014: That Snowden chap was spot on   says China.  [The Register]
  • 26-05-2014: 128-bit crypto scheme allegedly cracked in two hours.  [The Register]
  • 25-05-2014: Fake key e-mails, win a $25M court case.  [Ars Technica]
  • 24-05-2014: US gov may block Chinese nationals from Defcon hacker event.  [BoingBoing]  [Reuters]  [Ars Technica]   [Engadget]
  • 21-05-2014: Hackers broke into a public utility control room by guessing a password.  [Gizmodo]
  • 21-05-2014: eBay urges password changes after breach.  [Krebs]
    • 21-05-2014: Why is eBay burying news of its security breach from its millions of web visitors?  [Graham Cluley]
    • 23-05-2014: After the breach: eBay’s flawed password reset leaves much to be desired.  [Ars Technica]
    • 23-05-2014: eBay faces investigations over massive data breach.  [BBC News]  [The Register]
    • 24-05-2014: Security breach at eBay a reminder of damage cyber criminals can wreak.  [NZ Herald]
    • 27-05-2014: It took eBay a *long* time to tell me to change my password.  [Graham Cluley]
    • 27-05-2014: eBay thought user data was safe, but 145 million accounts were compromised in massive hack.  [BGR]
    • 31-05-2014: College student finds another eBay security flaw.  [HardOCP]  [Digital Trends]
    • 22-09-2014: eBay XSS password-stealing security hole “existed for months”.  [Graham Cluley]
  • 21-05-2014: The NSA is not made of magic.  [Schneier]
  • 21-05-2014: You’ll never guess the critical resource the FBI needs to successfully fight cyber crimes.  [BGR]
  • 21-05-2014: Why you should ditch Adobe Shockwave.  [Krebs]
  • 21-05-2014: Study: 97% of companies using network defenses get hacked anyway.  [Ars Technica]
  • 20-05-2014: All of .mil TLD is down.  [Reddit]
  • 19-05-2014: US charges China with cyber-spying on American firms.  [NBC News]  [NZ Herald]  [Stuff]  [HotForSecurity]
  • 19-05-2014: US cyber-thief gets 20-year jail term.  [BBC News]  [HotForSecurity]
  • 16-05-2014: Encrypted web traffic more than doubles after NSA revelations.  [Wired]  [TorrentFreak]
  • 16-05-2014: Crypto-guru slams 'NSA-proof' tech, says today's crypto is strong enough.  [The Register]
  • 15-05-2014: Photos of an NSA “upgrade” factory show Cisco router getting implant.  [Ars Technica]  [Gizmodo]  [Reddit]  [SiliconBeat]  [BoingBoing]  [HardOCP]  [Engadget]
    • 13-05-2014: US Government has overreached, and should not interfere with the lawful delivery of our products.  [Cisco]
    • 18-05-2014: In letter to Obama, Cisco CEO complains about NSA allegations.  [re/code]  [The Register]  [BBC News]  [Stuff]
    • 21-05-2014: NSA’s hardware tampering may alter global product flow.  [DC Knowledge]
    • 23-05-2014: China responds to NSA tampering with network gear vetting process.  [Ars Technica]
  • 14-05-2014: New Al-Qaeda encryption software.  [Schneier]
  • 14-05-2014: IETF plans to NSA-proof all future internet protocols.  [The Register]
  • 13-05-2014: New Zealand requires network operators to register with cops, give spies oversight of their network ops.  [BoingBoing]  [ITnews]  [Reddit]  [BoingBoing]
  • 12-05-2014: NSA sabotaged exported US-made routers with backdoors.  [BoingBoing]  [The Guardian]  [The Register]  [Ars Technica]  [BGR]  [Reddit]
  • 12-05-2014: Significant portion of HTTPS Web connections made by forged certificates.  [Ars Technica]  [BoingBoing]  [Schneier]
  • 08-05-2014: Net tech bods at IETF mull anti-NSA crypto-key swaps in future SSL.  [The Register]
  • 07-05-2014: Network admin allegedly hacked navy -- while on an aircraft carrier.  [Wired]  [Ars Technica]
    • 21-05-2014: Navy sailor pleads guilty to hacking from an aircraft carrier.  [Engadget]
  • 07-05-2014: How a whitehat hacked a university and became an FBI target.  [Ars Technica]
  • 06-05-2014: Dropbox users leak tax returns, mortgage applications and more.  [Graham Cluley]
    • 06-05-2014: Dropbox told about vulnerability in November 2013, only fixed it when the media showed interest.  [Graham Cluley]  [The Register]  [BGR]
  • 05-05-2014: “Pavlovian password management” aims to change sloppy habits.  [Ars Technica]
  • 02-05-2014: Security flaw found in OAuth and OpenID, here's what it means for you.  [Lifehacker]  [cNet]  [BGR]  [HardOCP]  [The Inquirer]  [The Register]
  • 02-05-2014: Script fools n00b hackers into hacking themselves.  [The Register]
  • 30-04-2014: Security guru: You can't blame Snowden for making US clouds look leaky.  [The Register]
  • 28-04-2014: A new pencil-and-paper encryption algorithm.  [Schneier]  [IACR: PDF]
  • 25-04-2014: Spy back doors? That would be suicide, says Huawei.  [The Register]
  • 24-04-2014: 87% of electronic spying is conducted by governments, with cyber espionage accounting for 22% of data breaches.  [The Drum]
  • 23-04-2014: NSA's spying won't impact Huawei's growth.  [DailyTech]
  • 23-04-2014: State of the Hack: 43% of all DDoS attacks in Q4 originated in China.  [BGR]
  • 23-04-2014: The security of various programming languages.  [Schneier]  [Help Net Security]
  • 17-04-2014: It's time to encrypt the entire Internet.  [HardOCP]  [Wired]
  • 15-04-2014: Detecting criminal gangs using mobile phone data.  [HardOCP]  [MIT Technology Review]
  • 15-04-2014: After Heartbleed, why forward secrecy is more important than ever.  [ReadWriteWeb]
  • 10-04-2014: US Army compares new hacker school to "the birth of the Air Force".  [Gizmodo]
  • 09-04-2014: Internet security: Cyber-criminals more cunning in attacks.  [NZ Herald]
  • 08-04-2014: Symantec sees new era of "Mega Breaches".  [GeekZone]  [Symantec]  [Voxy]
  • 07-04-2014: Vint Cerf wanted to make internet secure from the start, but secrecy prevented it.  [The Register]
  • 07-04-2014: The Great Hash Bakeoff: Infosec bods cook up next-gen crypto.  [The Register]
  • 04-04-2014: New “unbreakable” encryption is inspired by your insides.  [Gizmodo]
    • 08-04-2014: "Unbreakable" encryption almost certainly isn't.  [Schneier]
  • 03-04-2014: US states investigating breach at Experian.  [Krebs]
  • 03-04-2014: Your files held hostage by CryptoDefense? Don't pay up! The decryption key is on your hard drive.  [The Register]
  • 02-04-2014: Android botnet targets Middle East banks.  [Krebs]
  • 02-04-2014: The phantom NSA-RSA backdoor that never was.  [The Register]
  • 01-04-2014: Hackers can now create fake traffic jams.  [Gizmodo]
  • 31-03-2014: NSA infiltrated RSA security more deeply than thought - study.  [Reuters]  [Ars Technica]  [Engadget]  [Stuff]
  • 31-03-2014: Cyber Emergency Response Team launched by UK.  [BBC News]  [The Register]
  • 31-03-2014: China's CERT blames US for a THIRD of all attacks on Middle Kingdom PCs.  [The Register]  [Graham Cluley]
  • 30-04-2014: Google: 84% of online news sites hacked by governments.  [HardOCP]  [The Inquirer]
  • 28-03-2014: State-sponsored hackers are attacking news outlets on a massive scale.  [Engadget]
  • 27-03-2014: DDoS traffic triples as 20Gbps becomes the new normal.  [The Register]
  • 25-03-2014: Forget black hats – the best hackers are going grey and getting legit.  [The Register]
  • 25-03-2014: When gov’t spies fake your company’s website, what can be done?  [Ars Technica]
  • 22-03-2014: Targeting Huawei: NSA spied on Chinese government and networking firm.  [Der Spiegel]  [Gizmodo]  [Ars Technica]  [DailyTech]  [The Register]  [BoingBoing]  [NYT]  [Schneier]  [Engadget]
    • 24-03-2014: China wants answers following revelations about NSA's Huawei spying.  [DailyTech]
    • 27-03-2014: How a Chinese tech firm became the NSA's surveillance nightmare.  [Wired]
    • 29-03-2014: Huawei on NSA: If foreign spies attacked a US firm, there’d be “outrage”.  [Ars Technica]
  • 18-03-2014: Over 500,000 PCs attacked every day after 25,000 UNIX servers hijacked by Operation Windigo.  [WeLiveSecurity]
  • 17-03-2014: NATO hit in cyber attack linked to Crimea.  [Stuff]  [Graham Cluley]
  • 17-03-2014: UK holds cyberwar game in WW2 bunker.  [Stuff]
  • 16-03-2014: Who is winning the 'crypto-war'?  [BBC News]
  • 15-03-2014: Kremlin gets DDoS’d by Anonymous Caucasus.  [Ars Technica]  [HardOCP]
  • 12-03-2014: Attackers trick 162,000 WordPress sites into launching DDoS attack.  [Ars Technica]  [Graham Cluley]
  • 09-03-2014: Want someone to click on your targeted attack? Disguise it as a LinkedIn message.  [Graham Cluley]
  • 06-03-2014: Even HTTPS can leak your PRIVATE browsing.  [The Register]  [Ars Technica]
  • 06-03-2014: DDoS attacks get bigger, smarter, more damaging.  [Stuff]
  • 05-03-2014: Botnet built using freely-available cloud services.  [HardOCP]  [Dark Reading]
  • 02-03-2014: Anti-virus firm finds alleged Kremlin cyberweapon, undetected for at least three years.  [Graham Cluley]  [The Register]
  • 28-02-2014: Report from Trustycon: like RSA, but without the corruption.  [BoingBoing]  [cNet]  [NYT]
    • 01-03-2014: Trustycon: how to redesign NSA surveillance to catch more criminals and spy on a lot fewer people.  [BoingBoing]  [YouTube]
  • 28-02-2014: Government-built malware running out of control, F-Secure claims.  [The Register]
  • 27-02-2014: Was the iOS SSL flaw deliberate?  [Schneier]
  • 26-02-2014: DDoSing a cell phone network.  [Schneier]
  • 25-02-2014: Chinese water tortuer: a slow drip DNS DDoS attack.  [Secure64]
  • 24-02-2014: Syria war stirs new US debate on cyberattacks.  [NYT]
  • 20-02-2014: Iranians hacked Navy network for four months? Not a surprise.  [Ars Technica]
  • 18-02-2014: The Moon router worm -- your AV has probably been updated to detect it, but won’t protect you.  [Graham Cluley]  [Krebs]
  • 15-02-2014: Making NSA-style spying harder, CloudFlare offers more robust Web crypto.  [Ars Technica]
  • 14-02-2014: South Korea shuns Huawei over fears that it spies on the US.  [Engadget]
  • 14-02-2014: Forbes website hacked by the SEA.  [Graham Cluley]  [ReCode]
    • 17-02-2014: SEA slurps a MILLION reader passwords from Forbes  [The Register]
  • 12-02-2014: White House unveils guidelines for protecting critical systems against cyber attacks.  [Engadget]  [White House]  [HardOCP]  [The Register]
  • 12-02-2014: Japan weathered a record 12.8 billion cyberattacks in 2013.  [Hexus]
  • 12-02-2014: Bitcoin exchanges hit by DoS attacks.  [ReadWriteWeb]
  • 12-02-2014: Five arrested in Utopia dark net marketplace crackdown.  [BBC News]
  • 11-02-2014: Europe shrugs off largest DDoS attack yet, traffic tops 400Gbps.  [The Register]  [BGR]  [Ars Technica]  [InformationWeek]
    • 14-02-2014: The new normal: 200-400Gbps DDoS attacks.  [Krebs]
  • 11-02-2014: Huge hack 'ugly sign of future' for internet threats.  [BBC News]
  • 10-02-2014: The NSA's secret role in the US assassination programme.  [The Intercept]
  • 06-02-2014: DARPA begins work on self-destructing electronics.  [ExtremeTech]
  • 06-02-2014: DDoS attacks against data centers on the rise.  [Network Computing]
  • 06-02-2014: SEA meddle - briefly - with Facebook's domain.  [Graham Cluley]
    • 06-02-2014: When Syrian hackers attacked, Facebook’s bacon was saved by security measures.  [Graham Cluley]
    • 06-02-2014: Syrian Electronic Army: We hijacked Facebook... honest, guv.  [The Register]
  • 05-02-2014: Somebody attacked an electrical substation in California last year. This should make you concerned.  [BoingBoing]  [Gizmodo]
  • 04-02-2014: Revolutionary new cryptography tool could make software unhackable.  [ExtremeTech]
  • 03-02-2014: Want to email people without the FBI reading it? Try Safe-mail.  [BGR]
  • 03-02-2014: NSA, GCHQ, accused of hacking Belgian smartcard crypto guru.  [The Register]  [Graham Cluley]  [Schneier]
  • 31-01-2014: Mass hack attack on Yahoo Mail accounts prompts password reset.  [Ars Technica]  [GottaBeMobile]  [NZ Herald]  [Stuff]  [Graham Cluley]  [BBC News]
  • 30-01-2014: Give hackers your data, says former RSA man.  [The Register]
  • 29-01-2014: Latest encryption trick to thwart hackers is as sweet as Honey.  [BGR]  [Gizmodo]
  • 29-01-2014: Microsoft to Australian government: our kit has no back doors.  [The Register]
  • 28-01-2014: New smartphone malware tracks your swipes to steal your PIN.  [BGR]
  • 27-01-2014: FBI seized the entire TorMail database in Freedom Hosting investigation.  [Wired]  [Ars Technica]  [Gizmodo]  [The Register]  [BoingBoing]  [BGR]
  • 27-01-2014: After Snowden: How vulnerable is the internet?  [BBC News]
  • 24-01-2014: CNN website, Twitter and Facebook hijacked by SEA.  [Graham Cluley]
    • 02-02-2014: Syrian Electronic Army hackers embarrass PayPal UK by displaying anti-US message.  [Graham Cluley]
  • 24-01-2014: Ex-NSA guru builds $4m encrypted email biz - but its nemesis right now is control-C, control-V.  [The Register]
  • 23-01-2014: CrowdStrike report says cyberspooks are everywhere.  [The Register]
  • 23-01-2014: Hack most likely not the reason Chinese traffic bombarded US addresses.  [Ars Technica]
  • 22-01-2014: Researchers say they see Russian hackers’ hands in cyber espionage against Western energy interests.  [The Switch]
  • 21-01-2014: NSA surveillance revives calls for an all-encrypted Internet.  [Network Computing]
  • 21-01-2014: EFF claims Vietnam targeted its staff with spear phishing attack.  [The Register]
  • 21-01-2014: F-Secure's Hypponen leads RSA refuseniks to NSA-free infosec chatfest.  [The Register]  [BoingBoing]  [TechWeek]  [Ars Technica]
    • 27-01-2014: TrustyCon rises from the NSA/RSA ashes and sells out.  [CSO]
  • 21-01-2014: Internet users ditch “password” as password, upgrade to “123456”.  [Ars Technica]  [BGR]
    • 24-01-2014: Companies look to end password era.  [Stuff]
  • 18-01-2014: UK's security branch says Ubuntu most secure end-user OS.  [HardOCP]  [ZDNet]
  • 17-01-2014: PowerLocker uses Blowfish.  [Schneier]  [Ars Technica]
  • 16-01-2014: The Internet of Things has been hacked.  [ReadWriteWeb]
  • 16-01-2014: DDoS attacks abusing NTP flood the web.  [Juniper]  [Network Computing]  [Schneier]  [THG]
    • 21-01-2014: Don't be a DDoS dummy: Patch your NTP servers, plead infosec bods.  [The Register]
    • 18-02-2014: This is what it looks like when your router participates in an NTP DDoS attack.  [Reddit]
    • 18-02-2014: What would it take to filter a NTP attack?  [Reddit]
  • 16-01-2014: Huawei dismisses NSA backdoor claims as profits soar.  [The Register]
  • 15-01-2014: Microsoft confirms SEA hacked into employee email accounts.  [The Verge]
  • 15-01-2014: SEA has its *own* website hacked.  [Graham Cluley]  [The Register]
  • 14-01-2014: Research finds security holes in 90% of top mobile banking apps.  [BGR]
  • 14-01-2014: New DoS attacks taking down game sites deliver crippling 100Gbps floods.  [Ars Technica]
  • 12-01-2014: More well-known U.S. retailers victims of cyber attacks - sources.  [Reuters]  [Gizmodo]  [Ars Technica]  [BGR]
  • 10-01-2014: Senior execs are the biggest risk to IT security.  [BoingBoing]  [Help Net Security]
  • 09-01-2014: When the FBI asks you to weaken your security so it can spy on your users.  [BoingBoing]  [PCMag]
  • 09-01-2014: Cicada 3301: The dark net treasure trail reopens.  [BBC News]
  • 09-01-2014: DoS attacks that took down big game sites abused Web’s time-synch protocol.  [Ars Technica]
  • 09-01-2014: Hackers use Amazon cloud to scrape mass number of LinkedIn member profiles.  [Ars Technica]  [The Register]
  • 08-01-2014: NSA employee will continue to co-chair influential crypto standards group.  [Ars Technica]  [The Register]
  • 06-01-2014: US backdoored our satellites, claim UAE.  [The Register]
  • 05-01-2014: Malware strikes thousands of Yahoo users via poisoned adverts.  [Graham Cluley]  [The Register]
    • 09-01-2014: After a terrible year for security, Yahoo Mail finally gets HTTPS by default.  [Graham Cluley]  [The Register]
  • 03-01-2014: Gaping admin access holes found in SoHo routers from Linksys, Netgear and others.  [NakedSecurity]
  • 02-01-2014: CryptoLocker creeps lure victims with fake Adobe, Microsoft activation codes.  [The Register]  [Graham Cluley]
  • 02-01-2014: "Military style" raid on California power station.  [Schneier]  [Foreign Policy]
  • 02-01-2014: Skype’s Twitter, Facebook, and blog hacked by SEA demanding an end to spying.  [TNW]  [BBC News]  [Graham Cluley]  [NZ Herald]  [Ars Technica]  [GottaBeMobile]
    • 03-01-2014: Microsoft tweets advice about phishing, but too late to save Skype.  [Graham Cluley]
  • 01-01-2014: Hackers claim to reveal millions of Snapchat usernames and phone numbers.  [Graham Cluley]  [BoingBoing]  [DailyTech]  [BGR]  [Gizmodo]  [The Verge]  [TNW]  [NZ Herald]  [BBC News]  [Stuff]  [The Register]