2014-2016

Security News Archive: 2014 to 2016

Page Links: 2016, 2015, 2014

2016 News

29-12-2016: Your 5 totally achievable security resolutions for the New Year. [Wired]
23-12-2016: The year encryption won. [Wired]
22-12-2016: Encryption backdoors are against US national interest. [HardOCP] [ZDNet]
22-12-2016: NIST requests ideas for crypto that can survive quantum computers. [The Register] [THG] [Schneier]
21-12-2016: Don't pay up to decrypt – cure found for CryptXXX ransomware, again. [The Register]
20-12-2016: How to safely delete private data forever. [Gizmodo]
20-12-2016: Hackers suspected of causing power outage in Ukraine. [Graham Cluley]
16-12-2016: DDoS in 2017: Strap yourself in for a bumpy ride. [The Register]
15-12-2016: The new security normal. [Russ White] [MarketWatch]
15-12-2016: One billion affected by Yahoo hack. [BBC News] [Krebs] [The Register] [Lifehacker] [HardOCP] [Reuters] [Wired] [Ars Technica] [Graham Cluley] [ExtremeTech] [Hexus] [THG]

15-12-2016: Stolen Yahoo data includes government employee information. [DC Knowledge]
15-12-2016: Yahoo hack: Should I panic? [BBC News] [Krebs]
15-12-2016: Were Yahoo hackers state-sponsored? [BBC News]
15-12-2016: Security experts slam Yahoo management for using old crypto. [The Register]
15-12-2016: What can you do with a billion Yahoo passwords? Lots of bad things. [Ars Technica]
15-12-2016: In wake of billion-account hack, Verizon reportedly not so hot for Yahoo. [Ars Technica]
16-12-2016: Pressure on Yahoo grows after massive hack attack. [BBC News]
22-12-2016: Response: important security information for Yahoo users. [EtherealMind]
15-03-2017: Russian spies indicted in massive Yahoo account breach. [Engadget] [NZ Herald] [BBC News] [The Register] [HardOCP] [NYT] [Wired] [ExtremeTech] [Krebs] [Graham Cluley]

16-03-2017: How Russian hackers took hold of Yahoo. [Gizmodo] [NZ Herald]
16-03-2017: Russia denies Yahoo hack involvement. [BBC News]

20-03-2017: Lessons from Yahoo hack: Simple tips to safeguard your email. [NZ Herald]

13-12-2016: DDoS-for-hire takedown: 34 arrests made by Europol, FBI, and others. [Graham Cluley] [BBC News]
09-12-2016: The Mirai botnet that broke the Internet isn't going away. [Wired]
08-12-2016: Can ISPs step up and solve the DDoS problem? [The Register]
07-12-2016: Terabit-scale multivector DDoS attacks: the new normal in 2017. [DC Journal]
03-12-2016: There’s a new DDoS army, and it could soon rival record-setting Mirai. [Ars Technica]
02-12-2016: Canada wants software backdoors, mandatory decryption capability and records storage. [THG]
02-12-2016: Feds bust huge 'Avalanche' hacker network in global sting operation. [Gizmodo]

26-11-2016: Locky ransomware uses decoy image files to ambush Facebook, LinkedIn accounts. [Ars Technica] [Gizmodo] [Check Point] [Engadget]
22-11-2016: Akamai on the record KrebsOnSecurity attack. [Krebs]
17-11-2016: The encryption conundrum: Should tech compromise or double down? [The Register]
16-11-2016: Clever USB stick installs backdoor on locked PCs. [Wired] [Gizmodo] [Schneier] [Russ White]
16-11-2016: Experts to Congress: You must act on IoT security. [The Register]
14-11-2016: IoT goes nuclear. [Russ White] [eyalro]
13-11-2016: New attack reportedly lets 1 modest laptop knock big servers offline. [Ars Technica]
11-11-2016: Russian banks floored by withering DDoS attacks. [The Register]
04-11-2016: Cheap IoT threatens the Internet. [Russ White] [Monday Note]
04-11-2016: Mirai IoT botnet blamed for 'taking Liberia off the internet'. [BBC News]

04-11-2016: Did the Mirai botnet really take Liberia offline? [Krebs] [Graham Cluley]
04-11-2016: DDoSing a country. [Russ White] [ISOC]

01-11-2016: This office printer is actually a rogue cell tower. [Gizmodo] [The Register] [Wired] [Ars Technica]
01-11-2016: The Dark Web isn't all guns and drugs. [Engadget]

29-10-2016: U.S. feds hope cyberattacks will wither under new “strategic principles”. [ReadWriteWeb]
28-10-2016: AI learns how to craft crude crypto all by itself. [The Register] [Schneier]
28-10-2016: Eavesdropping on typing over VoIP. [Schneier] [Cornell arXiv: PDF]
28-10-2016: Web devs want to make the Internet of S**t worse -- much worse. [The Register]
28-10-2016: That Botnet-of-Things malware is getting a nasty makeover. [Ars Technica] [Arbor Networks]
27-10-2016: Internet of S**t things claims another scalp: DNS DDoS smashes StarHub. [The Register]
25-10-2016: Multiple DNS providers and DDoS. [Russ White] [ISOC]
25-10-2016: Corero warns of impending 'tens of terabits per second' DDoS attacks. [THG]
24-10-2016: The Internet needs a security update. [Russ White] [CircleID]
22-10-2016: Why cybersecurity certifications suck. [ipSpace] [Errata Security]
20-10-2016: Some perspective on IoT devices and DDoS attacks. [Russ White] [Arbor Networks]
20-10-2016: Attackers logging your keystrokes via Skype. [Graham Cluley] [THG]
19-10-2016: Spreading the DDoS disease and selling the cure. [Krebs]
18-10-2016: SHA3-256 is quantum-proof, should last billions of years. [The Register]
17-10-2016: Virtual kidnapping. [Schneier] [Washington Post]
15-10-2016: How a chunk of the web disappeared this week: GlobalSign's global HTTPS mistake explained. [The Register]
14-10-2016: Hackers hit a nuclear plant. [Wired]
14-10-2016: Huge DDoS attacks are about to get bigger: Mirai bots infect Sierra Wireless gateways. [The Register] [Ars Technica]

02-12-2016: Meet the two hackers behind October’s big DDoS attack. [ReadWriteWeb]

12-10-2016: Internet routing security initiative gains traction. [Network Computing]
11-10-2016: NSA could put undetectable “trapdoors” in millions of crypto keys. [Ars Technica]
10-10-2016: These 60 dumb passwords can hijack over 500,000 IoT devices into the Mirai botnet. [Graham Cluley]
05-10-2016: CloudFlare shows Tor users the way out of CAPTCHA hell. [The Register]
03-10-2016: The venerable, vulnerable firewall. [Russ White] [CircleID]

29-09-2016: The biggest attack in internet history. [Russ White] [LawFare]
29-09-2016: The growing problem of bots that fight on line. [Russ White] [MIT Technology Review]
27-09-2016: 152k cameras in 990Gbps record-breaking dual DDoS. [The Register] [Ars Technica]
25-09-2016: Australian border cops say they've cracked 'dark net' drug sales. [The Register]
23-09-2016: Malware figures out it's running on VMs and refuses to execute. [The Register] [Schneier] [SentinelOne]
20-09-2016: CloudFlare launches a three-pronged attack to encrypt the entire web. [Wired]
20-09-2016: Quantum comms succeed over metro-scale fibre networks. [The Register]
19-09-2016: Some Cisco customers are being hacked with NSA's exploit tools. [THG] [Graham Cluley]
19-09-2016: Dark web drug sellers shutter location-tracking EXIF data from photos. [The Register]
18-09-2016: Arbor Networks marks 20 years of DDoS attacks targeting ISP networks. [Geekzone]
13-09-2016: Someone is learning how to take down the Internet. [Schneier] [BBC News] [Russ White] [LawFare] [ExtremeTech]
12-09-2016: How 911 emergency services across the United States could be knocked offline by a mobile botnet. [Graham Cluley]
08-09-2016: Verisign DDoS report Q2 2016. [Russ White] [Verisign]
07-09-2016: The limits of SMS for 2-factor authentication. [Krebs]

31-08-2016: FBI Director wants 'adult conversation' about backdooring encryption. [The Register] [HardOCP] [AP]
31-08-2016: Building a new Tor that can resist next-generation state surveillance. [Ars Technica]
30-08-2016: Your browser's password manager probably isn't enough. [Wired]
29-08-2016: iPhone zero-day used by UAE government. [Schneier]

31-08-2016: NSO Group. [Schneier]

26-08-2016: The NSA is hoarding vulnerabilities. [Schneier]
25-08-2016: A hacking group is selling iPhone spyware to governments. [Wired]
23-08-2016: Boffins design security chip to spot hidden hardware trojans in processors. [The Register]
23-08-2016: Password strength meters still aren't trustworthy. [Lifehacker] [Sophos]
23-08-2016: FBI improved a dark web child pornography site. [Engadget] [Gizmodo]
19-08-2016: Lawless government hacking. [Russ White] [EFF]
17-08-2016: Cisco confirms NSA-linked zeroday targeted its firewalls for years. [Ars Technica]

17-08-2016: The Shadow Brokers mess is what happens when the NSA hoards zero-days. [Wired]
24-08-2016: NSA-linked Cisco exploit poses bigger threat than previously thought. [Ars Technica]

15-08-2016: Hackers claim to auction data they stole from the NSA-linked spies. [Wired] [Ars Technica] [Gizmodo]

16-08-2016: Major NSA/Equation Group leak. [Schneier]
16-08-2016: No-one wants to buy those stolen NSA-linked cyber weapons. [Wired] [HardOCP] [Washington Post]
16-08-2016: Confirmed: hacking tool leak came from “omnipotent” NSA-tied group. [Ars Technica]
16-08-2016: Snowden speculates leak of NSA spying tools is tied to Russian DNC hack. [Ars Technica] [Engadget] [The Register] [BBC News] [The Register]
17-08-20916: NSA website goes down as hackers auction stolen ‘cyber weapons’. [Graham Cluley]
19-08-2016: Your guide to the ‘Shadow Brokers’ NSA theft, which puts the Snowden leaks to shame. [ExtremeTech]
19-08-2016: New Snowden docs suggest Shadow Broker leak was real. [Engadget] [Gizmodo]
22-08-2016: This hacker says he stole more NSA hacking tools. [Gizmodo]
24-08-2016: Equation Group exploit hits newer Cisco ASA, Juniper Netscreen. [The Register]
23-09-2016: NSA operative might have accidentally leaked its hacking tools. [Engadget] [Reuters]
16-12-2016: Shadow Brokers re-emerge, with NSA’s secret exploits for sale. [Graham Cluley]

15-08-2016: Someone seems to be trying to spy on VeraCrypt's security audit. [Graham Cluley] [The Register]
15-08-2016: Tor users in the States were hacked by Australian authorities. [Graham Cluley]
15-08-2016: Blogger turns tables on cyber-scammer by infecting them with ransomware. [Graham Cluley] [Kwiatkowsi] [BBC News]
13-08-2016: NTP is still a security risk. [Russ White] [CircleID]
12-08-2016: The new way to make strong passwords - it's way easier. [NZ Herald] [Stuff]
10-08-2016: Tor promises not to build backdoors into its services. [Engadget]
09-08-2016: How the Iranian government hacks dissidents. [Schneier] [Washington Post]
04-08-2016: Hacking US infrastructure: How vulnerable is it? [ExtremeTech]
03-08-2016: Forget security training, it's never going to solve Layer 8 - people. [The Register]
02-08-2016: Frequent password changes are the enemy of security. [Ars Technica] [Graham Cluley]
02-08-2016: Meet the men who spy on women through their webcams. [Graham Cluley] [Ars Technica]
02-08-2016: 200 million Yahoo passwords being sold on the Dark Web? [Graham Cluley]
02-08-2016: The AdGholas malvertising network used steganography. [Graham Cluley]
02-08-2016: Australian spooks' email guide banishes MS Word macros, JavaScript. [The Register]
01-08-2016: Russia claims it can collect encryption keys. [Engadget] [HardOCP] [DailyDot]
01-08-2016: Secure email service GhostMail shutting down in fear of being abused. [Graham Cluley]
01-08-2016: Meet the chaps who run the Black Hat NoC and let malware roam free. [The Register]

31-07-2016: Moxie Marlinspike, the anarchist bringing encryption to us all. [Wired]
31-07-2016: U.S. Government says SMS codes aren’t safe. [HardOCP] [VentureBeat] [Ars Technica]
28-07-2016: Your wireless keyboard could be giving your secrets away. [Stuff] [Schneier] [Wired]
27-07-2016: New attack bypasses HTTPS protection on Macs, Windows, and Linux. [Ars Technica] [Russ White]
27-07-2016: Choosing a next-generation firewall: 7 factors. [Network Computing]
26-07-2016: Millions of wireless keyboards can let hackers see what you're typing. [Gizmodo]
26-07-2016: Crypto-heist threatens to tank blockchain-based future. [ExtremeTech]
22-07-2016: Malicious computers caught snooping on Tor-anonymized Dark Web sites. [Ars Technica] [ExtremeTech]

26-07-2016: Boffins snoop on snooping Tor nodes. [The Register]

20-07-2016: Now you can hide your smart home on the Darknet. [Wired]
19-07-2016: DDoS trends: Bigger, badder but not longer. [The Register] [HardOCP] [ZDNet]
13-07-2016: Meet Riffle, the next-gen anonymity network that hopes to trounce Tor. [The Register] [Graham Cluley] [ExtremeTech]
12-07-2016: The FBI says its malware isn’t malware because the FBI is good. [Gizmodo] [Graham Cluley]
12-07-2016: SCADA malware caught infecting European energy company. [The Register] [Ars Technica]

18-07-2016: Security firm clarifies power-station 'SCADA' malware claim. [The Register]

11-07-2016: MIT anonymity network promises to be more secure than Tor. [Engadget]
11-07-2016: HTTPS is not a magic bullet for Web security. [Ars Technica]
11-07-2016: Amazingly insecure industrial control systems + internet = no. [The Register]
09-07-2016: HTTPS crypto’s days are numbered. Here’s how Google wants to save it. [Ars Technica] [ExtremeTech] [Schneier]
08-07-2016: Researchers discover Tor nodes designed to spy on hidden services. [Schneier] [BoingBoing]
01-07-2016: Chinese gambling site served near record-breaking complex DDoS. [The Register]

30-06-2016: LizardStresser recruits an army of zombie webcams to launch DDoS attacks. [Graham Cluley] [Russ White] [Arbor Networks]
29-06-2016: Interview with an NSA hacker. [Schneier] [The Intercept]
28-06-2016: 25,000 malware-riddled CCTV cameras form network-crashing botnet. [The Register] [Engadget]
27-06-2016: Researchers steal data using noise from your PC's fans. [HardOCP] [PCWorld] [Wired] [ExtremeTech]
26-06-2016: Stop using SMS for 2FA. [Wired]
24-06-2016: How malware could steal data from an air-gapped PC – via its fan. [Graham Cluley]
23-06-2016: Tor onion hardening will be tear-inducing for feds. [The Register]
22-06-2016: Fraudsters are buying IPv4 addresses. [Schneier] [The Register]
22-06-2016: Stuxnet was the opening shot of decades of non-stop cyber warfare. [The Register]
20-06-2016: Fishing for a cure to DDoS attacks. [DC Journal] [Russ White]
17-06-2016: Non-US encryption is 'theoretical,' claims CIA chief in backdoor debate. [The Register] [Schneier]
09-06-2016: Massive DDoS attacks reach record levels. [HardOCP] [Network World]
06-06-2016: TeamViewer confirms number of hacked user accounts is “significant". [Ars Technica] [The Register]
04-06-2016: How spies, anyone can grab crypto keys from the air. [The Register]
02-06-2016: Cisco warns IPv6 ping-of-death vulnerability is everyone's problem. [The Register]

08-06-2016: IPv6 ping-of-death hits Junos, too. [The Register]

01-06-2016: Hardware backdoor hides in a tiny slice of a computer chip. [Wired]
01-06-2016: The impossible task of creating a “Best VPNs” list today. [Ars Technica]

31-05-2016: Tor Browser 6.0 released with DuckDuckGo search engine support enabled by default. [THG]
25-05-2016: Major DNS provider hit by mysterious, focused DDoS attack. [Ars Technica]
24-05-2016: Poisoned Word document attack refuses to work if it believes it is being watched. [Graham Cluley]
18-05-2016: Mozilla fails to get the details on the FBI's malware hack. [Engadget]

26-05-2016: Judge throws out evidence after FBI refuses to reveal Tor vulnerability. [THG]
04-06-2016: FBI: Exploit that revealed Tor-enabled child porn users wasn’t malware. [Ars Technica]
25-06-2016: FBI’s use of Tor exploit is like peering through “broken blinds". [Ars Technica] [Engadget]

18-05-2016: LinkedIn password breach much bigger than thought: 117 million. [Ars Technica] [BBC News] [Graham Cluley] [The Register] [Krebs] [HardOCP] [Kaspersky] [Stuff]

19-05-2016: LinkedIn plays down '117 million users' breach data sale. [The Register]
23-05-2016: LinkedIn's poor handling of 2012 data breach comes back to haunt it. [Graham Cluley]
01-06-2016: How LinkedIn’s password sloppiness hurts us all. [Ars Technica]

17-05-2016: Lego robots versus gesture security. [Russ White] [Motherboard]
17-05-2016: Random number generator 'improved'. [BBC News] [The Register] [THG] [Russ White] [TheNewStack]
12-05-2016: The Ukrainian hacker who became the FBI’s best weapon - and worst nightmare. [Wired]
12-05-2016: FBI director warns that feds will bring more encryption-related cases. [Ars Technica]
09-05-2016: NIST starts planning for post-quantum cryptography. [Schneier] [NIST PDF] [The Register] [ComputerWorld] [ExtremeTech]
08-05-2016: FBI can obtain a warrant if you run Tor come December. [HardOCP] [The Merkle]
05-05-2016: Stop resetting your passwords, says UK govt's spy network. [The Register]
03-05-2016: Privacy and cybercrime update. [Russ White]
03-05-2016: The future of encryption is in these politicians hands. [Wired]
03-05-2016: Global Threat Intelligence report ahead of Government Cyber Security Summit. [Stuff]

27-04-2016: Hacking group “PLATINUM” used Windows’ own patching system against it. [Ars Technica]
25-04-2016: Hackers who got caught by a typo were trying to take over the world. [Gizmodo] [Reuters]
25-04-2016: Clapper: Snowden sped up sophistication of crypto, “it’s not a good thing”. [Ars Technica]
22-04-2016: Over 1 million Facebook users login anonymously over Tor. [THG]
21-04-2016: Lock-hackers crack restricted keys used to secure data centres. [The Register]
14-04-2016: A scheme to encrypt the entire web is actually working. [Wired]
14-04-2016: The US is attacking Islamic State with 'cyber bombs'. [Gizmodo] [Reuters] [Ars Technica] [Engadget] [ExtremeTech]

28-04-2016: As US drops “cyber bombs,” ISIS retools its own cyber army. [Ars Technica]

12-04-2016: Are cryptoworms the future of ransomware? [Graham Cluley]
08-04-2016: Is this how a hacker got the Panama papers? [Gizmodo]
08-04-2016: Security experts react negatively to Burr-Feinstein anti-encryption bill. [THG] [Gizmodo] [Wired] [HardOCP] [TechDirt] [Engadget] [The Register] [Schneier] [Monday Note]

12-04-2016: What you should know about Congress's latest attempt to criminalize encryption. [Lifehacker]
13-04-2016: Read the full Senate bill requiring encryption backdoors. [Engadget]
14-04-2016: Burr-Feinstein anti-encryption draft officially released, Wyden promises filibuster. [THG]
14-04-2016: US anti-encryption law is so 'braindead' it will outlaw file compression. [The Register]
03-05-2016: Julian Sanchez on the Feinstein-Burr bill. [Schneier] [Just Security] [Just Security] [Russ White]
29-05-2016: Senate anti-encryption bill is effectively dead, for now. [Engadget] [The Register]

07-04-2016: Reuters: White House refuses to openly back encryption law. [Engadget]
07-04-2016: Bypassing phone security through social engineering. [Schneier]
05-04-2016: WhatsApp adds end-to-end encryption. [BBC News] [Ars Technica] [Wired] [Stuff] [Graham Cluley] [Schneier] [Android Police] [Engadget]
04-04-2016: Gmail, Facebook Messenger BREACHed once again. [The Register]
03-04-2016: Tor accuses CloudFlare of blocking its anonymizing network. [Engadget]
01-04-2016: The artist using museums to amplify Tor’s anonymity network. [Wired]

31-03-2016: Why do the Feds usually try to unlock phones? It’s drugs, not terrorism. [Wired]
31-03-2016: UK cops tell suspect to hand over crypto keys in US hacking case. [Ars Technica]
31-03-2016: ISIS encryption opsec. [Schneier]
30-03-2016: Senator Wyden recalls SOPA fight in bid to defeat encryption-weakening efforts. [The Register] [THG]
30-03-2016: CloudFlare: 94 percent of the Tor traffic we see is “per se malicious". [Ars Technica]
30-03-2016: The Apple-FBI battle is over, but the new crypto wars have just begun. [Wired] [Schneier]
30-03-2016: The anatomy of a nation-state hack attack. [BBC News]
30-03-2016: Poll results: Internet users don't understand security or privacy. [The Register] [Stuff]
29-03-2016: FBI: No, we won't tell you how we unmask and torpedo illegal Tor users. [The Register] [BBC News] [Gizmodo]

25-10-2016: Judge orders FBI to reveal whether White House launched 'Tor pedo' torpedo exploits. [The Register]

25-03-2016: Stealthy malware targeting air-gapped PCs leaves no trace of infection. [Ars Technica]
23-03-2016: Google, Microsoft, and others publish new email security standard. [HardOCP] [InfoWorld]
22-03-2016: Tor Project works on anti-FBI defenses amid iOS row with Apple. [The Register]
22-03-2016: FBI's Most Wanted: Syrian Electronic Army hacktivists. [The Register] [Engadget] [Schneier] [Graham Cluley]
21-03-2016: Paris terrorists used burner phones, not encryption, to evade detection. [Ars Technica]
17-03-2016: HTTPS is not enough: boffins fingerprint user environments without cracking crypto. [The Register]
17-03-2016: New NIST encryption guidelines. [Schneier] [NIST PDF]
16-03-2016: Thoughts on encryption. [Networking Nerd]
16-03-2016: Reaction: more encryption is bad? [Russ White]
14-03-2016: In the FBI’s crypto war, apps may be the next target. [Wired] [THG] [Schneier]
11-03-2016: Hackers target anti-DDoS firm Staminus. [Krebs] [Ars Technica] [Gizmodo]
10-03-2016: Using mouse movements to track you on the Tor network. [HardOCP] [ZDNet]
09-03-2016: Trivial path for DDoS amplification attacks found by infosec bods. [The Register]
07-03-2016: Apple Macs hit with first-ever ransomware. [ExtremeTech] [Hexus] [THG]
07-03-2016: GCHQ boss: Tech firms should co-operate over encryption. [BBC News] [The Register]
06-03-2016: DDoS attacks up 149% from last quarter. [HardOCP] [TweakTown]
05-03-2016: Quantum computer could mean end of encryption. [HardOCP] [MIT]
03-03-2016: New attack steals secret crypto keys from Android and iOS phones. [Ars Technica]
03-03-2016: Next-generation firewalls put to the test. [Network Computing]
02-03-2016: Schneier: We're sleepwalking towards digital disaster and are too dumb to stop. [The Register]
01-03-2016: What exactly do we mean by 'backdoor'? [The Register]
01-03-2016: DDoS attacks up 149 percent as brassy booter kids make bank. [The Register]

29-02-2016: Tor takes aim against malicious nodes on the network. [The Register]
27-02-2016: Most software already has a “golden key” backdoor: the system update. [Ars Technica]
26-02-2016: Hackers caused Ukrainian power outage, US report concludes. [Ars Technica] [Schneier]
25-02-2016: Tor users are actively discriminated against by website operators. [The Register]
24-02-2016: CloudFlare may consider binning CAPTCHAs for Tor users. [The Register] [Ars Technica]
23-02-2016: Flaws in wireless mice and keyboards let hackers type on your PC. [Wired] [HardOCP] [Bastille] [The Register] [Graham Cluley] [Gizmodo]
23-02-2016: Practical TEMPEST attack. [Schneier] [IACR PDF]
19-02-2016: Tor: 'Mystery' spike in hidden addresses. [BBC News]

04-03-2016: Number of Tor hidden sites spikes - along with paranoia. [Ars Technica]

19-02-2016: FBI must reveal the code it used to hack Dark Web pedophiles. [Engadget]
18-02-2016: NSA’s director says Paris attacks “would not have happened” without crypto. [Ars Technica]
15-02-2016: Survey of the dark web. [Schneier] [Taylor & Francis Online]
15-02-2016: US intelligence chief: the Internet of Things will be used to spy and hack. [Graham Cluley]
13-02-2016: FBI wants $38 million in funding to break encryption. [HardOCP] [ZDNet]
11-02-2016: Global crypto survey proves govt backdoors completely pointless. [The Register] [Schneier] [Ars Technica] [Wired]
10-02-2016: GSMA outlines thoroughly sensible IoT security rules. [The Register] [GSMA]
09-02-2016: How to hack the power grid through home air conditioners. [Wired]
09-02-2016: Senator McCain calls for end-to-end encryption ban in US. [THG]

11-02-2016: U.S. encryption ban would force companies to migrate, say researchers. [THG]

05-02-2016: The 8 worst data breaches of all time. [Network Computing]
02-02-2016: More details on the NSA switching to quantum-resistant cryptography. [Schneier] [NSA IAD]

03-02-2016: Study shows Fed encryption fears overblown — but that’s not good news. [ExtremeTech]
04-02-2016: NSA plans to 'Act Now' to ensure quantum computers can't break encryption. [Gizmodo] [NSA IAD]

01-02-2016: Feds don’t need crypto backdoors to spy - your TV and toothbrush will do. [Ars Technica]

30-01-2016: How anti-encryption laws put everyone at risk. [PocketNow]
28-01-2016: Israeli academics claim they can predict botnet attacks. [The Register]
27-01-2016: Tails 2.0 emerges with major new features, security improvements. [THG] [Tails] [Engadget]
27-01-2016: 500Gbps DDoS attack flattens world record. [The Register] [HardOCP] [ZDNet]
23-01-2016: Internet of Things security is so bad, there’s a search engine for sleeping kids. [Ars Technica]
23-01-2016: After FBI briefly ran Tor-hidden child-porn site, investigations went global. [Ars Technica] [Engadget]
22-01-2016: NSA director: 'Encryption is foundational to the future'. [Engadget]
21-01-2016: NSA chief stakes out pro-encryption position. [HardOCP] [The Intercept]
21-01-2016: The end of work passwords. [Stuff]
19-01-2016: Australia and America working on global no-state-hacking pact. [The Register]
17-01-2016: Here’s what Tor’s data looks like as it flows around the world. [Wired]
15-01-2016: Google's creepy plan to kill the password. [Engadget] [HardOCP] [Stuff]
14-01-2016: New York bill would ban strong encryption, mandate backdoors in all devices. [ExtremeTech] [Ars Technica] [HardOCP] [Inedependent]
13-01-2016: Cisco admits hardcoded password in wireless points. [The Register]
13-01-2016: The debate over government 'backdoors' into encryption isn't just happening in the US. [NZ Herald]
12-01-2016: French government may try to ban strong encryption. [THG]

14-01-2016: France doesn't think encryption backdoors are the answer. [Engadget] [THG] [Schneier]

12-01-2016: Dutch police claim they can crack PGP-encrypted BlackBerrys. [ExtremeTech] [The Register]
12-01-2016: Fortinet explains SSH 'backdoor' discovered in firewalls. [The Register] [Ars Technica]

23-01-2016: Thought you were safe from the Fortinet SSH backdoor? Think again. [The Register]

12-01-2016: DD4BC DDoS extortion gang smashed by international cops. [Graham Cluley]
08-01-2016: Facebook, Google, Microsoft, Twitter, Yahoo slag Snooper’s Charter. [Ars Technica] [HardOCP] [ZDNet] [The Register]
08-01-2016: Power grid vulnerability threatens national security. [DC Knowledge]
08-01-2016: Checkpoint hacks across air-gaps. [The Register]
07-01-2016: US leaders meet with tech CEOs to fight terrorism online. [Engadget] [Wired]
07-01-2016: ProPublica launches dark web's first major news site. [Wired] [Engadget]
07-01-2016: FBI hacked the Dark Web to bust 1,500 pedophiles. [Engadget]
07-01-2016: Trend Micro: Internet scum grab Let's Encrypt certs to shield malware. [The Register]
06-01-2016: The father of online anonymity has a plan to end the crypto war. [Wired]
06-01-2016: Hackers cause a blackout for the first time. [HardOCP] [Washington Post] [Engadget]
04-01-2016: Dutch govt says no to backdoors, gives $540k to OpenSSL. [The Register] [BBC News] [Schneier]
04-01-2016: Irked train hackers talk derailment flaws, drop SCADA password list. [The Register]

2015 News

31-12-2015: Forget anonymity, we can remember you wholesale with machine intel, hackers warned. [The Register]
31-12-2015: Trustworthy x86 laptops? There is a way, says system-level security ace. [The Register]
31-12-2015: Cory Doctorow on software security and the Internet of Things. [Schneier] [The Guardian]
31-12-2015: Microsoft to warn of nation-state hacks. [BBC News]
31-12-2015: Web attack knocks BBC websites offline. [BBC News] [Graham Cluley]

02-01-2016: 'Anti-IS group' claims BBC website attack. [BBC News]

30-12-2015: John McAfee rattles tin for password replacement tech. [The Register]
28-12-2015: 2016 reality: lazy authentication still the norm. [Krebs] [HardOCP]
27-12-2015: Destroying a hard drive permanently. [HardOCP] [Scientific American]
27-12-2015: North Korea’s computer operating system revealed. [HardOCP] [The Guardian] [Engadget] [Hexus] [Stuff] [ExtremeTech] [BBC News] [The Register]
27-12-2015: China anti-terrorism law makes firms give up encryption keys. [Engadget] [ReadWriteWeb] [The Register]
26-12-2015: Researchers propose using patterns and icons for passwords. [Engadget] [HardOCP] [Plymouth University]
22-12-2015: Oracle ordered to admit it deceived users over Java security updates for years. [Graham Cluley]
21-12-2015: Iranian hackers 'targeted' New York dam. [BBC News] [Graham Cluley] [The Register]

18-03-2016: America accuses Iran of hacking the dam, cyber-squirrels rejoice. [Engadget] [The Register]
25-03-2016: Federal grand jury indicts 7 Iranians for “campaign of cyber attacks". [Ars Technica] [Wired]

20-12-2015: The CIA secret to cybersecurity that no-one seems to get. [Wired]
19-12-2015: Clinton wants a Manhattan Project for encryption. [Gizmodo] [The Register] [Ars Technica]
19-12-2015: A cybersecurity bill loathed by tech companies is now law. [Gizmodo]
19-12-2015: Xbox Live pummeled by DDoS attack; hacker group claims responsibility. [Ars Technica]
18-12-2015: Users their own worst enemy when it comes to encrypted messaging apps. [Graham Cluley]
18-12-2015: “Unauthorized code” in Juniper firewalls decrypts encrypted VPN traffic. [Ars Technica] [The Register] [Engadget] [BBC News] [DC Knowledge] [Graham Cluley] [Gizmodo] [Schneier]

18-12-2015: FBI is investigating the Juniper Networks security hole. [Engadget]
20-12-2015: Juniper admits up to two attacks from 'unauthorised code'. [The Register]
21-12-2015: How to log into any backdoored Juniper firewall – hard-coded password published. [The Register]
22-12-2015: Researches solve Juniper backdoor -- signs point to NSA. [Wired] [THG]
22-12-2015: Cisco probes self for Juniper-style backdoors. [The Register]
23-12-2015: Juniper's VPN security hole is proof that govt backdoors are bonkers. [The Register]
23-12-2015: Juniper backdoors and vendor stone throwing. [Network Inferno]
23-12-2015: NSA helped GCHQ find security holes in Juniper firewalls. [The Intercept]
28-12-2015: NSA/GCHQ exploits against Juniper networking equipment. [Schneier]
08-01-2016: New discovery around Juniper backdoor raises more questions about the company. [Wired]
10-01-2016: Juniper drops NSA-developed code following new backdoor revelations. [Ars Technica] [Graham Cluley]
10-01-2016: Juniper resets 'days since last rogue code incident' clock. [The Register]
19-04-2016: Details about Juniper's firewall backdoor. [Schneier]
28-04-2016: A systematic analysis of the Juniper Dual EC incident. [Russ White] [IACR]
14-07-2016: Crypto flaw made it easy for attackers to snoop on Juniper customers. [Ars Technica]

16-12-2015: Former national security officials urge government to embrace rise of encryption. [NZ Herald]
16-12-2015: Meet CISA, a de facto cyber patriot act. [THG] [The Register]
16-12-2015: Unisys predicts entirely new classes of cyberthreats will require fresh countermeasures in 2016. [Stuff]
16-12-2015: Fact-checking the debate on encryption. [Ars Technica]
15-12-2015: Dumb human errors can undermine the security of encrypted communication apps. [Gizmodo]
14-12-2015: Moonfruit takes customers’ sites offline, as it prepares for DDoS attack. [Graham Cluley]
14-12-2015: Twitter warns users of possible 'state sponsored' attacks. [Graham Cluley] [Stuff] [Ars Technica]
14-12-2015: A Tor alternative uses spam traffic to hide messages. [Gizmodo]
13-12-2015: Tor's new executive director is a digital privacy legend. [Engadget]
12-12-2015: Your VPN may be worthless. [Engadget]
11-12-2015: Silicon Valley's Congresswoman comes to the defense of Tor. [The Register] [Wired]
10-12-2015: FBI Director: Silicon Valley’s encryption is a “business model problem". [Ars Technica] [Gizmodo]
08-12-2015: Internet's root servers take hit in DDoS attack. [The Register] [Ars Technica] [Schneier]
08-12-2015: Getting a Linux box corralled into a DDoS botnet is easier than many think. [Ars Technica]
08-12-2015: How Israel regulates encryption. [Schneier] [LawFare]
08-12-2015: Europe agrees response to cyber-attacks. [BBC News]
07-12-2015: Bank refuses to pay $3,000,000 ransom, hacker exposes customer account details. [Graham Cluley]
07-12-2015: UK research network Janet under ongoing and persistent DDoS attack. [The Register]

08-12-2015: Day 2: Janet still being hit by DDoS attack. [The Register]
15-12-2015: Janet pulls open network info for good after DDoSers exploit it. [The Register]

06-12-2015: France mulls tighter noose around crypto. [The Register] [Gizmodo] [ExtremeTech] [Ars Technica]

08-12-2015: You know you've lost if terrorism means you start banning public Wi-Fi. [Graham Cluley]
11-12-2015: France will not ban WiFi or Tor. [HardOCP] [The Daily Dot] [Engadget]

04-12-2015: White hats, FBI and cops team up for Dorkbot botnet takedown. [The Register] [HardOCP] [Engadget]
03-12-2015: Watching amateur coders foil a 'bioterrorist plot'. [Engadget]
03-12-2015: Seven years on, the Conficker worm is not dead... but dominating. [Graham Cluley]
03-12-2015: Fake LinkedIn profiles used by hackers. [BBC News]
03-12-2015: Industrial control system gateway fix opens Heartbleed, Shellshock. [The Register]
01-12-2015: Sued for using HTTPS: big brands told to cough up in crypto patent fight. [The Register] [Ars Technica] [Gizmodo]

04-12-2015: Big names settle out of court with CryptoPeak in HTTPS patent spat. [The Register]

25-11-2015: Encryption stops criminals -- weakening it doesn't make sense. [Graham Cluley]
23-11-2015: Dell does a Superfish, ships PCs with easily cloneable root certificates. [Ars Technica] [The Register] [ExtremeTech] [Engadget] [Graham Cluley] [Krebs] [THG]

23-11-2015: Dell's dodgy security certificate is an hard to remove. [The Register]
24-11-2015: Dell acknowledges security hole in new laptops. [HardOCP] [Reuters] [The Register] [BBC News]
24-11-2015: Dell apologizes for HTTPS certificate fiasco, provides removal tool. [Ars Technica] [Graham Cluley] [ExtremeTech]
24-11-2015: Dell promised security -- then delivered a huge security hole. [Wired]
25-11-2015: Dell computers bundled with backdoor that blurts hardware fingerprint to websites. [The Register] [Ars Technica]
25-11-2015: Second Dell backdoor root cert found. [The Register]

21-11-2015: TrueCrypt is safer than previously reported, detailed analysis concludes. [Ars Technica] [HardOCP] [The Register]
20-11-2015: Price list for secret hacker techniques. [HardOCP] [Wired]
19-11-2015: The internet of insecure, untrustworthy things. [Graham Cluley]
19-11-2015: KilerRat spying software takes njrat to the next level. [Graham Cluley]
18-11-2015: Tor is getting a major security upgrade. [ExtremeTech]
18-11-2015: DoD head enlists Silicon Valley to transform the military. [Wired]
18-11-2015: UK says it will hit back against Internet attacks. [Graham Cluley]
17-11-2015: Congress considers letting US companies hack Chinese attackers. [Engadget] [HardOCP] [AP]
17-11-2015: Why the G20’s new “anti-hacking” agreement is pointless. [Ars Technica]
16-11-2015: Paris attacks blamed on strong encryption and Snowden. [Schneier] [Gizmodo] [NZ Herald] [Wired] [Krebs]

16-11-2015: ISIS encrypted communications with Paris attackers. [Ars Technica] [BBC News]
17-11-2015: Islamic State is plotting deadly cyber-attacks. [BBC News]
18-11-2015: Congressmen want parts of the Internet ISIS use shut down. [The Register]
18-11-2015: UK to create cybersecurity forces to fight off ISIS hackers. [Engadget] [Gizmodo]
18-11-2015: Paris terrorists didn't use encryption. [Schneier]
18-11-2015: Encryption row intensifies. [BBC News]
19-11-2015: Telegram encrypted messaging service cracks down on ISIS broadcasts. [Ars Technica] [Engadget] [BBC News]
19-11-2015: Tech firms fight anti-encryption demands after Paris murders. [The Register] [BBC News]
19-11-2015: ISIS' opsec manual reveals how it handles cybersecurity. [Wired]
19-11-2015: Let's have an argument about encryption. [Engadget]
20-11-2015: Clinton, others: stop helping terrorists, Silicon Valley – weaken your encryption. [The Register] [ExtremeTech] [Wired] [Engadget] [Gizmodo] [Wired]
20-11-2015: Tech goliaths stand firm against demands for weaker encryption after Paris terror attacks. [The Register]
20-11-2015: Politicians to Silicon Valley: the government is not your adversary. [HardOCP] [cNet]
07-12-2015: Obama calls out encryption in terror strategy speech. [The Register]

16-11-2015: Police body cams found pre-installed with notorious Conficker worm. [Ars Technica]
15-11-2015: Op-ed: (How) did they break Diffie-Hellman? [Ars Technica]
13-11-2015: Beware of ads that use inaudible sound to link your phone, TV, tablet, and PC. [Ars Technica] [Schneier]
13-11-2015: 'Let's Encrypt' service available to everyone on December 3, as public beta opens. [THG]

03-12-2015: Free HTTPS certs for all – Let's Encrypt opens doors to everyone. [The Register] [THG]
08-03-2016: Let’s Encrypt has issued 1 million certificates and counting, boosting HTTPS adoption. [THG]

13-11-2015: Jail for British DDoS attacker, who said too much on Twitter. [Graham Cluley]
12-11-2015: Pay or we’ll knock your site offline -- DDoS-for-ransom attacks surge. [Ars Technica]
11-11-2015: ToR says Feds paid Carnegie Mellon $1M to help unmask users. [THG] [The Register] [Ars Technica] [BBC News] [Gizmodo]

12-11-2015: Why the attack on Tor matters. [Ars Technica]
13-11-2015: FBI: “The allegation that we paid CMU $1M to hack into Tor is inaccurate”. [Ars Technica]
16-11-2015: Did Carnegie Mellon attack Tor for the FBI? [Schneier]
17-11-2015: The million-dollar hole in the FBI 'paying CMU to crack Tor' story. [The Register]
10-01-2015: Two months after FBI debacle, Tor Project still can’t get an answer from CMU. [Ars Technica]
24-02-20-16: Judge confirms what many suspected: Feds hired CMU to break Tor. [Ars Technica] [BBC News] [Gizmodo] [Wired]

11-11-2015: How the FBI got basic security wrong. [HardOCP] [ZDNet]
10-11-2015: Outrageous OPSEC: What happens when skiddies play natsec. [The Register]
10-11-2015: Buggy ransomware locks up your data, then throws away the encryption key. [Graham Cluley]
09-11-2015: Cryptowall 4.0: Update makes world's worst ransomware worse still. [The Register]
08-11-2015: NSA discloses most security flaws, but that's not the whole story. [Engadget] [HardOCP] [NSA]
06-11-2015: CIA email hackers return with major law enforcement breach. [Wired]
06-11-2015: Hackers have infiltrated the US arrest records database. [Engadget] [HardOCP]
06-11-2015: Crypto e-mail service pays $6,000 ransom, gets taken out by DDoS anyway. [Ars Technica] [Graham Cluley] [The Register]

07-11-2015: ProtonMail says it won't ever again pay ransom to DDoS blackmailers. [Graham Cluley]
09-11-2015: ProtonMail DDoS wipeout: Day 6. Yes, we're still under attack. [The Register]
10-11-2015: ProtonMail 'mitigates' DDoS attacks, says security not breached. [The Register]
10-11-2015: More websites hit by Armada Collective DDoS blackmail attacks, but won't pay up. [Graham Cluley]

06-11-2015: Booming crypto ransomware industry employs new tricks to befuddle victims. [Ars Technica]
05-11-2015: Teen hackers strike again, leak info of government employees. [Gizmodo]
05-11-2015: WSJ: Iran hacked the Obama administration after arresting American citizen. [Gizmodo] [WSJ]
05-11-2015: User data plundering by Android and iOS apps is as rampant as you suspected. [Ars Technica] [BBC News]
04-11-2015: Stuxnet-style code signing of malware becomes darknet cottage industry. [The Register]
03-11-2015: Hackers use anti-adblocking service to deliver nasty malware attack. [Ars Technica]
03-11-2015: Hacking tool swipes encrypted credentials from KeePass. [Ars Technica] [The Register]
02-11-2015: The rise of political doxing. [Schneier]
02-11-2015: E-mail crypto is as usable as it ever was, say boffins. [The Register]
02-11-2015: Kim Dotcom is building his own private internet. [Stuff]
01-11-2015: Crypto is for everyone - and American history proves it. [Gizmodo]

30-10-2015: America’s crypto battles. [BBC News]
28-10-2015: It's official: Tor's .onion domains will be kept off the public internet. [The Register]
28-10-2015: The doxing trend. [Schneier] [CNN]
27-10-2015: Is the NSA trying to warn us that cryptography is dead? [ExtremeTech] [Schneier]
27-10-2015: Hacked shopping mall CCTV cameras are launching DDoS attacks. [Graham Cluley]
27-10-2015: NSA warns of growing danger of cyber-attack by nation states. [BBC News]
26-10-2015: This 11-year-old is selling cryptographically secure passwords for $2 each. [Ars Technica]
24-10-2015: What's the internet community doing about the NSA cracking VPN, HTTPS encryption? [The Register]
24-10-2015: The perfect password that's also easy to remember. [Stuff]
23-10-2015: Microsoft runs the largest botnets to protect Azure customers. [DC Knowledge]
23-10-2015: Chattering Wi-Fi devices are a short hop away from the crown jewels of your network. [Graham Cluley]
23-10-2015: NSA advisory sparks concern of secret advance ushering in cryptoapocalypse. [Ars Technica]
22-10-2015: UK/China cyber security deal: National security attacks still OK. [The Register]

30-03-2016: Former FBI spy hunter: Don’t trust China on ‘no hack’ pact. [The Register]

22-10-2015: The challenges of Internet retailing - DDoS attacks. [Hexus]
22-10-2015: New attacks on NTP can defeat HTTPS and create chaos. [Ars Technica] [The Register]
22-10-2015: 'Get a VPN to defeat metadata retention' is good advice. Sometimes. [The Register]
21-10-2015: German infosec bureaucrats want mail providers to encrypt. [The Register]
20-10-2015: One step closer to an encrypted web. Next stop: HTTPS for everyone. [Graham Cluley]
20-10-2015: Hacker releases new purported personal data for top CIA, DHS officials. [Ars Technica]
19-10-2015: The Australian cyber security report. [Russ White] [Palo Alto]
19-10-2015: GCHQ to pore over blueprints of Chinese built Brit nuke plants. [The Register]
16-10-2015: How to protect yourself from the NSA if you use 1024-bit DH encryption. [Gizmodo]
16-10-2015: How the NSA can break trillions of encrypted Web and VPN connections. [Ars Technica]
15-10-2015: Inside Mandiant's biggest forensics breach battle: Is this Anthem? [The Register]
15-10-2015: Ingenious attack shows how Siri could be hijacked silently from 16 feet away. [Graham Cluley]
14-10-2015: FBI takes down Dridex botnet, seizes servers, arrests suspect. [The Register]
14-10-2015: Encryption is the only guarantee of data destruction in the cloud. [Graham Cluley]
13-10-2015: SYNful Knock is no Stuxnet. [The Register]
12-10-2015: Soviet spying on IBM Selectric typewriters. [Schneier] [NSA PDF] [Ars Technica]
12-10-2015: Where do major tech companies stand on encryption? [Gizmodo]
10-10-2015: China arrests hacking suspects on behalf of the US. [Engadget] [Gizmodo]

13-10-2015: Arrest of Chinese hackers not a first for US. [Krebs]
14-10-2015: FireEye: US-China cyber espionage treaty 'will do nothing'. [The Register]
19-10-2015: China accused of hacking US firms even after cyber-peace treaty. [Engadget] [HardOCP] [Reuters]

08-10-2015: DDoS defences spiked by CloudPiercer tool - paper. [The Register]
07-10-2015: Cisco disrupts $30m Angler hacking operation. [BBC News] [DC Knowledge]
05-10-2015: How to tackle the network intruders. [BBC News]
02-10-2015: Home routers 'vaccinated' by benign virus. [BBC News] [HardOCP] [TechWeek]
01-10-2015: When security experts gather to talk consensus, chaos ensues. [Wired]
01-10-2015: Identifying CIA officers in the field. [Schneier] [Salon]

29-09-2015: Botnet preying on Linux computers delivers potent DDoS attacks. [Ars Technica] [Engadget] [Gizmodo] [HardOCP] [ZDNet]
29-09-2015: Here are the God-mode holes that gave TrueCrypt audit the slip. [The Register] [ExtremeTech] [Engadget]
28-09-2015: How to send and receive encrypted email for free. [ExtremeTech]
26-09-2015: US and China have an 'understanding' to fight cyber economic espionage. [Engadget]

27-09-2015: Analysis: China-US hacking accord is tall on rhetoric, short on substance. [Ars Technica]
30-03-2016: Former FBI spy hunter: Don’t trust China on ‘no hack’ pact. [The Register]

24-09-2015: How the mysterious Dark Net is going mainstream. [TED YouTube]
23-09-2015: Obama administration explored backdoors for bypassing smartphone crypto. [Ars Technica] [Engadget] [HardOCP] [Washington Post]
23-09-2015: How the mysterious Dark Net is going mainstream. [TED: YouTube]
23-09-2015: Bidding for breaches, redefining targeted attacks. [Krebs]
22-09-2015: US Navy develops new system to defend against internet attacks. [Graham Cluley]
21-09-2015: History of hacktivism. [Schneier] [Georgetown Journal]
21-09-2015: SYNful knock attack against Cisco routers. [Schneier] [FireEye: exec, part 1]
21-09-2015: FireEye: The face of hacking is changing – and it's getting uglier. [The Register]
20-09-2015: The rate of Chinese hacking attempts is slowing down. [Engadget]
19-09-2015: The tricky encryption that could stump quantum computers. [Wired]
18-09-2015: MI5's website uses obsolete encryption protocol. [Graham Cluley]
17-09-2015: A guide to ransomware, the scary hack that’s on the rise. [Wired]
17-09-2015: Seven years of malware linked to Russian state-backed cyber espionage. [Ars Technica] [Graham Cluley] [Gizmodo]
17-09-2015: Schneider patches yet another dumb vulnerability. [The Register]
16-09-2015: Obama edges toward full support for encryption – but does he understand what that means? [The Register]
15-09-2015: Cisco routers in at least 4 countries infected by highly stealthy backdoor. [Ars Technica]
15-09-2015: Microsoft throws crypto foes an untouchable elliptic curveball. [The Register]
14-09-2015: How to avoid surveillance... with your phone. [TED YouTube]
14-09-2015: Serious cyber attacks against NZ surge, GCSB figures show. [NZ Herald]
13-09-2015: Near-perfect computer security may be surprisingly close. [Wired]
11-09-2015: How to pick the perfect password. [BBC News]
11-09-2015: 2FA has finally become more convenient. [ReadWriteWeb]
10-09-2015: Library gets cop visit for running exit relay in US. [The Register]
10-09-2015: Monsters defeated in quest to free .onion from clutches of DNS-snooping demons. [The Register] [BBC News] [Gizmodo]
09-09-2015: How highly advanced hackers (ab)used satellites to stay under the radar. [Ars Technica] [The Register]
08-09-2015: Researchers respond to developer’s accusation that they used crypto wrong. [Ars Technica]
08-09-2015: Our insecure Internet of Things is becoming terrifying. [ExtremeTech]
07-09-2015: Why Security Experts Are Using An Ancient Email Format In 2015. [HardOCP] [Motherboard]
07-09-2015: Kill the password. [HardOCP] [TechCrunch]
04-09-2015: Bored Brazilian skiddie claims DDoS against Essex Police. [The Register]
03-09-2015: The declining half-life of secrets. [Schneier] [Peter Swire: PDF]
03-09-2015: Greater Manchester plod site targeted by nuisance DDoS attack. [The Register]
03-09-2015: Vulnerabilities found in Siemens SIMATIC HMI devices. [Graham Cluley]
01-09-2015: Cyberwar: a global guide to nation-state digital attacks. [Wired]
01-09-2015: NSA boss: encrypted software needs government backdoors. [Wired]

04-09-2015: FTC commissioners call for strong encryption, push back against FBI, NSA. [ExtremeTech] [The Register]
06-09-2015: US trade watchdog to FBI: you think the crims won't know about the back door too? [The Register]

30-08-2015: NSA wants encryption that fends off quantum computing hacks. [Engadget]
28-08-2015: LizardStresser: Six people arrested in connection with Lizard Squad’s DDoS attack tool. [Graham Cluley] [BBC News] [Krebs] [HardOCP] [ZDNet] [Engadget]

01-09-2015: UK’s National Crime Agency hit by DDoS attack, following LizardStresser arrests. [Graham Cluley] [The Register] [Ars Technica] [Engadget] [HardOCP]
06-10-2016: Feds charge two in Lizard Squad investigation. [Graham Cluley] [Kotaku] [HardOCP] [US DoJ]

27-08-2015: BitTorrent patched against flaw that allowed crippling DoS attacks. [Ars Technica]
27-08-2015: Cisco's RAT-catchers spot sysadmin-targeted phish. [The Register]
27-08-2015: Iranian phishing. [Schneier] [Citizen Lab]
26-08-2015: Concerns new Tor weakness is being exploited prompt dark market shutdown. [Ars Technica] [BBC News] [Tripwire]
26-08-2015: Tor is being cut up and making security pros cry. [The Register]
25-08-2015: System routes Internet traffic around countries you don't trust. [HardOCP] [IEEE Spectrum]
25-08-2015: Are data breaches getting larger? [Schneier]
24-08-2015: Samsung smart fridge leaves Gmail logins open to attack. [The Register] [Schneier] [Pen Test Partners]
21-08-2015: China using cyberspies in border disputes with India and neighbours. [The Register]
21-08-2015: NSA preps quantum-resistant algorithms to head off crypto-apocalypse [Ars Technica] [Schneier]
21-08-2015: SS7 phone-switch flaw enabled surveillance. [Schneier] [Engadget]
21-08-2015: How firms are fighting off spies and hackers. [BBC News]
20-08-2015: Researchers can steer your emails away from hostile nations. [Engadget]
19-08-2015: Schneier: 'We're in early years of a cyber arms race'. [The Register]
19-08-2015: Hackers exploiting wide-open Portmap to amp up DDoS attacks. [The Register] [DC Knowledge]
17-08-2015: Your torrent client could help hackers hijack your computer. [ExtremeTech]
17-08-2015: The noise around you could strengthen your passwords. [HardOCP] [Wired] [Gizmodo]
16-08-2015: How BitTorrent could let lone DDoS attackers bring down big sites. [Ars Technica]
13-08-2015: NSA funds $300k to build a safer Internet of Things. [The Register]
12-08-2015: Attackers are hijacking critical networking gear from Cisco. [Ars Technica] [Schneier]
12-08-2015: Another salvo in the second crypto war (of words). [Schneier]
12-08-2015: Five years after Stuxnet, your USB drive is still being patched. [Graham Cluley]
12-08-2015: Apple and Google are killing kids with encryption, complain lawyers. [The Register]
11-08-2015: Security tool tricks workers into revealing company secrets. [Wired]
11-08-2015: Random numbers aren't, says infosec expert. [The Register]
10-08-2015: I watched hackers pull off a real life Ocean's 11 heist . [Gizmodo] [DefCon]
07-08-2015: Imperva demos cloud man-in-the-middle attack. [The Register] [HardOCP] [BlackHat]
06-08-2015: Pentagon email hacked, Russia already blamed. [The Register] [HardOCP] [CNBC] [Gizmodo] [Wired] [Gizmodo]
06-08-2015: How the Arab Spring blew the lid off the commercial spyware. [The Register]
04-08-2015: TrueCrypt 'decrypted' by FBI to nail doc-stealing sysadmin. [The Register]
04-08-2015: Chinese VPN service as attack platform? [Krebs]
04-08-2015: Hackers target internet address bug to disrupt sites. [BBC News]
03-08-2015: Next-gen secure email using internet's own DNS – your help needed. [The Register]

31-07-2015: New attack on Tor can deanonymize hidden services with surprising accuracy. [Ars Technica]
31-07-2015: NSA report shows China hacked 600+ US targets over 5 years. [Ars Technica]
31-07-2015: Back doors won't solve Comey's going dark problem. [Schneier]
30-07-2015: Derelict TrueCrypt Russia portal 'is command hub for Ukraine spying op'. [The Register] [Graham Cluley]
30-07-2015: Reports shows Russians hackers used Twitter, photos to breach US computers. [Stuff]
29-07-2015: Bizarre high-tech kidnapping. [Schneier] [Wired]
28-07-2015: Firewalls can't protect today's connected cars. [HardOCP] [Network World]
28-07-2015: Hackers break into Brinks ultra secure safe. [HardOCP] [Network World] [The Register] [Schneier]
28-07-2015: How the way you type can shatter anonymity -- even on Tor. [Ars Technica] [Graham Cluley]
28-07-2015: New RC4 attack. [Schneier] [PDF]
27-07-2015: Researchers hack air-gapped computer with simple cell phone. [Wired] [Engadget] [The Register]
27-07-2015: Even former heads of NSA, DHS think crypto backdoors are stupid. [Ars Technica] [Schneier]
26-07-2015: Websites, please stop blocking password managers -- it’s 2015. [Wired] [HardOCP]
25-07-2015: What amateurs can learn from security pros about staying safe online. [Ars Technica]
24-07-2015: US Treasury's intelligence network was susceptible to cyberattacks. [Engadget]
23-07-2015: Watch how malicious apps can secretly devour your data. [Gizmodo] [Bloomberg]
23-07-2015: Researchers claim they’ve developed a better, faster Tor. [Ars Technica] [Engadget] [BBC News] [The Register] [HardOCP]
22-07-2015: Nigerian prince swaps the sweet talk for keyloggers and exploits. [The Register]
22-07-2015: Google, Facebook, and co launch web blacklist to nail ad scammers. [The Register]
21-07-2015: Black Hat 2015: 32 SCADA, mobile zero-day vulns will drop. [The Register]
18-07-2015: Cyber-security's dirty little secret: It's not as bad as you think. [The Register]
16-07-2015: You need to speak up for Internet security -- right now. [Wired]
16-07-2015: Once-theoretical crypto attack against HTTPS now verges on practicality. [Ars Technica] [The Register]
15-07-2015: "Hornets nest of criminal hackers" destryed by Feds. [Gizmodo] [ExtremeTech]

15-07-2015: The Darkode cybercrime forum, up close. [Krebs]

14-07-2015: Telegram messaging app cops 200Gbps DDoS. [The Register]
11-07-2015: The crypto wars aren't over. [Wired]
10-07-2015: Brit teen who unleashed 'biggest ever DDoS' walks free from court. [The Register]
10-07-2015: Cybercrime kingpin pleads guilty. [Krebs]
09-07-2015: UK politicos easily pwned on insecure Wi-Fi networks. [The Register] [Graham Cluley]
09-07-2015: The risks of mandating backdoors in encryption products. [Schneier]
09-07-2015: Multi-billion dollar corporations hit by mystery hacking gang. [Graham Cluley]
08-07-2015: Encryption backdoors for cops put Internet security at risk. [HardOCP] [ZDNet]
06-07-2015: DDoSers call 1988 and want its routing protocol hacked. [The Register]
03-07-2015: UK’s Cameron wants to ban encryption. [ExtremeTech]

30-06-2015: VPNs may not protect your information as well as you think. [Engadget]
29-06-2015: Chinese hackers take up white hats, become internet gatekeepers. [Stuff]
27-06-2015: Tougher encryption guidelines close a back door for NSA spies. [Engadget]
26-06-2015: US spy chief James Clapper says China lead suspect in cyber hack. [BBC News]
26-06-2015: FBI says crypto ransomware has raked in >$18 million for cybercriminals. [Ars Technica]
25-06-2015: DDoS attacks evolve and skyrocket on the Internet. [Cisco]
24-06-2015: What is the DoD's position on backdoors in security systems? [Schneier]
22-06-2015: “Free” proxies aren’t necessarily free. [Krebs]
22-06-2015: US the world's botnet mothership says Level 3. [The Register]
18-06-2015: Reddit, Wikipedia, Bing and the FBI agree - an encrypted web is a safer web. [Graham Cluley] [Ars Technica]
16-06-2015: Emoji passcodes promise more security than numbers. [Engadget]

17-06-2015: Maybe emoji passwords aren't such a good idea. [Wired]

15-06-2015: Hack of cloud-based LastPass exposes hashed master passwords. [Ars Technica]

16-06-2015: Am I an idiot for still using a password manager? [Gizmodo]
16-06-2015: When breaches happen: LastPass hack showcases the value of strong encryption. [DailyTech]
16-06-2015: Don’t let the LastPass hack destroy your faith in password managers. [Graham Cluley]

15-06-2015: Encrypting Windows hard drives. [Schneier]
12-06-2015: Even with a VPN, open Wi-Fi exposes users. [Ars Technica]
12-06-2015: Europol operation crushes phiendish global phishing ring. [The Register]
11-06-2015: The latest hack lesson? Great defense is never enough. [Wired]
11-06-2015: Decrypted WhatsApp chats laid groundwork for Belgian terror raids. [The Register]
11-06-2015: Mystery continues to surround the nude celebrity iCloud hack. [Graham Cluley]

11-06-2015: FBI seized computers linked to celeb photo leak scandal. [Engadget]

11-06-2015: German parliament cyber-attack still 'live'. [BBC News]
10-06-2014: Russia's to blame for pro-ISIS megahack on French TV network. [The Register]
10-06-2015: Techies to Obama: keep your hands off encryption. [Stuff]
09-06-2015: If the FBI has a backdoor to Facebook or Apple encryption, we are less safe. [BoingBoing] [The Guardian]
09-06-2015: CIA cybersecurity guru Dan Geer doesn’t use a cell phone. [Wired]
09-06-2015: Obama issues HTTPS-only order to US Federal sysadmins. [The Register] [BoingBoing] [TechDirt] [Graham Cluley] [The Register]
09-06-2015: Undetectable NSA-linked hybrid malware hits Intel Security radar. [The Register]
09-06-2015: US Army website defaced by Syrian Electronic Army hackers. [Graham Cluley]
05-06-2015: FBI: Apple and Google are helping ISIS by offering strong crypto. [The Register]
04-06-2015: Russia behind German govt cyber attack -- report. [The Register]
04-06-2015: We stand on the brink of global cyber war, warns encryption guru. [The Register]
01-06-2015: Hola VPN used to perform DDoS attacks, violate user privacy. [Ars Technica] [BBC News] [Graham Cluley] [The Register] [NZ Herald]

10-06-2015: Do you use Hola VPN? You could be part of a DDoS, content theft – or worse. [The Register]

31-05-2015: The US will protect Japan against cyberattacks. [Engadget]
30-05-2015: Unmasking hidden Tor service users is too easy, say infosec bods. [The Register]
29-05-2015: Weaponizing code: America's quest to control the exploit market. [Engadget]
29-05-2015: US tried Stuxnet variant on N. Korean nuke program, failed. [Ars Technica] [BoingBoing] [Reuters] [The Register] [Wired] [Engadget] [Gizmodo] [Graham Cluley] [HardOCP] [Schneier]
28-05-2015: UN says encryption “necessary for the exercise of the right to freedom". [Ars Technica]
27-05-2015: Canary box aims to lure hackers into honeypots before they make headlines. [Ars Technica] [HardOCP]
27-05-2015: The UK government's data law - an attack on encryption? [BBC News]
26-05-2015: Moose: Linux-based worm turns routers into social network bots. [Ars Technica] [The Register] [BBC News]
26-05-2015: Hacker’s List leaks its secrets, revealing true identities of those wanting to hack. [Graham Cluley]
26-05-2015: Blackhat hack trick hits popular routers. [The Register]
25-05-2015: Stallman: Windows and OS X are malware. [The Register] [HardOCP] [The Guardian]
25-05-2015: Google finds that security questions aren't really secure. [Engadget] [BoingBoing] [Google]
23-05-2015: Why you should protect even your most unimportant data. [Lifehacker] [Entrepreneur]
22-05-2015: Google heads list of 16 companies trying to kill passwords. [Engadget] [HardOCP]
22-05-2015: New relay selection fix for Tor to spoil spooks' fun - eventually. [The Register]
21-05-2015: Flawed Android factory reset leaves crypto and login keys ripe for picking. [Ars Technica] [Graham Cluley] [Stuff] [PocketNow]
20-05-2015: 'Logjam' crypto bug could be how the NSA cracked VPNs. [The Register] [Engadget] [Wired] [Schneier] [BoingBoing] [Ars Technica]

20-05-2015: Logjam vulnerability – what you need to know. [Graham Cluley]

20-05-2015: 'Millions' of routers open to absurdly outdated NetUSB hijack. [The Register] [HardOCP] [SecurityWeek]
19-05-2015: Robots.txt tells hackers the places you don't want them to look. [The Register]
18-05-2015: Apple and Google push Obama to prevent encryption backdoors. [Engadget] [Gizmodo] [The Register] [ExtremeTech]
18-05-2015: RSA keys are compromised. [The Register]
18-05-2015: High-level, state-sponsored Naikon hackers exposed. [The Register]
15-05-2015: How the Washington Post was hijacked by the Syrian Electronic Army - again. [Graham Cluley]
13-05-2015: VENOM vulnerability poisons countless VMs. [The Register] [Ars Technica]

14-05-2015: Venom VM bug called “perfect” for NSA, or for stealing bitcoins and passwords. [Ars Technica]

12-05-2015: Self-sustaining botnet made out of hacked home routers. [BoingBoing] [Ars Technica] [The Register]
12-05-2015: Amateurs produce amateur cryptography. [Schneier]
12-05-2015: Is your graphics card hiding a rootkit or keylogger? [Graham Cluley] [The Register]
11-05-2015: Tor Cloud Service is ending. [HardOCP] [Tor Project]
10-05-2015: Russia, China are friends when it comes to Internet security. [Ars Technica]
10-05-2015: Drugs and dosh: The new untraceable money. [Stuff]
08-05-2015: $7500 DDoS extortion hitting Aussie, Kiwi enterprises. [The Register]
05-05-2015: Super secretive malware wipes hard drive to prevent analysis. [Ars Technica] [DailyTech]
01-05-2015: Encryption backdoors are like TSA luggage-locks for the Internet. [BoingBoing] [The Guardian]
01-05-2015: Mozilla: All new web features should require secure HTTP. [Engadget] [The Register] [THG]
01-05-2015: Harbortouch is latest PoS vendor breach. [Krebs]

30-04-2015: SHA-1 crypto hash retirement fraught with problems. [The Register]
30-04-2015: Another layer of defence against cyberattacks. [DC Knowledge]
28-04-2015: DDoSsers use reflection amplification to crank up the volume to 100Gbps+. [The Register]
28-04-2015: A day in the life of a stolen healthcare record. [Krebs]
27-04-2015: 'Use 1 capital' password prompts make them too predictable – study. [The Register]
27-04-2015: Thirty Meter Telescope website falls over in hacktivist DDoS attack. [Graham Cluley]
27-04-2015: Hackers hijack Tesla’s website, Twitter account and email – but how? [Graham Cluley]
26-04-2015: Your Tor-based email isn't as secure as you think. [Engadget] [Tor Project]
25-04-2015: Russian hackers scooped up the President's unclassified email. [Engadget] [Ars Technica] [Gizmodo] [BoingBoing]
24-04-2015: DoD’s new ‘transparent’ policy on cybersecurity is still opaque. [Wired] [Gizmodo]
24-04-2015: Here's why the Pentagon is publishing its cyber-warfare rulebook – if China hasn't already hacked in and read it. [The Register]
24-04-2015: Ransomware decryptor. [BoingBoing] [Kaspersky]
24-04-2015: The further democratization of QUANTUM. [Schneier]
24-04-2015: Federal Trade Commissioner Julie Brill on obscurity [Schneier] [CS Monitor]
24-04-2015: Security researcher: it's "trivial to bypass security tools on Macs". [Gizmodo] [Threat Post]
23-04-2015: Cash register maker used same password – 166816 – non-stop since 1990. [The Register] [BoingBoing] [CSO] [HardOCP]
21-04-2015: White House cyber-general says US must be able to cyber-nuke the cyber-worst. [The Register]
21-04-2015: RSA supremo rips into 'failed' security industry, warns of 'super-mega hack'. [The Register]
21-04-2015: The secrets of webcam hackers. [Graham Cluley]
19-04-2015: Every version of Windows is affected by this vulnerability. [HardOCP] [MakeUseOf]
19-04-2015: Inside Islamic State's spookocracy. [BoingBoing] [Der Spiegel]
18-04-2015: Russians are using undiscovered exploits to hack the US government. [Engadget]
16-04-2015: IBM’s 700TB security threat database enters the cloud. [The Register] [DC Knowledge]
16-04-2015: APT group hacks cyber-spy gang in spy-on-spy pwnage. [The Register]
15-04-2015: Hackers could commandeer new planes through passenger WiFi. [Wired] [HardOCP]

18-04-2015: FBI accosts security researcher over fear that he hacked his flight. [Gizmodo] [HardOCP] [Security Ledger]
20-04-2015: Researcher who joked about hacking a jet plane barred from United flight. [Ars Technica] [BBC News]
21-04-2015: Hacking airplanes. [Schneier] [CNN] [Stuff]
21-04-2015: Feds warn airlines to look out for passengers hacking jets. [Wired] [Engadget] [Gizmodo] [BBC News] [The Register]
26-04-2015: Security researcher discovers vulnerabilities: detained by FBI. [HardOCP] [TechDirt]
15-05-2015: FBI: Security researcher claimed to hack, control plane in flight. [Engadget] [Ars Technica] [Stuff] [The Register] [Graham Cluley] [HardOCP] [Wired]
18-05-2015: FBI flight hacker claims queried by security experts. [BBC News]
19-05-2015: Airplane hacking panic -- why it’s surely a storm in a teacup. [The Register]
19-05-2015: More on Chris Roberts and avionics security. [Schneier]
20-05-2015: How a hacker could hijack an airplane from their seat. [Gizmodo]
20-05-2015: FBI probe of plane hack sparks worries over flight safety. [NZ Herald]
26-05-2015: Is it possible for passengers to hack commercial aircraft? [Wired]

15-04-2015: Meet the e-voting machine so easy to hack, it will take your breath away. [Ars Technica] [The Register] [Schneier] [BradBlog]
15-04-2015: Malware attack discovered - what does Kaspersky do? Call in a comic strip artist. [Graham Cluley]
15-04-2015: Elite cyber crime group strikes back after attack by rival APT gang. [Ars Technica]
14-04-2015: The number of people who fall for phishing emails is staggering. [Gizmodo] [Wired]
13-04-2015: Researchers accuse China of over 10 years' cyber espionage and attack. [Gizmodo] [FireEye PDF]
13-04-2015: Anyone can buy the malware used to hack Sony. [Gizmodo] [HardOCP] [cNet]
11-04-2015: Police operation disrupts Beebone Botnet used for malware distribution. [HardOCP] [PCWorld]
10-04-2015: More defenses against psuedo random subdomain attacks. [Secure64]
10-04-2015: BitTorrent's P2P browser for decentralized websites now in beta. [THG]
10-04-2015: Don’t be fodder for China’s ‘Great Cannon'. [Krebs] [Schneier] [CitizenLab]
09-04-2015: Edward Snowden says your password should be MargaretThatcherIs110%SEXY. [Graham Cluley] [Gizmodo] [Lifehacker]

13-04-2015: Snowden's "sexy Margaret Thatcher" password isn't so secure. [Wired]

09-04-2015: Attacking researchers who expose voting vulnerabilities. [Schneier] [EFF]
09-04-2015: Denial of service attacks pour through rift in Network Time Protocol. [The Register]
09-04-2015: Motorola cable modem has hardcoded 'technician' backdoor. [The Register]
08-04-2015: Your home automation things are a security nightmare. [The Register]
07-04-2015: Russia might have hacked the White House. [Engadget] [Stuff]

08-04-2015: White House hackers allegedly accessed sensitive data. [HardOCP] [cNet]

07-04-2015: UK government website hijacked by Islamist hackers. [Graham Cluley]
04-04-2015: Bugs in Tor network used in attacks against underground markets. [Ars Technica]
03-04-2015: TrueCrypt security audit is good news, so why all the glum faces? [Ars Technica] [Lifehacker] [NCC Group PDF] [The Register] [Gizmodo] [Schneier] [ExtremeTech]
02-04-2015: Google exiles a Chinese certificate authority from the web. [ReadWriteWeb] [THG]

02-04-2015: Mozilla piles on China's SSL cert overlord: we don't trust you either. [The Register]

02-04-2015: Snowden didn't scare many out of US clouds says Forrester. [The Register]
02-04-2015: China DDoS attacks used unencrypted websites to hijack browsers. [Gizmodo]
02-04-2015: Google shares staggering adware infection stats. [Graham Cluley]
01-04-2015: President's order lets the US sanction foreign cyberattackers. [Engadget] [Gizmodo] [The Register]
01-04-2015: Mystery 'Explosive' cyber-spy campaign traced back to Lebanon. [The Register]
01-04-2015: Energy companies around the world infected by newly discovered malware. [Ars Technica]

31-03-2015: Feds subpoena reddit in effort to learn about users behind Dark Web chatter. [Ars Technica]
31-03-2015: GitHub battles “largest DDoS” in site’s history, targeted at anti-censorship tools. [Ars Technica] [THG]

31-03-2015: Massive denial-of-service attack on GitHub tied to Chinese government. [Ars Technica] [DC Knowledge]
03-04-2015: DDoS attacks that crippled GitHub linked to Great Firewall of China. [Ars Technica]

26-03-2015: As crypto wars begin, FBI silently removes sensible advice to encrypt your devices. [BoingBoing] [TechDirt]
26-03-2015: New router DNS attack delivers porn and game ads on mainstream websites. [ExtremeTech]
25-03-2015: DDoS attacks reduce in frequency but grow in volume. [HardOCP] [BetaNews]

27-03-2015: As GitHub is hit hard, experts disagree whether DDoS attacks are becoming more or less frequent. [Graham Cluley]

24-03-2015: Google discovers new security holes -- is the entire system fundamentally flawed? [ExtremeTech]
23-03-2015: The trick to hacking top-secret computers: just add heat. [Gizmodo] [The Register] [Schneier]
23-03-2015: Hilton Honors flaw exposed all accounts. [Krebs] [Ars Technica] [Graham Cluley]
22-03-2015: LightEater malware attacks millions of BIOS chips. [HardOCP] [BetaNews]
21-05-2015: China finally admits it has an army of hackers for cyberwar. [HardOCP] [Gizmodo]
21-03-2015: Automating remote BIOS attacks. [BoingBoing] [Forbes]
20-03-2015: Hacking BIOS chips isn't just the NSA's domain anymore. [Wired] [Schneier]
20-03-2015: Massive DDoS racks up $30,000-a-day Amazon bill for China activists. [The Register]
19-03-2015: Kaspersky Lab hits back at Bloomberg's Russian spy link hit piece. [The Register] [Graham Cluley]

24-03-2015: Kaspersky hit by new below-the-belt sauna spy attack in the WSJ. [Graham Cluley]

19-03-2015: OpenSSL warns of two high-severity bugs, but no Heartbleed. [Ars Technica] [Graham Cluley]
19-03-2015: GCHQ: Ensure biz security by stopping everyone from talking. [The Register]
18-03-2015: OpenSSL patch to plug severe security holes. [Krebs]
18-03-2015: Dark web’s ‘Evolution Market’ vanishes. [Krebs] [Wired] [Graham Cluley]
18-03-2015: 'Dark web' keeps criminals out of reach of metadata retention laws. [Stuff]
17-03-2015: The NSA is going to love these USB-C charging cables. [Gizmodo]
16-03-2015: China has hacked every major US corporation, former NSA head says. [DC Knowledge]
16-03-2015: ‘AntiDetect’ helps thieves hide digital fingerprints. [Krebs]
16-03-2015: Princeton boffins sniff Tor users' IDs from TCP ACKs and server sweat. [The Register]
14-03-2015: Fearing hackers, US State Dept. has shut off part of its email system. [Gizmodo]
14-03-2015: Computer terror simulation used to recruit 'cyber defenders'. [BBC News]
13-03-2015: CloudFlare keyless SSL scales down internet connections. [EtherealMind]
13-03-2015: Epic Google snafu leaks hidden whois data for 280,000 domains. [Ars Technica] [ExtremeTech] [Engadget]
12-03-2015: CryptoLocker look-alike searches for and encrypts PC game files. [Ars Technica]
11-03-2015: CloudFlare launches nameserver DDoS shield. [The Register]
10-03-2015: Spammers charged over 'largest' email breach. [BBC News]
10-03-2015: Banning Tor unwise and infeasible, MPs told [BBC News] [BoingBoing] [Parliament] [The Daily Dot] [Ars Technica]
10-03-2015: Cutting-edge hack gives super user status by exploiting DRAM weakness. [Ars Technica] [Wired] [Schneier]
10-03-2015: OpenSSL audit kicks off for post-Heartbleed strengthening programme. [The Register]
09-03-2015: Ethiopia is hacking US journalists with commercial spyware. [Engadget]

17-03-2015: Details on hacking team software used by Ethiopian government. [Schneier] [Citizen Lab]

09-03-2015: Tor doesn't want to depend on US government money anymore. [Gizmodo] [The Daily Dot]
09-03-2015: Identifying when someone is operating a computer remotely. [Schneier] [BioCatch]
08-03-2015: UK man arrested on suspicion of US DoD hacking. [Ars Technica] [Engadget]
07-03-2015: Give biometrics the finger: horror tales from the ENCRYPT. [The Register]
06-03-2015: France fingered as source of Syria-spying Babar malware. [The Register]
05-03-2015: DNS enhancement catches malware sites by understanding sneaky domain names. [Ars Technica]
04-03-2015: US air traffic control computer system vulnerable to terrorist hackers. [Ars Technica] [HardOCP] [Engadget]
04-03-2015: FREAK attack: what is it, and what you need to know. [Graham Cluley] [Gizmodo] [ExtremeTech] [Engadget] [Gizmodo] [Stuff] [Schneier]

06-03-2015: All Windows versions vulnerable to FREAK SSL snoop. [The Register] [Ars Technica] [BBC News] [Tripwire] [Stuff] [Gizmodo] [HardOCP] [ComputerWorld]
16-03-2015: HTTPS-crippling FREAK attacks become cheaper and easier to carry out. [Ars Technica]
17-03-2015: HTTPS-crippling FREAK exploit affects thousands of Android and iOS apps. [Ars Technica] [ExtremeTech]

04-03-2015: Tom Ridge can find terrorists anywhere. [Schneier]
02-03-2015: Would you trust 'spyproof' mobes made in Putin's Russia? [The Register]
02-03-2015: Silent Circle revamps secure smartphone. [The Register] [Gizmodo]

05-03-2015: How Blackphone turned a security fail into a win. [ReadWriteWeb]

02-03-2015: The democratization of cyberattack. [Schneier] [Motherboard]
01-03-2015: VPNs: which ones value your privacy? [BoingBoing] [TorrentFreak]

28-02-2015: The U.S. doesn't like it when China wants to build encryption backdoors. [Gizmodo] [HardOCP] [ZDNet] [Engadget] [Graham Cluley]
27-02-2015: Ramnit botnet shut down. [HardOCP] [Europol]
26-02-2015: It took police three years to fully shut down a money-stealing botnet. [Gizmodo]
26-02-2015: FinFisher, the spyware loved by cruel dictators, stomps all over human rights, says UK govt. [The Register]
26-02-2015: Everyone wants you to have security, but not from them. [Schneier]
26-02-2015: Spam uses default passwords to hack routers. [Krebs]
26-02-2015: PrivDog chews HTTPS, hurls clear text. [The Register]
25-02-2015: "Surreptitiously Weakening Cryptographic Systems". [Schneier] [IACR, PDF]
25-02-2015: Anthem hack puts at least 8.8 million non-customers at risk. [Graham Cluley]
25-02-2015: Police shut down network 'used to steal bank details'. [BBC News]
25-02-2015: FBI says sixty different hacker groups linked to nation-states. [Stuff]
25-02-2015: Feds offer $3m reward for 'CryptoLocker baron'. [The Register]
24-02-2015: Banking malware spreading via Microsoft Word macros. [Graham Cluley]
24-02-2015: Lizard Squad disrupts Google in Vietnam to promote DDoS-for-hire service. [Graham Cluley]
23-02-2015: Ad-blocking software is 'worse than Superfish'. [BBC News] [Lumension]
23-02-2015: Security software found using Superfish-style code, as attacks get simpler. [Ars Technica]
21-02-2015: Accused British hacker, wanted for crimes in US, won’t give up crypto keys. [Ars Technica]
20-02-2015: Hello, NSA? The US State Department can't kick hackers out of its networks – report. [The Register]
20-02-2015: Cybersecurity: Tackling the threat from within. [BBC News]
20-02-2015: Horrors of murky TrueCrypt to be probed once more. [The Register] [IsTrueCryptAuditedYet]
19-02-2015: Lenovo pre-installed malware on laptops. [BoingBoing] [BBC News] [Graham Cluley] [ExtremeTech] [Schneier] [Gizmodo]

19-02-2015: Lenovo ditches adware - but that doesn't fix SSL mega-vulnerability. [The Register] [Engadget] [Ars Technica]
19-02-2015: How to test your PC for the new "Superfish" security vulnerability. [Lifehacker]
19-02-2015: Lenovo honestly thought you’d enjoy that Superfish HTTPS spyware. [Ars Technica]
19-02-2015: How to get unhooked from Lenovo's dangerous Superfish spyware. [ReadWriteWeb] [ExtremeTech] [Gizmodo]
19-02-2015: Lenovo CTO says “We didn’t do enough,” promises to wipe Superfish off PCs. [Ars Technica]
20-02-2015: US cyber-cops declare WAR on Superfish ad-spewing malware lurking in Lenovo laptops. [The Register]
20-02-2015: How could Lenovo miss its Superfish security hole? [Engadget]
21-02-2015: Superfish doubles down, says HTTPS-busting adware poses no security risk. [Ars Technica]
21-02-2015: “SSL hijacker” behind Superfish debacle imperils large number of users. [Ars Technica]
21-02-2015: Windows Defender now removes Superfish malware… if you’re lucky. [Ars Technica]
21-02-2015: Lenovo offers tool to remove hidden adware 'Superfish'. [BBC News] [Gizmodo] [HardOCP] [The Verge] [The Register]
22-02-2015: Microsoft, McAfee vs. SuperFish. [HardOCP] [Mashable]
23-02-2015: Mozilla mulls Superfish torpedo. [The Register]
23-02-2015: Superfish points fingers over ad software. [Stuff]
23-02-2015: Facebook security chap finds 10 Superfish sub-species. [The Register]
23-02-2015: Lenovo CTO: we have no intention of shipping a Superfish product again. [Gizmodo]
24-02-2015: Still smarting from HTTPS-busting Superfish debacle, Lenovo says sorry. [Ars Technica]
24-02-2015: Lenovo users lawyer up over hole-filled, HTTPS-breaking Superfish adware. [Ars Technica] [The Register]
24-02-2015: Give us a week to clean the Superfish, begs Lenovo CTO. [The Register]
25-02-2015: Lenovo falls on its sword as Superfish impact spreads. [ExtremeTech]
25-02-2015: Lenovo's website hacked, apparently by Lizard Squad. [Engadget] [The Register] [The Register] [Graham Cluley] [Ars Technica] [Gizmodo]
26-02-2015: Lenovo's Superfishing trip. [NZ Herald]
27-02-2015: Bruised Lenovo promises 'a cleaner, safer PC'. [Graham Cluley] [ExtremeTech] [THG]
07-03-2015: Two weeks on, Superfish debacle still causing pain for some Lenovo customers. [Ars Technica]
09-03-2015: Lenovo still shipping infected systems as customers grapple with removal. [ExtremeTech]
06-05-2015: There's another 'massive security risk' in Lenovo's computers. [Gizmodo]
12-08-2015: Lenovo crams unremovable crapware on Windows laptops – by hiding it in the BIOS. [The Register] [Lifehacker]

18-02-2015: America already has a Manhattan Project for developing cyber attacks. [Wired]
16-02-2015: How “omnipotent” hackers tied to NSA hid for 14 years -- and were found at last. [Ars Technica]
14-02-2015: Hackers stole hundreds of millions in massive malware bank heist. [Gizmodo] [NYT] [Engadget] [Ars Technica] [Graham Cluley] [The Register] [Krebs]
13-02-2015: Obama’s new order urges companies to share cyber-threat info with the government. [Wired] [Engadget] [The Register]
13-02-2015: Biter bitten as hacker leaks source code for popular exploit kit. [The Register]
12-02-2015: Electronic surveillance failures leading up to the 2008 Mumbai terrorist attacks. [Schneier]
12-02-2015: 1 billion data records stolen last year due to poor security. [HardOCP] [ZDNet]
12-02-2015: Cyber attack takes down Dutch government sites. [BBC News] [The Register]
11-02-2015: A crypto trick that makes software nearly impossible to reverse-engineer. [Wired]
11-02-2015: The consumer data revolt is coming. [HardOCP] [Bloomberg]
11-02-2015: Facebook helps online services warn each other about security threats. [Engadget] [The Register] [HardOCP] [ThreatExchange]
11-02-2015: Jeb Bush redacts correspondents' leaked information. [BBC News] [DailyTech]

13-02-2015: Jeb Bush is sorry he published social security numbers. [Gizmodo]

11-02-2015: Air gaps: Happy gas for infosec or a noble but inert idea? [The Register]
11-02-2015: Steal the hackers' thunder by revealing yourself online. [Stuff]
10-02-2015: Hackers unknowingly gather intel for the NSA. [HardOCP] [Computer World]
10-02-2015: NSA claims Iran learned from Western cyberattacks. [The Intercept] [Wired] [Engadget]

10-02-2015: Did the NSA and the UK’s spy agency launch a joint cyberattack on Iran? [Wired]

10-02-2015: Uber left its lost-and-found database open to anyone on the internet. [Graham Cluley] [The Register]
10-02-2015: US launching a new cyberwarfare agency in wake of Sony attacks. [Engadget] [DC Knowledge] [HardOCP] [Stuff]
10-02-2015: Take a security checkup on Safer Internet Day. [Google]

10-02-2015: It’s Safer Internet Day. So where is our Internet of Secure Things? [Graham Cluley]

10-02-0215: Fearing an FBI raid, researcher publishes 10 million passwords/usernames. [Ars Technica] [The Register] [HardOCP] [BGR] [Schneier] [Gizmodo] [The Guardian] [Xato]
09-02-2015: DARPA's Memex for searching the deep Web. [BoingBoing] [Scientific American] [DARPA] [Wired]
06-02-2015: The world’s email encryption relies on a guy who is going broke. [Gizmodo]
06-02-2015: Why even strong crypto wouldn’t protect SSNs exposed in Anthem breach. [Ars Technica]

06-02-2015: China to blame in Anthem attack? [Krebs]
07-02-2015: Phishers pounce on Anthem breach. [Krebs] [Graham Cluley] [Gizmodo] [Ars Technica]
08-02-2015: Anthem's stolen customer data not encrypted. [HardOCP] [cNet]
09-02-2015: Anthem breach may have started in April 2014. [Krebs]

05-02-2015: Siemens: SCADA bugs abound. [The Register]
05-02-2015: Your crypto apps are useless unless you check them for backdoors. [Ars Technica]
04-02-2015: Here's why your bank account is less secure than your Gmail. [Gizmodo]
04-02-2015: The utterly crazy story of the death threat hacker. [Graham Cluley] [The Register]
03-02-2015: The Hells Angels are old pros at encryption . [Gizmodo]
03-02-2015: Cybersecurity: Defending 'unpreventable' cyber attacks. [BBC News]
02-02-2015: Femmes fatales steal Syrian opposition’s Skype chats and military plans. [Graham Cluley] [BBC News] [The Register] [Ars Technica] [Gizmodo]
01-02-2015: The British Army is creating a battalion of "Facebook Warriors". [Gizmodo] [HardOCP] [Neowin]

31-01-2015: The army just open-sourced its security software. [Gizmodo] [Engadget]
30-01-2015: WhatsApp privacy hole exposes users’ private profile photos. [Graham Cluley] [The Register]
29-01-2015: China, FBI and UK all want backdoors in Western technology. [The Register] [Graham Cluley]

29-01-2015: China’s new rules for selling tech to banks have US companies spooked. [Wired]

29-01-2015: The Internet of Dangerous Things. [Krebs]
29-01-2015: Mozilla dusts off old servers, lights up Tor relays. [The Register]
29-01-2015: IT vendors cry foul at new Chinese security rules requiring built-in backdoors. [Ars Technica]
28-01-2015: Use a Raspberry Pi as a Tor/VPN router for anonymous browsing. [Lifehacker] [Make]
28-01-2015: No, Department of Justice, 80% of Tor traffic is not child porn. [Wired] [HardOCP]
28-01-2015: Bug in ultra secure BlackPhone let attackers decrypt texts, stalk users. [Ars Technica] [HardOCP] [Security Week]
27-01-2015: FTC warns of the huge security risks in the Internet of Things. [Wired] [FTC] [The Register]
27-01-2015: Hacktivists step up web attack volumes. [BBC News] [Stuff]
27-01-2015: Facebook and Instagram get knocked offline... for about an hour. [BBC News] [Engadget] [The Register]

27-01-2015: Facebook back up after site crash. [Stuff]
27-01-2015: Lizard Squad claims to take down Facebook, Instagram, Tinder (briefly). [Gizmodo]
27-01-2015: Lizard Squad blamed for Facebook downtime. Facebook says “Err... no”. [Graham Cluley]
27-01-2015: Facebook outage affects sites that used social network’s login system. [DC Knowledge]
28-01-2015: Facebook blames internal glitch for blackout. [NZ Herald] [Stuff] [The Register] [HardOCP] [Chicago Tribune]

27-01-2015: 'Path to Hell': Davos elites warned about catastrophic cyber attacks. [Stuff]
26-01-2015: Lizard Squad threatens Malaysia Airlines with data dump: We did too hack your site. [The Register]
23-01-2015: Internet attack could shut down US gas stations. [Ars Technica] [HardOCP]
22-01-2015: A brief attempt at explaining the madness of cryptocurrency. [Engadget]
22-01-2015: Did feds mount a sustained attack on Tor to decloak crime suspects? [Ars Technica]
21-01-2015: What Obama gets wrong about digital security. [Gizmodo]
21-01-2015: Playing NSA, hardware hackers build USB cable that can attack. [Ars Technica]
21-01-2015: The 25 most popular passwords of 2014. [Lifehacker] [Engadget] [HardOCP] [PRWeb] [BBC News] [Stuff]
20-01-2015: Life inside a DDOS "booter site". [BoingBoing] [Ars Technica]
20-01-2015: NSA: We're in your botnet. [The Register]
19-01-2015: The daunting challenge of reporting on cyberwar. [BBC News]
18-01-2015: New "Skeleton Key" malware allows bypassing of passwords. [HardOCP] [Neowin]
17-01-2015: NSA brags about turning the tables on cyberwarfare hackers. [Engadget]
17-01-2015: Need a hacker? Check out Hacker's List. [HardOCP] [PCMag]
17-01-2015: New Snowden documents show scope of United States' cyber war plans: infiltrate and control or destroy enemy systems and networks. [Der Spiegel]
16-01-2015: 'Cyber attack war games' to be staged by UK and US. [BBC News]
16-01-2015: Here are some dummies giving Jimmy Kimmel their passwords on national TV. [Gizmodo]
16-01-2015: Freelance hackers will bust into your boyfriend's email... for a fee. [ReadWriteWeb]
16-01-2015: The problem with the White House cybersecurity proposals. [BoingBoing] [UoC]
15-01-2015: Thousands of French websites face DDoS attacks since Charlie Hebdo massacre. [DC Knowledge] [BBC News]
15-01-2015: Got a GE industrial Ethernet switch? Get patching. [The Register]
15-01-2015: Cryptolocker 3.0 scum bounce victims over Invisible net. [The Register] [PCWorld]
14-01-2015: NSA official: Support of backdoored Dual_EC_DRBG was “regrettable”. [Ars Technica] [The Register]
13-01-2015: Obama renews push for comprehensive cybersecurity legislation. [Engadget] [HardOCP] [Yahoo News] [Gizmodo] [BBC News] [Wired] [BoingBoing]

14-01-2015: Obama's proposed laws against hacking will negatively impact cybersecurity professionals, create a cyber police state. [Errata Security]
15-01-2015: Mr President, is this a war on hackers – or a war on people stopping hackers? [The Register]

13-01-2015: Thunderstrike! How a radar-proof rootkit could infect your Mac. [Graham Cluley]
13-01-2015: Attackers planting banking Trojans in industrial systems. [The Register]
12-01-2015: Keysweeper: creepy keystroke logger camouflaged as USB charger. [BoingBoing] [Keysweeper] [Ars Technica] [Coolest Gadgets]
12-01-2015: Hackers claiming ties to ISIS take control of Pentagon social accounts. [Engadget] [BBC News] [Stuff] [Gizmodo] [The Register] [Wired] [HardOCP] [Fox News] [BoingBoing] [Ars Technica]

13-01-2015: US military’s CENTCOM Twitter account hacked – were they not using 2FA? [Graham Cluley]
13-01-2015: It doesn’t really matter if ISIS sympathizers hacked Central Command’s Twitter. [Wired]
13-01-2015: What are the odds CENTCOM really was hacked by ISIS? Next to zero. [BoingBoing] [The Daily Beast]
13-01-2015: Centcom - a PR disaster, not cyberwar. [BBC News]

09-01-2015: Security hole found in North Korea’s home-grown OS. [Ars Technica] [The Register]

12-01-2015: Hands-on with North Korea's web browser. [WhiteHatSec]
12-01-2015: North Korea’s official news site delivers malware. [Ars Technica]

09-01-2015: Lizard stresser runs on hacked home routers. [Krebs] [Ars Technica]
09-01-2015: MI5 boss: We need to break securo-tech, get 'assistance' from data-slurp firms. [The Register]
09-01-2015: Post-POODLE, OpenSSL shakes off some fleas. [The Register]
08-01-2015: 8chan, related sites go down in Lizard Squad-powered DDoS. [Ars Technica]
08-01-2015: Browsing in privacy mode isn't as secure as you think. [ReadWriteWeb]
08-01-2015: Pro-Russian cyberattacks bring down German government websites. [Engadget]
07-01-2015: Immobilise national property register left 28 million doors wide open for burglars to plunder data. [Graham Cluley] [The Register]
07-01-2015: Spies do 'happy dance' after encryption cracked. [Stuff]
06-01-2015: The biggest security threats we’ll face in 2015. [HardOCP] [Wired]
06-01-2015: Lavabit founder wants to make “dark” e-mail secure by default. [Ars Technica] [BoingBoing]
05-01-2015: Why today's security measures just don't cut it. [Wired] [HardOCP] [cNet]
05-01-2015: Gogo Inflight Internet is intentionally issuing fake SSL certificates. [Neowin]
03-01-2015: 2014 was the biggest year for malware yet. [HardOCP] [Digital Trends]

09-01-2015: 2014: the year of infrastructure vulnerability. [DC Knowledge]

03-01-2015: Cyber criminals demand a modern approach to security. [Stuff]
01-01-2015: North Korea/Sony story shows how eagerly US media still regurgitate government claims. [The Intercept]
01-01-2015: The most dangerous people on the internet right now. [Wired]

2014 News

31-12-2014: The hackers who hit Sony also threatened CNN.  [HardOCP] [Engadget] [The Intercept] [Ars Technica] [Engadget] [Gizmodo]
02-01-2015: The FBI thought this guy's joke was a legit threat to CNN.  [Gizmodo] [Fusion]
31-12-2014: FBI investigating whether companies are engaged in revenge hacking.  [Bloomberg] [Engadget]
30-12-2014: The year’s biggest winners and losers in privacy and security.  [Wired]
30-12-2014: Security research at The Hague: the mobile malware threat. [HotHardWare]
29-12-2014: Inside the NSA's war on internet security. [HardOCP] [Der Spiegel]
29-12-2014: Tor de farce: NSA fails to decrypt anonymised network.  [The Register]
30-12-2014: The encryption tools the NSA still can't crack revealed in new leaks.  [Gizmodo]  [THG]
30-12-2014: New NSA leaks: does crypto still work?  [BoingBoing] [Cryptographic Engineering]
31-12-2014: NSA has VPNs in Vulcan death grip -- no, really, that’s what they call it.  [Ars Technica]
31-12-2014: Newly published NSA documents show agency could grab all Skype traffic.  [Ars Technica]  [BoingBoing]
29-12-2014: “How a North Korean cyber attack could cripple Britain”. The Daily Mail goes bonkers.  [Graham Cluley]
29-12-2014: Hackers find that fingerprints can be stolen through public photos.  [PetaPixel] [BoingBoing] [VentureBeat]  [THG] [ExtremeTech] [The Register] [ReadWriteWeb] [Ars Technica] [BBC News]
28-12-2014: Hacker group names, ranked. [Gizmodo]
28-12-2014: Cyberattacks used security software to cover their trail.  [Engadget]
26-12-2014: Hackers who shut down PSN and Xbox Live now attacking Tor.  [Gizmodo] [The Verge] [The Register] [Engadget] [HardOCP]
27-12-2014: ‘Lizard Squad’ member reveals his face in a TV interview.  [HardOCP] [Business Insider] [Gawker]
29-12-2014: Who's in the Lizard Squad? [Krebs]
30-12-2014: Lizard Squad offering its DDoS tool for monthly fee.  [THG] [Gizmodo] [The Daily Dot] [ExtremeTech] [The Register] [HardOCP] [Digital Trends]
31-12-2014: Lizard Squad's takedown-for-hire service quickly disappears.  [Engadget]
31-12-2014: Security expert IDs two idiots claiming to be Lizard Squad hackers. [Gizmodo] [Krebs]
31-12-2014: 'Lizard Squad' hackers seek attention.  [Stuff] [Graham Cluley]
31-12-2014: UK police allegedly arrest Lizard Squad hacker.  [The Daily Dot] [Engadget] [HardOCP] [Graham Cluley] [The Register]
31-12-2014: Lizard kids: a long trail of fail. [Krebs]
13-01-2015: Router creds admin/admin? Lizard Squad thanks you.  [The Register]
16-01-2015: UK man arrested in connection with Sony and Xbox hack.  [BBC News] [The Register] [HardOCP] [Engadget] [ROCU] [Ars Technica] [Gizmodo] [TrustedReviews] [Krebs]
17-01-2015: Man held in connection with Sony and Xbox hack bailed.  [BBC News]
17-01-2015: Hack on PS and Xbox attackers leaks DDoS customers’ plaintext passwords.  [Ars Technica]
17-01-2015: Lizard Squad's paid cyberattack service faces a hack of its own.  [Engadget]
19-01-2015: Lizard Squad DDoS-for-hire service hacked – users’ details revealed.  [Graham Cluley] [The Register] [Gizmodo] [The Guardian] [Ars Technica]
20-01-2015: Possible Lizard Squad members claims hack of Oz travel insurer.  [The Register]
20-01-2015: Xbox, Sony hackers hit by hack attack.  [BBC News]
26-12-2014: White hats figure out live phone tracking via protocol vuln.  [The Register]
25-12-2014: Xbox Live and PlayStation Network both down due to an apparent attack.  [Engadget] [Gizmodo] [BBC News] [NZ Herald] [Ars Technica] [BBC News] [HardOCP] [The Guardian] [TrustedReviews] [Stuff] [ReadWriteWeb] [Krebs]
26-12-2014: Kim Dotcom stops Xbox and PlayStation attacks.  [HardOCP] [TorrentFreak] [DC Knowledge]
26-12-2014: Xbox Live and PSN are still messed up after attack by hackers .  [Gizmodo] [NZ Herald]
26-12-2014: Xbox Live is up, PlayStation’s network still recovering after a Christmas Day outage.  [Washington Post]
27-12-2014: PSN back online days after DDoS attack paralysed network.  [The Register] [HardOCP] [TechRadar]
28-12-2014: PSN is still down for some as Sony gets service back online.  [VentureBeat] [Kotaku] [Stuff]
28-12-2014: Sony fingers DDoS attackers for ruining PlayStation's Xmas.  [The Register]
28-12-2014: These are the hackers who wrecked your holiday gaming.  [Engadget] [The Daily Dot]
29-12-2014: PlayStation network back online after three days.  [NZ Herald]
29-12-2014: Sony talks PSN outage, doesn't name attackers.  [HardOCP] [BetaNews]
30-12-2014: FBI claimed to be investigating Xbox Live, PlayStation Network DDoS perpetrators.  [Ars Technica] [HardOCP] [The Daily Dot]
05-01-2015: 'We do apologize': life at Sony customer service during the PSN attack  [Kotaku]
24-12-2014: FBI warned of a Sony-style hack in a report last year.  [Engadget]
23-12-2014: The webcam hacking epidemic. [The Atlantic]
23-12-2014: 2008 cyberattack against Turkish oil pipeline.  [Schneier] [Bloomberg]
23-12-2014: German steel works suffered “massive damage” after hack attack.  [Graham Cluley]
22-12-2014: Gang hacked ATMs from inside banks. [Krebs]
22-12-2014: South Korea nuclear plant operator says hacked, raising alarm.  [Reuters] [Gizmodo] [Stuff]  [Ars Technica] [Gizmodo]
24-12-2014: South Korea calls on China for help following hack attempt on nuclear power company.  [Ars Technica]
30-12-2014: South Korea says nuclear worm is nothing to worry about.  [The Register]
22-12-2014: North Korea's internet under mass cyber attack. [HardOCP] [Vox] [Gizmodo] [Engadget] [BoingBoing] [NYT] [The Register] [Stuff] [Graham Cluley] [THG] [Ars Technica] [BBC News] [Schneier]
23-12-2014: North Korea kicked off the internet by giant DDoS: Was it the USA, or someone else?  [ExtremeTech]
23-12-2014: North Korea is partially back online. [Gizmodo] [National Post] [BBC News] [BoingBoing] [Gizmodo]
23-12-2014: So who shut down North Korea's internet?  [Gizmodo]
24-12-2014: So what's the Internet actually like in North Korea?  [Stuff]
26-12-2014: North Korea blames the US for internet outages following Sony hacks.  [Engadget] [The Register] [HardOCP] [Yahoo News] [Ars Technica] [Reuters]
28-12-2014: North Korea's internet and Mobile phone network 'paralyzed'. [Gizmodo] [reCode]
22-12-2014: It starts with an email: how a hacking gang has stolen $17 million from banks and retailers since 2013.  [Tripwire]
20-12-2014: Cyber espionage targets Syrian activists, linked to ISIS.  [Ars Technica]
20-12-2014: If Tor vanishes over the weekend, this is why.  [The Register] [HardOCP]
22-12-2014: Popular Tor exit relays look raided.  [The Register] [Ars Technica]
20-12-2014: A look at North Korea's cyberwar capabilities.  [NZ Herald]
19-12-2014: German researchers discover a flaw that could let anyone listen to your cell calls. [HardOCP] [Washington Post]
18-12-2014: The Syrian Electronic Army Strikes Again: International Business Times hacked.  [Graham Cluley]
18-12-2014: Watching a USB hack in action makes me never want to leave my computer.  [Gizmodo] [BoingBoing]
18-12-2014: Hackers can read your texts thanks to huge security flaw.  [Gizmodo]
18-12-2014: The continued threat of DDoS attacks, four ways to address the concern.  [DC Knowledge]
18-12-2014: Hacking tutorials, identity documents gain popularity on black market.  [Ars Technica]
17-12-2014: ICANN e-mail accounts, zone database breached in spearphishing attack. [Ars Technica] [HardOCP] [ZDNet] [The Register] [BBC News] [Gizmodo] [Engadget]
17-12-2014: Google's end-to-end email encryption moves to Github.  [BoingBoing] [Google]
16-12-2014: The FBI used the web’s favorite hacking tool to unmask Tor users.  [Wired]  [Ars Technica] [Gizmodo] [Schneier]
17-12-2014: Tor is still safe. [Gizmodo]
15-12-2014: Uncrackable quantum authentication uses photons to secure your data.  [ExtremeTech]
15-12-2014: Senator: Backdoor for the Feds is a backdoor for hackers.  [The Register]
15-12-2014: Next gen ransomware: Elliptic cryptic, talks on Tor, demands Bitcoin.  [The Register]
12-12-2014: Iranian hackers used Visual Basic malware to wipe Vegas casino’s network.  [Ars Technica] [Bloomberg]
13-12-2014: Report: the FBI is warning US businesses about Iranian hackers. [Gizmodo] [Reuters] [Engadget] [HardOCP] [DC Knowledge]  [Graham Cluley]
14-12-2014: Iranian Cleaver hackers may drain energy and defence firms, warn Feds.  [The Register]
11-12-2014: Nation-backed malware targets diplomats’ iPhones, Androids, and PCs.  [Ars Technica]
11-12-2014: GCHQ, police to team up to hunt down child abuse on the darknet.  [The Register]
08-12-2014: Powerful, highly stealthy Linux trojan may have infected victims for years.  [Ars Technica]
08-12-2014: Hacker group Lizard Squad takes down PlayStation Network and Xbox Live. [DC Knowledge] [HardOCP] [cNet] [ExtremeTech] [reCode]
09-12-2014: PlayStation store back after cyber attack.  [Stuff]
08-12-2014: The government likes to blame stuff on Tor. [Gizmodo]
08-12-2014: Tor privacy service used in a majority of online bank heists. [Ars Technica]
08-12-2014: North Korea's elite, pampered hackers.  [Stuff]
08-12-2014: Taiwan: a canary in the cyber coalmine.  [Stuff]
05-12-2014: 'Sign in with LinkedIn' spoof allows baddies to penetrate Slashdot, NASDAQ.com and more.  [The Register]
05-12-2014: Stupid humans and their expensive data breaches.  [The Register]
04-12-2014: The Feds are finally going to help companies avoid getting hacked. [Gizmodo]
03-12-2014: Iranian "Cleaver" hacks through airport security, Cisco boxen.  [The Register] [Engadget]
03-12-2014: GCHQ boffins quantum-busted its own crypto primitive.  [The Register] [Schneier]
01-12-2014: Hackers are gaming the stock market with a stupid simple approach.  [Gizmodo] [NYT] [BBC News] [DC Knowledge]
28-11-2014: World's best threat detection pwned by BAB0.  [The Register]
27-11-2014: Siemens issues emergency SCADA patch.  [The Register]
27-11-2014: Syrian hacking group places pop-up message on websites.  [BBC News] [Stuff] [The Register] [GigaOM] [Gizmodo]
24-11-2014: Security bill: The challenge of identifying internet users.  [BBC News]
24-11-2014: Crypto protocols held back by legacy, says ENISA.  [The Register]
23-11-2014: 15 arrested in new European crackdown of peeping tom malware users.  [Ars Technica] [The Guardian] [Stuff] [NZ Herald]
21-11-2014: Detekt: a new malware detection tool.  [HardOCP] [EFF] [Gizmodo]
21-11-2014: DDoS attacks of more than 10Gbps rise significantly in Q3. [DC Knowledge]
20-11-2014: Cloudflare: 500 Gbps DDoS carried out against independent Hong Kong news sites. [Forbes]
20-11-2014: FTC announces crackdown on computer speedup/tech support scams.  [DailyTech] [HardOCP] [FTC]
20-11-2014: Malware’s new target: your password manager’s password.  [Ars Technica] [Schneier]
19-11-2014: US government insists it doesn’t stockpile zero-day exploits.  [HardOCP] [Wired]
19-11-2014: Fake antivirus scams: It's a $120m business – and alleged ringleaders have just been frozen.  [The Register]
19-11-2014: Beefed up iPhone crypto will lead to a child dying, DOJ warned Apple execs.  [Ars Technica] [Pocketnow] [WSJ] [DailyTech]
19-11-2014: Asian mobiles the DDOS threat of 2015, security mob says.  [The Register]
19-11-2014: The real lesson from recent cyberattacks: let's break up the NSA.  [ReadWriteWeb]
18-11-2014: Snarky 1992 NSA report on academic cryptography.  [Schneier] [Scott Aaronson]
18-11-2014: New free CA. [Schneier]
18-11-2014: Many Tor-anonymized domains seized by police belonged to imposter sites.  [Ars Technica] [New Web Order]  [Gizmodo]
17-11-2014: Hackers are building and open-sourcing spy tools based on leaked NSA documents. [Motherboard]
17-11-2014: The NSA's efforts to ban cryptographic research in the 1970s.  [Schneier] [Medium]
17-11-2014: Link found in Staples, Michaels breaches.  [Krebs]
17-11-2014: Attack reveals 81% of Tor users but admins call for calm.  [The Register] [Engadget]
17-11-2014: US State Dept hacked, email shut down.  [Stuff] [Washington Post] [Engadget] [HardOCP] [Gizmodo] [BoingBoing] [Yahoo]
16-11-2014: Everything needs crypto, says IAB. [The Register]
14-11-2014: For a year, gang operating rogue Tor node infected Windows executables.  [Ars Technica]
14-11-2014: ‘Microsoft partner’ claims fuel support scams.  [Krebs]
14-11-2014: The return of crypto export controls? [Schneier] [The Register]
13-11-2014: Network hijackers exploit technical loophole. [Krebs]
12-11-2014: Hackers use DNS TXT records to amplify DDoS attacks:. [DC Knowledge] [Akamai PDF]
12-11-2014: FBI’s most wanted cybercriminal used his cat’s name as a password.  [Ars Technica] [Gizmodo] [Stuff]
12-11-2014: Target, Home Depot and UPS attacks: need to rethink point-of-sale security.  [The Register]
12-11-2014: Why are ISPs removing their customers' email encryption? [Gizmodo] [BoingBoing] [EFF] [The Register] [Schneier]
13-11-2014: Condemnation mounts against ISP that sabotaged users’ e-mail encryption.  [Ars Technica]
11-11-2014: Don’t blame Obama, but DDoS attacks are now using his press releases.  [Ars Technica]
11-11-2014: German spies want millions of Euros to buy zero-day code holes.  [The Register]
11-11-2014: “DarkHotel” uses bogus crypto certificates to snare Wi-Fi-connected execs. [Ars Technica]  [Wired]  [NZ Herald] [HardOCP] [Kaspersky] [The Register] [Stuff] [BBC News] [Gizmodo] [Schneier]
10-11-2014: Google reveals alarming success rates for manual hijacking of accounts.  [DC Knowledge] [Whir]
10-11-2014: China suspected of breaching US Postal Service computer networks.  [Washington Post] [Engadget] [The Register] [Gizmodo] [Lifehacker] [BoingBoing] [LA Times] [Reuters] [Ars Technica]
10-11-2014: Mozilla will start hosting Tor relays as part of Polaris privacy push.  [GigaOM]
08-11-2014: Another reminder on why you need to change default passwords. [HardOCP] [Network World]
07-11-2014: Aussie spooks warn of state-sponsored online attacks during G20.  [The Register]
06-11-2014: Crypto attack that hijacked Windows Update goes mainstream in Amazon Cloud.  [Ars Technica]
05-11-2014: Still spamming after all these years. [Krebs]
05-11-2014: This system will self destruct: Crimeware gets powerful new functions.  [Ars Technica]
04-11-2014: How hackers can smuggle out your company’s data, via video.  [Collaborista]
03-11-2014: Flaw in new ‘secure’ credit cards would let hackers steal $1M per card.  [Wired] [Gizmodo] [HardOCP] [BoingBoing]
03-11-2014: Pro-democracy Hong Kong sites DDoS'd with Chinese cyber-toolkit.  [The Register]
01-11-2014: The Amazons of the dark net.  [The Economist]
30-10-2014: Chip & PIN vs chip & signature. [Krebs]
30-10-2014: Sandworm uses PowerPoint against Swiss bank customers.  [The Register]
29-10-2014: Hackers are using Gmail drafts to update their malware and steal data.  [Wired] [BoingBoing]
29-10-2014: White House hit by “sustained” cyber attack, hackers breach unclassified network.  [Graham Cluley] [ReadWriteWeb] [The Register]
29-10-2014: Russia or China suspected in White House data breach.  [DailyTech] [Ars Technica] [Gizmodo]
28-10-2014: Security Avengers team up to take down Chinese hacking group.  [The Register]
28-10-2014: Leader of “most sophisticated cybercrime ring” sentenced to 11 years.  [Ars Technica]
27-10-2014: Targeted attacks against businesses on the rise.  [HardOCP] [ZDNet]
27-10-2014: 'Replay’ attacks spoof chip card charges.  [Krebs]
27-10-2014: Exposing the hidden history of computer hacking.  [BBC News]
25-10-2014: Hackers target military, embassy and defense workers in Operation Pawn Storm.  [Graham Cluley]
24-10-2014: Now everyone wants to sell you a magical anonymity router -- choose wisely.  [Wired]
21-10-2014: What's the best way to weaken crypto?  [BoingBoing] [PDF]
20-10-2014: Credit card breach at Staples stores.  [Krebs] [BBC News] [The Register] [Ars Technica]
19-12-2014: Staples comes clean: 1+ million bank cards at risk after hack.  [The Register] [HardOCP] [PCWorld] [Engadget]
20-10-2014: GCHQ spokesperson says cyber terrorism is 'not a concer'. [Tripwire]
20-10-2014: Spike in malware attacks on aging ATMs.  [Krebs] [Gizmodo]
17-10-2014: How Facebook uses leaked passwords to keep your account safe.  [Gizmodo] [The Register]
16-10-2014: Tor Browser goes 4.0.  [BoingBoing] [Tor Project]
16-10-2014: NSA classification ECI = Exceptionally Controlled Information.  [Schneier]
15-10-2014: Meet the Internet's nasty new "Poodle" attack.  [ReadWriteWeb] [Graham Cluley] [HardOCP] [7 News] [Google] [Ars Technica] [Wired] [The Register]
17-10-2014: How to protect yourself against Poodle attack.  [ReadWriteWeb]
11-12-2014: 'Poodle’ bug returns, bites big bank sites.  [Krebs]
29-04-2015: Barclays, Halifax and Tesco banks still vulnerable to POODLE attack.  [Graham Cluley]
14-10-2014: It's time to enable two-step authentication on everything -- here’s how.  [Gizmodo]
13-10-2014: With this tiny box, you can anonymize everything you do online.  [Wired] [ReadWriteWeb] [THG]
18-10-2014: Kickstarter pulls Anonabox, a Tor-enabled router that raised over $585,000.  [Ars Technica] [BBC News] [HardOCP]
23-10-2014: Kickstarter shuts down another anonymous-making internet router.  [ReadWriteWeb] [Ars Technica]
13-10-2014: Bahraini activists hacked by their government go after UK spyware maker.  [Wired]
12-10-2014: SEANux – a version of Linux from the Syrian Electronic Army.  [Graham Cluley]
10-10-2014: Malware-based credit card breach at Kmart.  [Krebs] [Buzzfeed] [Engadget] [Graham Cluley] [BBC News]
10-10-2014: Online activism and the computer fraud and abuse act.  [Schneier] [BoingBoing]
10-10-2014: Malware analysts tell crooks to shape up and write decent code.  [The Register]
09-10-2014: Gadgets held as evidence being remotely wiped.  [BoingBoing]
08-10-2014: America must end its paranoid war on hackers.  [Wired]
08-10-2014: Sir Tim Berners-Lee defends decision not to bake security into web. [The Register]
08-10-2014: FBI director sees progress in the US' ability to fight cyberattacks.  [Engadget]
07-10-2014: Russian cybercrime group compromised half a million computers.  [ComputerWorld]
07-10-2014: Monster banking Trojan botnet claims 500,000 victims.  [The Register]
07-10-2014: Huge data leak at largest US bond insurer.  [Krebs]
07-10-2014: FBI director says Chinese hackers are like a “drunk burglar”.  [Ars Technica] [HardOCP] [CBS News]
06-10-2014: iPhone encryption and the return of the crypto wars.  [Schneier]
02-10-2014: 76 million households affected by JPMorgan Chase data breach.  [Gizmodo] [HardOCP] [ZDNet] [The Register]
02-10-2014: The unpatchable malware that infects USBs is now on the loose.  [Wired] [Gizmodo] [Engadget] [BoingBoing] [ExtremeTech] [BBC News] [Graham Cluley] [HardOCP] [Schneier]
07-10-2014: The only fix for that terrible USB malware requires epoxy.  [Gizmodo]
08-10-2014: Fixing the unfixable USB bug.  [BoingBoing] [Wired]
18-11-2014: USB coding anarchy: Consider all sticks vulnerable.  [The Register]
02-10-2014: 17,000 Macs recruited into malware botnet, with a little help from Reddit.  [Graham Cluley]
01-10-2014: The criminal indictment that could finally hit spyware makers hard.  [Wired]
30-09-2014: Hacked security plugin firm stored customer passwords in plaintext. [TripWire]
30-09-2014: A teenage hacker ring stole $100 Million in army and Xbox tech.  [Gizmodo] [The Guardian] [Engadget] [HardOCP] [Stuff] [Ars Technica] [BBC News]
30-09-2014: How RAM scrapers work: the sneaky tools behind the latest credit card hacks.  [Wired]
30-09-2014: Global IPv6 traffic is growing, DDoS dying, says Akamai.  [The Register]
29-09-2014: We take your privacy and security. Seriously.  [Krebs]
29-09-2014: CloudFlare introduces Universal SSL. [CloudFlare] [THG] [Ars Technica]
29-09-2014: Insider hacking a big threat for employers.  [NZ Herald]
25-09-2014: Security tradeoffs of cloud backup. [Schneier] [Daring Fireball]
22-09-2014: Google’s war on spam and how encryption could finally win it – for the spammers.  [ExtremeTech]
22-09-2014: Security for vehicle-to-vehicle communications.  [Schneier]
19-09-2014: Millennials don’t care about mobile security, and here’s what to do about it.  [Wired]
19-09-2014: Tor users become FBI's no.1 hacking target after legal power grab.  [The Register]
19-09-2014: Google and Apple to introduce default encryption.  [BBC News]
18-09-2014: The Dark Web gets darker with rise of the ‘Evolution’ drug market.  [Wired]
18-09-2014: This new Internet security tool guards Goldman Sachs from eavesdroppers.  [Wired]
18-09-2014: Terrible article on Vernam ciphers. [Schneier] [io9]
18-09-2014: US military contractors 'hit by Chinese hackers'.  [BBC News]
17-09-2014: No evidence Snowden leaks inspired jihadists to up their crypto game.  [BoingBoing] [Flashpoint Partners]
17-09-2014: Middle-school dropout codes clever chat program that foils NSA spying.  [Wired]
17-09-2014: Identifying Dread Pirate Roberts. [Schneier] [Krebs]
15-09-2014: Several Massachusetts libraries installing Tor on all public PCs, coordinating privacy classes. [BoingBoing]
13-09-2014: Turning the tables on "Windows Support" scammers by compromising their PCs.  [Ars Technica]
12-09-2014: Connected home: a next-gen botnet army?  [Wired]
12-09-2014: CryptoLocker-style ransomware booms 700% this year.  [The Register]
10-09-2014: Safeplug security analysis. [Schneier] [Freedom-to-Tinker] [USENIX PDF]
10-09-2014: Consumers worried about call centre security, new survey reveals.  [Graham Cluley]
09-09-2014: Use home networking kit? DDoS bot is back... and it has evolved.  [The Register]
05-09-2014: The security of password managers. [Schneier]
04-09-2014: Scared of brute force password attacks? Just 'GIVE UP' says Microsoft.  [The Register]
04-09-2014: Military kill switches: a great idea that won't happen soon.  [Gizmodo]
03-09-2014: The open source tool that lets you send encrypted emails to anyone.  [Wired]
03-09-2014: Hackers using same tools as police to hack into iCloud accounts.  [THG]
02-09-2014: Fake cell towers could be attacking your cellphone up to 80-90 times per hour.  [THG] [Gizmodo]
01-09-2014: Second hacking crew joins Syrian Electronic Army on Team Assad.  [The Register]
01-09-2014: HP: NORKS' cyber spying efforts actually a credible cyberthreat.  [The Register]
31-08-2014: Decryptolocker saves you from the popular Cryptolocker ransomware.  [Lifehacker] [Decryptolocker]
30-08-2014: Cyberattacks: perpetual state of siege for US companies.  [Stuff]
29-08-2014: Improved Cryptolocker clone "Cryptowall" has locked over half a million PCs, 5 billion files. [THG] [SC Magazine]
29-08-2014: Kaspersky Lab “accidentally” defends monitoring of innocent internet users in online article.  [Graham Cluley]
29-08-2014: Even Homeland Security isn't immune from hackers -- details of 25,000 workers exposed. [Collaborista]
29-08-2014: ISIS threatens US with terrorism. [Schneier]
29-08-2014: JPMorgan and other US banks get hacked. Why is Russia getting the blame?  [Graham Cluley]
29-08-2014: The cost of DNSSEC. [Geoff Huston]
29-08-2014: How the internet may be taken down. [DC Knowledge]
28-08-2014: Mozilla left thousands of email addresses and passwords lying around - again.  [HotForSecurity]
28-08-2014: Feds warn first responders of dangerous hacking tool: Google Search.  [Ars Technica]
26-08-2014: Security by obscurity at Healthcare.gov site. [Schneier] [TechDirt]
25-08-2014: NIST to sysadmins: clean up your SSH mess.  [The Register]
25-08-2014: The problems with PGP. [Schneier] [Cryptography Engineering]
25-08-2014: Sony Online Entertainment hit by 'large scale DDoS attack'.  [The Register] [Engadget] [DC Knowledge] [ExtremeTech]
23-08-2014: Check your credit cards: that Target hack is running wild.  [Gizmodo]
22-08-2014: UPS Store data breach – the post mortem can wait, it’s time to warn and advise the victims.  [HotForSecurity]
21-08-2014: NSA and GCHQ agents 'leak Tor bugs' alleges developer.  [BBC News] [The Register] [Engadget]
21-08-2014: The NSA is scaring people away from Tor.  [Gizmodo]
21-08-2014: How hackers could mess with 911 systems and put you at risk.  [Wired]
21-08-2014: Hacking Gmail with 92 percent success.  [HardOCP] [Phys.org]
20-08-2014: US Air Force is focusing on cyber deception.  [Schneier]
19-08-2014: Hacking into traffic lights with a plain old laptop is scary simple.  [Gizmodo] [UoM PDF] [Schneier]
19-08-2014: Think crypto hides you from spooks on Facebook? Think again.  [The Register]
18-08-2014: QUANTUM technology sold by cyberweapons arms manufacturers.  [Schneier]
16-08-2014: Time to ditch HTTP – govt malware injection kit thrust into spotlight.  [The Register]
14-08-2014: It's time for PGP to die, says... no, not the NSA – a US crypto prof.  [The Register] [Cryptography Engineering]
14-08-2014: A portable router that conceals your Internet traffic.  [Ars Technica] [ExtremeTech]
13-08-2014: Fifteen zero days found in hacker router comp romp.  [The Register]
11-08-2014: Yahoo ads network helps hackers spread CryptoWall ransomware.  [Graham Cluley]
11-08-2014: How to hack an aeroplane's satellite communications system.  [Stuff]
10-08-2014: Why hackers won't be able to hijack your next flight - the facts.  [The Register]
10-08-2014: Security experts: car hacking is real and we need to prepare.  [Gizmodo] [cNet]
10-08-2014: Father of PGP encryption: Telcos need to get out of bed with governments.  [Ars Technica]
10-08-2014: Hacking is simple, says author claiming role in breach of spyware firm.  [Ars Technica]
08-08-2014: US spying brings German encryption boom.  [NZ Herald]
07-08-2014: Hacker redirects traffic from 19 internet providers to steal Bitcoins.  [Wired]
07-08-2014: Yahoo to join Gmail in offering users end-to-end encryption.  [Forbes] [Stuff] [DailyTech] [THG] [Stuff]
06-08-2014: CIA insider: US should buy all security exploits, then disclose them.  [Wired] [The Register] [Ars Technica] [BBC News]
06-08-2014: PayPal left red-faced after more security holes found in two factor authentication.  [Graham Cluley]
06-08-2014: How to recover files from a CryptoLocker attack for free. [Graham Cluley] [The Register] [HardOCP] [BBC News] [Ars Technica] [Krebs]
06-08-2014: Snowden leaks spur new secure communications.  [Stuff]
06-08-2014: Shadowy Russian hacker group hijacked 1.2 billion usernames, passwords.  [Ars Technica] [Lifehacker] [NYT] [Gizmodo] [The Register] [BBC News] [Stuff] [HardOCP] [NZ Herald] [NZ Herald] [BGR] [Graham Cluley] [THG]
06-08-2014: Firm that exposed breach of 'billion passwords' quickly offered $120 service to find out if you're affected.  [Forbes] [Graham Cluley]
06-08-2014: Q&A on the reported theft of 1.2B email accounts.  [Krebs]
06-08-2014: The Russian 'hack of the century' doesn't add up.  [The Verge]
07-08-2014: Over a billion passwords stolen? [Schneier] [BoingBoing] [The Register]
04-08-2014: Researcher can hack airplanes through in-flight entertainment systems.  [Gizmodo] [BGR]
04-08-2014: Chinese government drops foreign security software.  [Engadget] [DC Knowledge]
06-08-2014: Chinese government bans Apple products. [BGR] [ExtremeTech] [Gizmodo]
09-08-2014: Chinese government denies it banned Apple purchases.  [HardOCP] [Neowin]
03-08-2014: 70% of Internet of Things devices vulnerable to hacking.  [HardOCP] [Mashable]
02-08-2014: Terrorists embracing new Android crypto in wake of Snowden revelations.  [Ars Technica]
01-08-2014: Gambling website Paddy Power took four years to tell 650,000 customers their data had been stolen.  [Graham Cluley]
01-08-2014: Cyber extortionists pose growing threat to tech firms.  [BBC News]
31-07-2014: The security of USB is fundamentally broken. [Wired] [Ars Technica] [Gizmodo] [Schneier] [HardOCP] [BGR] [Stuff] [Engadget] [Tripwire] [BBC News]
31-07-2014: Multipath TCP speeds up the Internet so much that security breaks.  [The Register]
31-07-2014: Active attack on Tor network tried to decloak users for five months.  [Ars Technica] [The Register] [Security Week] [Gizmodo] [BBC News] [HardOCP] [Tor Project] [Stuff]
30-07-2014: Survey reveals critical infrastructure providers in New Zealand and Australia have been breached.  [Geekzone] [Unisys]
30-07-2014: Android crypto blunder exposes users to highly privileged malware.  [Ars Technica]
29-07-2014: Canada National Research Council 'hacked by Chinese spies'.  [BBC News]
29-07-2014: US government increases funding for Tor, giving $1.8m in 2013.  [The Guardian]
29-07-2014: Former NSA chief to profit from patented hacker detection tech, charging clients $1M a month.  [BoingBoing]
28-07-2014: Hackers plundered Israeli defense firms that built ‘Iron Dome’ missile defense system.  [Krebs] [The Register] [BBC News]
30-07-2014: Firm issues soft denial against Iron Dome hack.  [The Register]
25-07-2014: Putin: crack Tor for me and I'll make you a millionaire.  [The Register] [Hexus] [HardOCP] [VentureBeat] [Schneier] [Engadget] [Gizmodo] [Graham Cluley]
23-07-2014: Google banks on its own tech to protect Chrome users from another Heartbleed.  [Engadget] [Ars Technica] [The Register]
23-07-2014: Attackers raid Swiss banks with DNS and malware bombs.  [The Register]
23-07-2014: Tor developers vow to fix bug that can uncloak users.  [Ars Technica] [BBC News]
22-07-2014: Nigerian email swindlers using more sophisticated hacks.  [BoingBoing] [NYT] [The Register] [SecurityWatch]
22-07-2014: Talk on cracking Tor cancelled.  [Stuff]
21-07-2014: Security biz chases Tails with zero-day flaws alert.  [The Register] [Engadget] [Schneier] [The Verge]
23-07-2014: Tails-hacking Exodus: We have video proof of code-injection attack.  [The Register]
21-07-2014: Fingerprinting computers by making them draw images.  [Schneier] [BBC News] [The Register] [BGR]
23-07-2014: Adblock Plus: We can stop canvas fingerprinting, the ‘unstoppable’ new browser tracking technique.  [BGR]
18-07-2014: Even script kids have a right to be forgotten.  [Krebs]
15-07-2014: Chinese hackers extending reach to smaller US agencies.  [NYT]
15-07-2014: Legal attacks against Tor. [Schneier] [EFF]
15-07-2014: CNET hacked: registered users details stolen by gang demanding 1 Bitcoin.  [HotForSecurity]
14-07-2014: GameOver Zeus malware returns from the dead.  [Graham Cluley]
14-07-2014: Beware keyloggers at hotel business centers.  [Krebs] [Graham Cluley] [Ars Technica] [Schneier]
12-07-2014: LastPass security holes found by researcher, says password management firm – but no need to panic.  [WeLiveSecurity] [The Register]
15-07-2014: “Severe” password manager attacks steal digital keys and data en masse.  [Ars Technica]
11-07-2014: FBI and pals grab banking Trojan zombielord's joystick.  [The Register]
11-07-2014: Computer cops strike at the heart of Shylock malware.  [HotForSecurity]
11-07-2014: Microsoft says cybercrime bust frees 4.7 million infected PCs.  [Stuff]
10-07-2014: Digital First Aid Kit: where to turn when you're DoSed or have your accounts hijacked.  [BoingBoing] [EFF] [Digital Defenders]
10-07-2014: Crypto certificates impersonating Google and Yahoo pose threat to Windows users.  [Ars Technica]
10-07-2014: Wall Street wants cyber-war council.  [Stuff]
08-07-2014: Computing student jailed after failing to hand over crypto keys.  [The Register] [Engadget] [HardOCP]
07-07-2014: Password confessions of a security professional.  [Graham Cluley]
07-07-2014: NORKS hacker corps reaches 5,900 sworn cyber soldiers - report.  [The Register]
04-07-2014: Crypto thwarts tiny minority of Feds' snooping efforts.  [The Register]
03-07-2014: Private crypto key stashed in Cisco VoIP manager allows network hijacking.  [Ars Technica]
02-07-2014: Rising use of encryption foiled the cops a record 9 times in 2013.  [Wired]
02-07-2014: Brazilian ‘Boleto’ bandits bilk billions.  [Krebs] [BBC News] [Schneier]
02-07-2014: EFF sues NSA over snoops 'hoarding' zero-day security bugs.  [The Register]
01-07-2014: Microsoft expands the use of encryption on Outlook, OneDrive.  [Ars Technica] [iMore] [The Register] [Engadget]
01-07-2014: Microsoft: we're advancing our encryption and transparency efforts.  [HardOCP] [TechNet]
01-07-2014: Millions of dynamic DNS users suffer after Microsoft seizes No-IP domains.  [Ars Technica] [The Register] [Krebs] [BBC News]
30-06-2014: Cryptowall ransomware: what you need to know.  [Collaborista]
30-06-2014: How Air Force One's communications are kept private. [HardOCP] [cNet]
30-06-2014: London teen charged over Spamhaus mega-DDoS attacks.  [The Register]
13-12-2014: Spamhaus, CloudFlare attacker pleads guilty. [Krebs] [The Register]
30-06-2014: Blackphone review. [Schneier] [Ars Technica] [BoingBoing]
27-06-2014: Battling the botnets. [BBC News]
27-06-2014: Tired of passwords? You aren't alone.  [NZ Herald] [Stuff]
25-06-2014: World-class password fail of the day. [HardOCP] [Twitter] [Gizmodo]
25-06-2014: How to bypass PayPal 2FA.  [Lumension] [HardOCP] [Dark Reading]
25-06-2014: Experts reveal police hacking methods.  [NZ Herald]
25-06-2014: Sysadmins rejoice: patch rampage killing off nasty DDoS attack vector.  [The Register]
24-06-2014: Got a botnet? Thinking of using it to mine Bitcoin? Don't bother.  [The Register]
24-06-2014: Exposed: massive mobile malware network used by cops globally  [The Register]
23-06-2014: 'Most sophisticated DDoS' ever strikes Hong Kong democracy poll.  [The Register]
22-06-2014: Reuters website ‘hacked’ by the Syrian Electronic Army.  [HotForSecurity] [Ars Technica] [The Register]
21-06-2014: Internet firm goes out of business after DDoS extortion attack.  [WeLiveSecurity]
21-06-2014: DARPA: the Internet of Things needs better security. [HardOCP] [GigaOM]
21-06-2014: Fundraiser to support "NSA-proof" email gets off to a roaring start. [HardOCP] [VentureBeat]
19-06-2014: World still standing? It's been two weeks since Cryptolocker, Gameover Zeus takedown by feds.  [The Register]
10-07-2014: Crooks seek revival of 'Gameover Zeus' botnet. [Krebs]
18-06-2014: Would your company pay millions to internet blackmailers? Nokia did.  [F-Secure]
18-06-2014: State-sponsored hackers breached UK government network, claims minister.  [Graham Cluley]
18-06-2014: Terror suspect can’t get NSA evidence gathered against him.  [Ars Technica]
17-06-2014: New app kills the world’s scariest Android malware for free.  [BGR]
18-06-2014: Undergrad breaks Android crypto ransomware.  [Ars Technica]
17-06-2014: FBI arrests claims NullCrew hacker in Tennessee takedown.  [The Register] [Sophos]
19-06-2014: Hacker taunts arrested comrade after someone drops dime to FBI.  [Ars Technica]
17-06-2014: Story of a $10 million remote scam. [Schneier] [BoingBoing]
17-06-2014: GCHQ to share threat intel – and declassify secret inventions.  [The Register]
17-06-2014: Chinese Android smartphone comes with malware pre-installed.  [Graham Cluley]
16-06-2014: Domino’s Pizza refuses to pay ransom after customer database hacked.  [WeLiveSecurity] [Stuff]
16-06-2014: AT&T confirms inside job responsible for customer data breach.  [BGR]
16-06-2014: Listen to the results of our Internet spy project.  [Ars Technica]
14-06-2014: Hacked restaurant chain goes back to the 1970s, to protect itself from hackers.  [HotForSecurity]
13-06-2014: Apple: we’ll ‘soon’ begin encrypting iCloud email in transit between providers.  [9to5Mac]
12-06-2014: Powerful worm on Twitter unleashes torrent of out-of-control tweets.  [Ars Technica]
11-06-2014: Feedly refuses to give in to blackmail demands, gets hit by DDoS attack.  [Graham Cluley] [Schneier] [TNW] [Ars Technica]
11-06-2014: Evernote cloud service brought down by denial-of-service attack.  [Graham Cluley] [The Register]
11-06-2014: It’s official: mMalicious hackers have crappy password hygiene, too.  [Ars Technica]
11-06-2014: Web giants encrypt their services - but leaks remain.  [Ars Technica]
10-06-2014: Whistleblower org says it will go to jail rather than turning over its keys.  [BoingBoing] [Ars Technica]
10-06-2014: iOS 8 randomising MAC addresses. [Schneier] [Ars Technica]
10-06-2014: Randomize your computer's MAC address with this script.  [Lifehacker] [Zdziarski]
10-06-2014: Report: there's a new Chinese hacker army attacking the US. [Gizmodo]
10-06-2014: After Heartbleed, we're overreacting to bugs that aren't a big deal. [Wired]
10-06-2014: Chinese military tied to prolific hacking group targeting US aerospace industry.  [Ars Technica]
10-06-2014: Crypto-boffins propose safer buddy list protocol.  [The Register]
09-06-2014: To defeat encryption, feds deploy the subpoena.  [Ars Technica]
09-06-2014: The man behind the biggest cyberscam the world has seen.  [NZ Herald]
09-06-2014: Punching the clock for a darknet kingpin.  [Ars Technica]
08-06-2014: We “will be paying no ransom,” vows town hit by Cryptowall ransom malware.  [Ars Technica]
07-06-2014: NSA-proof server Protonet smashes crowdfunding record.  [HardOCP] [IB Times]
07-06-2014: Crypto ransomware makes its debut on Android.  [Ars Technica]
05-06-2014: They hack because they can. [Krebs]
04-06-2014: China threatens "severe" punishments for Google, Apple over NSA spying. [DailyTech]
06-06-2014: Microsoft tells Chinese customers it's not helping US gov't spy on them.  [DailyTech] [HardOCP] [Neowin]
04-06-2014: UK proposes life sentences for hackers who threaten national security.  [The Guardian] [BoingBoing] [Gizmodo] [HotForSecurity]
03-06-2014: Remember Anna Kournikova? Come with us on a tour of bug-squishing history.  [The Register]
02-06-2014: ‘Operation Tovar’ targets ‘Gameover’ ZeuS botnet, CryptoLocker scourge.  [Krebs] [Graham Cluley] [BBC News] [Graham Cluley]
16-06-2014: Police tell UK public they have only hours to combat GameOver Zeus malware.  [Graham Cluley]
02-06-2014: Chinese hacking of the US. [Schneier]
30-05-2014: Google, Amazon among tech companies trying to prevent the next Heartbleed.  [BGR]
29-05-2014: Iranian hackers set up fake news website, and posed as journalists on Facebook to spy on United States and others.  [HotForSecurity] [Stuff] [BoingBoing] [The Register]
29-05-2014: Cyber crims smash through Windows into the great beyond.  [The Register]
28-05-2014: Police at the door? Hit the PANIC button to erase your RAM.  [The Register]
28-05-2014: TrueCrypt's web site updates with ominous warning, details unknown.  [Lifehacker] [The Register] [Ars Technica] [BoingBoing] [Krebs] [Graham Cluley] [Schneier] [Engadget]
29-05-2014: TrueCrypt turmoil latest: Bruce Schneier reveals what he'll use instead.  [The Register]
29-05-2014: Snowden's crypto software may be tainted forever. [Wired]
29-05-2014: Security enthusiasts may revive encryption tool after mystery shutdown.  [Reuters]
30-05-2014: Bombshell TrueCrypt advisory: Backdoor? Hack? Hoax? None of the above?  [Ars Technica]
30-05-2014: The mystery of TrueCrypt's disappearance. [HardOCP] [TechArp]
30-05-2014: TrueCrypt security audit presses on, despite developers jumping ship.  [Ars Technica]
03-06-2014: TrueCrypt “must not die”.  [Graham Cluley] [The Register]
11-06-2014: Troubled Truecrypt the only option for S3, but Amazon stays silent.  [The Register]
16-06-2014: Did TrueCrypt’s developers embed a hidden Latin message for us all?  [Graham Cluley] [BoingBoing] [Live Business Chat]
17-06-2014: TrueCrypt – a matter of assurance.  [Graham Cluley]
20-06-2014: Following TrueCrypt’s bombshell advisory, developer says fork is “impossible”.  [Ars Technica]
28-05-2014: Backdoor in call monitoring, surveillance gear. [Krebs] [The Register] [Schneier]
27-05-2014: Inside the FBI's fight against Chinese cyber-espionage. [Foreign Policy]
27-05-2014: China cites US for “unscrupulous” spying, wants IBM out of banks.  [Ars Technica] [NZ Herald]
28-05-2014: That Snowden chap was spot on says China.  [The Register]
26-05-2014: 128-bit crypto scheme allegedly cracked in two hours.  [The Register]
25-05-2014: Fake key e-mails, win a $25M court case.  [Ars Technica]
24-05-2014: US gov may block Chinese nationals from Defcon hacker event.  [BoingBoing] [Reuters] [Ars Technica] [Engadget]
21-05-2014: Hackers broke into a public utility control room by guessing a password.  [Gizmodo]
21-05-2014: eBay urges password changes after breach.  [Krebs]
21-05-2014: Why is eBay burying news of its security breach from its millions of web visitors?  [Graham Cluley]
23-05-2014: After the breach: eBay’s flawed password reset leaves much to be desired.  [Ars Technica]
23-05-2014: eBay faces investigations over massive data breach.  [BBC News] [The Register]
24-05-2014: Security breach at eBay a reminder of damage cyber criminals can wreak.  [NZ Herald]
27-05-2014: It took eBay a long time to tell me to change my password.  [Graham Cluley]
27-05-2014: eBay thought user data was safe, but 145 million accounts were compromised in massive hack.  [BGR]
31-05-2014: College student finds another eBay security flaw. [HardOCP] [Digital Trends]
22-09-2014: eBay XSS password-stealing security hole “existed for months”.  [Graham Cluley]
21-05-2014: The NSA is not made of magic. [Schneier]
21-05-2014: You’ll never guess the critical resource the FBI needs to successfully fight cyber crimes.  [BGR]
21-05-2014: Why you should ditch Adobe Shockwave. [Krebs]
21-05-2014: Study: 97% of companies using network defenses get hacked anyway.  [Ars Technica]
20-05-2014: All of .mil TLD is down. [Reddit]
19-05-2014: US charges China with cyber-spying on American firms.  [NBC News] [NZ Herald] [Stuff] [HotForSecurity]
19-05-2014: US cyber-thief gets 20-year jail term.  [BBC News] [HotForSecurity]
16-05-2014: Encrypted web traffic more than doubles after NSA revelations.  [Wired] [TorrentFreak]
16-05-2014: Crypto-guru slams 'NSA-proof' tech, says today's crypto is strong enough.  [The Register]
15-05-2014: Photos of an NSA “upgrade” factory show Cisco router getting implant.  [Ars Technica] [Gizmodo] [Reddit] [SiliconBeat] [BoingBoing] [HardOCP] [Engadget]
13-05-2014: US Government has overreached, and should not interfere with the lawful delivery of our products.  [Cisco]
18-05-2014: In letter to Obama, Cisco CEO complains about NSA allegations.  [re/code] [The Register] [BBC News] [Stuff]
21-05-2014: NSA’s hardware tampering may alter global product flow.  [DC Knowledge]
23-05-2014: China responds to NSA tampering with network gear vetting process.  [Ars Technica]
14-05-2014: New Al-Qaeda encryption software. [Schneier]
14-05-2014: IETF plans to NSA-proof all future internet protocols.  [The Register]
13-05-2014: New Zealand requires network operators to register with cops, give spies oversight of their network ops.  [BoingBoing] [ITnews] [Reddit] [BoingBoing]
12-05-2014: NSA sabotaged exported US-made routers with backdoors.  [BoingBoing] [The Guardian] [The Register] [Ars Technica] [BGR] [Reddit]
12-05-2014: Significant portion of HTTPS Web connections made by forged certificates.  [Ars Technica] [BoingBoing] [Schneier]
08-05-2014: Net tech bods at IETF mull anti-NSA crypto-key swaps in future SSL.  [The Register]
07-05-2014: Network admin allegedly hacked navy -- while on an aircraft carrier.  [Wired] [Ars Technica]
21-05-2014: Navy sailor pleads guilty to hacking from an aircraft carrier.  [Engadget]
07-05-2014: How a whitehat hacked a university and became an FBI target.  [Ars Technica]
06-05-2014: Dropbox users leak tax returns, mortgage applications and more.  [Graham Cluley]
06-05-2014: Dropbox told about vulnerability in November 2013, only fixed it when the media showed interest.  [Graham Cluley] [The Register] [BGR]
05-05-2014: “Pavlovian password management” aims to change sloppy habits.  [Ars Technica]
02-05-2014: Security flaw found in OAuth and OpenID, here's what it means for you.  [Lifehacker] [cNet] [BGR] [HardOCP] [The Inquirer] [The Register]
02-05-2014: Script fools n00b hackers into hacking themselves.  [The Register]
30-04-2014: Security guru: You can't blame Snowden for making US clouds look leaky.  [The Register]
28-04-2014: A new pencil-and-paper encryption algorithm. [Schneier] [IACR: PDF]
25-04-2014: Spy back doors? That would be suicide, says Huawei.  [The Register]
24-04-2014: 87% of electronic spying is conducted by governments, with cyber espionage accounting for 22% of data breaches.  [The Drum]
23-04-2014: NSA's spying won't impact Huawei's growth. [DailyTech]
23-04-2014: State of the Hack: 43% of all DDoS attacks in Q4 originated in China.  [BGR]
23-04-2014: The security of various programming languages. [Schneier] [Help Net Security]
17-04-2014: It's time to encrypt the entire Internet. [HardOCP] [Wired]
15-04-2014: Detecting criminal gangs using mobile phone data.  [HardOCP] [MIT Technology Review]
15-04-2014: After Heartbleed, why forward secrecy is more important than ever.  [ReadWriteWeb]
10-04-2014: US Army compares new hacker school to "the birth of the Air Force". [Gizmodo]
09-04-2014: Internet security: Cyber-criminals more cunning in attacks.  [NZ Herald]
08-04-2014: Symantec sees new era of "Mega Breaches".  [GeekZone] [Symantec] [Voxy]
07-04-2014: Vint Cerf wanted to make internet secure from the start, but secrecy prevented it.  [The Register]
07-04-2014: The Great Hash Bakeoff: Infosec bods cook up next-gen crypto.  [The Register]
04-04-2014: New “unbreakable” encryption is inspired by your insides.  [Gizmodo]
08-04-2014: "Unbreakable" encryption almost certainly isn't. [Schneier]
03-04-2014: US states investigating breach at Experian. [Krebs]
03-04-2014: Your files held hostage by CryptoDefense? Don't pay up! The decryption key is on your hard drive.  [The Register]
02-04-2014: Android botnet targets Middle East banks. [Krebs]
02-04-2014: The phantom NSA-RSA backdoor that never was.  [The Register]
01-04-2014: Hackers can now create fake traffic jams. [Gizmodo]
31-03-2014: NSA infiltrated RSA security more deeply than thought - study.  [Reuters] [Ars Technica] [Engadget] [Stuff]
31-03-2014: Cyber Emergency Response Team launched by UK.  [BBC News] [The Register]
31-03-2014: China's CERT blames US for a THIRD of all attacks on Middle Kingdom PCs.  [The Register] [Graham Cluley]
30-04-2014: Google: 84% of online news sites hacked by governments.  [HardOCP] [The Inquirer]
28-03-2014: State-sponsored hackers are attacking news outlets on a massive scale.  [Engadget]
27-03-2014: DDoS traffic triples as 20Gbps becomes the new normal.  [The Register]
25-03-2014: Forget black hats – the best hackers are going grey and getting legit.  [The Register]
25-03-2014: When gov’t spies fake your company’s website, what can be done?  [Ars Technica]
22-03-2014: Targeting Huawei: NSA spied on Chinese government and networking firm.  [Der Spiegel] [Gizmodo] [Ars Technica] [DailyTech] [The Register] [BoingBoing] [NYT] [Schneier] [Engadget]
24-03-2014: China wants answers following revelations about NSA's Huawei spying. [DailyTech]
27-03-2014: How a Chinese tech firm became the NSA's surveillance nightmare. [Wired]
29-03-2014: Huawei on NSA: If foreign spies attacked a US firm, there’d be “outrage”.  [Ars Technica]
18-03-2014: Over 500,000 PCs attacked every day after 25,000 UNIX servers hijacked by Operation Windigo.  [WeLiveSecurity]
17-03-2014: NATO hit in cyber attack linked to Crimea.  [Stuff] [Graham Cluley]
17-03-2014: UK holds cyberwar game in WW2 bunker.  [Stuff]
16-03-2014: Who is winning the 'crypto-war'?  [BBC News]
15-03-2014: Kremlin gets DDoS’d by Anonymous Caucasus.  [Ars Technica] [HardOCP]
12-03-2014: Attackers trick 162,000 WordPress sites into launching DDoS attack.  [Ars Technica] [Graham Cluley]
09-03-2014: Want someone to click on your targeted attack? Disguise it as a LinkedIn message.  [Graham Cluley]
06-03-2014: Even HTTPS can leak your PRIVATE browsing.  [The Register] [Ars Technica]
06-03-2014: DDoS attacks get bigger, smarter, more damaging.  [Stuff]
05-03-2014: Botnet built using freely-available cloud services. [HardOCP] [Dark Reading]
02-03-2014: Anti-virus firm finds alleged Kremlin cyberweapon, undetected for at least three years.  [Graham Cluley] [The Register]
28-02-2014: Report from Trustycon: like RSA, but without the corruption.  [BoingBoing] [cNet] [NYT]
01-03-2014: Trustycon: how to redesign NSA surveillance to catch more criminals and spy on a lot fewer people.  [BoingBoing] [YouTube]
28-02-2014: Government-built malware running out of control, F-Secure claims.  [The Register]
27-02-2014: Was the iOS SSL flaw deliberate? [Schneier]
26-02-2014: DDoSing a cell phone network. [Schneier]
25-02-2014: Chinese water tortuer: a slow drip DNS DDoS attack. [Secure64]
24-02-2014: Syria war stirs new US debate on cyberattacks. [NYT]
20-02-2014: Iranians hacked Navy network for four months? Not a surprise. [Ars Technica]
18-02-2014: The Moon router worm -- your AV has probably been updated to detect it, but won’t protect you.  [Graham Cluley] [Krebs]
15-02-2014: Making NSA-style spying harder, CloudFlare offers more robust Web crypto.  [Ars Technica]
14-02-2014: South Korea shuns Huawei over fears that it spies on the US.  [Engadget]
14-02-2014: Forbes website hacked by the SEA.  [Graham Cluley] [ReCode]
17-02-2014: SEA slurps a MILLION reader passwords from Forbes  [The Register]
12-02-2014: White House unveils guidelines for protecting critical systems against cyber attacks.  [Engadget] [White House] [HardOCP] [The Register]
12-02-2014: Japan weathered a record 12.8 billion cyberattacks in 2013.  [Hexus]
12-02-2014: Bitcoin exchanges hit by DoS attacks. [ReadWriteWeb]
12-02-2014: Five arrested in Utopia dark net marketplace crackdown.  [BBC News]
11-02-2014: Europe shrugs off largest DDoS attack yet, traffic tops 400Gbps.  [The Register] [BGR] [Ars Technica] [InformationWeek]
14-02-2014: The new normal: 200-400Gbps DDoS attacks. [Krebs]
11-02-2014: Huge hack 'ugly sign of future' for internet threats.  [BBC News]
10-02-2014: The NSA's secret role in the US assassination programme. [The Intercept]
06-02-2014: DARPA begins work on self-destructing electronics.  [ExtremeTech]
06-02-2014: DDoS attacks against data centers on the rise. [Network Computing]
06-02-2014: SEA meddle - briefly - with Facebook's domain. [Graham Cluley]
06-02-2014: When Syrian hackers attacked, Facebook’s bacon was saved by security measures.  [Graham Cluley]
06-02-2014: Syrian Electronic Army: We hijacked Facebook... honest, guv.  [The Register]
05-02-2014: Somebody attacked an electrical substation in California last year. This should make you concerned. [BoingBoing] [Gizmodo]
04-02-2014: Revolutionary new cryptography tool could make software unhackable.  [ExtremeTech]
03-02-2014: Want to email people without the FBI reading it? Try Safe-mail.  [BGR]
03-02-2014: NSA, GCHQ, accused of hacking Belgian smartcard crypto guru.  [The Register] [Graham Cluley] [Schneier]
31-01-2014: Mass hack attack on Yahoo Mail accounts prompts password reset.  [Ars Technica] [GottaBeMobile] [NZ Herald] [Stuff] [Graham Cluley] [BBC News]
30-01-2014: Give hackers your data, says former RSA man.  [The Register]
29-01-2014: Latest encryption trick to thwart hackers is as sweet as Honey.  [BGR] [Gizmodo]
29-01-2014: Microsoft to Australian government: our kit has no back doors.  [The Register]
28-01-2014: New smartphone malware tracks your swipes to steal your PIN.  [BGR]
27-01-2014: FBI seized the entire TorMail database in Freedom Hosting investigation. [Wired] [Ars Technica] [Gizmodo] [The Register] [BoingBoing] [BGR]
27-01-2014: After Snowden: How vulnerable is the internet?  [BBC News]
24-01-2014: CNN website, Twitter and Facebook hijacked by SEA.  [Graham Cluley]
02-02-2014: Syrian Electronic Army hackers embarrass PayPal UK by displaying anti-US message.  [Graham Cluley]
24-01-2014: Ex-NSA guru builds $4m encrypted email biz - but its nemesis right now is control-C, control-V. [The Register]
23-01-2014: CrowdStrike report says cyberspooks are everywhere.  [The Register]
23-01-2014: Hack most likely not the reason Chinese traffic bombarded US addresses.  [Ars Technica]
22-01-2014: Researchers say they see Russian hackers’ hands in cyber espionage against Western energy interests.  [The Switch]
21-01-2014: NSA surveillance revives calls for an all-encrypted Internet. [Network Computing]
21-01-2014: EFF claims Vietnam targeted its staff with spear phishing attack.  [The Register]
21-01-2014: F-Secure's Hypponen leads RSA refuseniks to NSA-free infosec chatfest.  [The Register] [BoingBoing] [TechWeek] [Ars Technica]
27-01-2014: TrustyCon rises from the NSA/RSA ashes and sells out.  [CSO]
21-01-2014: Internet users ditch “password” as password, upgrade to “123456”.  [Ars Technica] [BGR]
24-01-2014: Companies look to end password era.  [Stuff]
18-01-2014: UK's security branch says Ubuntu most secure end-user OS. [HardOCP] [ZDNet]
17-01-2014: PowerLocker uses Blowfish. [Schneier] [Ars Technica]
16-01-2014: The Internet of Things has been hacked. [ReadWriteWeb]
16-01-2014: DDoS attacks abusing NTP flood the web. [Juniper] [Network Computing] [Schneier] [THG]
21-01-2014: Don't be a DDoS dummy: Patch your NTP servers, plead infosec bods.  [The Register]
18-02-2014: This is what it looks like when your router participates in an NTP DDoS attack. [Reddit]
18-02-2014: What would it take to filter a NTP attack? [Reddit]
16-01-2014: Huawei dismisses NSA backdoor claims as profits soar.  [The Register]
15-01-2014: Microsoft confirms SEA hacked into employee email accounts.  [The Verge]
15-01-2014: SEA has its own website hacked.  [Graham Cluley] [The Register]
14-01-2014: Research finds security holes in 90% of top mobile banking apps. [BGR]
14-01-2014: New DoS attacks taking down game sites deliver crippling 100Gbps floods.  [Ars Technica]
12-01-2014: More well-known U.S. retailers victims of cyber attacks - sources.  [Reuters] [Gizmodo] [Ars Technica] [BGR]
10-01-2014: Senior execs are the biggest risk to IT security.  [BoingBoing] [Help Net Security]
09-01-2014: When the FBI asks you to weaken your security so it can spy on your users.  [BoingBoing] [PCMag]
09-01-2014: Cicada 3301: The dark net treasure trail reopens.  [BBC News]
09-01-2014: DoS attacks that took down big game sites abused Web’s time-synch protocol.  [Ars Technica]
09-01-2014: Hackers use Amazon cloud to scrape mass number of LinkedIn member profiles.  [Ars Technica] [The Register]
08-01-2014: NSA employee will continue to co-chair influential crypto standards group.  [Ars Technica] [The Register]
06-01-2014: US backdoored our satellites, claim UAE.  [The Register]
05-01-2014: Malware strikes thousands of Yahoo users via poisoned adverts.  [Graham Cluley] [The Register]
09-01-2014: After a terrible year for security, Yahoo Mail finally gets HTTPS by default.  [Graham Cluley] [The Register]
03-01-2014: Gaping admin access holes found in SoHo routers from Linksys, Netgear and others.  [NakedSecurity]
02-01-2014: CryptoLocker creeps lure victims with fake Adobe, Microsoft activation codes.  [The Register] [Graham Cluley]
02-01-2014: "Military style" raid on California power station. [Schneier] [Foreign Policy]
02-01-2014: Skype’s Twitter, Facebook, and blog hacked by SEA demanding an end to spying.  [TNW] [BBC News] [Graham Cluley] [NZ Herald] [Ars Technica]  [GottaBeMobile]
03-01-2014: Microsoft tweets advice about phishing, but too late to save Skype.  [Graham Cluley]
01-01-2014: Hackers claim to reveal millions of Snapchat usernames and phone numbers.  [Graham Cluley] [BoingBoing] [DailyTech] [BGR] [Gizmodo] [The Verge] [TNW] [NZ Herald] [BBC News] [Stuff] [The Register]
02-01-2014: Snapchat acknowledges hack.  [Engadget] [TechCrunch] [ReadWriteWeb] [BBC News] [Graham Cluley] [The Register]
03-01-2014: Snapchat CEO won't say sorry for hack. [ValleyWag]
03-01-2014: Snapchat knew for months about major security hole but failed to fix it.  [BGR] [Today]
09-01-2014: Snapchat apologizes for and patches leak.  [BoingBoing] [Snapchat] [BGR] [Engadget] [The Register]
09-01-2014: Anatomy of a snap attack. [The New Yorker]
13-01-2014: Snapchat apologizes for jump in spam.  [HardOCP] [cNet]  [The Verge]

Recent site activity

Security News Archive: 2014 to 2016

2016 News

2015 News

2014 News