Security

2022 – Security News

2021 – Security News

2020 – Security News

  • 24-12-2020: SolarWinds hackers also targeted security firm CrowdStrike. [Engadget]

  • 18-12-2020: Long-standing vulns in 5G protocols open the door for attacks on smartphone users. [The Register]

  • 17-12-2020: Mexican drug cartels with high-tech spyware. [Schneier] [The Guardian]

  • 15-12-2020: Cruise line operator Hurtigruten crippled in ransomware attack. [Graham Cluley]

  • 09-12-2020: FireEye hacked. [Schneier] [FireEye] [The Verge] [Ars Technica] [BBC News] [Engadget] [The Register] [Graham Cluley]

  • 20-10-2020: Trickbot is scrambling to stay alive. [Ars Technica]

  • 12-10-2020: Microsoft helped disrupt the infamous Trickbot botnet. [Engadget] [NZ Herald] [Stuff]

  • 30-09-2020: Quantum-safe cryptography: hype vs reality. [ipSpace]

  • 23-09-2020: 179 arrested in 'Operation DisrupTor' dark web drug takedown. [Engadget]

  • 13-08-2020: NSA and FBI warn that new Linux malware threatens national security. [Ars Technica] [The Register]

  • 12-08-2020: Tor battles to fend off swarm of Bitcoin-stealing exit relays. [The Register]

  • 03-08-2020: Secret questions not as good as you'd think. [ITP Techblog]

  • 26-07-2020: Hackers actively exploit high-severity networking vulnerabilities. [Ars Technica]

  • 09-07-2020: Traffic analysis of home security cameras. [Schneier] [QMUL PDF]

  • 02-07-2020: Law enforcement arrests hundreds after compromising encrypted chat system. [The Verge] [BBC News] [Engadget]

  • 25-06-2020: Two record DDoSes disclosed this week underscore their growing menace. [Ars Technica] [The Register]

  • 19-06-2020: Australia cyberattacks. [BBC News]

  • 16-06-2020: Multiple “CIA failures” led to theft of agency’s top-secret hacking tools. [Ars Technica] [Schneier] [Washington Post]

  • 12-06-2020: Facebook helped develop a Tails exploit. [Schneier] [Gizmodo] [The Register]

  • 10-06-2020: Honda halts production at some plants after being hit by a cyberattack. [Ars Technica] [BBC News] [The Verge] [Engadget]

  • 31-05-2020: Cisco backend servers deployments compromised via SaltStack. [The Register]

  • 21-04-2020: Another story of bad 1970s encryption. [Schneier]

  • 08-04-2020: RSA-250 factored. [Schneier]

  • 20-02-2020: Hackers were inside Citrix for 5 months. [Krebs]

  • 12-02-2020: One of the most destructive botnets can now spread to nearby Wi-Fi networks. [Ars Technica]

  • 07-02-2020: Researchers steal data from computer using monitor brightness. [ExtremeTech]

  • 05-02-2020: Network segmentation blown apart by Cisco CDPwn security bugs. [The Register]

  • 13-01-2020: Microsoft CEO: encryption backdoors are a ‘terrible idea’. [The Verge]

  • 07-01-2020: PGP keys, software security, and much more threatened by new SHA1 exploit. [Ars Technica] [Schneier] [IACR PDF]

2019 – Security News

  • 16-12-2019: Security vulnerabilities found in the RCS texting protocol. [Schneier] [Wired]

  • 22-11-2019: The NSA warns of TLS inspection. [Schneier] [NSA PDF]

  • 21-11-2019: GPS manipulation. [Schneier] [MIT Technology Review]

  • 06-11-2019: 8chan gets back online -- and is promptly forced off again. [Ars Technica]

    • 06-11-2019: How 8chan (or “8kun”) got (briefly) back online [Ars Technica].

  • 05-11-2019: ISPs lied to Congress to spread confusion about encrypted DNS. [Ars Technica]

  • 02-11-2019: NordVPN users’ passwords exposed in mass credential-stuffing attacks. [Ars Technica]

  • 25-10-2019: Dark web site taken down without breaking encryption. [Schneier] [Wired]

  • 22-10-2019: Hackers steal secret crypto keys for NordVPN. [Ars Technica] [Krebs] [The Verge] [Engadget] [ExtremeTech] [Schneier] [The Register]

  • 10-10-2019: Twitter transgression proves why its flawed 2FA system is such a privacy trap. [Ars Technica]

  • 09-10-2019: Ransomware victim hacks attacker, turning the tables by stealing decryption keys. [Tripwire]

  • 27-09-2019: Police raid ‘bulletproof’ hosting company run out of former NATO bunker. [The Verge] [Krebs] [Ars Technica] [The Register] [Schneier] [AP News] [SECjuice]

    • 01-10-2019: Mariposa botnet author, Darkcode Crime forum admin arrested in Germany. [Krebs]

  • 24-09-2019: Russian national confesses to biggest bank hack in US history [Ars Technica] [The Register]

  • 20-09-2019: World’s most destructive botnet returns with stolen passwords and email in tow. [Ars Technica]

  • 20-08-2019: How malformed packets caused CenturyLink’s 37-hour, nationwide outage. [Ars Technica]

  • 09-08-2019: New DoS attack exploits algorithms to knock sites offline. [Engagdet]

  • 09-08-2019: The most comprehensive ethical hacking course ever created. [ExtremeTech]

  • 06-08-2019: Russian hackers are using IoT devices to infiltrate networks. [Engadget]

  • 06-08-2019: Has public Wifi become more secure? [ITP Techblog]

  • 06-08-2019: Ransomware, “wiper” malware attacks have more than doubled. [Ars Technica]

  • 05-08-2019: The risk of weak online banking passwords. [Krebs]

  • 05-08-2019: GermanWiper isn’t ransomware -- it’s worse than that. [Graham Cluley]

  • 29-07-2019: IoT botnet launched massive 13-day DDoS attack against streaming service. [Graham Cluley]

  • 20-07-2019: NSA contractor sentenced to nine years over theft of classified info. [Engadget] [The Register]

  • 11-07-2019: Whitehats use DoS attack to score key victory against ransomware crooks. [Ars Technica]

  • 26-06-2019: Global phone networks attacked by hackers. [BBC News]

  • 21-06-2019: Backdoor built into Android firmware. [Schneier] [Ars Technica]

    • 25-06-2019: Tracing the supply chain attack on Android. [Krebs]

  • 18-06-2019: Cloudflare aims to make HTTPS certificates safe from BGP hijacking attacks. [Ars Technica]

  • 13-06-2019: DDoS attack that knocked Telegram secure messaging service offline linked to Hong Kong protests. [Graham Cluley] [BBC News] [The Verge]

  • 07-06-2019: Cyber-thieves turn to 'invisible net' to set up attacks. [BBC News]

  • 05-06-2019: New exploit shows warnings of world-wide worm attacks are real. [Ars Technica]

  • 04-06-2019: Microsoft says mandatory password changing is “ancient and obsolete". [Ars Technica]

  • 25-05-2019: Hackers used NSA tool to attack Baltimore’s computer systems. [The Verge] [Engadget]

    • 27-05-2019: Baltimore ransomware attack: NSA faces questions. [BBC News] [Ars Technica]

    • 03-06-2019: No ‘Eternal Blue’ exploit found in Baltimore City ransomware. [Krebs] [Ars Technica]

  • 16-05-2019: Global takedown shows the anatomy of a modern cybercriminal supply chain. [Wired]

  • 15-05-2019: A tough week for IP address scammers. [Krebs]

  • 14-05-2019: Microsoft warns of major WannaCry-like Windows security exploit. [The Verge] [Engadget]

  • 13-05-2019: Cisco bug has massive global implications. [Wired] [The Register]

  • 13-05-2019: Spying on personal alarms and GPS trackers is as simple as sending an SMS. [Graham Cluley]

  • 10-05-2019: Cryptanalyzing a pair of Russian encryption algorithms. [Schneier] [Motherboard]

  • 07-05-2019: Feds take down dark web index and news site Deep Dot Web. [The Verge]

  • 07-05-2019: The CIA sets up shop on Tor, the Anonymous Internet. [Wired]

  • 07-05-2019: Stolen NSA hacking tools were used in the wild 14 months before Shadow Brokers leak. [Ars Technica] [The Register] [Wired] [Engadget] [Schneier]

  • 24-04-2019: Microsoft knows password-expiration policies are useless. [Engadget]

  • 18-04-2019: New DNS hijacking attacks. [Schneier] [Wired]

  • 09-04-2019: Mysterious safety-tampering malware infects a second critical infrastructure site. [Ars Technica] [Wired]

  • 09-04-2019: Well-funded surveillance operation infected both iOS and Android devices. [Ars Technica] [ExtremeTech]

  • 05-04-2019: Unhackable cryptography? [Schneier] [Quanta Magazine]

  • 02-04-2019: Hackers don't just want to pwn networks, they literally want to OWN your network. [The Register]

  • 29-03-2019: Hidden backdoor in Intel processors is really a debug port. [The Register]

  • 27-03-2019: Researchers find 36 security flaws in LTE. [Engadget]

  • 26-03-2019: Personal data left on used laptops. [Schneier] [Rapid7] [Gizmodo]

  • 20-03-2019: Aluminium plants hit by cyber-attack, global company turns to manual operations. [Hot for Security] [BBC News] [The Register] [Ars Technica] [Graham Cluley] [DC Knowledge]

    • 21-03-2019: How Lockergoga took down Hydro. [DoublePulsar]

    • 03-04-2019: In its ransomware response, Norsk Hydro is an example for us all. [Graham Cluley]

  • 17-03-2019: How a wireless keyboard lets hackers take full control of connected computers. [Ars Technica] [HardOCP] [David Sopas, YouTube]

  • 05-03-2019: ji32k7au4a83 is a surprisingly bad password. [The Verge]

  • 26-02-2019: Next-gen blackholing to counter DDoS. [NANOG 75 YouTube]

  • 26-02-2019: Four years of breaking HTTPS with BGP hijacking. [NANOG 75 YouTube]

  • 26-02-2019: The Pentagon wants to replace passwords with the way you move or walk. [HardOCP] [Washington Post]

  • 25-02-2019: Android is helping kill passwords on a billion devices. [Wired] [Engadget]

  • 25-02-2019: Flaws in 4G and 5G can lead to spying on location and calls. [The Verge] [Engadget] [No Jitter]

  • 17-02-2019: The Facebook phishing scam that could dupe even vigilant users. [Ars Techncia]

  • 13-02-2019: US Air Force defector allegedly helped Iran hack Americans. [Wired]

  • 04-02-2019: Quantum computing doesn’t threaten good encryption -- yet. [DC Knowledge]

  • 03-02-2019: Why SMS-based 2FA sucks: UK bank falls victim to SS7 attacks. [Android Police]

  • 22-01-2019: Hacking construction cranes. [Schneier] [Trend Micro]

  • 18-01-2019: Short take - HTTPS interception. [Network Collective] [Russ White]

  • 17-01-2019: New massive security breach exposes 773 million passwords. [ExtremeTech]

  • 10-01-2019: A new type of network is on the rise to combat the quantum threat to encryption. [DC Knowledge]

  • 07-01-2019: NSA to release a free tool for reverse engineering malware. [Engadget] [HardOCP] [ZDNet]

2018 – Security News

  • 24-12-2018: Cryptojacking took over in 2018. [Wired]

  • 24-12-2018: MD5 and SHA-1 still used in 2018. [Schneier] [SWDGE PDF]

  • 24-12-2018: Someone is learning how to take down the internet, and learning fast. [Stuff]

  • 20-12-2018: Most common corporate-network security problems. [DC Journal]

  • 13-12-2018: Iranian phishers bypass 2FA protections offered by Yahoo Mail and Gmail. [Ars Technica] [Schneier] [ExtremeTech]

  • 12-12-2018: Hackers are targeting nuclear, defense, energy, financial businesses. [The Register]

  • 30-11-2018: It's nearly 2019, and your network can get pwned through an oscilloscope. [The Register]

  • 30-11-2018: Marriott breach leaves 500 million exposed with passport, card numbers stolen. [Ars Technica] [Krebs] [Graham Cluley] [The Register] [BBC News] [Stuff] [HardOCP] [Marriott] [Engadget]

    • 01-12-2018: What the Marriott breach says about security. [Krebs]

    • 12-12-2018: If China hacked Marriott, then 2014 marked a full-on assault. [Wired] [Schneier]

  • 30-11-2018: Mass router hack exposes millions of devices to potent NSA exploit. [Ars Technica]

  • 28-11-2018: Encrypted traffic reaches a new threshold. [Network Computing]

  • 28-11-2018: The murky world of smartphone forensics. [NZ Herald]

  • 19-11-2018: Blackout for thousands of dark web pages. [BBC News]

  • 19-11-2018: Using a free VPN? Skip the middleman and send your data direct to China. [The Register]

  • 19-11-2018: What happened to cyber-911? [Schneier]

  • 19-11-2018: A little phishing knowledge may be a dangerous thing. [The Register]

  • 13-11-2018: OneSpan: the passwordless web is coming courtesy of FIDO2. [Graham Cluley]

  • 13-11-2018: Google goes down after major BGP mishap routes traffic through China. [Ars Technica] [The Register] [BBC News] [Wired] [HardOCP] [ThousandEyes Twitter]

  • 13-11-2018: France proposes to make Internet safer, but USA, Russia, China disagree. [The Register]

  • 05-11-2018: GCSB releases cyber resiliency report. [Geekzone] [NCSC PDF]

  • 05-11-2018: Focus on cyber security puts Huawei under the spotlight. [ITP Techblog] [PocketNow]

  • 02-11-2018: PortSmash attack punches hole in Intel's Hyper-Thread CPUs, leaves with crypto keys. [The Register] [HardOCP] [ZDNet] [Ars Technica]

  • 30-10-2018: Cell phone security and heads of state. [Schneier]

  • 20-10-2018: 3 out of 4 employees are a security risk. [Russ White] [Dark Reading]

  • 19-10-2018: Miscreants use pilfered NSA hacking tools to pwn boxes in nuke, aerospace worlds. [The Register]

    • 19-10-2018: Government perspective on supply chain security. [Schneier] [Krebs]

  • 10-10-2018: China's clampdown on Tor pushes its hackers into foreign backyards. [The Register]

  • 09-10-2018: Withstanding the infinite: DDoS defense in the terabit era. [NANOG 74 YouTube]

  • 14-09-2018: A decade-old attack can break the encryption of most PCs. [Wired]

  • 14-09-2018: Quantum computing and cryptography. [Schneier]

  • 14-09-2018: What you can do when you steal a laptop, reflash the BIOS, and reboot it. [The Register]

  • 14-09-2018: The Register takes the US government's insider threat training course. [The Register]

  • 27-08-2018: WireGuard VPN review: A new type of VPN offers serious advantages. [Ars Technica]

  • 12-08-2018: Australia on the cusp of showing the world how to break encryption. [The Register]

  • 10-08-2018: Satellite hacks are real and the consequences are frightening. [ExtremeTech]

  • 10-08-2018: Encryption doesn't stop someone from working out what you're up to. [The Register]

  • 08-08-2018: Honeypot DDoS monitoring. [Russ White] [APNIC Blog]

  • 06-08-2018: Cracking the passwords of some WPA2 Wi-Fi networks just got easier. [The Register]

  • 03-08-2018: Network security analysis - a new approach. [Network Computing]

  • 01-08-2018: Fin7: the inner workings of a billion-dollar hacking group. [Wired] [HardOCP] [Reuters] [Ars Technica] [Engadget]

  • 01-08-2018: GCHQ on quantum key distribution. [Schneier] [NCSC]

  • 01-08-2018: Backdoors in Cisco routers. [Schneier] [THG]

  • 01-07-2018: Cryptojacking malware: what it is and how to fix it. [ReadWriteWeb]

  • 23-07-2018: The secret Internet war over bots. [Wired]

  • 23-07-2018: Google: security keys neutralized employee phishing. [Krebs] [HardOCP] [Engadget] [Android Police] [ExtremeTech] [Schneier]

  • 18-07-2018: Dark Web going darker due to exposure. [HardOCP] [SecurityWeek]

  • 09-07-2018: The worst cybersecurity breaches of 2018 so far. [Wired]

  • 07-06-2018: Cybercrooks are switching to Telegram. [The Register]

  • 06-06-2018: Defending against botnets. [Russ White] [PDF]

  • 06-06-2018: VPNFilter malware infecting 500,000 devices is worse than we thought. [Ars Technica] [The Register] [ExtremeTech] [HardOCP] [Schneier] [Russ White]

  • 06-06-2018: Google’s Mark Risher: why everything we know about passwords is wrong. [The Verge]

  • 06-06-2018: Cloudflare experiments with hidden Tor services. [The Register]

  • 05-06-2018: End-to-end encryption doesn’t stop the FBI reading your messages. [Graham Cluley]

  • 03-06-2018: ZTE was built to spy and bribe. [HardOCP] [SMH]

  • 30-05-2018: The limit of HTTPS. [Russ White] [APNIC Blog]

  • 22-05-2018: Cloudflare: DDoS moves to Layer 7. [The Register]

  • 21-05-2018: Biggest web security vulnerabilities haven’t changed much. [DC Knowledge]

  • 17-05-2018: Microsoft's Azure green-lit for use by US spies. [The Register]

  • 15-05-2018: DDoS attacks in 2018 are very large. [EtherealMind] [OURSA YouTube]

  • 14-05-2018: Details on a new PGP vulnerability. [Schneier] [EFail] [Wired] [Ars Technica] [The Register]

  • 11-05-2018: This Tool Can Hack Your Accounts Even with Two-Factor Authentication. [ExtremeTech]

  • 07-05-2018: Password re-use is dangerous - so what about stopping it with password-sharing? [The Register]

  • 06-05-2018: How to keep hackers out of your Facebook and Twitter accounts. [Wired]

  • 03-05-2018: It's world (terrible) password (advice) day. [The Register]

  • 03-05-2018: Nigerian email scammers are more effective than ever. [Wired]

  • 02-05-2018: NIST issues call for "lightweight cryptography" algorithms. [Schneier] [NIST]

  • 27-04-2018: The hidden risks of ssh. [DC Journal]

  • 25-04-2018: DDoS-for-hire service Webstresser dismantled. [Krebs] [The Register] [Graham Cluley] [HardOCP] [The Hacker News] [Engadget]

  • 25-04-2018: Cracking the crypto war. [Wired]

    • 27-04-2018: Ray Ozzie’s plan for unlocking encrypted phones gets a chilly reception. [Ars Technica] [Schneier]

    • 07-05-2018: Ray Ozzie’s crypto proposal - a dose of technical reality. [Ars Technica]

  • 23-04-2018: Cisco switch attacks represent new wave of network exploits. [Network Computing]

  • 19-04-2018: The security risks of logging in with Facebook. [Wired]

  • 16-04-2018: Government hackers: made some malware, don't be surprised if it bites you. [The Register]

  • 12-04-2018: Cloudflare launches "Spectrum" DDoS protection service for all Internet traffic. [THG] [The Register]

  • 10-04-2018: Practical passwordless authentication comes a step closer with WebAuthn. [Ars Technica] [The Verge] [Engadget] [Wired] [HardOCP] [PCMag] [HEXUS]

  • 26-03-2018: FCC to block 'national security risk' companies (Huawei, ZTE) from US's $8.5bn broadband pot. [The Register] [The Verge] [Ars Technica]

  • 26-03-2018: Magical thinking on Internet security. [Russ White] [Farsight Security]

  • 26-03-2018: Adding backdoors at the chip level. [Schneier] [Springer Link] [PDF]

  • 23-03-2018: World celebrates, cyber-snoops cry as TLS 1.3 internet crypto approved. [The Register] [EtherealMind]

  • 22-03-2018: The real cause of large DDoS - IP spoofing. [EtherealMind] [CloudFlare]

  • 22-03-2018: Blocking malware with DNS. [Russ White] [APNIC Blog]

  • 20-03-2018: Side channel attacks in the wild: the smart home. [Russ White]

  • 13-03-2018: Weighing privacy vs security for the Internet's address book. [Wired]

  • 09-03-2018: Crypto zealots. [Geoff Huston]

  • 05-03-2018: World's biggest DDoS attack record broken after just five days. [The Register] [Graham Cluley] [Schneier] [Ars Technica]

    • 08-03-2018: Corero reveals 'kill-switch' to suppress memcached DDoS attacks. [THG] [The Register]

  • 03-03-2018: First IPv6 DoS. [The Register]

  • 01-03-2018: New carrier-based authentication system seeks to replace SMS 2FA. [THG] [Android Police]

  • 01-03-2018: GitHub code tub hit with record-breaking 1.35Tbps DDoS. [The Register] [Engadget] [Krebs] [Graham Cluley]

  • 28-02-2018: Large DDoS amplification attacks now possible via memcached servers. [THG]

  • 14-02-2018: A potent botnet is exploiting a critical router bug that may never be fixed. [Ars Technica]

  • 13-02-2018: Jumping air gaps. [Schneier] [Wired]

  • 12-02-2018: Cryptojacking threatens critical infrastructure. [Wired] [HardOCP] [Scott Helme]

  • 31-01-2018: Ransomware scammers get scammed themselves by Tor proxy hack. [ExtremeTech]

  • 31-01-2018: New click-to-hack tool: one script to exploit them all... [The Register]

  • 30-01-2018: US AG says Feds have already infiltrated Dark Net. [The Register]

  • 26-01-2018: Lenovo's fingerprint scanner has a hardcoded password. [The Register]

  • 24-01-2018: Tor Browser 7.5 launches with support for next-gen Onion services. [THG]

  • 20-01-2018: Why this intercontinental quantum-encrypted video hangout is a big deal. [Wired]

  • 15-01-2018: BitTorrent users beware: Flaw lets hackers control your computer. [Ars Technica]

  • 12-01-2018: IoT-based DDoS threats loom. [Network Computing]

  • 11-01-2018: Cisco can now sniff out malware inside encrypted traffic. [The Register]

  • 06-01-2018: WD My Cloud drives have a built-in backdoor. [HardOCP] [TechSpot] [Graham Cluley] [ExtremeTech]

  • 02-01-2018: Automatic autofill of your username and password? Not a good idea. [Graham Cluley]

2017 – Security News

  • 29-12-2017: The rise of cryptojacking and how to stop it. [THG] [Wired]

  • 28-12-2017: Microsoft asserts that "It’s time to kill the password." [Hexus] [HardOCP] [TechSpot] [NZ Herald] [Stuff]

  • 18-12-2017: Lessons learned from the Estonian national ID security flaw. [Schneier] [Cybernetica]

  • 17-12-2017: Hackers shut down plant by targeting its safety system. [Engadget] [HardOCP] [Reuters]

  • 15-12-2017: We need to talk about mathematical backdoors in encryption algorithms. [The Register]

  • 13-12-2017: Mirai IoT botnet co-authors plead guilty. [Krebs] [BBC News] [The Verge] [Ars Technica] [Engadget] [Wired] [Graham Cluley]

    • 20-12-2017: Details of the Mirai botnet authors. [Schneier] [Krebs]

  • 11-12-2017: New group of hackers targeting banks around the world. [HardOCP] [Bloomberg]

  • 11-12-2017: HP laptops found to have hidden keylogger. [BBC News] [Graham Cluley] [Hexus] [HardOCP] [Github Blog] [THG] [ExtremeTech]

    • 13-12-2017: How to remove a keylogger from your HP laptop. [Lifehacker]

  • 08-12-2017: Despite takedowns, botnets aren't going away any time soon. [DC Knowledge]

  • 06-12-2017: Satori botnet rears its head, exploiting IoT vulnerabilities. [BitDefender]

  • 06-12-2017: Evidende that Ethiopia is spying on journalists shows that commercial spyware is out of control. [Wired]

  • 05-12-2017: Phishing schemes are using encrypted sites to seem legit. [Wired]

  • 05-12-2017: International team takes down virus-spewing Andromeda botnet. [The Register]

  • 04-12-2017: Underwater net cables are prime targets for terrorists and Russia. [The Register]

  • 29-11-2017: Internet-paralyzing Mirai botnet comes roaring back with new strain. [Ars Technica]

  • 28-11-2017: Ethereum founder unveils roadmap for next-gen blockchain. [THG]

  • 27-11-2017: Don't shame idiots about their idiotically weak passwords. [The Register]

  • 26-11-2017: Quantum encryption is now fast enough for voice calls. [Engadget] [HardOCP] [phys.org] [The Register]

  • 21-11-2017: Over 400 of the world's most popular website record your every keystroke. [HardOCP] [Motherboard] [Schneier]

  • 14-11-2017: Long article on the NSA and the Shadow Brokers. [Schneier] [NYT]

  • 10-11-2017: Hack of attack-for-hire service vDOS snares New Mexico man. [Krebs]

  • 09-11-2017: DDoS-for-Hire Service Launches Mobile App. [Krebs]

  • 09-11-2017: History of networking -- RAVEN and Internet surveillance. [Network Collective]

  • 08-11-2017: Four years later, Yahoo still doesn’t know how Russia hacked 3 billion accounts. [HardOCP] [TechCrunch]

  • 07-11-2017: Cloudflare uses lava lamps to encrypt the Internet. [HardOCP] [CloudFlare]

  • 07-11-2017: Which is the greatest botnet on the whole? [The Register]

  • 07-11-2017: Flaw crippling millions of crypto keys is worse than first disclosed. [Ars Technica]

  • 06-11-2017: A third of the Internet is under attack. [HardOCP] [UCSD]

  • 06-11-2017: Galizia's murder and the security of WhatsApp. [Schneier]

  • 03-11-2017: Tor’s next-gen onion system works to keep servers hidden. [Engadget] [The Register] [THG] [Ars Technica] [Lifehacker]

  • 01-11-2017: Hackers continue to abuse digital certs. [HardOCP] [The Register]

  • 27-10-2017: Critical flaws found in maritime comms system. [HardOCP] [HelpNetSecurity] [Wired]

  • 26-10-2017: 2FA codes could get replaced by physical objects. [The Verge]

  • 25-10-2017: BadRabbit: new wave of cyber attacks hits Russia and other nations. [HardOCP] [Reuters]

  • 23-10-2017: The economics of DDoS. [Russ White] [Arbor Networks]

  • 22-10-2017: US energy, nuke and aviation sectors under sustained attack. [The Register] [HardOCP] [US-CERT]

  • 20-10-2017: Your browser could be mining cryptocurrency for a stranger. [Wired] [Lifehacker]

  • 20-10-2017: The Reaper botnet could be worse than Mirai. [Wired] [Graham Cluley] [Schneier]

    • 27-10-2017: Assessing the threat the Reaper botnet poses to the Internet. [Ars Technica]

  • 19-10-2017: Cryptojacking is everywhere, it's getting worse each day. [HardOCP]

  • 17-10-2017: Discovering the threats below the surface on the Dark Web. [ReadWriteWeb]

  • 16-10-2017: The TPM encryption many major companies rely on has a serious flaw. [Engadget] [The Register] [Ars Technica]

  • 16-10-2017: KRACK attack against WiFi encryption. [Schneier] [Ars Technica] [BBC News] [The Register] [THG] [HardOCP] [BleepingComputer] [ExtremeTech] [The Verge] [Wired] [Engadget] [Stuff] [Krebs] [Network Computing] [ITP Techblog] [Graham Cluley] [Computerphile YouTube]

    • 16-10-2017: Microsoft has already fixed the Wi-Fi attack vulnerability. [The Verge]

    • 16-10-2017: 41% of Android phones are vulnerable to Wi-Fi attack. [The Verge]

    • 17-10-2017: The flawed system behind the KRACK WiFi meltdown. [Wired]

    • 17-10-2017: Why the KRACK WiFi mess will take decades to clean up. [Wired]

    • 23-10-2017: What does the WPA2 vulnerability mean for IoT? [ReadWriteWeb]

    • 27-10-2017: More articles on KRACK. [Russ White] [Errata Security] [Krebs] [linux.com]

  • 13-10-2017: Large scale cyber attack warning. [HardOCP] [UKRInform]

  • 11-10-2017: 'Crypto Anchors' might stop the next Equifax-style megabreach. [Wired]

  • 11-10-2017: New encryption legislation coming? [HardOCP] [Reuters]

  • 08-10-2017: VPN logs helped unmask alleged 'net stalker. [The Register] [HardOCP] [ExtremeTech] [Graham Cluley]

  • 06-10-2017: DDoS protection: Arbor Networks vs. Kentik. [Network Computing]

  • 05-10-2017: Russian hackers used Kaspersky software to find vulnerable NSA docs. [The Verge] [Wired] [Engadget] [Schneier] [Ars Technica]

  • 03-10-2017: How to fight the new breed of DDoS attacks on data centers. [DC Knowledge]

  • 27-09-2017: Why DDoS attacks are on the rise. [DC Knowledge]

  • 26-09-2017: Cloudflare: DDoS will now be "something for the history books". [HardOCP] [Motherboard Vice]

  • 20-09-2017: HVAC hackers attack more than the thermostat. [HardOCP] [BleepingComputer]

  • 18-09-2017: This is why you shouldn’t use texts for two-factor authentication. [The Verge] [The Register] [HardOCP] [Forbes]

  • 18-09-2017: CCleaner, distributed by anti-virus firm Avast, contained malicious backdoor. [Graham Cluley] [Lifehacker] [The Register] [HardOCP] [TNW] [ExtremeTech] [The Verge] [Wired]

  • 18-09-2017: Feds in California are aggressively going after Silk Road, AlphaBay vendors. [Ars Technica]

  • 14-09-2017: New Bluetooth malware affects billions of devices, requires no pairing. [ExtremeTech] [Schneier]

  • 08-09-2017: Budding malware author uses same Skype ID across job applications and IoT botnet ads. [Graham Cluley]

  • 08-09-2017: Shadow Brokers releases NSA UNITEDRAKE manual. [Schneier] [Document Cloud PDF]

  • 08-09-2017: Five benefits of next-generation firewalls. [Network Computing]

  • 06-09-2017: Hackers lie in wait after penetrating US and Europe power grid networks. [Ars Technica] [The Verge] [Wired]

  • 05-09-2017: Security flaw in Estonian national ID card. [Schneier] [Estonian World]

  • 01-09-2017: Massive Locky ransomware campaign sends out 23 million emails in 24 hours. [Graham Cluley]

  • 01-09-2017: Russian hacking tools codenamed White Bear exposed. [Schneier] [SecureList]

  • 31-08-2017: Is quantum encryption the key to cyber-security? [BBC News]

  • 30-08-2017: Is it time to build an anti-DDoS alliance? [Russ White] [Senki]

  • 28-08-2017: SS7 network vulnerabilities is big business. [HardOCP] [Daily Beast]

  • 28-08-2017: One of first-known Android DDoS malware infects phones in 100 countries. [Ars Technica] [Krebs]

  • 24-08-2017: Why it’s still a bad idea to post or trash your airline boarding pass. [Krebs]

  • 24-08-2017: DreamHost smashed in DDoS attack: who's to blame? [The Register]

  • 24-08-2017: Plug the security holes in your two-factor authentication. [Lifehacker]

  • 24-08-2017: Massive government data leak in Sweden. [Schneier] [Privacy News Online]

  • 22-08-2017: Insider attack on lottery software. [Schneier] [CNBC] [HardOCP] [DMR]

  • 16-08-2017: Imperva discovers 'Pulse Wave' DDoS attacks. [THG]

  • 13-08-2017: Password policies of 40 popular online services analyzed. [HardOCP] [BleepingComputer]

  • 12-08-2017: Russian group that hacked DNC used NSA attack code in attack on hotels. [Ars Technica] [The Register]

  • 08-08-2017: The man who put us through password hell regrets everything. [Engadget] [Stuff, Stuff] [NZ Herald] [Graham Cluley] [BBC News] [Wired] [Russ White] [Shelly Palmer]

  • 05-08-2017: Protect the white hat hackers who are just doing their job. [Wired] [Ars Technica]

    • 21-08-2017: GCHQ knew FBI was planning to arrest WannaCry's 'accidental hero' before he travelled to the USA. [Graham Cluley] [The Register]

  • 04-08-2017: Penetrating a Casino's network through an Internet-connected fishtank. [Schneier] [Washington Post]

  • 01-08-2017: Encryption substitute. [Russ White] [ScribD]

  • 31-07-2017: NetFlix crafted DDoS. [Russ White] [Medium] [The Register]

  • 31-07-2017: Facebook COO Sheryl Sandberg: crypto ban won't help trap terrorists. [The Register]

  • 30-07-2017: The very best hacks from Black Hat. [Wired]

  • 29-07-2017: Tor's Dingledine: dark web doesn't exist, and people use network for privacy, not crime. [The Register]

  • 28-07-2017: How Netflix DDoSed itself to help protect the entire Internet. [Wired]

  • 28-07-2017: Zero-day vulnerabilities against Windows in the NSA tools released by the Shadow Brokers. [Schneier] [Rapid7]

  • 28-07-2017: Cyber spies use fake profile as a 'honey pot' to trap male workers. [NZ Herald]

  • 27-07-2017: The opsec blunders that landed a Russian politician's fraudster son in the clink for 27 years. [The Register]

  • 26-07-2017: Russia passes bill banning proxies, TOR, VPNs. [HardOCP] [Info Security]

  • 26-07-2017: How to improve your privacy in Windows 10. [Stuff]

  • 26-07-2017: Spies, cops don't need to crack WhatsApp: they'll just hack your smartphone. [The Register]

  • 26-07-2017: The great Ethereum hack. [Russ White] [FreeCodeCamp]

  • 22-07-2017: Letting cyberattack victims hack back is a very unwise idea. [Wired]

  • 20-07-2017: Cisco 2017 midyear cybersecurity report. [Cisco] [THG]

  • 19-07-2017: Let's harden Internet crypto so quantum computers can't crack it. [The Register] [Wired]

  • 19-07-2017: China's 'future-proof' crypto. [The Register] [BBC News]

    • 10-08-2017: Chinese satellite sends 'hack-proof' message. [BBC News]

  • 18-07-2017: Leaked memo says hackers may have compromised UK power plants. [Engadget]

  • 18-07-2017: Quantum computing could make today's encryption obsolete. [DC Knowledge]

  • 17-07-2017: Inside the cyber-attack on the UK parliament. [BBC News]

  • 13-07-2017: AlphaBay taken down by law enforcement across 3 countries. [Ars Technica] [Gizmodo] [The Register] [The Verge] [Wired]

  • 10-07-2017: 2FA is a mess. [The Verge] [The Register]

  • 09-07-2017: Trump talked to Putin about creating a 'Cyber Security unit'. [Engadget] [Gizmodo] [Ars Technica]

    • 10-07-2017: Donald Trump backtracks on Russia joint cybersecurity unit. [BBC News]

  • 07-07-2017: US military will finally start encrypting soldiers' emails. [Engadget]

  • 07-07-2017: Hacking Team is back. [Engadget]

  • 06-07-2017: Why isn't everyone running DNSSEC? [Russ White] [APNIC Blog]

  • 06-07-2017: It's easier than ever to steal someone's keys. [Schneier] [KeyMe]

  • 06-07-2017: After criticism, US Defense Department will implement new encryption standards next year. [Gizmodo]

  • 06-07-2017: Let’s Encrypt to support wildcard certificates starting January 2018. [THG] [The Register] [Ars Technica]

  • 06-07-2017: Drugs and manufacturing equipment imported over the dark web. [Stuff]

  • 05-07-2017: Hackers are targeting nuclear power plant operators in the US. [The Verge] [ReadWriteWeb] [Ars Technica] [Wired] [The Register]

  • 05-07-2017: A major Dark Net market is down and users are worried they got scammed. [Gizmodo]

  • 03-07-2017: HTTPS Certificate Revocation is broken. [Ars Technica] [HardOCP] [Scott Helme]

  • 03-07-2017: What it's like when pro phishers assail your inbox. [Wired]

  • 01-07-2017: The biggest cybersecurity disasters of 2017 so far. [Wired]

  • 30-06-2017: The encryption debate should end right now. [Wired] [ITP Blog]

  • 30-06-2017: Google's Project Zero. [Schneier] [Fortune]

  • 30-06-2017: Latest ransomware techniques show need for layered security. [PacketU] [Voxy]

  • 29-06-2017: Shadow Brokers hike prices for stolen NSA exploits. [The Register]

  • 29-06-2017: Let’s Encrypt issues 100 million certificates to help secure the web. [THG]

  • 28-06-2017: Why you'll be sorry when encryption is broken. [NZ Herald]

  • 27-06-2017: GoldenEye ransomware campaign spreads throughout Europe. [THG]

  • 27-06-2017: The DAO Ethereum hack. [Schneier] [Bloomberg]

  • 27-06-2017: Idea to encrypt stuff on the web at rest hits the IETF's Standard Track. [The Register]

  • 26-06-2017: The FAA is arguing for security by obscurity. [Schneier] [Federal Register]

  • 24-06-2017: Windows 10 source code leak is an embarrassment for Microsoft. [Engadget] [Gizmodo] [HardOCP] [The Register]

    • 27-06-2017: Microsoft confirms Windows code leak, but size, details disputed. [ExtremeTech]

  • 24-06-2017: Hackers attempt to break into UK MPs' email accounts, as Houses of Parliament targeted by cyber attack. [Graham Cluley] [Stuff] [Engadget] [The Verge] [The Register]

    • 26-06-2017: UK Parliament hack a brute-force attack. [The Register]

    • 26-06-2017: UK Parliament maintains restrictions after hacking. [DC Knowledge]

  • 23-06-2017: If these universities had run an ad blocker they might have been saved from ransomware attack. [Graham Cluley]

  • 21-06-2017: The simple trick used by hackers to pinch your mobile number and wreak havoc on your life. [NZ Herald]

  • 20-06-2017: A new way to deal with DDoS. [Russ White] [ECI Telecom]

  • 20-06-2017: Many companies have been ‘hacked’, but please don’t make it THIS easy. [Graham Cluley]

  • 19-06-2017: Bot attacks getting more difficult to detect. [HardOCP] [Dark Reading]

  • 19-06-2017: New techniques to hijack social media accounts. [Schneier] [AccessNow]

  • 19-06-2017: What the average worker doesn't know about security will scare you. [DC Knowledge]

  • 19-06-2017: Backdoor backlash: European Parliament wants better privacy. [The Register]

  • 16-06-2017: Brit hacker admits he siphoned info from US military satellite network. [The Register] [Graham Cluley] [BBC News]

  • 15-06-2017: Inside a porn-pimping spam botnet. [Krebs]

  • 14-06-2017: Data vs analysis in counterterrorism. [Schneier] [The Guardian]

  • 14-06-2017: Internet hygiene still stinks despite botnet and ransomware flood. [The Register]

  • 13-06-2017: Win XP patched to avert new outbreaks spawned by NSA-leaking Shadow Brokers. [Ars Technica] [The Verge] [The Register] [THG] [ExtremeTech] [Engadget]

    • 21-06-2017: Is continuing to patch WinXP a mistake? [Schneier]

  • 13-06-2017: Hovering Over Links Can Install New Malware. [ExtremeTech]

  • 13-06-2017: Who’s afraid of the big, bad botnet? [The Register]

  • 11-06-2017: How your mouse movement could be used to stop identity theft. [Gizmodo]

  • 07-06-2017: Internet cameras have hard-coded password that can’t be changed. [Ars Technica]

  • 06-06-2017: DDoS trends in the last 20 years. [NANOG YouTube]

  • 06-06-2017: Latest on spear phishing attacks. [Schneier] [PDF]

  • 06-06-2017: Following the money hobbled vDOS attack-for-hire service. [Krebs] [Russ White]

  • 06-06-2017: Telegram is the 'app of choice' for terrorists. [Stuff]

  • 05-06-2017: Leaked NSA report says Russians tried to hack state election officials. [Ars Technica] [Engadget] [Schneier]

  • 05-06-2017: Recovering a stored password from a web browser. [Network Computing]

  • 02-06-2017: Fireball malware's flames infect a quarter of a billion computers. [Graham Cluley] [Wired] [HardOCP]

  • 31-05-2017: If you think WannaCry was huge, wait for EternalRocks. [DC Knowledge]

  • 30-05-2017: How to get away with hacking the Department of Homeland Security. [Graham Cluley]

  • 30-05-2017: Shadow Brokers lay out pitch – and name price – for monthly zero-day subscription service. [The Register] [Ars Technica]

    • 30-05-2017: Shadow Brokers move bitcoins after hacking tool auction. [BBC News]

    • 30-05-2017: Who are the Shadow Brokers? [Schneier]

  • 29-05-2017: The impact of encryption. [Russ White] [Network Collective] [YouTube]

  • 29-05-2017: NTP updated to spook-harden user comms. [The Register]

  • 27-05-2017: Internet providers have backdoor access to customers' modems. [NZ Herald]

  • 23-05-2017: The future of ransomware. [Schneier]

  • 17-05-2017: 560 million email credentials have been leaked. [Lifehacker]

  • 16-05-2017: 'Shadow Brokers' threaten to release more hacking tools in June. [Engadget]

    • 17-05-2017: Fearing Shadow Brokers leak, NSA reported critical flaw to Microsoft. [Ars Technica]

  • 16-05-2017: Security and IoT. [ipSpace] [Schneier]

  • 11-05-2017: US spymasters trash Kaspersky: AV tools can't be trusted. [The Register]

    • 12-05-2017: US intelligence chiefs don't trust Kaspersky - but why? [Graham Cluley]

  • 11-05-2017: Persirai IoT botnet threatens to hijack over 120,000 IP cameras. [Graham Cluley]

  • 10-05-2017: SS7 flaws exploited to hack smartphone 2FA systems. [Schneier]

  • 09-05-2017: NSA confirms Russia hacked French election infrastructure. [Wired]

  • 09-05-2017: Corsa adds IPv4 blacklist to support DDoS appliances. [Packet Pushers]

  • 09-05-2017: I side with the 'bad guys' on encryption. [Stuff]

  • 06-05-2017: The hijacking flaw that lurked in Intel chips is worse than anyone thought. [Ars Technica] [ExtremeTech]

  • 05-05-2017: Modern phishing attempts look more legit, but the methods haven't changed much. [Lifehacker]

  • 05-05-2017: Tips for World Password Day. [Voxy]

  • 03-05-2017: Watch hackers sabotage an industrial robot arm. [Wired]

  • 02-05-2017: Email hackers cost couple their new home. [Graham Cluley] [Krebs]

  • 01-05-2017: FIDO: multi-factor authentication should be included in NIST’s cybersecurity framework. [THG]

  • 30-04-2017: Secure messaging app showdown: WhatsApp vs. Signal. [Lifehacker]

  • 29-04-2017: Hacker holds Netflix to ransom over ‘Orange is the New Black’. [Graham Cluley] [HardOCP] [DataBreaches] [The Verge] [Gizmodo] [BBC News] [Ars Technica]

    • 30-04-2017: Hackers may have stolen 36 other shows. [Engadget]

    • 01-05-2017: That Orange is the New Black leak was never going to pay off. [Wired]

  • 27-04-2017: A vigilante is putting a huge amount of work into infecting IoT devices. [Ars Technica]

  • 26-04-2017: Interpol unplugs nearly 9,000 Asian command and control networks. [The Register]

  • 22-04-2017: US court hits Russian PoS hacker with record 27 year jail sentence. [Graham Cluley] [Krebs]

  • 21-04-2017: Why I hacked the government. [BBC News]

  • 19-04-2017: The Hajime IoT worm fights the Mirai botnet for control of your devices. [Graham Cluley] [BBC News] [ExtremeTech]

    • 03-05-2017: Hajime malware is turning 300,000 IoT devices into zombies. [ReadWriteWeb]

  • 14-04-2017: How to spot a link you shouldn't click on. [Gizmodo]

  • 13-04-2017: Criminals getting closer to state actors. [Russ White] [Halbheer]

  • 12-04-2017: For a while the infamous Mirai botnet could have exploited your IoT devices to mine Bitcoins. [Graham Cluley]

  • 11-04-2017: Feds deliver fatal blow to botnet that menaced world for 7 years. [Ars Technica] [Wired]

  • 10-04-2017: How HTTPS website security is making the Internet safer from snoopers. [Gizmodo]

  • 10-04-2017: Security threats keep network teams busy. [Network Computing]

  • 10-04-2017: Internet Society to G20 nations: The web must be fully encrypted. [The Register]

  • 08-04-2017: Forget Mirai – Brickerbot malware will kill your crap IoT devices. [The Register] [Engadget]

  • 06-04-2017: Advanced Chinese hacking campaign infiltrates IT service providers across the globe. [HardOCP] [ZDNet]

  • 06-04-2017: This hacker can talk his way into a data center. [DC Knowledge]

  • 05-04-2017: How hackers hijacked a bank's entire online operation. [HardOCP] [Wired] [Schneier]

  • 04-04-2017: Google and Lookout detail super-sophisticated 'Chrysaor' Android malware. [Android Police]

  • 04-04-2017: Botnets in the cloud. [Russ White] [Microsoft Azure]

  • 03-04-2017: Russian hackers have used the same backdoor for two decades. [Wired]

  • 31-03-2017: When the 'S' in HTTPS also stands for shady. [Engadget]

  • 29-03-2017: Strange Mirai botnet brew blamed for powerful application layer attack. [The Register]

  • 28-03-2017: Odds are in favour of quantum encryption. [Russ White] [CSA]

  • 27-03-2017: Encryption is a good thing. [Graham Cluley]

  • 21-03-2017: Fix crap Internet of Things security, booms Internet daddy Cerf. [The Register]

  • 19-03-2017: Phishing scams even fool tech nerds - here's how to avoid them. [Wired] [HardOCP] [US DoJ] [The Verge]

  • 15-03-2017: Sound waves can be used to fool your phone's motion sensors. [Engadget] [HardOCP]

  • 14-03-2017: 'Walnut' attack uses sound to trick sensors in cars, phones, and other devices. [THG]

  • 13-03-2017: Most people still don't know how to protect themselves online. [The Register]

  • 13-03-2017: The CIA's "Development Tradecraft DOs and DON'Ts". [Schneier] [WikiLeaks]

  • 11-03-2017: 'Password rules are bullsh*t!' Stackoverflow Jeff's rage overflows. [The Register] [Coding Horror]

  • 10-03-2017: Google’s new bot-stopping reCAPTCHA is completely invisible. [ExtremeTech] [Gizmodo] [Google] [HardOCP] [NZ Herald] [THG]

  • 08-03-2017: This is why you shouldn’t trust flashy crypto apps. [The Verge]

  • 07-03-2017: The dark web is disappearing. [Gizmodo]

  • 05-03-2017: For true cyber security, using a USB firewall is essential. [Gizmodo]

  • 03-03-2017: How to snoop-proof any phone or tablet. [Gizmodo]

  • 03-03-2017: The golden age of email hacks is only getting started. [Wired]

  • 03-03-2017: Jumping air gaps with blinking lights and drones. [Schneier] [ZDNet] [Wired] [BGU PDF]

  • 28-02-2017: Security slip-ups in 1Password and other password managers 'extremely worrying'. [The Register]

  • 28-02-2017: Protect your online privacy with the 5 best VPNs. [ExtremeTech]

  • 24-02-2017: Major data breach strikes Cloudflare. [ExtremeTech] [Gizmodo] [HardOCP] [THG] [Wired] [The Register]

    • 24-02-2017: Everything you need to know about Cloudbleed. [Gizmodo]

    • 24-02-2017: Cloudbleed is a problem, but it gets worse. [Gizmodo]

    • 24-02-2017: Change your passwords now. [Gizmodo]

  • 23-02-2017: SHA-1 collision found. [Schneier] [Google Security] [THG] [The Register] [The Verge] [Wired] [HardOCP] [Engadget] [Russ White]

    • 03-02-2017: SHA-1 crack just got real: System Centre uses it to talk to Linux. [The Register]

    • 08-03-2017: One in five websites still use outdated SHA-1 encryption algorithm. [HardOCP] [The Register]

  • 12-02-2017: Ex-FBI man spills on why hackers are winning the security game. [The Register]

  • 10-02-2017: Crossing border security? Here's how you protect your data. [Graham Cluley] [Zdziarski]

    • 15-02-2017: Want to protect your data at the border? Delete it. [The Verge]

    • 22-02-2017: What to do when border officials ask for your passwords. [Ars Technica]

  • 06-02-2017: Security firms need to stop exaggerating hackers' abilities. [Graham Cluley] [BBC News]

  • 03-02-2017: iOS cracking tools reportedly used by FBI released to public. [Engadget]

  • 03-02-2017: An Anonymous group just took down a fifth of the dark web. [The Verge] [Engadget] [The Register] [Graham Cluley] [HardOCP] [Newsweek]

  • 03-02-2017: How the US Secret Service breaks into smart phones. [Schneier] [CS Monitor]

  • 01-02-2017: Security and Internet of Things. [Schneier]

  • 01-02-2017: Malwarebytes releases Global State of Malware Report. [Geekzone] [Malwarebytes PDF]

  • 30-01-2017: Half the web is now encrypted, making everyone safer. [Wired]

  • 30-01-2017: DC police surveillance cameras were infected with ransomware before inauguration [Ars Technica]

  • 27-01-2017: Quantum computers vs hackers, round 1. [Wired]

  • 18-01-2017: Who is Anna-Senpai, the Mirai Worm Author? [Krebs] [Schneier] [Engadget] [The Register]

  • 18-01-2017: IPv6 vulnerable to fragmentation attacks that threaten core internet routers. [The Register]

  • 13-01-2017: Blocking attacks from the Incredibly Insecure Internet of Things -- IIIoT. [Secure64]

  • 13-01-2017: WhatsApp vulnerability allows snooping on encrypted messages. [The Guardian] [Android Police] [BBC News] [The Register] [HardOCP] [Schneier]

    • 14-01-2017: Reported “backdoor” in WhatsApp is in fact a feature, defenders say. [Ars Technica] [Lifehacker] [Gizmodo]

    • 14-01-2017: WhatsApp vulnerability could allow Facebook and others to read messages. [Graham Cluley]

    • 14-01-2017: Open Whisper Systems defends Whatsapp against 'backdoor' claims. [Engadget]

  • 13-01-2017: Google wants to make encryption easier for everyone. [Engadget] [The Register]

  • 13-01-2017: NSA-leaking Shadow Brokers lob Molotov cocktail before exiting world stage. [Ars Technica] [Engadget]

  • 11-01-2017: Bible verses are easy to guess, so don't use them as your password. [Lifehacker] [BoingBoing]

  • 11-01-2017: The state of DNS security. [Russ White]

  • 11-01-2017: Shamoon disk-wiping attackers can now destroy virtual desktops. [Ars Technica]

  • 09-01-2017: The Orphaned Internet – Taking Over 120K Domains via a DNS vulnerability in AWS, Google Cloud, Rackspace and Digital Ocean. [EtherealMind]

  • 06-01-2017: US grid in ‘imminent danger’ from cyber-attack, study says. [DC Knowledge]

  • 05-01-2017: 20+ VPNs rated on privacy and security side-by-side. [CompariTech]

  • 05-01-2017: The back-door feature problem. [Russ White] [CAIDA, PDF]

  • 02-01-2017: The biggest security threats coming in 2017. [Wired]

2016 – Security News

  • 29-12-2016: Your 5 totally achievable security resolutions for the New Year. [Wired]

  • 23-12-2016: The year encryption won. [Wired]

  • 22-12-2016: Encryption backdoors are against US national interest. [HardOCP] [ZDNet]

  • 22-12-2016: NIST requests ideas for crypto that can survive quantum computers. [The Register] [THG] [Schneier]

  • 21-12-2016: Don't pay up to decrypt – cure found for CryptXXX ransomware, again. [The Register]

  • 20-12-2016: How to safely delete private data forever. [Gizmodo]

  • 20-12-2016: Hackers suspected of causing power outage in Ukraine. [Graham Cluley]

  • 16-12-2016: DDoS in 2017: Strap yourself in for a bumpy ride. [The Register]

  • 15-12-2016: The new security normal. [Russ White] [MarketWatch]

  • 15-12-2016: One billion affected by Yahoo hack. [BBC News] [Krebs] [The Register] [Lifehacker] [HardOCP] [Reuters] [Wired] [Ars Technica] [Graham Cluley] [ExtremeTech] [Hexus] [THG]

    • 15-12-2016: Stolen Yahoo data includes government employee information. [DC Knowledge]

    • 15-12-2016: Yahoo hack: Should I panic? [BBC News] [Krebs]

    • 15-12-2016: Were Yahoo hackers state-sponsored? [BBC News]

    • 15-12-2016: Security experts slam Yahoo management for using old crypto. [The Register]

    • 15-12-2016: What can you do with a billion Yahoo passwords? Lots of bad things. [Ars Technica]

    • 15-12-2016: In wake of billion-account hack, Verizon reportedly not so hot for Yahoo. [Ars Technica]

    • 16-12-2016: Pressure on Yahoo grows after massive hack attack. [BBC News]

    • 22-12-2016: Response: important security information for Yahoo users. [EtherealMind]

    • 15-03-2017: Russian spies indicted in massive Yahoo account breach. [Engadget] [NZ Herald] [BBC News] [The Register] [HardOCP] [NYT] [Wired] [ExtremeTech] [Krebs] [Graham Cluley]

    • 16-03-2017: How Russian hackers took hold of Yahoo. [Gizmodo] [NZ Herald]

    • 16-03-2017: Russia denies Yahoo hack involvement. [BBC News]

    • 20-03-2017: Lessons from Yahoo hack: Simple tips to safeguard your email. [NZ Herald]

  • 13-12-2016: DDoS-for-hire takedown: 34 arrests made by Europol, FBI, and others. [Graham Cluley] [BBC News]

  • 09-12-2016: The Mirai botnet that broke the Internet isn't going away. [Wired]

    • 08-12-2016: Can ISPs step up and solve the DDoS problem? [The Register]

    • 07-12-2016: Terabit-scale multivector DDoS attacks: the new normal in 2017. [DC Journal]

    • 03-12-2016: There’s a new DDoS army, and it could soon rival record-setting Mirai. [Ars Technica]

  • 02-12-2016: Canada wants software backdoors, mandatory decryption capability and records storage. [THG]

  • 02-12-2016: Feds bust huge 'Avalanche' hacker network in global sting operation. [Gizmodo]

  • 26-11-2016: Locky ransomware uses decoy image files to ambush Facebook, LinkedIn accounts. [Ars Technica] [Gizmodo] [Check Point] [Engadget]

  • 22-11-2016: Akamai on the record KrebsOnSecurity attack. [Krebs]

  • 17-11-2016: The encryption conundrum: Should tech compromise or double down? [The Register]

  • 16-11-2016: Clever USB stick installs backdoor on locked PCs. [Wired] [Gizmodo] [Schneier] [Russ White]

  • 16-11-2016: Experts to Congress: You must act on IoT security. [The Register]

  • 14-11-2016: IoT goes nuclear. [Russ White] [eyalro]

  • 13-11-2016: New attack reportedly lets 1 modest laptop knock big servers offline. [Ars Technica]

  • 11-11-2016: Russian banks floored by withering DDoS attacks. [The Register]

  • 04-11-2016: Cheap IoT threatens the Internet. [Russ White] [Monday Note]

  • 04-11-2016: Mirai IoT botnet blamed for 'taking Liberia off the internet'. [BBC News]

  • 01-11-2016: This office printer is actually a rogue cell tower. [Gizmodo] [The Register] [Wired] [Ars Technica]

  • 01-11-2016: The Dark Web isn't all guns and drugs. [Engadget]

  • 29-10-2016: U.S. feds hope cyberattacks will wither under new “strategic principles”. [ReadWriteWeb]

  • 28-10-2016: AI learns how to craft crude crypto all by itself. [The Register] [Schneier]

  • 28-10-2016: Eavesdropping on typing over VoIP. [Schneier] [Cornell arXiv: PDF]

  • 28-10-2016: Web devs want to make the Internet of S**t worse -- much worse. [The Register]

  • 28-10-2016: That Botnet-of-Things malware is getting a nasty makeover. [Ars Technica] [Arbor Networks]

  • 27-10-2016: Internet of S**t things claims another scalp: DNS DDoS smashes StarHub. [The Register]

  • 25-10-2016: Multiple DNS providers and DDoS. [Russ White] [ISOC]

  • 25-10-2016: Corero warns of impending 'tens of terabits per second' DDoS attacks. [THG]

  • 24-10-2016: The Internet needs a security update. [Russ White] [CircleID]

  • 22-10-2016: Why cybersecurity certifications suck. [ipSpace] [Errata Security]

  • 20-10-2016: Some perspective on IoT devices and DDoS attacks. [Russ White] [Arbor Networks]

  • 20-10-2016: Attackers logging your keystrokes via Skype. [Graham Cluley] [THG]

  • 19-10-2016: Spreading the DDoS disease and selling the cure. [Krebs]

  • 18-10-2016: SHA3-256 is quantum-proof, should last billions of years. [The Register]

  • 17-10-2016: Virtual kidnapping. [Schneier] [Washington Post]

  • 15-10-2016: How a chunk of the web disappeared this week: GlobalSign's global HTTPS mistake explained. [The Register]

  • 14-10-2016: Hackers hit a nuclear plant. [Wired]

    • 14-10-2016: Huge DDoS attacks are about to get bigger: Mirai bots infect Sierra Wireless gateways. [The Register] [Ars Technica]

    • 02-12-2016: Meet the two hackers behind October’s big DDoS attack. [ReadWriteWeb]

  • 12-10-2016: Internet routing security initiative gains traction. [Network Computing]

  • 11-10-2016: NSA could put undetectable “trapdoors” in millions of crypto keys. [Ars Technica]

  • 10-10-2016: These 60 dumb passwords can hijack over 500,000 IoT devices into the Mirai botnet. [Graham Cluley]

  • 05-10-2016: CloudFlare shows Tor users the way out of CAPTCHA hell. [The Register]

  • 03-10-2016: The venerable, vulnerable firewall. [Russ White] [CircleID]

  • 29-09-2016: The biggest attack in internet history. [Russ White] [LawFare]

  • 29-09-2016: The growing problem of bots that fight on line. [Russ White] [MIT Technology Review]

  • 27-09-2016: 152k cameras in 990Gbps record-breaking dual DDoS. [The Register] [Ars Technica]

  • 25-09-2016: Australian border cops say they've cracked 'dark net' drug sales. [The Register]

  • 23-09-2016: Malware figures out it's running on VMs and refuses to execute. [The Register] [Schneier] [SentinelOne]

  • 20-09-2016: CloudFlare launches a three-pronged attack to encrypt the entire web. [Wired]

  • 20-09-2016: Quantum comms succeed over metro-scale fibre networks. [The Register]

  • 19-09-2016: Some Cisco customers are being hacked with NSA's exploit tools. [THG] [Graham Cluley]

  • 19-09-2016: Dark web drug sellers shutter location-tracking EXIF data from photos. [The Register]

  • 18-09-2016: Arbor Networks marks 20 years of DDoS attacks targeting ISP networks. [Geekzone]

  • 13-09-2016: Someone is learning how to take down the Internet. [Schneier] [BBC News] [Russ White] [LawFare] [ExtremeTech]

  • 12-09-2016: How 911 emergency services across the United States could be knocked offline by a mobile botnet. [Graham Cluley]

  • 08-09-2016: Verisign DDoS report Q2 2016. [Russ White] [Verisign]

  • 07-09-2016: The limits of SMS for 2-factor authentication. [Krebs]

  • 31-08-2016: FBI Director wants 'adult conversation' about backdooring encryption. [The Register] [HardOCP] [AP]

  • 31-08-2016: Building a new Tor that can resist next-generation state surveillance. [Ars Technica]

  • 30-08-2016: Your browser's password manager probably isn't enough. [Wired]

  • 29-08-2016: iPhone zero-day used by UAE government. [Schneier]

  • 26-08-2016: The NSA is hoarding vulnerabilities. [Schneier]

  • 25-08-2016: A hacking group is selling iPhone spyware to governments. [Wired]

  • 23-08-2016: Boffins design security chip to spot hidden hardware trojans in processors. [The Register]

  • 23-08-2016: Password strength meters still aren't trustworthy. [Lifehacker] [Sophos]

  • 23-08-2016: FBI improved a dark web child pornography site. [Engadget] [Gizmodo]

  • 19-08-2016: Lawless government hacking. [Russ White] [EFF]

  • 17-08-2016: Cisco confirms NSA-linked zeroday targeted its firewalls for years. [Ars Technica]

    • 17-08-2016: The Shadow Brokers mess is what happens when the NSA hoards zero-days. [Wired]

    • 24-08-2016: NSA-linked Cisco exploit poses bigger threat than previously thought. [Ars Technica]

  • 15-08-2016: Hackers claim to auction data they stole from the NSA-linked spies. [Wired] [Ars Technica] [Gizmodo]

    • 16-08-2016: Major NSA/Equation Group leak. [Schneier]

    • 16-08-2016: No-one wants to buy those stolen NSA-linked cyber weapons. [Wired] [HardOCP] [Washington Post]

    • 16-08-2016: Confirmed: hacking tool leak came from “omnipotent” NSA-tied group. [Ars Technica]

    • 16-08-2016: Snowden speculates leak of NSA spying tools is tied to Russian DNC hack. [Ars Technica] [Engadget] [The Register] [BBC News] [The Register]

    • 17-08-20916: NSA website goes down as hackers auction stolen ‘cyber weapons’. [Graham Cluley]

    • 19-08-2016: Your guide to the ‘Shadow Brokers’ NSA theft, which puts the Snowden leaks to shame. [ExtremeTech]

    • 19-08-2016: New Snowden docs suggest Shadow Broker leak was real. [Engadget] [Gizmodo]

    • 22-08-2016: This hacker says he stole more NSA hacking tools. [Gizmodo]

    • 24-08-2016: Equation Group exploit hits newer Cisco ASA, Juniper Netscreen. [The Register]

    • 23-09-2016: NSA operative might have accidentally leaked its hacking tools. [Engadget] [Reuters]

    • 16-12-2016: Shadow Brokers re-emerge, with NSA’s secret exploits for sale. [Graham Cluley]

  • 15-08-2016: Someone seems to be trying to spy on VeraCrypt's security audit. [Graham Cluley] [The Register]

  • 15-08-2016: Tor users in the States were hacked by Australian authorities. [Graham Cluley]

  • 15-08-2016: Blogger turns tables on cyber-scammer by infecting them with ransomware. [Graham Cluley] [Kwiatkowsi] [BBC News]

  • 13-08-2016: NTP is still a security risk. [Russ White] [CircleID]

  • 12-08-2016: The new way to make strong passwords - it's way easier. [NZ Herald] [Stuff]

  • 10-08-2016: Tor promises not to build backdoors into its services. [Engadget]

  • 09-08-2016: How the Iranian government hacks dissidents. [Schneier] [Washington Post]

  • 04-08-2016: Hacking US infrastructure: How vulnerable is it? [ExtremeTech]

  • 03-08-2016: Forget security training, it's never going to solve Layer 8 - people. [The Register]

  • 02-08-2016: Frequent password changes are the enemy of security. [Ars Technica] [Graham Cluley]

  • 02-08-2016: Meet the men who spy on women through their webcams. [Graham Cluley] [Ars Technica]

  • 02-08-2016: 200 million Yahoo passwords being sold on the Dark Web? [Graham Cluley]

  • 02-08-2016: The AdGholas malvertising network used steganography. [Graham Cluley]

  • 02-08-2016: Australian spooks' email guide banishes MS Word macros, JavaScript. [The Register]

  • 01-08-2016: Russia claims it can collect encryption keys. [Engadget] [HardOCP] [DailyDot]

  • 01-08-2016: Secure email service GhostMail shutting down in fear of being abused. [Graham Cluley]

  • 01-08-2016: Meet the chaps who run the Black Hat NoC and let malware roam free. [The Register]

  • 31-07-2016: Moxie Marlinspike, the anarchist bringing encryption to us all. [Wired]

  • 31-07-2016: U.S. Government says SMS codes aren’t safe. [HardOCP] [VentureBeat] [Ars Technica]

  • 28-07-2016: Your wireless keyboard could be giving your secrets away. [Stuff] [Schneier] [Wired]

  • 27-07-2016: New attack bypasses HTTPS protection on Macs, Windows, and Linux. [Ars Technica] [Russ White]

  • 27-07-2016: Choosing a next-generation firewall: 7 factors. [Network Computing]

  • 26-07-2016: Millions of wireless keyboards can let hackers see what you're typing. [Gizmodo]

  • 26-07-2016: Crypto-heist threatens to tank blockchain-based future. [ExtremeTech]

  • 22-07-2016: Malicious computers caught snooping on Tor-anonymized Dark Web sites. [Ars Technica] [ExtremeTech]

    • 26-07-2016: Boffins snoop on snooping Tor nodes. [The Register]

  • 20-07-2016: Now you can hide your smart home on the Darknet. [Wired]

  • 19-07-2016: DDoS trends: Bigger, badder but not longer. [The Register] [HardOCP] [ZDNet]

  • 13-07-2016: Meet Riffle, the next-gen anonymity network that hopes to trounce Tor. [The Register] [Graham Cluley] [ExtremeTech]

  • 12-07-2016: The FBI says its malware isn’t malware because the FBI is good. [Gizmodo] [Graham Cluley]

  • 12-07-2016: SCADA malware caught infecting European energy company. [The Register] [Ars Technica]

    • 18-07-2016: Security firm clarifies power-station 'SCADA' malware claim. [The Register]

  • 11-07-2016: MIT anonymity network promises to be more secure than Tor. [Engadget]

  • 11-07-2016: HTTPS is not a magic bullet for Web security. [Ars Technica]

  • 11-07-2016: Amazingly insecure industrial control systems + internet = no. [The Register]

  • 09-07-2016: HTTPS crypto’s days are numbered. Here’s how Google wants to save it. [Ars Technica] [ExtremeTech] [Schneier]

  • 08-07-2016: Researchers discover Tor nodes designed to spy on hidden services. [Schneier] [BoingBoing]

  • 01-07-2016: Chinese gambling site served near record-breaking complex DDoS. [The Register]

  • 30-06-2016: LizardStresser recruits an army of zombie webcams to launch DDoS attacks. [Graham Cluley] [Russ White] [Arbor Networks]

  • 29-06-2016: Interview with an NSA hacker. [Schneier] [The Intercept]

  • 28-06-2016: 25,000 malware-riddled CCTV cameras form network-crashing botnet. [The Register] [Engadget]

  • 27-06-2016: Researchers steal data using noise from your PC's fans. [HardOCP] [PCWorld] [Wired] [ExtremeTech]

  • 26-06-2016: Stop using SMS for 2FA. [Wired]

  • 24-06-2016: How malware could steal data from an air-gapped PC – via its fan. [Graham Cluley]

  • 23-06-2016: Tor onion hardening will be tear-inducing for feds. [The Register]

  • 22-06-2016: Fraudsters are buying IPv4 addresses. [Schneier] [The Register]

  • 22-06-2016: Stuxnet was the opening shot of decades of non-stop cyber warfare. [The Register]

  • 20-06-2016: Fishing for a cure to DDoS attacks. [DC Journal] [Russ White]

  • 17-06-2016: Non-US encryption is 'theoretical,' claims CIA chief in backdoor debate. [The Register] [Schneier]

  • 09-06-2016: Massive DDoS attacks reach record levels. [HardOCP] [Network World]

  • 06-06-2016: TeamViewer confirms number of hacked user accounts is “significant". [Ars Technica] [The Register]

  • 04-06-2016: How spies, anyone can grab crypto keys from the air. [The Register]

  • 02-06-2016: Cisco warns IPv6 ping-of-death vulnerability is everyone's problem. [The Register]

    • 08-06-2016: IPv6 ping-of-death hits Junos, too. [The Register]

  • 01-06-2016: Hardware backdoor hides in a tiny slice of a computer chip. [Wired]

  • 01-06-2016: The impossible task of creating a “Best VPNs” list today. [Ars Technica]

  • 31-05-2016: Tor Browser 6.0 released with DuckDuckGo search engine support enabled by default. [THG]

  • 25-05-2016: Major DNS provider hit by mysterious, focused DDoS attack. [Ars Technica]

  • 24-05-2016: Poisoned Word document attack refuses to work if it believes it is being watched. [Graham Cluley]

  • 18-05-2016: Mozilla fails to get the details on the FBI's malware hack. [Engadget]

    • 26-05-2016: Judge throws out evidence after FBI refuses to reveal Tor vulnerability. [THG]

    • 04-06-2016: FBI: Exploit that revealed Tor-enabled child porn users wasn’t malware. [Ars Technica]

    • 25-06-2016: FBI’s use of Tor exploit is like peering through “broken blinds". [Ars Technica] [Engadget]

  • 18-05-2016: LinkedIn password breach much bigger than thought: 117 million. [Ars Technica] [BBC News] [Graham Cluley] [The Register] [Krebs] [HardOCP] [Kaspersky] [Stuff]

    • 19-05-2016: LinkedIn plays down '117 million users' breach data sale. [The Register]

    • 23-05-2016: LinkedIn's poor handling of 2012 data breach comes back to haunt it. [Graham Cluley]

    • 01-06-2016: How LinkedIn’s password sloppiness hurts us all. [Ars Technica]

  • 17-05-2016: Lego robots versus gesture security. [Russ White] [Motherboard]

  • 17-05-2016: Random number generator 'improved'. [BBC News] [The Register] [THG] [Russ White] [TheNewStack]

  • 12-05-2016: The Ukrainian hacker who became the FBI’s best weapon - and worst nightmare. [Wired]

  • 12-05-2016: FBI director warns that feds will bring more encryption-related cases. [Ars Technica]

  • 09-05-2016: NIST starts planning for post-quantum cryptography. [Schneier] [NIST PDF] [The Register] [ComputerWorld] [ExtremeTech]

  • 08-05-2016: FBI can obtain a warrant if you run Tor come December. [HardOCP] [The Merkle]

  • 05-05-2016: Stop resetting your passwords, says UK govt's spy network. [The Register]

  • 03-05-2016: Privacy and cybercrime update. [Russ White]

  • 03-05-2016: The future of encryption is in these politicians hands. [Wired]

  • 03-05-2016: Global Threat Intelligence report ahead of Government Cyber Security Summit. [Stuff]

  • 27-04-2016: Hacking group “PLATINUM” used Windows’ own patching system against it. [Ars Technica]

  • 25-04-2016: Hackers who got caught by a typo were trying to take over the world. [Gizmodo] [Reuters]

  • 25-04-2016: Clapper: Snowden sped up sophistication of crypto, “it’s not a good thing”. [Ars Technica]

  • 22-04-2016: Over 1 million Facebook users login anonymously over Tor. [THG]

  • 21-04-2016: Lock-hackers crack restricted keys used to secure data centres. [The Register]

  • 14-04-2016: A scheme to encrypt the entire web is actually working. [Wired]

  • 14-04-2016: The US is attacking Islamic State with 'cyber bombs'. [Gizmodo] [Reuters] [Ars Technica] [Engadget] [ExtremeTech]

    • 28-04-2016: As US drops “cyber bombs,” ISIS retools its own cyber army. [Ars Technica]

  • 12-04-2016: Are cryptoworms the future of ransomware? [Graham Cluley]

  • 08-04-2016: Is this how a hacker got the Panama papers? [Gizmodo]

  • 08-04-2016: Security experts react negatively to Burr-Feinstein anti-encryption bill. [THG] [Gizmodo] [Wired] [HardOCP] [TechDirt] [Engadget] [The Register] [Schneier] [Monday Note]

    • 12-04-2016: What you should know about Congress's latest attempt to criminalize encryption. [Lifehacker]

    • 13-04-2016: Read the full Senate bill requiring encryption backdoors. [Engadget]

    • 14-04-2016: Burr-Feinstein anti-encryption draft officially released, Wyden promises filibuster. [THG]

    • 14-04-2016: US anti-encryption law is so 'braindead' it will outlaw file compression. [The Register]

    • 03-05-2016: Julian Sanchez on the Feinstein-Burr bill. [Schneier] [Just Security] [Just Security] [Russ White]

    • 29-05-2016: Senate anti-encryption bill is effectively dead, for now. [Engadget] [The Register]

  • 07-04-2016: Reuters: White House refuses to openly back encryption law. [Engadget]

  • 07-04-2016: Bypassing phone security through social engineering. [Schneier]

  • 05-04-2016: WhatsApp adds end-to-end encryption. [BBC News] [Ars Technica] [Wired] [Stuff] [Graham Cluley] [Schneier] [Android Police] [Engadget]

  • 04-04-2016: Gmail, Facebook Messenger BREACHed once again. [The Register]

  • 03-04-2016: Tor accuses CloudFlare of blocking its anonymizing network. [Engadget]

  • 01-04-2016: The artist using museums to amplify Tor’s anonymity network. [Wired]

  • 31-03-2016: Why do the Feds usually try to unlock phones? It’s drugs, not terrorism. [Wired]

  • 31-03-2016: UK cops tell suspect to hand over crypto keys in US hacking case. [Ars Technica]

  • 31-03-2016: ISIS encryption opsec. [Schneier]

  • 30-03-2016: Senator Wyden recalls SOPA fight in bid to defeat encryption-weakening efforts. [The Register] [THG]

  • 30-03-2016: CloudFlare: 94 percent of the Tor traffic we see is “per se malicious". [Ars Technica]

  • 30-03-2016: The Apple-FBI battle is over, but the new crypto wars have just begun. [Wired] [Schneier]

  • 30-03-2016: The anatomy of a nation-state hack attack. [BBC News]

  • 30-03-2016: Poll results: Internet users don't understand security or privacy. [The Register] [Stuff]

  • 29-03-2016: FBI: No, we won't tell you how we unmask and torpedo illegal Tor users. [The Register] [BBC News] [Gizmodo]

    • 25-10-2016: Judge orders FBI to reveal whether White House launched 'Tor pedo' torpedo exploits. [The Register]

  • 25-03-2016: Stealthy malware targeting air-gapped PCs leaves no trace of infection. [Ars Technica]

  • 23-03-2016: Google, Microsoft, and others publish new email security standard. [HardOCP] [InfoWorld]

  • 22-03-2016: Tor Project works on anti-FBI defenses amid iOS row with Apple. [The Register]

  • 22-03-2016: FBI's Most Wanted: Syrian Electronic Army hacktivists. [The Register] [Engadget] [Schneier] [Graham Cluley]

  • 21-03-2016: Paris terrorists used burner phones, not encryption, to evade detection. [Ars Technica]

  • 17-03-2016: HTTPS is not enough: boffins fingerprint user environments without cracking crypto. [The Register]

  • 17-03-2016: New NIST encryption guidelines. [Schneier] [NIST PDF]

  • 16-03-2016: Thoughts on encryption. [Networking Nerd]

  • 16-03-2016: Reaction: more encryption is bad? [Russ White]

  • 14-03-2016: In the FBI’s crypto war, apps may be the next target. [Wired] [THG] [Schneier]

  • 11-03-2016: Hackers target anti-DDoS firm Staminus. [Krebs] [Ars Technica] [Gizmodo]

  • 10-03-2016: Using mouse movements to track you on the Tor network. [HardOCP] [ZDNet]

  • 09-03-2016: Trivial path for DDoS amplification attacks found by infosec bods. [The Register]

  • 07-03-2016: Apple Macs hit with first-ever ransomware. [ExtremeTech] [Hexus] [THG]

  • 07-03-2016: GCHQ boss: Tech firms should co-operate over encryption. [BBC News] [The Register]

  • 06-03-2016: DDoS attacks up 149% from last quarter. [HardOCP] [TweakTown]

  • 05-03-2016: Quantum computer could mean end of encryption. [HardOCP] [MIT]

  • 03-03-2016: New attack steals secret crypto keys from Android and iOS phones. [Ars Technica]

  • 03-03-2016: Next-generation firewalls put to the test. [Network Computing]

  • 02-03-2016: Schneier: We're sleepwalking towards digital disaster and are too dumb to stop. [The Register]

  • 01-03-2016: What exactly do we mean by 'backdoor'? [The Register]

  • 01-03-2016: DDoS attacks up 149 percent as brassy booter kids make bank. [The Register]

  • 29-02-2016: Tor takes aim against malicious nodes on the network. [The Register]

  • 27-02-2016: Most software already has a “golden key” backdoor: the system update. [Ars Technica]

  • 26-02-2016: Hackers caused Ukrainian power outage, US report concludes. [Ars Technica] [Schneier]

  • 25-02-2016: Tor users are actively discriminated against by website operators. [The Register]

  • 24-02-2016: CloudFlare may consider binning CAPTCHAs for Tor users. [The Register] [Ars Technica]

  • 23-02-2016: Flaws in wireless mice and keyboards let hackers type on your PC. [Wired] [HardOCP] [Bastille] [The Register] [Graham Cluley] [Gizmodo]

  • 23-02-2016: Practical TEMPEST attack. [Schneier] [IACR PDF]

  • 19-02-2016: Tor: 'Mystery' spike in hidden addresses. [BBC News]

    • 04-03-2016: Number of Tor hidden sites spikes - along with paranoia. [Ars Technica]

  • 19-02-2016: FBI must reveal the code it used to hack Dark Web pedophiles. [Engadget]

  • 18-02-2016: NSA’s director says Paris attacks “would not have happened” without crypto. [Ars Technica]

  • 15-02-2016: Survey of the dark web. [Schneier] [Taylor & Francis Online]

  • 15-02-2016: US intelligence chief: the Internet of Things will be used to spy and hack. [Graham Cluley]

  • 13-02-2016: FBI wants $38 million in funding to break encryption. [HardOCP] [ZDNet]

  • 11-02-2016: Global crypto survey proves govt backdoors completely pointless. [The Register] [Schneier] [Ars Technica] [Wired]

  • 10-02-2016: GSMA outlines thoroughly sensible IoT security rules. [The Register] [GSMA]

  • 09-02-2016: How to hack the power grid through home air conditioners. [Wired]

  • 09-02-2016: Senator McCain calls for end-to-end encryption ban in US. [THG]

    • 11-02-2016: U.S. encryption ban would force companies to migrate, say researchers. [THG]

  • 05-02-2016: The 8 worst data breaches of all time. [Network Computing]

  • 02-02-2016: More details on the NSA switching to quantum-resistant cryptography. [Schneier] [NSA IAD]

    • 03-02-2016: Study shows Fed encryption fears overblown — but that’s not good news. [ExtremeTech]

    • 04-02-2016: NSA plans to 'Act Now' to ensure quantum computers can't break encryption. [Gizmodo] [NSA IAD]

  • 01-02-2016: Feds don’t need crypto backdoors to spy - your TV and toothbrush will do. [Ars Technica]

  • 30-01-2016: How anti-encryption laws put everyone at risk. [PocketNow]

  • 28-01-2016: Israeli academics claim they can predict botnet attacks. [The Register]

  • 27-01-2016: Tails 2.0 emerges with major new features, security improvements. [THG] [Tails] [Engadget]

  • 27-01-2016: 500Gbps DDoS attack flattens world record. [The Register] [HardOCP] [ZDNet]

  • 23-01-2016: Internet of Things security is so bad, there’s a search engine for sleeping kids. [Ars Technica]

  • 23-01-2016: After FBI briefly ran Tor-hidden child-porn site, investigations went global. [Ars Technica] [Engadget]

  • 22-01-2016: NSA director: 'Encryption is foundational to the future'. [Engadget]

  • 21-01-2016: NSA chief stakes out pro-encryption position. [HardOCP] [The Intercept]

  • 21-01-2016: The end of work passwords. [Stuff]

  • 19-01-2016: Australia and America working on global no-state-hacking pact. [The Register]

  • 17-01-2016: Here’s what Tor’s data looks like as it flows around the world. [Wired]

  • 15-01-2016: Google's creepy plan to kill the password. [Engadget] [HardOCP] [Stuff]

  • 14-01-2016: New York bill would ban strong encryption, mandate backdoors in all devices. [ExtremeTech] [Ars Technica] [HardOCP] [Inedependent]

  • 13-01-2016: Cisco admits hardcoded password in wireless points. [The Register]

  • 13-01-2016: The debate over government 'backdoors' into encryption isn't just happening in the US. [NZ Herald]

  • 12-01-2016: French government may try to ban strong encryption. [THG]

    • 14-01-2016: France doesn't think encryption backdoors are the answer. [Engadget] [THG] [Schneier]

  • 12-01-2016: Dutch police claim they can crack PGP-encrypted BlackBerrys. [ExtremeTech] [The Register]

  • 12-01-2016: Fortinet explains SSH 'backdoor' discovered in firewalls. [The Register] [Ars Technica]

    • 23-01-2016: Thought you were safe from the Fortinet SSH backdoor? Think again. [The Register]

  • 12-01-2016: DD4BC DDoS extortion gang smashed by international cops. [Graham Cluley]

  • 08-01-2016: Facebook, Google, Microsoft, Twitter, Yahoo slag Snooper’s Charter. [Ars Technica] [HardOCP] [ZDNet] [The Register]

  • 08-01-2016: Power grid vulnerability threatens national security. [DC Knowledge]

  • 08-01-2016: Checkpoint hacks across air-gaps. [The Register]

  • 07-01-2016: US leaders meet with tech CEOs to fight terrorism online. [Engadget] [Wired]

  • 07-01-2016: ProPublica launches dark web's first major news site. [Wired] [Engadget]

  • 07-01-2016: FBI hacked the Dark Web to bust 1,500 pedophiles. [Engadget]

  • 07-01-2016: Trend Micro: Internet scum grab Let's Encrypt certs to shield malware. [The Register]

  • 06-01-2016: The father of online anonymity has a plan to end the crypto war. [Wired]

  • 06-01-2016: Hackers cause a blackout for the first time. [HardOCP] [Washington Post] [Engadget]

  • 04-01-2016: Dutch govt says no to backdoors, gives $540k to OpenSSL. [The Register] [BBC News] [Schneier]

  • 04-01-2016: Irked train hackers talk derailment flaws, drop SCADA password list. [The Register]

2015 – Security News