Security News
2024 – News
29-10-2024: Law enforcement deanonymize Tor users. [Schneier] [Marx] [Tor]
22-10-2024: The Chinese have not broken encryption using quantum computing. [Schneier]
09-10-2024: Two new tools from same group can infect air-gapped devices. [Ars Technica]
07-10-2024: Largest recorded DDoS is 3.8Tbps. [Schneier] [Cloudflare]
01-10-2024: Evil Corp's ties with Russia and NATO member attacks. [The Register] [BBC News] [Tripwire]
27-09-2024: Meta pays price for 100s of millions of passwords stored in plaintext. [Ars Technica]
26-09-2024: Tor Project and Tails to merge. [The Register] [Ars Technica]
20-09-2024: Social engineering attach using captchas. [Schneier] [SANS]
17-09-2024: DC builds are CNI, so objections may be overruled. [The Register]
11-09-2024: Rogue WHOIS server gives researcher superpowers. [Ars Technica]
09-09-2024: Australia threatens to force encryption backdoors. [Schneier] [UpGuard]
03-09-2024: YubiKey side-channel attack. [Schneier] [The Verge] [Engadget] [Ars Technica]
14-08-2024: NIST finalizes trio of post-quantum encryption standards. [The Register] [Schneier]
05-08-2024: Low-profile Dark Angels reap record ransoms. [Krebs]
02-08-2024: Israeli hacktivists brag about taking down Iran's internet. [The Register]
01-08-2024: Cloudflare again under pressure for enabling abusive sites. [Ars Technica]
31-07-2024: Nearly 7% of all Internet traffic is malicious. [Schneier] [Cloudflare]
26-07-2024: Secure boot process compromised. [Schneier] [Ars Technica] [ExtremeTech]
17-07-2024: Almost 7% of all Internet traffic is malicious. [Schneier] [CrowdStrike]
10-07-2024: Long-lived MD5 flaw in RADIUS. [Schneier] [The Register] [Ars Technica]
20-06-2024: Recovering public keys from signatures. [Schneier] [Key Material]
17-06-2024: Upload moderation threat to E2EE. [Restore Privacy]
01-06-2024: Six VPN apps infect systems with botnet malware. [Restore Privacy]
30-05-2024: 911 S5 botnet dismantled. [Tripwire] [Schneier] [Justice]
29-05-2024: Multi-day DDoS storm hits Internet Archive. [The Register]
22-05-2024: Unredacting pixelated text. [Schneier] [BishopFox]
16-05-2024: Zero-trust DNS. [Schneier] [Ars Technica]
15-05-2024: BreachForums seized by FBI. [Ars Technica] [Graham Cluley] [Schneier]
06-05-2024: Your VPN may not be as secure as you think. [Krebs] [Schneier] [Ars Technica]
02-05-2024: UK bans default passwords. [Schneier] [The Record]
18-04-2024: Cisco Hypershield. [The Register]
16-04-2024: Millions of login attempts hitting networks globally. [Ars Technica]
08-04-2024: New security vulnerability in HTML emails. [Schneier] [Lutra Security]
29-03-2024: Lessons from British Library ransomware attack. [Schneier] [British Library]
28-03-2024: Thread hijacking - phishes that prey on curiosity. [Krebs]
28-03-2024: Hardware vulnerability in Apple M-series chips. [Schneier]
14-03-2024: KeyTrap DNS vulnerability. [Geoff Huston]
13-03-2024: Incognito Market - the not-so-secure dark web drug marketplace. [Graham Cluley]
12-03-2024: ToR introduces new "WebTunnel" bridge to help bypass censorhip. [Restore Privacy]
11-03-2024: Tuta Mail adds quantum resistant encryption via TutaCrypt. [Restore Privacy]
01-03-2024: Judge orders NSO to reveal Pegasus source code. [The Register]
27-02-2024: Red Sea submarine cables damaged - likely by Houthis. [The Register] [Network Computing] [DC Knowledge]
25-02-2024: LockBit ransomware gang reappears again after takedown. [Graham Cluley] [The Register]
20-02-2024: LockBit ransomware operation disrupted, free decryptors available. [Restore Privacy] [The Register] [The Register] [The Verge] [ExtremeTech]
19-02-2024: ECHR rejects encryption backdoors. [Schneier]
13-02-2024: Passkeys might really kill passwords. [The Verge]
02-02-2024: Indian startup "hacked the world", then censorship, then backlash. [Ars Technica]
02-02-2024: Cloudflare hacked by nation state using Okta token. [Restore Privacy]
02-02-2024: Former CIA hacker sentence to 40 years. [BBC News] [The Register]
31-01-2024: US disrupts Chinese botnet supporting attacks on critical systems. [Restore Privacy] [The Register] [Ars Technica]
24-01-2024: MOAB repository contains 12TB of stolen credentials. [ExtremenTech] [Restore Privacy]
18-01-2024: One of the largest password dumps uncovered. [Ars Technica]
12-01-2024: The year of the passkey is still far away. [Engadget]
05-01-2025: A “ridiculously weak“ password causes disaster for Orange España. [Ars Technica] [Kentik] [BenJojo]
2023 – News
19-12-2023: SSH just got a lot weaker. [Ars Technica]
10-12-2023: FTC warning: be skeptical about QR codes. [The Verge] [Ars Technica]
02-11-2023: Microsoft is overhauling its software security after major Azure cloud attacks. [The Verge]
11-10-2023: Cisco can't stop using hard-coded passwords. [Schneier] [Cisco]
15-09-2023: How Google Authenticator made one company’s network breach much, much worse. [Ars Technica]
12-09-2023: FBI hacker leaks Airbus data after breaching Turkish Airlines. [Restore Privacy] [Krebs]
11-09-2023: Huge DDoS attack against US financial institution thwarted. [The Register]
05-09-2023: Experts fear criminals are cracking keys stolen in LastPass breach. [Krebs] [The Verge] [Schneier]
29-08-2023: US hacks QakBot, removes botnet infections. [Krebs] [The Register] [The Verge] [Restore Privacy]
18-08-2023: Google announces new algorithm that makes FIDO encryption safe from quantum computers. [Ars Technica]
18-08-2023: Bots are better than humans at solving CAPTCHAs. [Schneier] [ARXIV PDF]
17-08-2023: LinkedIn under attack, accounts seized. [Tripwire]
16-08-2023: UK Electoral Commission hacked. [Schneier] [Electoral Commission]
12-08-2023: Inside the Black Hat NOC - volunteers work in geek heaven. [The Register]
09-08-2023: TunnelCrack attack diverts VPN traffic outside protected tunnel. [Restore Privacy] [The Register]
09-08-2023: Most AMD CPUs since 2017 vulnerable to Inception data-leak attacks. [The Register]
09-08-2023: Intel CPU "Downfall" bug leaks encryption keys are more. [The Register] [Ars Technica]
07-08-2023: AI model can listen to your keystrokes with 95% accuracy. [ExtremeTech] [Schneier] [Ars Technica]
25-07-2023: Backdoor in TETRA police radios. [Schneier] [Vice] [Wired] [Tetraburst] [Ars Technica]
19-07-2023: Attackers find new ways to deliver DDoSes with “alarming” sophistication. [Ars Technica]
17-07-2023: Tracking down a suspect through cell phone records. [Schneier] [CNN]
13-07-2023: What are passkeys, and why are they suddenly everywhere? [Engadget]
25-06-2023: Tor Browser is very much still a thing and getting updates [The Register]
18-06-2023: Microsoft Outlook outages due to DDoS attack. [The Verge] [The Register]
19-05-2023: Security risks of new .zip and .mov domains. [Schneier] [BleepingComputer] [Ars Technica]
09-05-2023: Feds seize 13 more DDoS-for-hire platforms. [Ars Technica] [Krebs]
02-05-2023: AI is being used to generate whole spam sites. [The Verge]
02-05-2023: Samsung tells employees not to use AI tools like ChatGPT, citing security concerns. [The Verge] [Engadget]
28-04-2023: China again signals desire to shape global IPv6 standards. [The Register]
26-04-2023: Palantir shows off an AI that can go to war. [Engadget]
24-04-2023: UK threatens end-to-end encryption. [Schneier]
11-04-2023: AI can now crack most passwords in less than a minute. [ExtremeTech]
05-04-2023: FBI and other shut down Genesis Market. [Schneier] [Krebs] [Engadget]
30-03-2023: ChatGPT on BGP routing security. [ipSpace]
14-03-2023: Ransomware attacks have entered a heinous new phase. [Ars Technica]
28-02/2023: LastPass hack: employee home computer hacked, corporate vault taken. [Ars Technica] [Engadget] [The Verge] [ExtremeTech]
18-02-2023: Browser-in-the-browser attacks now hit directly through email. [Restore Privacy]
14-02-2023: Security study of 10 million VPN servers raises worrying issues. [Restore Privacy]
26-01-2023: Hiding malicious packets behind LLC SNAP header. [ipSpace]
26-01-2023: RSA’s demise from quantum attacks is exaggerated. [Ars Technica]
25-01-2023: NSA publishes IPv6 security guidance. [The Register] [NSA PDF]
17-01-2023: The FBI identified a ToR user. [Schneier] [Vice Motherboard]
16-01-2023: Hacked Cellebrite and MSAB software released. [Schneier]
11-01-2023: Widespread logic controller flaw raises the specter of Stuxnet. [Ars Technica]
06-01-2023: Remote vulnerabilities in cars. [Schneier] [Sam Curry]
03-01-2023: Breaking RSA with a quantum computer. [Schneier] [Arxiv PDF]
2022 – News
23-12-2022: Phishing attacks that bypass 2FA are on the rise. [Restore Privacy]
22-12-2022: LastPass hack worse than first reported. [Engadget] [Ars Technica] [Schneier] [LastPass] [Graham Cluley]
13-12-2022: FBI’s vetted info sharing network ‘InfraGard’ hacked. [Krebs] [ExtremeTech]
12-12-2022: Effective, fast, and unrecoverable: Wiper malware is popping up everywhere. [Ars Technica]
03-12-2022: How Chinese netizens swamped China’s Internet controls. [Ars Technica]
03-12-2022: Darknet markets generate millions in revenue selling stolen personal data. [Ars Technica]
23-11-2022: Security experts have been secretly decrypting systems for Zeppelin ransomware victims for two years. [Graham Cluley]
18-11-2022: Successful hack of time-triggered Ethernet. [Schneier] [Ars Technica]
01-11-2022: New ransomware attack tries to frame security researchers. [ExtremeTech]
30-09-2022: Security vulnerabilities found in covert CIA websites. [Schneier]
30-09-2022: FBI catches ex-NSA employee trying to sell top-secret intelligence documents. [The Verge] [The Register] [Schneier]
29-09-2022: Fake CISO profiles on LinkedIn target Fortune 500s. [Krebs]
21-09-2022: DDoS records keep coming. [Ars Technica]
07-09-2022: New Trident 4C ASIC includes real-time threat analysis option. [Packet Pushers]
07-09-2022: LockBit ransomware gang is surprisingly professional. [Schneier] [Bleeping Computer]
24-08-2022: DDoS threat landscape requires better solutions. [Network Computing]
16-08-2022: The new USB Rubber Ducky is more dangerous than ever. [The Verge] [Schneier]
11-08-2022: I’m a security reporter and got fooled by a blatant phish. [Ars Technica]
10-08-2022: Phishers who breached Twilio and fooled Cloudflare could easily breach others, too. [Ars Technica]
08-08-2022: NIST's post-quantum cryptography standards. [Schneier]
02-08-2022: Post-quantum encryption contender is taken out by single-core PC and 1 hour. [Ars Technica] [The Register] [Schneier]
16-07-2022: Hackers are targeting industrial systems with malware. [Ars Technica] [The Register]
12-07-2022: Ongoing phishing campaign can hack you even when you’re protected with MFA. [Ars Technica] [Schneier]
30-06-2022: Microsoft Exchange servers worldwide hit by stealthy new backdoor. [Ars Technica]
28-06-2022: Wide range of routers are under attack by new, sophisticated malware. [Ars Technica]
28-06-2022: Google warns of sophisticated malware distributed with the help of ISPs. [ExtremeTech]
26-06-2022: How you might be tricked into installing government spyware. [Android Police]
15-06-2022: Tsunami of junk traffic that broke DDoS records delivered by tiniest of botnets. [Ars Technica]
05-05-2022: Apple, Google, and Microsoft want to kill the password with “Passkey” standard. [Ars Technica] [Krebs]
05-05-2022: 15.3 million request-per-second DDoS attack. [Schneier] [Cloudflare]
02-05-2022: Botnet that hid for 18 months boasted some of the coolest tradecraft. [Ars Technica] [Schneier]
14-04-2022: US Government warns of new malware attacks on ICS/SCADA systems. [Graham Cluley] [Schneier] [CISA] [Engadget] [Ars Technica]
05-04-2022: Germany shuts down servers for Russian darknet marketplace Hydra [The Verge] [Ars Technica] [Engadget] [BBC News]
09-03-2022: New method that amplifies DDoSes by 4 billion-fold. [Ars Technica]
01-03-2022: DDoSers are using a potent new method to deliver attacks of unthinkable size. [Ars Technica]
15-02-2022: Researchers find threat group that has been active for 5 years. [Ars Technica]
15-02-2022: BlackByte ransomware group breaches critical US infrastructure [Engadget]
09-02-2022: Breaking 256-bit elliptic curve encryption with a quantum computer. [Schneier] [AVS Quantum Science]
08-02-2022: DDoS attacks expected to get bigger and nastier. [DC Knowledge]
29-01-2022: Microsoft fends off record-breaking 3.47Tbps DDoS attack. [Ars Technica]
26-01-2022: White House instructs agencies to adopt zero trust. [The Verge] [Engadget]
25-01-2022: A bug lurking for 12 years gives attackers root on every major Linux distro. [Ars Technica]
24-01-2022: Linux-targeted malware increased by 35%. [Schneier] [Crowdstrike]
19-01-2022: 9yo kids are launching DDoS attacks against schools. [Bitdefender]
16-01-2022: Cross-platform backdoor RAT for Windows, macOS and Linux discovered. [Ars Technica]
14-01-2022: Russia’s FSB says it has taken down REvil hacker group at US request [The Verge] [Ars Technica] [The Register] [Krebs] [Engadget] [Graham Cluley]
2021 – News
20-12-2021: Evaluating your network security for 2022. [No Jitter]
20-12-2021: Zero trust with zero visibility can't stop ransomware. [Network Computing]
20-12-2021: More on NSO Group and Cytrox. [Schneier] [Citizen Lab]
16-12-2021: "Incredible and terrifying" NSO zero-click iPhone exploit. [Engadget] [Ars Technica]
13-12-2021: NSO Group's Pegasus spyware used against US State Department officials. [Schneier] [Reuters] [The Register]
21-12-2021: The secret Uganda deal that has brought NSO to the brink of collapse. [Ars Technica]
27-12-2021: Spyware scandal rocks Polish government. [The Verge]
10-12-2021: The Internet's biggest players are all affected by critical Log4Shell 0-day. [Ars Technica] [ITP Techblog] [Graham Cluley] [The Register] [Schneier] [Wired]
13-12-2021: The Log4Shell 0-day -- what is it and how bad is it really? [Ars Technica]
15-12-2021: Enterprises see exponential growth in Log4Shell attacks. [DC Knowledge]
15-12-2021: US demands Christmas Eve fix for Log4Shell hack fix. [BBC News]
15-12-2021: Patch fixing critical Log4J 0-day has its own vulnerability that’s under exploit. [Ars Technica]
23-12-2021: Log4J and JNDI exploit -- why so bad? [Computerphile YouTube]
08-12-2021: New German government is pro-encryption and anti-backdoors. [Schneier] [Euractiv]
07-12-2021: Someone is running lots of TOR relays. [Schneier] [The Record] [Slashdot] [Ars Technica]
03-12-2021: iPhones of US diplomats hacked using NSO Group "0-click" exploits. [Ars Technica] [The Verge] [Engadget]
24-11-2021: Apple sues NSO Group. [Schneier] [Apple] [Ars Technica] [The Verge] [Engadget] [BBC News] [The Register]
11-11-2021: Researchers wait 12 months to report vulnerability with 9.8 severity rating. [Ars Technica] [The Register]
03-11-2021: US blacklists Israeli NSO Group. [Ars Technica] [The Verge] [BBC News] [Schneier]
01-11-2021: Trojan source bug threatens the security of all code. [Krebs] [Schneier]
27-10-2021: Police arrest 150 suspects after dark web marketplace closure. [The Verge]
25-10-2021: NYT journalist hacked with NSO spyware. [Schneier] [CitizenLab]
22-10-2021: FBI, others crush REvil using ransomware gang’s favorite tactic against it. [Ars Technica] [The Verge]
26-10-2021: REvil group outraged at "bandit-mugging behavior of the United States". [Graham Cluley]
28-10-2021: REvil gang member identified living luxury lifestyle in Russia. [The Register]
22-10-2021: Nation-state attacker of telecommunications networks. [Schneier] [CrowdStrike]
21-10-2021: How hackers hijacked thousands of high-profile YouTube accounts. [Ars Technica]
21-10-2021: Problems with MFA. [Schneier] [Roger Grimes, LinkedIn]
21-10-2021: US Government warns of BlackMatter ransomware attacks against critical infrastructure. [Tripwire]
19-10-2021: Ransomware attacks against water treatment plants. [Schneier] [CISA]
12-10-2021: Microsoft mitigated one of the largest DDoS attacks ever recorded. [The Verge] [The Register]
29-09-2021: The rise of one-time password interception bots. [Krebs]
25-09-2021: He escaped the Dark Web's biggest bust - now he's back. [Ars Technica]
25-09-2021: LastPass psychology of passwords report. [Geekzone] [LastPass] [LastPass PDF]
21-09-2021: Ransomware victims panicked while FBI secretly held REvil decryption key [Ars Technica] [Schneier] [Washington Post] [Gizmodo]
03-09-2021: Zero-trust model model gains lustre following Azure security flaw. [DC Knowledge]
09-08-2021: New “Glowworm attack” recovers audio from devices’ power LEDs. [Ars Technica]
03-08-2021: Paragon - another cyberweapons arms manufacturer. [Schneier] [Forbes]
18-07-2021: NSO spyware was allegedly used to target activists and journalists. [Engadget] [The Verge] [BBC News] [Schneier] [Networking Nerd] [BBC News] [The Verge] [Engadget]
07-07-2021: Why the password isn’t dead quite yet. [Ars Technica]
28-06-2021: LinkedIn data leak leaves 700 million users exposed. [Restore Privacy] [PocketNow]
08-06-2021: Vulnerabilities in weapon systems. [Schneier]
29-05-2021: US soldiers leaked nuclear info by using flashcard apps. [The Verge] [The Register] [BitDefender]
10-05-2021: Ransomware shuts down US pipeline. [Schneier] [Graham Cluley] [The Verge] [Graham Cluley] [Krebs] [Engadget]
24-04-2021: The Pentagon reportedly gave a small company control of its IP addresses to find security issues. [The Verge] [Engadget] [Ars Technica]
21-04-2021: In epic hack, Signal developer turns the tables on forensics firm Cellebrite. [Ars Technica] [The Register] [Engadget] [ExtremeTech] [Schneier]
15-04-2021: DNI's annual threat assessment. [Schneier] [ODNI PDF]
07-03-2021: A new type of supply-chain attack with serious consequences is flourishing. [Ars Technica]
04-03-2021: Three top Russian cybercrime forums hacked. [Krebs] [Graham Cluley]
28-01-2021: Orca's "State of Public Cloud Security" reveals how most cloud security breaches happen. [Graham Cluley]
20-01-2021: How most large cloud breaches happen. [Graham Cluley]
14-01-2021: Cybercriminals are bypassing MA to access cloud services. [Tripwire]
13-01-2021: Authorities have taken down the dark web’s largest illegal marketplace. [The Verge] [The Register]
2020 – News
24-12-2020: SolarWinds hackers also targeted security firm CrowdStrike. [Engadget]
18-12-2020: Long-standing vulns in 5G protocols open the door for attacks on smartphone users. [The Register]
17-12-2020: Mexican drug cartels with high-tech spyware. [Schneier] [The Guardian]
15-12-2020: Cruise line operator Hurtigruten crippled in ransomware attack. [Graham Cluley]
09-12-2020: FireEye hacked. [Schneier] [FireEye] [The Verge] [Ars Technica] [BBC News] [Engadget] [The Register] [Graham Cluley]
20-10-2020: Trickbot is scrambling to stay alive. [Ars Technica]
12-10-2020: Microsoft helped disrupt the infamous Trickbot botnet. [Engadget] [NZ Herald] [Stuff]
30-09-2020: Quantum-safe cryptography: hype vs reality. [ipSpace]
23-09-2020: 179 arrested in 'Operation DisrupTor' dark web drug takedown. [Engadget]
13-08-2020: NSA and FBI warn that new Linux malware threatens national security. [Ars Technica] [The Register]
12-08-2020: Tor battles to fend off swarm of Bitcoin-stealing exit relays. [The Register]
03-08-2020: Secret questions not as good as you'd think. [ITP Techblog]
26-07-2020: Hackers actively exploit high-severity networking vulnerabilities. [Ars Technica]
09-07-2020: Traffic analysis of home security cameras. [Schneier] [QMUL PDF]
02-07-2020: Law enforcement arrests hundreds after compromising encrypted chat system. [The Verge] [BBC News] [Engadget]
25-06-2020: Two record DDoSes disclosed this week underscore their growing menace. [Ars Technica] [The Register]
19-06-2020: Australia cyberattacks. [BBC News]
16-06-2020: Multiple “CIA failures” led to theft of agency’s top-secret hacking tools. [Ars Technica] [Schneier] [Washington Post]
12-06-2020: Facebook helped develop a Tails exploit. [Schneier] [Gizmodo] [The Register]
10-06-2020: Honda halts production at some plants after being hit by a cyberattack. [Ars Technica] [BBC News] [The Verge] [Engadget]
31-05-2020: Cisco backend servers deployments compromised via SaltStack. [The Register]
21-04-2020: Another story of bad 1970s encryption. [Schneier]
08-04-2020: RSA-250 factored. [Schneier]
20-02-2020: Hackers were inside Citrix for 5 months. [Krebs]
12-02-2020: One of the most destructive botnets can now spread to nearby Wi-Fi networks. [Ars Technica]
07-02-2020: Researchers steal data from computer using monitor brightness. [ExtremeTech]
05-02-2020: Network segmentation blown apart by Cisco CDPwn security bugs. [The Register]
13-01-2020: Microsoft CEO: encryption backdoors are a ‘terrible idea’. [The Verge]
07-01-2020: PGP keys, software security, and much more threatened by new SHA1 exploit. [Ars Technica] [Schneier] [IACR PDF]
2019 – News
16-12-2019: Security vulnerabilities found in the RCS texting protocol. [Schneier] [Wired]
22-11-2019: The NSA warns of TLS inspection. [Schneier] [NSA PDF]
21-11-2019: GPS manipulation. [Schneier] [MIT Technology Review]
06-11-2019: 8chan gets back online -- and is promptly forced off again. [Ars Technica]
06-11-2019: How 8chan (or “8kun”) got (briefly) back online [Ars Technica].
05-11-2019: ISPs lied to Congress to spread confusion about encrypted DNS. [Ars Technica]
02-11-2019: NordVPN users’ passwords exposed in mass credential-stuffing attacks. [Ars Technica]
25-10-2019: Dark web site taken down without breaking encryption. [Schneier] [Wired]
22-10-2019: Hackers steal secret crypto keys for NordVPN. [Ars Technica] [Krebs] [The Verge] [Engadget] [ExtremeTech] [Schneier] [The Register]
10-10-2019: Twitter transgression proves why its flawed 2FA system is such a privacy trap. [Ars Technica]
09-10-2019: Ransomware victim hacks attacker, turning the tables by stealing decryption keys. [Tripwire]
27-09-2019: Police raid ‘bulletproof’ hosting company run out of former NATO bunker. [The Verge] [Krebs] [Ars Technica] [The Register] [Schneier] [AP News] [SECjuice]
01-10-2019: Mariposa botnet author, Darkcode Crime forum admin arrested in Germany. [Krebs]
24-09-2019: Russian national confesses to biggest bank hack in US history [Ars Technica] [The Register]
20-09-2019: World’s most destructive botnet returns with stolen passwords and email in tow. [Ars Technica]
20-08-2019: How malformed packets caused CenturyLink’s 37-hour, nationwide outage. [Ars Technica]
09-08-2019: New DoS attack exploits algorithms to knock sites offline. [Engagdet]
09-08-2019: The most comprehensive ethical hacking course ever created. [ExtremeTech]
06-08-2019: Russian hackers are using IoT devices to infiltrate networks. [Engadget]
06-08-2019: Has public Wifi become more secure? [ITP Techblog]
06-08-2019: Ransomware, “wiper” malware attacks have more than doubled. [Ars Technica]
05-08-2019: The risk of weak online banking passwords. [Krebs]
05-08-2019: GermanWiper isn’t ransomware -- it’s worse than that. [Graham Cluley]
29-07-2019: IoT botnet launched massive 13-day DDoS attack against streaming service. [Graham Cluley]
20-07-2019: NSA contractor sentenced to nine years over theft of classified info. [Engadget] [The Register]
11-07-2019: Whitehats use DoS attack to score key victory against ransomware crooks. [Ars Technica]
26-06-2019: Global phone networks attacked by hackers. [BBC News]
21-06-2019: Backdoor built into Android firmware. [Schneier] [Ars Technica]
25-06-2019: Tracing the supply chain attack on Android. [Krebs]
18-06-2019: Cloudflare aims to make HTTPS certificates safe from BGP hijacking attacks. [Ars Technica]
13-06-2019: DDoS attack that knocked Telegram secure messaging service offline linked to Hong Kong protests. [Graham Cluley] [BBC News] [The Verge]
07-06-2019: Cyber-thieves turn to 'invisible net' to set up attacks. [BBC News]
05-06-2019: New exploit shows warnings of world-wide worm attacks are real. [Ars Technica]
04-06-2019: Microsoft says mandatory password changing is “ancient and obsolete". [Ars Technica]
25-05-2019: Hackers used NSA tool to attack Baltimore’s computer systems. [The Verge] [Engadget]
27-05-2019: Baltimore ransomware attack: NSA faces questions. [BBC News] [Ars Technica]
03-06-2019: No ‘Eternal Blue’ exploit found in Baltimore City ransomware. [Krebs] [Ars Technica]
16-05-2019: Global takedown shows the anatomy of a modern cybercriminal supply chain. [Wired]
15-05-2019: A tough week for IP address scammers. [Krebs]
14-05-2019: Microsoft warns of major WannaCry-like Windows security exploit. [The Verge] [Engadget]
13-05-2019: Cisco bug has massive global implications. [Wired] [The Register]
13-05-2019: Spying on personal alarms and GPS trackers is as simple as sending an SMS. [Graham Cluley]
10-05-2019: Cryptanalyzing a pair of Russian encryption algorithms. [Schneier] [Motherboard]
07-05-2019: Feds take down dark web index and news site Deep Dot Web. [The Verge]
07-05-2019: The CIA sets up shop on Tor, the Anonymous Internet. [Wired]
07-05-2019: Stolen NSA hacking tools were used in the wild 14 months before Shadow Brokers leak. [Ars Technica] [The Register] [Wired] [Engadget] [Schneier]
24-04-2019: Microsoft knows password-expiration policies are useless. [Engadget]
09-04-2019: Mysterious safety-tampering malware infects a second critical infrastructure site. [Ars Technica] [Wired]
09-04-2019: Well-funded surveillance operation infected both iOS and Android devices. [Ars Technica] [ExtremeTech]
05-04-2019: Unhackable cryptography? [Schneier] [Quanta Magazine]
02-04-2019: Hackers don't just want to pwn networks, they literally want to OWN your network. [The Register]
29-03-2019: Hidden backdoor in Intel processors is really a debug port. [The Register]
27-03-2019: Researchers find 36 security flaws in LTE. [Engadget]
26-03-2019: Personal data left on used laptops. [Schneier] [Rapid7] [Gizmodo]
20-03-2019: Aluminium plants hit by cyber-attack, global company turns to manual operations. [Hot for Security] [BBC News] [The Register] [Ars Technica] [Graham Cluley] [DC Knowledge]
21-03-2019: How Lockergoga took down Hydro. [DoublePulsar]
03-04-2019: In its ransomware response, Norsk Hydro is an example for us all. [Graham Cluley]
17-03-2019: How a wireless keyboard lets hackers take full control of connected computers. [Ars Technica] [HardOCP] [David Sopas, YouTube]
05-03-2019: ji32k7au4a83 is a surprisingly bad password. [The Verge]
26-02-2019: Next-gen blackholing to counter DDoS. [NANOG 75 YouTube]
26-02-2019: Four years of breaking HTTPS with BGP hijacking. [NANOG 75 YouTube]
26-02-2019: The Pentagon wants to replace passwords with the way you move or walk. [HardOCP] [Washington Post]
25-02-2019: Android is helping kill passwords on a billion devices. [Wired] [Engadget]
25-02-2019: Flaws in 4G and 5G can lead to spying on location and calls. [The Verge] [Engadget] [No Jitter]
17-02-2019: The Facebook phishing scam that could dupe even vigilant users. [Ars Techncia]
13-02-2019: US Air Force defector allegedly helped Iran hack Americans. [Wired]
04-02-2019: Quantum computing doesn’t threaten good encryption -- yet. [DC Knowledge]
03-02-2019: Why SMS-based 2FA sucks: UK bank falls victim to SS7 attacks. [Android Police]
22-01-2019: Hacking construction cranes. [Schneier] [Trend Micro]
18-01-2019: Short take - HTTPS interception. [Network Collective] [Russ White]
17-01-2019: New massive security breach exposes 773 million passwords. [ExtremeTech]
10-01-2019: A new type of network is on the rise to combat the quantum threat to encryption. [DC Knowledge]
07-01-2019: NSA to release a free tool for reverse engineering malware. [Engadget] [HardOCP] [ZDNet]
2018 – News
24-12-2018: Cryptojacking took over in 2018. [Wired]
24-12-2018: MD5 and SHA-1 still used in 2018. [Schneier] [SWDGE PDF]
24-12-2018: Someone is learning how to take down the internet, and learning fast. [Stuff]
20-12-2018: Most common corporate-network security problems. [DC Journal]
13-12-2018: Iranian phishers bypass 2FA protections offered by Yahoo Mail and Gmail. [Ars Technica] [Schneier] [ExtremeTech]
12-12-2018: Hackers are targeting nuclear, defense, energy, financial businesses. [The Register]
30-11-2018: It's nearly 2019, and your network can get pwned through an oscilloscope. [The Register]
30-11-2018: Marriott breach leaves 500 million exposed with passport, card numbers stolen. [Ars Technica] [Krebs] [Graham Cluley] [The Register] [BBC News] [Stuff] [HardOCP] [Marriott] [Engadget]
30-11-2018: Mass router hack exposes millions of devices to potent NSA exploit. [Ars Technica]
28-11-2018: Encrypted traffic reaches a new threshold. [Network Computing]
28-11-2018: The murky world of smartphone forensics. [NZ Herald]
19-11-2018: Blackout for thousands of dark web pages. [BBC News]
19-11-2018: Using a free VPN? Skip the middleman and send your data direct to China. [The Register]
19-11-2018: What happened to cyber-911? [Schneier]
19-11-2018: A little phishing knowledge may be a dangerous thing. [The Register]
13-11-2018: OneSpan: the passwordless web is coming courtesy of FIDO2. [Graham Cluley]
13-11-2018: Google goes down after major BGP mishap routes traffic through China. [Ars Technica] [The Register] [BBC News] [Wired] [HardOCP] [ThousandEyes Twitter]
13-11-2018: France proposes to make Internet safer, but USA, Russia, China disagree. [The Register]
05-11-2018: GCSB releases cyber resiliency report. [Geekzone] [NCSC PDF]
05-11-2018: Focus on cyber security puts Huawei under the spotlight. [ITP Techblog] [PocketNow]
02-11-2018: PortSmash attack punches hole in Intel's Hyper-Thread CPUs, leaves with crypto keys. [The Register] [HardOCP] [ZDNet] [Ars Technica]
30-10-2018: Cell phone security and heads of state. [Schneier]
20-10-2018: 3 out of 4 employees are a security risk. [Russ White] [Dark Reading]
19-10-2018: Miscreants use pilfered NSA hacking tools to pwn boxes in nuke, aerospace worlds. [The Register]
10-10-2018: China's clampdown on Tor pushes its hackers into foreign backyards. [The Register]
09-10-2018: Withstanding the infinite: DDoS defense in the terabit era. [NANOG 74 YouTube]
14-09-2018: A decade-old attack can break the encryption of most PCs. [Wired]
14-09-2018: Quantum computing and cryptography. [Schneier]
14-09-2018: What you can do when you steal a laptop, reflash the BIOS, and reboot it. [The Register]
14-09-2018: The Register takes the US government's insider threat training course. [The Register]
27-08-2018: WireGuard VPN review: A new type of VPN offers serious advantages. [Ars Technica]
12-08-2018: Australia on the cusp of showing the world how to break encryption. [The Register]
10-08-2018: Satellite hacks are real and the consequences are frightening. [ExtremeTech]
10-08-2018: Encryption doesn't stop someone from working out what you're up to. [The Register]
08-08-2018: Honeypot DDoS monitoring. [Russ White] [APNIC Blog]
06-08-2018: Cracking the passwords of some WPA2 Wi-Fi networks just got easier. [The Register]
03-08-2018: Network security analysis - a new approach. [Network Computing]
01-08-2018: Fin7: the inner workings of a billion-dollar hacking group. [Wired] [HardOCP] [Reuters] [Ars Technica] [Engadget]
01-08-2018: GCHQ on quantum key distribution. [Schneier] [NCSC]
01-07-2018: Cryptojacking malware: what it is and how to fix it. [ReadWriteWeb]
25-07-2018: Major Bluetooth vulnerability. [Schneier] [CERT] [Ars Technica] [No Jitter]
23-07-2018: The secret Internet war over bots. [Wired]
23-07-2018: Google: security keys neutralized employee phishing. [Krebs] [HardOCP] [Engadget] [Android Police] [ExtremeTech] [Schneier]
18-07-2018: Dark Web going darker due to exposure. [HardOCP] [SecurityWeek]
09-07-2018: The worst cybersecurity breaches of 2018 so far. [Wired]
07-06-2018: Cybercrooks are switching to Telegram. [The Register]
06-06-2018: Defending against botnets. [Russ White] [PDF]
06-06-2018: VPNFilter malware infecting 500,000 devices is worse than we thought. [Ars Technica] [The Register] [ExtremeTech] [HardOCP] [Schneier] [Russ White]
06-06-2018: Google’s Mark Risher: why everything we know about passwords is wrong. [The Verge]
06-06-2018: Cloudflare experiments with hidden Tor services. [The Register]
05-06-2018: End-to-end encryption doesn’t stop the FBI reading your messages. [Graham Cluley]
30-05-2018: The limit of HTTPS. [Russ White] [APNIC Blog]
22-05-2018: Cloudflare: DDoS moves to Layer 7. [The Register]
21-05-2018: Biggest web security vulnerabilities haven’t changed much. [DC Knowledge]
17-05-2018: Microsoft's Azure green-lit for use by US spies. [The Register]
15-05-2018: DDoS attacks in 2018 are very large. [EtherealMind] [OURSA YouTube]
14-05-2018: Details on a new PGP vulnerability. [Schneier] [EFail] [Wired] [Ars Technica] [The Register]
11-05-2018: This Tool Can Hack Your Accounts Even with Two-Factor Authentication. [ExtremeTech]
07-05-2018: Password re-use is dangerous - so what about stopping it with password-sharing? [The Register]
06-05-2018: How to keep hackers out of your Facebook and Twitter accounts. [Wired]
03-05-2018: It's world (terrible) password (advice) day. [The Register]
03-05-2018: Nigerian email scammers are more effective than ever. [Wired]
02-05-2018: NIST issues call for "lightweight cryptography" algorithms. [Schneier] [NIST]
27-04-2018: The hidden risks of ssh. [DC Journal]
25-04-2018: DDoS-for-hire service Webstresser dismantled. [Krebs] [The Register] [Graham Cluley] [HardOCP] [The Hacker News] [Engadget]
25-04-2018: Cracking the crypto war. [Wired]
27-04-2018: Ray Ozzie’s plan for unlocking encrypted phones gets a chilly reception. [Ars Technica] [Schneier]
07-05-2018: Ray Ozzie’s crypto proposal - a dose of technical reality. [Ars Technica]
23-04-2018: Cisco switch attacks represent new wave of network exploits. [Network Computing]
19-04-2018: The security risks of logging in with Facebook. [Wired]
16-04-2018: Government hackers: made some malware, don't be surprised if it bites you. [The Register]
12-04-2018: Cloudflare launches "Spectrum" DDoS protection service for all Internet traffic. [THG] [The Register]
10-04-2018: Practical passwordless authentication comes a step closer with WebAuthn. [Ars Technica] [The Verge] [Engadget] [Wired] [HardOCP] [PCMag] [HEXUS]
26-03-2018: FCC to block 'national security risk' companies (Huawei, ZTE) from US's $8.5bn broadband pot. [The Register] [The Verge] [Ars Technica]
26-03-2018: Magical thinking on Internet security. [Russ White] [Farsight Security]
26-03-2018: Adding backdoors at the chip level. [Schneier] [Springer Link] [PDF]
23-03-2018: World celebrates, cyber-snoops cry as TLS 1.3 internet crypto approved. [The Register] [EtherealMind]
22-03-2018: The real cause of large DDoS - IP spoofing. [EtherealMind] [CloudFlare]
22-03-2018: Blocking malware with DNS. [Russ White] [APNIC Blog]
20-03-2018: Side channel attacks in the wild: the smart home. [Russ White]
13-03-2018: Weighing privacy vs security for the Internet's address book. [Wired]
09-03-2018: Crypto zealots. [Geoff Huston]
05-03-2018: World's biggest DDoS attack record broken after just five days. [The Register] [Graham Cluley] [Schneier] [Ars Technica]
08-03-2018: Corero reveals 'kill-switch' to suppress memcached DDoS attacks. [THG] [The Register]
03-03-2018: First IPv6 DoS. [The Register]
01-03-2018: New carrier-based authentication system seeks to replace SMS 2FA. [THG] [Android Police]
01-03-2018: GitHub code tub hit with record-breaking 1.35Tbps DDoS. [The Register] [Engadget] [Krebs] [Graham Cluley]
05-03-2018: World's largest DDoS motives come clear. [HardOCP] [DigitalOcean]
28-02-2018: Large DDoS amplification attacks now possible via memcached servers. [THG]
14-02-2018: A potent botnet is exploiting a critical router bug that may never be fixed. [Ars Technica]
12-02-2018: Cryptojacking threatens critical infrastructure. [Wired] [HardOCP] [Scott Helme]
31-01-2018: Ransomware scammers get scammed themselves by Tor proxy hack. [ExtremeTech]
31-01-2018: New click-to-hack tool: one script to exploit them all... [The Register]
30-01-2018: US AG says Feds have already infiltrated Dark Net. [The Register]
26-01-2018: Lenovo's fingerprint scanner has a hardcoded password. [The Register]
24-01-2018: Tor Browser 7.5 launches with support for next-gen Onion services. [THG]
20-01-2018: Why this intercontinental quantum-encrypted video hangout is a big deal. [Wired]
15-01-2018: BitTorrent users beware: Flaw lets hackers control your computer. [Ars Technica]
12-01-2018: IoT-based DDoS threats loom. [Network Computing]
11-01-2018: Cisco can now sniff out malware inside encrypted traffic. [The Register]
06-01-2018: WD My Cloud drives have a built-in backdoor. [HardOCP] [TechSpot] [Graham Cluley] [ExtremeTech]
02-01-2018: Automatic autofill of your username and password? Not a good idea. [Graham Cluley]
2017 – News
29-12-2017: The rise of cryptojacking and how to stop it. [THG] [Wired]
28-12-2017: Microsoft asserts that "It’s time to kill the password." [Hexus] [HardOCP] [TechSpot] [NZ Herald] [Stuff]
18-12-2017: Lessons learned from the Estonian national ID security flaw. [Schneier] [Cybernetica]
17-12-2017: Hackers shut down plant by targeting its safety system. [Engadget] [HardOCP] [Reuters]
15-12-2017: We need to talk about mathematical backdoors in encryption algorithms. [The Register]
13-12-2017: Mirai IoT botnet co-authors plead guilty. [Krebs] [BBC News] [The Verge] [Ars Technica] [Engadget] [Wired] [Graham Cluley]
11-12-2017: New group of hackers targeting banks around the world. [HardOCP] [Bloomberg]
11-12-2017: HP laptops found to have hidden keylogger. [BBC News] [Graham Cluley] [Hexus] [HardOCP] [Github Blog] [THG] [ExtremeTech]
13-12-2017: How to remove a keylogger from your HP laptop. [Lifehacker]
08-12-2017: Despite takedowns, botnets aren't going away any time soon. [DC Knowledge]
06-12-2017: Satori botnet rears its head, exploiting IoT vulnerabilities. [BitDefender]
06-12-2017: Evidende that Ethiopia is spying on journalists shows that commercial spyware is out of control. [Wired]
05-12-2017: Phishing schemes are using encrypted sites to seem legit. [Wired]
05-12-2017: International team takes down virus-spewing Andromeda botnet. [The Register]
04-12-2017: Underwater net cables are prime targets for terrorists and Russia. [The Register]
29-11-2017: Internet-paralyzing Mirai botnet comes roaring back with new strain. [Ars Technica]
28-11-2017: Ethereum founder unveils roadmap for next-gen blockchain. [THG]
27-11-2017: Don't shame idiots about their idiotically weak passwords. [The Register]
26-11-2017: Quantum encryption is now fast enough for voice calls. [Engadget] [HardOCP] [phys.org] [The Register]
21-11-2017: Over 400 of the world's most popular website record your every keystroke. [HardOCP] [Motherboard] [Schneier]
14-11-2017: Long article on the NSA and the Shadow Brokers. [Schneier] [NYT]
10-11-2017: Hack of attack-for-hire service vDOS snares New Mexico man. [Krebs]
09-11-2017: DDoS-for-Hire Service Launches Mobile App. [Krebs]
09-11-2017: History of networking -- RAVEN and Internet surveillance. [Network Collective]
08-11-2017: Four years later, Yahoo still doesn’t know how Russia hacked 3 billion accounts. [HardOCP] [TechCrunch]
07-11-2017: Cloudflare uses lava lamps to encrypt the Internet. [HardOCP] [CloudFlare]
07-11-2017: Which is the greatest botnet on the whole? [The Register]
07-11-2017: Flaw crippling millions of crypto keys is worse than first disclosed. [Ars Technica]
06-11-2017: A third of the Internet is under attack. [HardOCP] [UCSD]
06-11-2017: Galizia's murder and the security of WhatsApp. [Schneier]
03-11-2017: Tor’s next-gen onion system works to keep servers hidden. [Engadget] [The Register] [THG] [Ars Technica] [Lifehacker]
01-11-2017: Hackers continue to abuse digital certs. [HardOCP] [The Register]
27-10-2017: Critical flaws found in maritime comms system. [HardOCP] [HelpNetSecurity] [Wired]
26-10-2017: 2FA codes could get replaced by physical objects. [The Verge]
25-10-2017: BadRabbit: new wave of cyber attacks hits Russia and other nations. [HardOCP] [Reuters]
26-10-2017: BadRabbit runs out of steam – but be prepared for the next ransomware attack. [Graham Cluley]
27-10-2017: BadRabbit ransomware uses leaked 'EternalRomance' NSA exploit. [HardOCP] [The Hacker News] [Ars Technica]
23-10-2017: The economics of DDoS. [Russ White] [Arbor Networks]
22-10-2017: US energy, nuke and aviation sectors under sustained attack. [The Register] [HardOCP] [US-CERT]
20-10-2017: Your browser could be mining cryptocurrency for a stranger. [Wired] [Lifehacker]
20-10-2017: The Reaper botnet could be worse than Mirai. [Wired] [Graham Cluley] [Schneier]
27-10-2017: Assessing the threat the Reaper botnet poses to the Internet. [Ars Technica]
19-10-2017: Cryptojacking is everywhere, it's getting worse each day. [HardOCP]
17-10-2017: Discovering the threats below the surface on the Dark Web. [ReadWriteWeb]
16-10-2017: The TPM encryption many major companies rely on has a serious flaw. [Engadget] [The Register] [Ars Technica]
16-10-2017: KRACK attack against WiFi encryption. [Schneier] [Ars Technica] [BBC News] [The Register] [THG] [HardOCP] [BleepingComputer] [ExtremeTech] [The Verge] [Wired] [Engadget] [Stuff] [Krebs] [Network Computing] [ITP Techblog] [Graham Cluley] [Computerphile YouTube]
16-10-2017: Microsoft has already fixed the Wi-Fi attack vulnerability. [The Verge]
16-10-2017: 41% of Android phones are vulnerable to Wi-Fi attack. [The Verge]
17-10-2017: The flawed system behind the KRACK WiFi meltdown. [Wired]
17-10-2017: Why the KRACK WiFi mess will take decades to clean up. [Wired]
23-10-2017: What does the WPA2 vulnerability mean for IoT? [ReadWriteWeb]
27-10-2017: More articles on KRACK. [Russ White] [Errata Security] [Krebs] [linux.com]
13-10-2017: Large scale cyber attack warning. [HardOCP] [UKRInform]
11-10-2017: 'Crypto Anchors' might stop the next Equifax-style megabreach. [Wired]
11-10-2017: New encryption legislation coming? [HardOCP] [Reuters]
08-10-2017: VPN logs helped unmask alleged 'net stalker. [The Register] [HardOCP] [ExtremeTech] [Graham Cluley]
06-10-2017: DDoS protection: Arbor Networks vs. Kentik. [Network Computing]
05-10-2017: Russian hackers used Kaspersky software to find vulnerable NSA docs. [The Verge] [Wired] [Engadget] [Schneier] [Ars Technica]
11-10-2017: Israel warned the US about Kaspersky after hacking its network. [Engadget] [The Register] [Schneier] [ExtremeTech]
11-10-2017: Kaspersky, Russia, and the antivirus paradox. [Wired]
03-10-2017: How to fight the new breed of DDoS attacks on data centers. [DC Knowledge]
27-09-2017: Why DDoS attacks are on the rise. [DC Knowledge]
26-09-2017: Cloudflare: DDoS will now be "something for the history books". [HardOCP] [Motherboard Vice]
20-09-2017: HVAC hackers attack more than the thermostat. [HardOCP] [BleepingComputer]
18-09-2017: This is why you shouldn’t use texts for two-factor authentication. [The Verge] [The Register] [HardOCP] [Forbes]
18-09-2017: CCleaner, distributed by anti-virus firm Avast, contained malicious backdoor. [Graham Cluley] [Lifehacker] [The Register] [HardOCP] [TNW] [ExtremeTech] [The Verge] [Wired]
18-09-2017: Feds in California are aggressively going after Silk Road, AlphaBay vendors. [Ars Technica]
14-09-2017: New Bluetooth malware affects billions of devices, requires no pairing. [ExtremeTech] [Schneier]
08-09-2017: Budding malware author uses same Skype ID across job applications and IoT botnet ads. [Graham Cluley]
08-09-2017: Shadow Brokers releases NSA UNITEDRAKE manual. [Schneier] [Document Cloud PDF]
08-09-2017: Five benefits of next-generation firewalls. [Network Computing]
06-09-2017: Hackers lie in wait after penetrating US and Europe power grid networks. [Ars Technica] [The Verge] [Wired]
05-09-2017: Security flaw in Estonian national ID card. [Schneier] [Estonian World]
01-09-2017: Massive Locky ransomware campaign sends out 23 million emails in 24 hours. [Graham Cluley]
01-09-2017: Russian hacking tools codenamed White Bear exposed. [Schneier] [SecureList]
31-08-2017: Is quantum encryption the key to cyber-security? [BBC News]
30-08-2017: Is it time to build an anti-DDoS alliance? [Russ White] [Senki]
28-08-2017: SS7 network vulnerabilities is big business. [HardOCP] [Daily Beast]
28-08-2017: One of first-known Android DDoS malware infects phones in 100 countries. [Ars Technica] [Krebs]
24-08-2017: Why it’s still a bad idea to post or trash your airline boarding pass. [Krebs]
24-08-2017: DreamHost smashed in DDoS attack: who's to blame? [The Register]
24-08-2017: Plug the security holes in your two-factor authentication. [Lifehacker]
24-08-2017: Massive government data leak in Sweden. [Schneier] [Privacy News Online]
22-08-2017: Insider attack on lottery software. [Schneier] [CNBC] [HardOCP] [DMR]
16-08-2017: Imperva discovers 'Pulse Wave' DDoS attacks. [THG]
13-08-2017: Password policies of 40 popular online services analyzed. [HardOCP] [BleepingComputer]
12-08-2017: Russian group that hacked DNC used NSA attack code in attack on hotels. [Ars Technica] [The Register]
08-08-2017: The man who put us through password hell regrets everything. [Engadget] [Stuff, Stuff] [NZ Herald] [Graham Cluley] [BBC News] [Wired] [Russ White] [Shelly Palmer]
05-08-2017: Protect the white hat hackers who are just doing their job. [Wired] [Ars Technica]
21-08-2017: GCHQ knew FBI was planning to arrest WannaCry's 'accidental hero' before he travelled to the USA. [Graham Cluley] [The Register]
04-08-2017: Penetrating a Casino's network through an Internet-connected fishtank. [Schneier] [Washington Post]
01-08-2017: Encryption substitute. [Russ White] [ScribD]
31-07-2017: NetFlix crafted DDoS. [Russ White] [Medium] [The Register]
31-07-2017: Facebook COO Sheryl Sandberg: crypto ban won't help trap terrorists. [The Register]
30-07-2017: The very best hacks from Black Hat. [Wired]
29-07-2017: Tor's Dingledine: dark web doesn't exist, and people use network for privacy, not crime. [The Register]
28-07-2017: How Netflix DDoSed itself to help protect the entire Internet. [Wired]
28-07-2017: Zero-day vulnerabilities against Windows in the NSA tools released by the Shadow Brokers. [Schneier] [Rapid7]
28-07-2017: Cyber spies use fake profile as a 'honey pot' to trap male workers. [NZ Herald]
27-07-2017: The opsec blunders that landed a Russian politician's fraudster son in the clink for 27 years. [The Register]
26-07-2017: Russia passes bill banning proxies, TOR, VPNs. [HardOCP] [Info Security]
26-07-2017: How to improve your privacy in Windows 10. [Stuff]
26-07-2017: Spies, cops don't need to crack WhatsApp: they'll just hack your smartphone. [The Register]
26-07-2017: The great Ethereum hack. [Russ White] [FreeCodeCamp]
22-07-2017: Letting cyberattack victims hack back is a very unwise idea. [Wired]
20-07-2017: Cisco 2017 midyear cybersecurity report. [Cisco] [THG]
19-07-2017: Let's harden Internet crypto so quantum computers can't crack it. [The Register] [Wired]
19-07-2017: China's 'future-proof' crypto. [The Register] [BBC News]
10-08-2017: Chinese satellite sends 'hack-proof' message. [BBC News]
18-07-2017: Leaked memo says hackers may have compromised UK power plants. [Engadget]
18-07-2017: Quantum computing could make today's encryption obsolete. [DC Knowledge]
17-07-2017: Inside the cyber-attack on the UK parliament. [BBC News]
13-07-2017: AlphaBay taken down by law enforcement across 3 countries. [Ars Technica] [Gizmodo] [The Register] [The Verge] [Wired]
16-07-2017: Dark web chaos as AlphaBay's Alexandre Cazes found dead in Thai jail. [Stuff]
20-07-2017: AlphaBay and Hansa dark web markets shut down. [BBC News] [The Register] [Krebs] [The Verge] [Ars Technica] [Engadget] [Gizmodo] [The Register] [NZ Herald] [ExtremeTech] [HardOCP] [The Hacker News]
20-07-2017: After AlphaBay’s demise, customers flocked to dark market run by Dutch police. [Krebs]
22-07-2017: After AlphaBay and Hansa, there are only more dark web takedowns to come. [The Verge]
24-07-2017: AlphaBay and Hansa: about those dark web marketplaces takedowns. [The Register]
01-08-2017: Dark web markets boom after AlphaBay and Hansa busts. [BBC News]
22-08-2017: After years of investigation, feds bust one of AlphaBay’s largest drug rings. [Ars Technica]
10-07-2017: 2FA is a mess. [The Verge] [The Register]
09-07-2017: Trump talked to Putin about creating a 'Cyber Security unit'. [Engadget] [Gizmodo] [Ars Technica]
10-07-2017: Donald Trump backtracks on Russia joint cybersecurity unit. [BBC News]
07-07-2017: US military will finally start encrypting soldiers' emails. [Engadget]
07-07-2017: Hacking Team is back. [Engadget]
06-07-2017: Why isn't everyone running DNSSEC? [Russ White] [APNIC Blog]
06-07-2017: It's easier than ever to steal someone's keys. [Schneier] [KeyMe]
06-07-2017: After criticism, US Defense Department will implement new encryption standards next year. [Gizmodo]
06-07-2017: Let’s Encrypt to support wildcard certificates starting January 2018. [THG] [The Register] [Ars Technica]
06-07-2017: Drugs and manufacturing equipment imported over the dark web. [Stuff]
05-07-2017: Hackers are targeting nuclear power plant operators in the US. [The Verge] [ReadWriteWeb] [Ars Technica] [Wired] [The Register]
05-07-2017: A major Dark Net market is down and users are worried they got scammed. [Gizmodo]
03-07-2017: HTTPS Certificate Revocation is broken. [Ars Technica] [HardOCP] [Scott Helme]
03-07-2017: What it's like when pro phishers assail your inbox. [Wired]
01-07-2017: The biggest cybersecurity disasters of 2017 so far. [Wired]
30-06-2017: The encryption debate should end right now. [Wired] [ITP Blog]
30-06-2017: Latest ransomware techniques show need for layered security. [PacketU] [Voxy]
29-06-2017: Shadow Brokers hike prices for stolen NSA exploits. [The Register]
29-06-2017: Let’s Encrypt issues 100 million certificates to help secure the web. [THG]
28-06-2017: Why you'll be sorry when encryption is broken. [NZ Herald]
27-06-2017: GoldenEye ransomware campaign spreads throughout Europe. [THG]
27-06-2017: Idea to encrypt stuff on the web at rest hits the IETF's Standard Track. [The Register]
26-06-2017: The FAA is arguing for security by obscurity. [Schneier] [Federal Register]
24-06-2017: Windows 10 source code leak is an embarrassment for Microsoft. [Engadget] [Gizmodo] [HardOCP] [The Register]
27-06-2017: Microsoft confirms Windows code leak, but size, details disputed. [ExtremeTech]
24-06-2017: Hackers attempt to break into UK MPs' email accounts, as Houses of Parliament targeted by cyber attack. [Graham Cluley] [Stuff] [Engadget] [The Verge] [The Register]
26-06-2017: UK Parliament hack a brute-force attack. [The Register]
26-06-2017: UK Parliament maintains restrictions after hacking. [DC Knowledge]
23-06-2017: If these universities had run an ad blocker they might have been saved from ransomware attack. [Graham Cluley]
21-06-2017: The simple trick used by hackers to pinch your mobile number and wreak havoc on your life. [NZ Herald]
20-06-2017: A new way to deal with DDoS. [Russ White] [ECI Telecom]
20-06-2017: Many companies have been ‘hacked’, but please don’t make it THIS easy. [Graham Cluley]
19-06-2017: Bot attacks getting more difficult to detect. [HardOCP] [Dark Reading]
19-06-2017: New techniques to hijack social media accounts. [Schneier] [AccessNow]
19-06-2017: What the average worker doesn't know about security will scare you. [DC Knowledge]
19-06-2017: Backdoor backlash: European Parliament wants better privacy. [The Register]
16-06-2017: Brit hacker admits he siphoned info from US military satellite network. [The Register] [Graham Cluley] [BBC News]
15-06-2017: Inside a porn-pimping spam botnet. [Krebs]
14-06-2017: Data vs analysis in counterterrorism. [Schneier] [The Guardian]
14-06-2017: Internet hygiene still stinks despite botnet and ransomware flood. [The Register]
13-06-2017: Win XP patched to avert new outbreaks spawned by NSA-leaking Shadow Brokers. [Ars Technica] [The Verge] [The Register] [THG] [ExtremeTech] [Engadget]
21-06-2017: Is continuing to patch WinXP a mistake? [Schneier]
13-06-2017: Hovering Over Links Can Install New Malware. [ExtremeTech]
13-06-2017: Who’s afraid of the big, bad botnet? [The Register]
11-06-2017: How your mouse movement could be used to stop identity theft. [Gizmodo]
07-06-2017: Internet cameras have hard-coded password that can’t be changed. [Ars Technica]
06-06-2017: DDoS trends in the last 20 years. [NANOG YouTube]
06-06-2017: Latest on spear phishing attacks. [Schneier] [PDF]
06-06-2017: Following the money hobbled vDOS attack-for-hire service. [Krebs] [Russ White]
06-06-2017: Telegram is the 'app of choice' for terrorists. [Stuff]
05-06-2017: Leaked NSA report says Russians tried to hack state election officials. [Ars Technica] [Engadget] [Schneier]
13-06-2017: Russian hackers probed election systems in 39 states. [The Verge] [Ars Technica] [Gizmodo] [ExtremeTech]
21-06-2017: US official: Russia 'hacked' 21 US states in election. [BBC News]
05-06-2017: Recovering a stored password from a web browser. [Network Computing]
02-06-2017: Fireball malware's flames infect a quarter of a billion computers. [Graham Cluley] [Wired] [HardOCP]
31-05-2017: If you think WannaCry was huge, wait for EternalRocks. [DC Knowledge]
30-05-2017: How to get away with hacking the Department of Homeland Security. [Graham Cluley]
30-05-2017: Shadow Brokers lay out pitch – and name price – for monthly zero-day subscription service. [The Register] [Ars Technica]
29-05-2017: The impact of encryption. [Russ White] [Network Collective] [YouTube]
29-05-2017: NTP updated to spook-harden user comms. [The Register]
27-05-2017: Internet providers have backdoor access to customers' modems. [NZ Herald]
23-05-2017: The future of ransomware. [Schneier]
17-05-2017: 560 million email credentials have been leaked. [Lifehacker]
16-05-2017: 'Shadow Brokers' threaten to release more hacking tools in June. [Engadget]
17-05-2017: Fearing Shadow Brokers leak, NSA reported critical flaw to Microsoft. [Ars Technica]
11-05-2017: US spymasters trash Kaspersky: AV tools can't be trusted. [The Register]
12-05-2017: US intelligence chiefs don't trust Kaspersky - but why? [Graham Cluley]
11-05-2017: Persirai IoT botnet threatens to hijack over 120,000 IP cameras. [Graham Cluley]
10-05-2017: SS7 flaws exploited to hack smartphone 2FA systems. [Schneier]
09-05-2017: NSA confirms Russia hacked French election infrastructure. [Wired]
09-05-2017: Corsa adds IPv4 blacklist to support DDoS appliances. [Packet Pushers]
09-05-2017: I side with the 'bad guys' on encryption. [Stuff]
06-05-2017: The hijacking flaw that lurked in Intel chips is worse than anyone thought. [Ars Technica] [ExtremeTech]
05-05-2017: Modern phishing attempts look more legit, but the methods haven't changed much. [Lifehacker]
05-05-2017: Tips for World Password Day. [Voxy]
03-05-2017: Watch hackers sabotage an industrial robot arm. [Wired]
02-05-2017: Email hackers cost couple their new home. [Graham Cluley] [Krebs]
01-05-2017: FIDO: multi-factor authentication should be included in NIST’s cybersecurity framework. [THG]
30-04-2017: Secure messaging app showdown: WhatsApp vs. Signal. [Lifehacker]
29-04-2017: Hacker holds Netflix to ransom over ‘Orange is the New Black’. [Graham Cluley] [HardOCP] [DataBreaches] [The Verge] [Gizmodo] [BBC News] [Ars Technica]
27-04-2017: A vigilante is putting a huge amount of work into infecting IoT devices. [Ars Technica]
26-04-2017: Interpol unplugs nearly 9,000 Asian command and control networks. [The Register]
22-04-2017: US court hits Russian PoS hacker with record 27 year jail sentence. [Graham Cluley] [Krebs]
21-04-2017: Why I hacked the government. [BBC News]
19-04-2017: The Hajime IoT worm fights the Mirai botnet for control of your devices. [Graham Cluley] [BBC News] [ExtremeTech]
03-05-2017: Hajime malware is turning 300,000 IoT devices into zombies. [ReadWriteWeb]
14-04-2017: How to spot a link you shouldn't click on. [Gizmodo]
13-04-2017: Criminals getting closer to state actors. [Russ White] [Halbheer]
12-04-2017: For a while the infamous Mirai botnet could have exploited your IoT devices to mine Bitcoins. [Graham Cluley]
11-04-2017: Feds deliver fatal blow to botnet that menaced world for 7 years. [Ars Technica] [Wired]
10-04-2017: How HTTPS website security is making the Internet safer from snoopers. [Gizmodo]
10-04-2017: Security threats keep network teams busy. [Network Computing]
10-04-2017: Internet Society to G20 nations: The web must be fully encrypted. [The Register]
08-04-2017: Forget Mirai – Brickerbot malware will kill your crap IoT devices. [The Register] [Engadget]
06-04-2017: Advanced Chinese hacking campaign infiltrates IT service providers across the globe. [HardOCP] [ZDNet]
06-04-2017: This hacker can talk his way into a data center. [DC Knowledge]
05-04-2017: How hackers hijacked a bank's entire online operation. [HardOCP] [Wired] [Schneier]
04-04-2017: Google and Lookout detail super-sophisticated 'Chrysaor' Android malware. [Android Police]
04-04-2017: Botnets in the cloud. [Russ White] [Microsoft Azure]
03-04-2017: Russian hackers have used the same backdoor for two decades. [Wired]
31-03-2017: When the 'S' in HTTPS also stands for shady. [Engadget]
29-03-2017: Strange Mirai botnet brew blamed for powerful application layer attack. [The Register]
28-03-2017: Odds are in favour of quantum encryption. [Russ White] [CSA]
27-03-2017: Encryption is a good thing. [Graham Cluley]
21-03-2017: Fix crap Internet of Things security, booms Internet daddy Cerf. [The Register]
19-03-2017: Phishing scams even fool tech nerds - here's how to avoid them. [Wired] [HardOCP] [US DoJ] [The Verge]
15-03-2017: Sound waves can be used to fool your phone's motion sensors. [Engadget] [HardOCP]
14-03-2017: 'Walnut' attack uses sound to trick sensors in cars, phones, and other devices. [THG]
13-03-2017: Most people still don't know how to protect themselves online. [The Register]
13-03-2017: The CIA's "Development Tradecraft DOs and DON'Ts". [Schneier] [WikiLeaks]
11-03-2017: 'Password rules are bullsh*t!' Stackoverflow Jeff's rage overflows. [The Register] [Coding Horror]
10-03-2017: Google’s new bot-stopping reCAPTCHA is completely invisible. [ExtremeTech] [Gizmodo] [Google] [HardOCP] [NZ Herald] [THG]
08-03-2017: This is why you shouldn’t trust flashy crypto apps. [