How China’s Hacking Entered a Reckless New Phase
China has increasingly relied on contractors for its hacking, which opens the door to all kinds of criminal behavior.
Read MoreCyberSecurity
Computer Security, CyberSecurity or Information Technology Security (IT Security) is the protection of computer systems from theft or damage to their hardware, software or electronic data, as well as from disruption or misdirection of the services they provide. CyberSecurity also refers to a set of techniques used to protect the integrity of networks, programs and data from attack, damage or unauthorized access.
China’s and Russia’s Spying Sprees Will Take Years to Unpack
The full extent of the SolarWinds hack and Hafnium’s attack on Microsoft Exchange Server may never be known.
Read More
Chinese Hacking Spree Hit an ‘Astronomical’ Number of Victims
A single group appears to have infiltrated tens of thousands of Microsoft Exchange servers in an ongoing onslaught.
Read More
Facebook Catches Iranian Spies Catfishing US Military Targets
The hackers posed as recruiters, journalists, and hospitality workers to lure their victims.
Read More
Microsoft Password Guidance
This paper provides Microsoft’s recommendations for password management based on current research and lessons from our own experience as one of the largest Identity Providers (IdPs) in the world. It covers recommendations for end users and identity administrators.
Read More
Hacker Lexicon: What Is the Signal Encryption Protocol?
As the Signal protocol becomes the industry standard, it’s worth understanding what sets it apart from other forms of end-to-end encrypted messaging.
Read More
The Incredible Rise of North Korea’s Hacking Army
The country’s cyber forces have raked in billions of dollars for the regime by pulling off schemes ranging from A.T.M. heists to cryptocurrency thefts. Can they be stopped?
Read More
StopRansomware.gov website – The U.S. Government’s One-Stop Location to Stop Ransomware
This website is the U.S. Government’s official one-stop location for resources to tackle ransomware more effectively.
Read More
All the Ways Amazon Tracks You—and How to Stop It
The retail empire is obsessed with your data. But is the convenience worth giving up your personal information?
Read More
Google’s cookie ban and FLoC, explained
At some point next year, Google Chrome will stop using third-party cookies. It’s a move that could upend the global advertising and publishing industries – and it has major implications for your privacy.
Read More
Securing Internet Applications from Routing Attacks
This article provides a new perspective by showing that routing attacks on Internet applications can have even more devastating consequences for users—including uncovering users (such as political dissidents) trying to communicate anonymously, impersonating websites even if the traffic uses HTTPS, and stealing cryptocurrency. This article argues that the security of Internet applications and the network infrastructure should be considered together, as vulnerabilities in one layer led to broken assumptions (and new vectors for attacks) in the other.
Read More
We Have Root: Even More Advice from Schneier on Security
We Have Root: Even More Advice from Schneier on Security By Bruce Schneier Published by John Wiley & Sons, Inc., September 2019. ISBN: 978-1-119-64301-2 “A collection of popular essays from security guru Bruce Schneier ” In his latest collection of …
Read More
Cybersecurity: Is It Worse than We Think?
[In this article, we] seek to complement the myriad security research notes by investigating specific cybersecurity practices within organizations to evaluate where organizations are showing improvement, where they are stagnant, and what may be influencing these changes. Our results confirm that cyber-security continues to receive attention on the surface, but when looking beyond surface-level impressions a surprising lack of progress is being made.
Read More
The Dark Triad and Insider Threats in Cyber Security
In this article, we focus on a set of pathological personality traits known as the dark triad. Evidence from recent insider threat cases leads us to believe these traits may correlate with intentions to engage in malicious behavior.23 After discussing insider threats and the dark triad traits, we present results from an empirical study that illustrate the relationship between the dark triad traits and malicious intent. We then discuss the importance of these results and make recommendations for security managers and practitioners based on our findings.
Read More
Security Analysis of SMS as a Second Factor of Authentication
This article provides some insight into the security challenges of SMS-based multifactor authentication: mainly cellular security deficiencies, exploits in the SS7 (Signaling System No. 7) protocol, and the dangerously simple yet highly efficient fraud method known as SIM (subscriber identity module) swapping. Based on these insights, readers can gauge whether SMS tokens should be used for their online accounts. This article is not an actual analysis of multifactor authentication methods and what can be considered a second (or third, fourth, and so on) factor of authentication; for such a discussion, the author recommends reading security expert Troy Hunt’s report on the topic.
Read More
Protecting Computers and People From Viruses
The really interesting question is what a strong successful analogy, matching computer viruses to organic viruses, would mean.
Read More
Windows 11’s Security Push Puts Microsoft on a Collision Course
An attempt to boost the security of Windows devices may leave millions of them more vulnerable in the long run.
Read More
Secure Multiparty Computation
Over the past three decades, many different techniques have been developed for constructing MPC [MultiParty Computation] protocols with different properties, and for different settings.
Read More
The Ethics of Zero-Day Exploits: The NSA Meets the Trolley Car
This article [takes] two basic approaches to evaluating the ethics of stockpiling zero-day exploits.
Read More
The Identity in Everyone’s Pocket
Proving the authenticity of a device is one of the major challenges facing developers today, but it’s critical for them to complete the enrollment process and decide if they trust the device to hold on to a secret for normal use.
Read More