Cybersecurity

"When asked directly about the most pressing digital threats, be it AI misuse or quantum computing, Schneier quipped. "I generally hate ranking threats, but if I had to pick candidates for 'biggest,' it would be one of these: income inequality, late-stage capitalism, or climate change," he wrote. "Compared to those, cybersecurity is a rounding error."
(...)
Asked directly about NSA reforms post-Snowden, Schneier was skeptical, responding: "Well, they haven't had any leaks of any magnitude since then, so hopefully they did learn something about OPSEC. But near as we can tell, nothing substantive has been reformed."

Schneier further clarified, "We should assume that the NSA has developed far more extensive surveillance technology since then," stressing the importance of vigilance.

He touched on the fusion of AI and democracy - a theme of his upcoming book Rewiring Democracy - noting that he didn't "think that AI as a technology will change how different types of government will operate. It's more that different types of governments will shape AI."

He is pessimistic that countries will harness AI's power to do good and help improving quality of life.

"It would be fantastic if governments prioritized these things," he said. "[This] seems unrealistic in a world where countries are imagining some sort of AI 'arms race' and where monopolistic corporations are controlling the technologies. To me, that speaks to the solutions: international cooperation and breaking the tech monopolies. And, yes, those are two things that are not going to happen.""

https://www.scworld.com/news/bruce-schneier-ai-hype-nsa-surveillance-and-cybersecuritys-real-challenges

#CyberSecurity #NSA #Surveillance #AI #AISafety #QuantumComputing #Cryptography #Encryption

"In security advisories posted on its website, Apple confirmed it fixed the two zero-day vulnerabilities, which “may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS.”

The bugs are considered zero days because they were unknown to Apple as they were being exploited.

It’s not yet known who is behind the attacks or how many Apple customers were targeted, or if any were successfully compromised. A spokesperson for Apple did not return TechCrunch’s inquiry.

Apple credited the discovery of one of the two bugs to security researchers working at Google’s Threat Analysis Group, which investigates government-backed cyberattacks. This may indicate that the attacks targeting Apple customers were launched or coordinated by a nation state or government agency. Some government-backed cyberattacks are known to involve the use of remotely planted spyware and other phone-unlocking devices."

https://techcrunch.com/2025/04/16/apple-says-zero-day-bugs-exploited-against-specific-targeted-individuals-using-ios/

#CyberSecurity #Apple iOS #ZeroDayBugs #StateHacking

"A government whistleblower told lawmakers that DOGE's access to National Labor Relations Board (NLRB) systems went far beyond what was needed to analyze agency operations and apparently led to a data breach. NLRB employee Daniel Berulis, a DevSecOps architect, also says he received a threat when he was preparing his whistleblower disclosure.

"Mr. Berulis is coming forward today because of his concern that recent activity by members of the Department of Government Efficiency ('DOGE') have resulted in a significant cybersecurity breach that likely has and continues to expose our government to foreign intelligence and our nation's adversaries," said a letter from the group Whistleblower Aid to the Senate Select Committee on Intelligence leaders and the US Office of Special Counsel.

The letter, Berulis' sworn declaration, and an exhibit with screenshots of technical data are available here. "This declaration details DOGE activity within NLRB, the exfiltration of data from NLRB systems, and—concerningly—near real-time access by users in Russia," Whistleblower Aid Chief Legal Counsel Andrew Bakaj wrote. "Notably, within minutes of DOGE personnel creating user accounts in NLRB systems, on multiple occasions someone or something within Russia attempted to login using all of the valid credentials (e.g. Usernames/Passwords). This, combined with verifiable data being systematically exfiltrated to unknown servers within the continental United States—and perhaps abroad—merits investigation."

Bakaj said they notified law enforcement about an "absolutely disturbing" threat Berulis received on April 7."

https://arstechnica.com/tech-policy/2025/04/government-it-whistleblower-calls-out-doge-says-he-was-threatened-at-home/

#USA #Trump #DOGE #Musk #NLRB #CyberSecurity #DataBreach #DataProtection #Whistleblowing

Open source projects are adapting to CRA requirements—and the journey is already underway.
Civil Infrastructure Platform, Zephyr, and Yocto are setting examples.
The latest blog from the Linux Foundation shares how security best practices are being built in.

🔗 https://www.linuxfoundation.org/blog/pathways-to-cybersecurity-best-practices-in-open-source-how-three-linux-foundation-projects-are-leading-the-way-in-cra-compliance
#OpenSource #Cybersecurity #CRA #LinuxFoundation

We know they didn't catch 100%. Assume they caught 75%. How many millions of malicious ads have been served to folks who don't use an ad blocker? Why won't everyone use an ad blocker? It's not to stop the annoyance. It's a serious #cybersecurity issue.

https://arstechnica.com/gadgets/2025/04/google-used-ai-to-block-three-times-more-fraudulent-advertisers-in-2024/

"Car rental giant Hertz has begun notifying its customers of a data breach that included their personal information and driver’s licenses.

The rental company, which also owns the Dollar and Thrifty brands, said in notices on its website that the breach relates to a cyberattack on one of its vendors between October 2024 and December 2024.

The stolen data varies by region, but largely includes Hertz customer names, dates of birth, contact information, driver’s licenses, payment card information, and workers’ compensation claims. Hertz said a smaller number of customers had their Social Security numbers taken in the breach, along with other government-issued identification numbers.

Notices on Hertz’s websites disclosed the breach to customers in Australia, Canada, the European Union, New Zealand, and the United Kingdom.

Hertz also disclosed the breach with several U.S. states, including California and Maine. Hertz said at least 3,400 customers in Maine were affected but did not list the total number of affected individuals, which is likely to be significantly higher."

https://techcrunch.com/2025/04/14/hertz-says-customers-personal-data-and-drivers-licenses-stolen-in-data-breach/

#CyberSecurity #DataBreaches #Hertz #Hacking #Privacy #DataProtection

"It appears that 4chan was susceptible to a hack because it was running very out of date code that contained various vulnerabilities, according to 404 Media’s look at the code and people sorting through the hack online.

That starts to answer the question of how this happened. But why did it happen? This all has roots in a five year old meme fight.

Soyjak.party, the site where a user began posting about the 4chan hack, was an offshoot of 4chan created as a joke about five years ago. Besides being a general cesspool,
4chan has long been a place that incubates memes. lolcats, the NavySeal copypasta, and Pepe the Frog grew and spread on 4chan’s imageboards. From time to time a meme is overplayed or spammed and mods on the site get tired of it.

Five years ago, users spammed the /qa/ board with soyjaks. Unable to quash the tide of soyfaced jpegs, 4chan shut down the entire /qa/ board. The soyajk loving exiles of 4chan started a new site called soyjak.party where they could craft open mouthed soyboy memes to their heart’s content. When 4chan was hacked on the night of April 14, the /qa/ board briefly returned. “/QA/ RETURNS SOYJAK.PARTY WON” read a banner image at the top of the board.

As of this writing, 4chan is still down."

https://www.404media.co/4chan-is-down-following-what-looks-to-be-a-major-hack-spurred-by-meme-war/

#SocialMedia #CyberSecurity #4Chan #Hacking #Soyjak

"Google’s mobile operating system Android will now automatically reboot if the phone is locked for three days in a row.

On Monday, the tech giant pushed updates to Google Play services, a core part of Android that provides functionalities for apps and the operating system itself. Listed under “Security & Privacy” is a new security feature that “will automatically restart your device if locked for 3 consecutive days.”

Last year, Apple rolled out the same feature for iOS. The thinking behind adding an automatic reboot after a certain period of inactivity is to make life more difficult for someone who is trying to unlock or extract data from a phone; for example, law enforcement using a forensic analysis device like those made by Cellebrite or Magnet Forensics."

https://techcrunch.com/2025/04/15/for-security-android-phones-will-now-auto-reboot-after-three-days/

#CyberSecurity #Android #Google #Privacy

"The European Commission is issuing burner phones and basic laptops to some US-bound staff to avoid the risk of espionage, a measure traditionally reserved for trips to China.

Commissioners and senior officials travelling to the IMF and World Bank spring meetings next week have been given the new guidance, according to four people familiar with the situation.

They said the measures replicate those used on trips to Ukraine and China, where standard IT kit cannot be brought into the countries for fear of Russian or Chinese surveillance.

“They are worried about the US getting into the commission systems,” said one official.

The treatment of the US as a potential security risk highlights how relations have deteriorated since the return of Donald Trump as US president in January.

Trump has accused the EU of having been set up to “screw the US” and announced 20 per cent so-called reciprocal tariffs on the bloc’s exports, which he later halved for a 90-day period.

At the same time, he has made overtures to Russia, pressured Ukraine to hand over control over its assets by temporarily suspending military aid and has threatened to withdraw security guarantees from Europe, spurring a continent-wide rearmament effort.

“The transatlantic alliance is over,” said a fifth EU official.""

https://www.ft.com/content/20d0678a-41b2-468d-ac10-14ce1eae357b

#USA #Trump #CyberSecurity #EU #Espionage #StateHacking

RansomHouse ransomware: what you need to know.

Read more in my article on the Fortra blog: https://www.fortra.com/blog/ransomhouse-ransomware-what-you-need-know

#cybersecurity #ransomware #databreach

"When Let’s Encrypt, a free certificate authority, started issuing 90 day TLS certificates for websites, it was considered a bold move that helped push the ecosystem towards shorter certificate life times. Beforehand, certificate authorities normally issued certificate lifetimes lasting a year or more. With 4.0, Certbot is now supporting Let’s Encrypt’s new capability for six day certificates through ACME profiles and dynamic renewal at:

• 1/3rd of lifetime left
• 1/2 of lifetime left, if the lifetime is shorter than 10 days"

https://www.eff.org/deeplinks/2025/04/certbot-40-long-live-short-lived-certs

#CyberSecurity #WebSecurity #TLS #Certbot #LetsEncrypt

Top-Ten-Maßnahmen gegen Ransomware-Angriffe. 🚨 Ein Ransomware-Angriff kann den ganzen Betrieb lahmlegen – aber mit den richtigen Maßnahmen könnt ihr das Risiko erheblich senken. Hier kommen zehn Maßnahmen, die euch bestmöglich schützen!

Wenn ihr mehr über Ransomware wissen wollt, klickt hier: https://www.bsi.bund.de/dok/1064216

Another breach, this time Bank of America, due to, "...your documentation being lost in transit." or, to summarize into one word that gives just as much information, "reasons."

#BankOfAmerica #Bofa #Cybersecurity #Breach #SecurityBreach

https://www.mass.gov/doc/2025-579-bank-of-america/download

Today Finland is voting in county and municipal #elections. Unsurprisingly the idiot Russian "hacking crew" is DDoSing websites of the political parties.

Newsflash: The voting is pen & paper. No websites are involved in the voting process. You gain absolutely nothing by DDoSing the party websites.

#infosec #cybersecurity

Scammers set up domains with instructions to ignore email security failures on their emails via a DMARC record and Google et al. deliver their obvious dangerous spam to you. I thought, "how stupid" to create a security system so easily disabled.

But, I realize it was NEVER designed to protect YOU from spam. It has ONE purpose. Protect corporations from being spoofed. Period. They set their DMARC to reject or quarantine emails from their domains that fail security. It works perfectly for this and ONLY this. They are protected. You, not so much, but you are not their concern.

It could have been easily expanded to kill spam by not allowing the checks to be ignored, but why should they? They are protected. Common attitude today by too many people.

Am I wrong?
#CyberSecurity #EmailSecurity

Scammers set up domains with instructions to ignore email security failures on their emails via a DMARC record and Google et al. deliver their obvious dangerous spam to you. I thought, "how stupid" to create a security system so easily disabled.

But, I realize it was NEVER designed to protect YOU from spam. It has ONE purpose. Protect corporations from being spoofed. Period. They set their DMARC to reject or quarantine emails from their domains that fail security. It works perfectly for this and ONLY this. They are protected. You, not so much, but you are not their concern.

It could have been easily expanded to kill spam by not allowing the checks to be ignored, but why should they? They are protected. Common attitude today by too many people.

Am I wrong?
#CyberSecurity #EmailSecurity

"If you’re new to prompt injection attacks the very short version is this: what happens if someone emails my LLM-driven assistant (or “agent” if you like) and tells it to forward all of my emails to a third party?
(...)
The original sin of LLMs that makes them vulnerable to this is when trusted prompts from the user and untrusted text from emails/web pages/etc are concatenated together into the same token stream. I called it “prompt injection” because it’s the same anti-pattern as SQL injection.

Sadly, there is no known reliable way to have an LLM follow instructions in one category of text while safely applying those instructions to another category of text.

That’s where CaMeL comes in.

The new DeepMind paper introduces a system called CaMeL (short for CApabilities for MachinE Learning). The goal of CaMeL is to safely take a prompt like “Send Bob the document he requested in our last meeting” and execute it, taking into account the risk that there might be malicious instructions somewhere in the context that attempt to over-ride the user’s intent.

It works by taking a command from a user, converting that into a sequence of steps in a Python-like programming language, then checking the inputs and outputs of each step to make absolutely sure the data involved is only being passed on to the right places."

https://simonwillison.net/2025/Apr/11/camel/

#AI #GenerativeAI #LLMs #PromptInjection #Chatbots #CyberSecurity #Python #DeepMind #Google #ML #CaMeL

Time to mention again, that if you own a domain, and you don't use if for email, that hackers will eventually try to use it to send spam. Google (just one email provider) told me there were 44 attempts in the past week they blocked because I put blocks in place. Do you own a domain not used for email? Have you protected it?

medium.com/nerd-for-tech/prote…

#cybersecurity

Time to mention again, that if you own a domain, and you don't use if for email, that hackers will eventually try to use it to send spam. Google (just one email provider) told me there were 44 attempts in the past week they blocked because I put blocks in place. Do you own a domain not used for email? Have you protected it?

https://medium.com/nerd-for-tech/protect-your-email-domain-by-adding-dmarc-dkim-and-spf-93014add3740

#Cybersecurity

"A coalition of governments has published a list of legitimate-looking Android apps that were actually spyware and were used to target civil society that may oppose China’s state interests.

On Tuesday, the U.K.’s National Cyber Security Centre, or NCSC, which is part of intelligence agency GCHQ, along with government agencies from Australia, Canada, Germany, New Zealand, and the United States, published separate advisories on two families of spyware, known as BadBazaar and Moonshine.

These two spywares hid inside legitimate-looking Android apps, acting essentially as “Trojan” malware, with surveillance capabilities such as the ability to access the phone’s cameras, microphone, chats, photos, and location data, the NCSC wrote in a press release on Wednesday.

BadBazaar and Moonshine, which have been previously analyzed by cybersecurity firms like Lookout, Trend Micro, and Volexity, as well as the digital rights nonprofit Citizen Lab, were used to target Uyghurs, Tibetans, and Taiwanese communities, as well as civil society groups, according to the NCSC.

Uyghurs are a Muslim-minority group largely in China that has for years faced detention, surveillance, and discrimination from the Chinese government, and thus has frequently been the target of hacking campaigns."

https://techcrunch.com/2025/04/09/governments-identify-dozens-of-android-apps-bundled-with-spyware/

#CyberSecurity #China #Android #Spyware #StateHacking #Uyghurs #Tibet #Taiwan

"Chinese officials acknowledged in a secret December meeting that Beijing was behind a widespread series of alarming cyberattacks on U.S. infrastructure, according to people familiar with the matter, underscoring how hostilities between the two superpowers are continuing to escalate.

The Chinese delegation linked years of intrusions into computer networks at U.S. ports, water utilities, airports and other targets, to increasing U.S. policy support for Taiwan, the people, who declined to be named, said.

The first-of-its-kind signal at a Geneva summit with the outgoing Biden administration startled American officials used to hearing their Chinese counterparts blame the campaign, which security researchers have dubbed Volt Typhoon, on a criminal outfit, or accuse the U.S. of having an overactive imagination."

https://www.wsj.com/politics/national-security/in-secret-meeting-china-acknowledged-role-in-u-s-infrastructure-hacks-c5ab37cb

#USA #CyberSecurity #China #StateHacking #VoltTyphoon #Infrastructure

"Now, an exhibit published in the court document shows exactly in what countries 1,223 specific victims were located when they were targeted with NSO Group’s Pegasus spyware.

The country breakdown is a rare insight into which NSO Group customers may be more active, and where their victims and targets are located.

The countries with the most victims of this campaign are Mexico, with 456 individuals; India, with 100; Bahrain with 82; Morocco, with 69; Pakistan, with 58; Indonesia, with 54; and Israel, with 51, according to a chart titled “Victim Country Count,” that WhatsApp submitted as part of the case.

There are also victims in Western countries like Spain (21 victims), the Netherlands (11), Hungary (8), France (7), United Kingdom (2), and one victim in the United States."

https://techcrunch.com/2025/04/09/court-document-reveals-locations-of-whatsapp-victims-targeted-by-nso-spyware/

#CyberSecurity #NSO #Spyware #WhatsApp #Meta #Mexico

In case you haven't noticed #nis2directive is in effect in Finland now:

"Finnish Parliament has passed the government proposal for a national #Cybersecurity Act to implement the EU Cybersecurity Directive (NIS 2 Directive). As regards public administration, the relevant requirements included in the Directive are laid down in the Act on Information Management in Public Administration."

Interestingly this also increases the duties and responsibilities of The Finnish Transport and Communications Agency Traficom:

"The Cybersecurity Act also entails new supervisory duties for Traficom compared to the old NIS Directive. In future, Traficom will be the competent authority supervising cybersecurity issues also in the following sectors: postal and courier services, space, public administration, managed service providers, managed security service providers, research, and the manufacture of vehicles and other transport equipment."

ref: https://traficom.fi/en/news/cybersecurity-act-passed-parliament-obligations-under-nis-2-directive-enter-force-8-april-2025

Ransomware reaches a record high, but payouts are dwindling. Will you be shedding a tear for the cybercriminals?

Read more in my article on the Tripwire blog: https://www.tripwire.com/state-of-security/ransomware-reaches-record-high-payouts-are-dwindling

#cybersecurity #ransomware

"President Donald Trump today signed a Presidential Memorandum today revoking any active security clearance currently held by Chris Krebs, the former director of the Cybersecurity and Infrastructure Security Agency, who famously rumbled publicly with Trump over the latter's false allegations of election fraud during and after the 2020 presidential election.

Trump, at the end of his first presidential term, fired Krebs via a November 17 tweet, two weeks after losing his re-election bid to President Joe Biden, saying that Krebs' claims about the security of the election were inaccurate and accusing him of overstepping his authority as a government official.

The move to strip Krebs of his security clearance follows a string of similar moves made by the Trump administration to strip the clearances of anyone who has been deemed to be disloyal to Trump. This includes many top officials and advisors who initially served Trump during his first presidency before becoming vocal critics of him and his policies."

https://www.zetter-zeroday.com/trump-signs-memorandum-revoking-security-clearance-of-former-cisa-director-chris-krebs/

#USA #Trump #CISA #CyberSecurity