An in-depth look inside the US DOJ and Volexity's investigation into the SolarWinds hack, one of the most sophisticated cyberespionage campaigns of the decade
I'd like to highlight this bit. Zero trust, my arse. Lots of new details in this report. https://www.wired.com/... Tweets: Stephane Taillat / @staillat : A great work by @KimZetter @WIRED on the Sol...
A look at Nahoft, an Iran-focused text encryption tool for Android that can turn up to 1,000 characters of Farsi text into a jumble of random words
Lily Hay Newman / Wired : Tweets: @wilderko , @mnureddin , @dgtlcatacombs , and @lilyhnewman Tweets: @wilderko : When governments ban traditional encryption, steganography comes next. Nahoft uses enc...
A look at Facebook's “Red Team X”, an internal hacking team founded in 2020, which probes 3rd-party tech Facebook uses for hardware and software vulnerabilities
Lily Hay Newman / Wired : Tweets: @johnjhacking , @gadgetlab , @lilyhnewman , and @ajxchapman Tweets: John Jackson / @johnjhacking : Jealous. This is what I need to be doing for a living. https://www...
A look at Facebook's “Red Team X”, an internal hacking team founded in 2020, which probes 3rd-party tech Facebook uses for hardware and software vulnerabilities
The internal hacking team has spent the last year looking for vulnerabilities in the products the company uses … Tweets: @johnjhacking , @gadgetlab , @lilyhnewman , and @jenmartinez Tweets: John Jacks...
Profile of Maddie Stone, who leads Google's Project Zero team that studies and neuters actively exploited Android malware
The Project Zero reverse engineer shuts down some of the world's most dangerous exploits—along with antiquated hacker stereotypes. — EVEN WITH A knee injury, Maddie Stone is formidable. Tweets: @how...
Research across 65 countries finds that governments have exploited the pandemic to expand their domestic surveillance capabilities and curtail internet freedom
digital authoritarianism—that was on the rise before the virus hit. https://www.wired.com/... Lily Hay Newman / @lilyhnewman : “Authorities cited the pandemic to justify expanded surveillance powers a...
Election tech giant ES&S and security firm Synack partner to let security professionals, vetted by Synack, conduct penetration testing on some ES&S products
Lily Hay Newman / Wired : Tweets: @synack , @weems , @lilyhnewman , and @caseyjohnellis Tweets: @synack : “By throwing [@essvote's new model of electronic poll book] to the wolves, ES&S can learn abo...
COVID-19 is amplifying the cybersecurity risks for schools as they move to distance learning; they were already at risk due to a lack of dedicated funding
and that was before classes moved almost entirely online. https://www.wired.com/... Lily Hay Newman / @lilyhnewman : “When I took a look, there was so much that was vulnerable—just a stupid amount of ...
Researchers: Zoom sometimes uses encryption keys issued by servers in China, uses a flawed encryption method, and hence is not suited to communicate secrets
but it can be fixed Stephen Warwick / iMore : Today on Zoom: ‘Not suited for secrets’, encryption issues and more Mercury News : Zoombombing: FBI warns video calls are getting hijacked Tweets: Glenn F...
Shadowserver, an organization that “sinkholes” ~5M IP addresses/day to neutralize botnets, loses Cisco funding and must secure $1.7M for 2020 to not go under
Why You Should Care & How You Can Help Tweets: Xander Bouwman / @xbouwman : Shadowserver will no longer be funded by Cisco and needs to raise $400K by May. Their data is critical to cybersecurity rese...