A study found that phishing tests and other training programs designed to educate employees about online dangers reduced phishing success rates by just 2%
Robert McMillan / Wall Street Journal : X: @argvee . LinkedIn: Matt Linton X: Heather Adkins / @argvee : Learn why those employee phishing tests are causing more embarrassment tha...
Google projects the number of reported Android memory safety flaws to be 36 by the end of 2024, down from 220+ in 2019, after adopting memory safety in new code
https://security.googleblog.com/ ... Chandler Carruth / @chandlerc@hachyderm.io : Proud to start sharing Google's strategy for tackling our remaining memory safety challenges: http...
A UK judge sentences Arion Kurtaj, the 18-year-old who leaked GTA VI code and hacked Nvidia, to a secure hospital until a mental health tribunal lets him leave
Katharine Gemmell / Bloomberg :
CISA releases a report detailing Lapsus$'s key techniques, calls for passwordless logins, and asks the FTC and the FCC for stricter SIM swapping protections
> Homeland Security report details how teen hackers exploited security weaknesses in some of the world's biggest companies. “We are seeing a rise in juvenile cybercrime,” @SecMayor...
Mandiant says the North Korea-linked hack of VoIP company 3CX's customers is the first confirmed incident of one software-supply-chain attack enabling another
perhaps the first confirmed case of one software supply chain attack causing another. https://www.wired.com/... Kim Zetter / @kimzetter : I've updated story about 3XC/X_Trader with...
Researchers say North Korean hackers are likely laundering stolen crypto by renting cloud compute to mine fresh coins, avoiding more scrutinized crypto mixers
A spy group working for the Kim regime has been feeding stolen coins into crypto mining services in an effort to throw tracers off their trail.
Google launches a bug bounty program for its open-source projects, offering payouts up to $31,337, one of the first open source-specific vulnerability programs
Apple, Google, and Microsoft plan to offer the FIDO Alliance's passwordless tech on websites and apps, using fingerprint readers, face scanners, and smartphones
a perfect time to think about passkeys. https://www.apple.com/... @can : some dreams come true https://twitter.com/... @k8em0 : This is a true game changer in security https://twit...
White House forms the Cyber Safety Review Board, loosely modeled on NTSB, to investigate major national cybersecurity failures, starting with the Log4j bug
Ethereum co-founder responds: “the properly authenticated decentralized blockchain world is coming”, but is slowed by “limited technical resources and funding”
I've been thinking about Matt Mullenweg's response to Brian Armstrong's response … Rick Webb / Webb Chatham Report : Good morning. Hello. How are you? #562 Cooper Midroni / Future ...
Ethereum co-founder responds: “the properly authenticated decentralized blockchain world is coming”, but is slowed by “limited technical resources and funding”
The word “server” imo is not very useful in the blockchain context; it combines together a bundle of concepts that are best treated separately.
How Web3 apps and wallets inevitably depend on centralized services like OpenSea, Infura, and Alchemy, which don't even provide authenticated responses
Despite considering myself a cryptographer, I have not found myself particularly drawn to “crypto.” I don't think I've ever actually said the words …
Google says it will start verifying users with 2FA enabled using a prompt on their phones, and will soon start automatically enabling 2FA for all users
The company is making some changes to encourage more people to adopt a key digital security mechanism. — Lorenzo Franceschi-Bicchierai