An intermittent outage at Cloudflare on Tuesday briefly knocked many of the Internet's top destinations offline. Some affected Cloudflare customers were able to pivot away from the platform temporarily so that visitors could still access their websites. But security experts…
New Atroposia malware comes with a local vulnerability scanner
A new malware-as-a-service (MaaS) platform named Atroposia provides cybercriminals a remote access trojan that combines capabilities for persistent access, evasion, data theft, and local vulnerability scanning.
Browser Fingerprinting And Why VPNs Won’t Make You Anonymous
Amidst the glossy marketing for VPN services, it can be tempting to believe that the moment you flick on the VPN connection you can browse the internet with full privacy. Unfortunately this is quit…
Some thoughts on security after ten years of qmail 1.0
Some thoughts on security after ten years of qmail 1.0 Bernstein, 2007 I find security much more important than speed. We need invulnerable software systems, and we need them today, even if they ar…
Aisuru Botnet Shifts from DDoS to Residential Proxies
Aisuru, the botnet responsible for a series of record-smashing distributed denial-of-service (DDoS) attacks this year, recently was overhauled to support a more low-key, lucrative and sustainable business: Renting hundreds of thousands of infected Internet of Things (IoT) devices to proxy…
Understanding and Protecting Against Sender Policy Framework (SPF) Poisoning | Abdul Wahab Junaid
What is Sender Policy Framework (SPF)? Sender Policy Framework (SPF) is a technical standard designed to provide a layer of protection against fraudulent
Autonomous AI Hacking and the Future of Cybersecurity - Schneier on Security
AI agents are now hacking computers. They’re getting better at all phases of cyberattacks, faster than most of us expected. They can chain together different aspects of a cyber operation, and hack autonomously, at computer speeds and scale. This is going to change everything. Over the summer, hackers proved the concept, industry institutionalized it, and criminals operationalized it. In June, AI company XBOW took the top spot on HackerOne’s US leaderboard after submitting over 1,000 new vulnerabilities in just a few months. In August, the seven teams competing in DARPA’s AI Cyber Challenge ...
Build vs. Buy: What it Really Takes to Harden Your Software Supply Chain - DevOps.com
Securing the software supply chain requires more than building hardened images. Learn why DIY often fails and what it takes to maintain secure images at scale.
Visa Isn't Centralized—and Neither Is First Person Identity
Visa isn't centralized. Instead, it's a trust framework that lets thousands of participants interoperate. First-person identity brings that same model to digital identity, enabling not one
The latest data breaches are a regular topic in the news. Raising awareness about the prevalence and severity of the issue, as well as how the financial impact on the business can be limited is what we contribute with this article.
Digital Threat Modeling Under Authoritarianism - Schneier on Security
Today’s world requires us to make complex and nuanced decisions about our digital security. Evaluating when to use a secure messaging app like Signal or WhatsApp, which passwords to store on your smartphone, or what to share on social media requires us to assess risks and make judgments accordingly. Arriving at any conclusion is an exercise in threat modeling. In security, threat modeling is the process of determining what security measures make sense in your particular situation. It’s a way to think about potential risks, possible defenses, and the costs of both. It’s how experts avoid being distracted by irrelevant risks or overburdened by undue costs...