Month: March 2024
About Bruce Schneier I am a public-interest technologist, working at the intersection of security, technology, and people. I’ve been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998. I’m a fellow and lecturer at Harvard’s Kennedy School, a board member of EFF, and the Chief of Security Architecture…
Read More
Mar 29, 2024NewsroomVulnerability / Linux Details have emerged about a vulnerability impacting the “wall” command of the util-linux package that could be potentially exploited by a bad actor to leak a user’s password or alter the clipboard on certain Linux distributions. The bug, tracked as CVE-2024-28085, has been codenamed WallEscape by security researcher Skyler Ferrante.…
Read MoreLessons from a Ransomware Attack against the British Library You might think that libraries are kind of boring, but this self-analysis of a 2023 ransomware and extortion attack against the British Library is anything but. Tags: cyberattack, ransomware, reports Posted on March 29, 2024 at 7:03 AM • 0 Comments Sidebar photo of Bruce Schneier…
Read More
The Olympic Games, the FIFA World Cup, and the Super Bowl are just a few examples of iconic sporting events that showcase the global significance of the professional sports industry. But while professional sports stir passion and emotion among fans, cybercriminals couldn’t care less about the competitive aspects of sports or the feeling of community…
Read More
Mar 29, 2024NewsroomSupply Chain Attack / Threat Intelligence The maintainers of the Python Package Index (PyPI) repository briefly suspended new user sign-ups following an influx of malicious projects uploaded as part of a typosquatting campaign. It said “new project creation and new user registration” was temporarily halted to mitigate what it said was a “malware…
Read More
Thread hijacking attacks. They happen when someone you know has their email account compromised, and you are suddenly dropped into an existing conversation between the sender and someone else. These missives draw on the recipient’s natural curiosity about being copied on a private discussion, which is modified to include a malicious link or attachment. Here’s…
Read More
An intended feature with security implications Last year security researchers from Bishop Fox found and reported five vulnerabilities in the Ray framework. Anyscale, the company that maintains the software, decided to patch four of them (CVE-2023-6019, CVE-2023-6020, CVE-2023-6021 and CVE-2023-48023) in version 2.8.1, but claimed that the fifth one, assigned CVE-2023-48022, was not really a…
Read More
“We’ve been having that debate in security for ten years,” he said. Efforts to centralize security systems have been around for just as long, he said, but for too long, the offerings peddled as “platforms” weren’t really anything of the sort — more bundles of interrelated products than true foundations for all-around security. That’s finally…
Read More
Iran launched its own campaign targeting Israel as the war commenced on October 7. Initially, Iran’s efforts were reactive, and its influence campaign focused on disseminating misleading information. Iranian and Iran-affiliated groups quickly grew more coordinated in their efforts, adding targeted cyberattacks to add to the confusion and mayhem about the situation on the ground.…
Read More
The U.S. government is escalating its response to the notorious BlackCat ransomware gang, announcing a substantial reward for information leading to the identification and location of key members. The $10 million offer comes after the group’s crippling attack on UnitedHealth Group’s Change Healthcare subsidiary, a technology hub that processes billions in insurance payments. The attack,…
Read More