Author: nlqip
Declassified NSA Newsletters Through a 2010 FOIA request (yes, it took that long), we have copies of the NSA’s KRYPTOS Society Newsletter, “Tales of the Krypt,” from 1994 to 2003. There are many interesting things in the 800 pages of newsletter. There are many redactions. And a 1994 review of Applied Cryptography by redacted: Applied…
Read More
The PlexTrac blog proposes a series of basic questions you need to answer once you’ve decided to move forward. Hopefully our description so far has brought home the reasons why an organization would conduct one. Just as important a question, however, is who will participate. This goes beyond just needing to know the emails of…
Read More
No one is immune from being scammed. Just ask Tarah Wheeler, founder and CEO of Red Queen Dynamics, a company that specializes in keeping people scam-free. While onboarding a new hire, a process she put in place stopped a scammer despite a serious cyber misstep. Check out the episode for an object lesson in how…
Read MoreToday, CISA published a new dedicated High-Risk Communities webpage comprised of cybersecurity resources to support civil society communities at heighted risk of digital security threats, including cyber hygiene guidance, a repository of local cyber volunteer programs, and free or discounted tools and services. Despite their vulnerability to advanced cyber threats, many civil society organizations operate…
Read More
“The sophisticated nature of this attack and the use of highly future-proof crypto algorithms (Ed448 vs the more standard Ed25519) led many to believe that the attack may be a nation-state level cyberattack,” researchers from security firm JFrog noted in an analysis. Who is affected by the XZ Utils backdoor? The backdoor is present in…
Read More
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. The intricate world of cybercrime continues to evolve, and with it emerges a disturbing trend known as “digital arrests.” In this scam, fraudsters…
Read MoreCISA released one Industrial Control Systems (ICS) advisory on April 2, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisory for technical details and mitigations. Source link lol
Read More
Apr 02, 2024NewsroomFirmware Security / Vulnerability The malicious code inserted into the open-source library XZ Utils, a widely used package present in major Linux distributions, is also capable of facilitating remote code execution, a new analysis has revealed. The audacious supply chain compromise, tracked as CVE-2024-3094 (CVSS score: 10.0), came to light last week when…
Read More
Apr 02, 2024NewsroomCyber Espionage / Threat Intelligence A threat activity cluster tracked as Earth Freybug has been observed using a new malware called UNAPIMON to fly under the radar. “Earth Freybug is a cyberthreat group that has been active since at least 2012 that focuses on espionage and financially motivated activities,” Trend Micro security researcher…
Read More
On Tuesday, 26 March, Amazon was supposed to have delivered an iPhone 15 and an accompanying Otterbox case to my home. Amazon said it would require a signature upon delivery. So, I naturally ensured that I was home all day so I could sign for the delivery – which I had spent over £700 on.…
Read More