News.md

News

Contents

• IOTA Vulnerability Report
• Symantec distrust impact on the webpki
• How long does it take for a MongoDB to be compromised
• Abusing NVIDIA’s node.js to bypass application whitelisting
• What’s the Difference Between WPA2 and WPA3? | Electronic Design
• Turn Off Your Fitbit, Garmin, Apple Watch GPS NOW!
• The default OpenSSH key encryption is worse than plaintext
• New attack on WPA/WPA using PMKID
• Brutal Deluxe Software
• Explotación de sistemas de pagos NFC en Monterrey, Nuevo Leon - TPX MX SA DE CV
• Black Hat 2018: Stealthy Kernel Attack Flies Under Windows Mitigation Radar on Threatpost
• Q: Why Do Keynote Speakers Keep Suggesting That Improving Security Is Possible? A: Because Keynote Speakers Make Bad Life Decisions and Are Poor Role Models
• Spyware Company Leaves ‘Terabytes’ of Selfies, Text Messages, and Location Data Exposed Online - Motherboard
• How an international hacker network turned stolen press releases into $100 million
• Five-Eyes Intelligence Services Choose Surveillance Over Security
• Oh for fuck's sake, not this fucking bullshit again (cryptography edition)
• The curious case of the Raspberry Pi in the network closet: how we found, analyzed (with the help of Reddit) and in the end caught the culprit of a malicious device in our network

2002

• ‘NTFS Hard Links Subvert Auditing’

2013

• The Linux Backdoor Attempt of 2003

2018

• 70+ different types of home routers(all together 100,000+) are being hijacked by GhostDNS
• PoC Attack Escalates MikroTik Router Bug to ‘As Bad As It Gets’
• The British Airways Hack: JavaScript Weakness Pin-pointed Through Time-lining
• APT38: Details on New North Korean Regime-Backed Threat Group
• The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies. Some other conclusions: Hardware Implants
• Security Vulnerabilities in US Weapons Systems
• Nick Sullivan - Is the Web Ready for OCSP Must-Staple?
• Thompson Cyber Security Labs: 50% of firmware certs are expired?
• E Ink Waveforms are a closely guarded secret
• The Effectiveness of Publicly Shaming Bad Security
• A mysterious grey-hat is patching people's outdated MikroTik routers
• This Tech Would Have Spotted the Secret Chinese Chip in Seconds - IEEE Spectrum
• Protecting Mozilla’s GitHub Repositories from Malicious Modification | Mozilla Security Blog
• Tell HN: Now Washington Post is asking to turn off Firefox's tracking protection | Hacker News
• Just because it's an ID doesn't mean anything... at all...
• How to irregular cyber warfare
• New iPhone Passcode Bypass Found Hours After Apple Releases iOS 12.1
• Fake fingerprints can imitate real ones in biometric systems – research
• The seven deadly paradoxes of cryptocurrency | Bank Underground
• Private by Design: How we built Firefox Sync - Mozilla Hacks - the Web developer blog
• Internet Vulnerability Takes Down Google
• New Data Breach exposes 57 million records
• What the Marriott Breach Says About Security
• Bad Consumer Security Advice
• Civil War Photo Sleuth is using facial recognition software to identify people in pictures.
• ID Numbers for 120 Million Brazilians taxpayers exposed onlineSecurity Affairs
• Operation Sharpshooter Targets Global Defense, Critical Infrastructure
• Our Security Models Will Never Work—No Matter What We Do.

2019

• Over 25,000 Linksys Smart Wi-Fi routers vulnerable to sensitive information disclosure flaw, - models affected
• How does Apple (privately) find your offline devices?: A Few Thoughts on Cryptographic Engineering
• Chromecast hack promoting PewDiePie reveals security bug - github
• Ask HN: Good technical GDPR resources? | Hacker News
• First-Ever UEFI Rootkit Tied to Sednit APT | Threatpost | The first stop for security news
• UNDERCLOCKING THE ESP8266 LEADS TO WIFI WEIRDNESS: Sometimes the best hacks come from the most basic of questions. In this case, [CNLohr] was wondering what would happen if he started to reduce the clock speed of the ESP8266’s Baseband PLL (BBPLL) while still trying to communicate with it.
• why-telegram-is-insecure.md
• This Runner Is a Hitman. His GPS Watch Tied Him to a Mob Boss Murder
• Advancing Human-Rights-By-Design In The Dual-Use Technology Industry
• How To Find Hidden Cameras & Spy Gear Like a Professional: The Definitive Guide
• Sorry, your data can still be identified even if it’s anonymized
• How I abused 2FA to maintain persistence after a password change(Google, Microsoft, Instagram, Cloudflare, etc)
• UAE USED CYBER SUPER-WEAPON TO SPY ON IPHONES OF FOES
• 2019 Threat Detection Report - Red Canary
• Why Phone Numbers Stink As Identity Proof
• Protecting your online privacy is tough—but here's a start
• Thoughts on personal data vs non-personal data
• Chinese companies have leaked over 590 million resumes via open databases
• Cryptography That Can’t Be Hacked: Researchers have just released hacker-proof cryptographic code — programs with the same level of invincibility as a mathematical proof.
• Cybercrime market selling full digital fingerprints of over 60,000 users
• When Engineers Become Whistleblowers
• The Most Expensive Lesson Of My Life: Details of SIM port hack
• Full(er) House: Exposing high-end poker cheating devices
• FBI agent accidentally reveals own 8chan posts; attempts to redirect white supremacist rage against Russia
• ORIGIN OF WIRELESS SECURITY: THE MARCONI RADIO HACK OF 1903
• An Army of Robot Surveillance Guards Is Coming
• Viral App FaceApp Now Owns Access To More Than 150 Million People's Faces And Names
• EvilGnome: Rare Malware Spying on Linux Desktop Users
• Capital One Data Theft Impacts 106M People
• The Encryption Debate Is Over - Dead At The Hands Of Facebook
• Attorney General William Barr on Encryption Policy
• Tracking sex: The implications of widespread sexual data leakage and tracking on porn websites
• Hundreds of exposed Amazon cloud backups found leaking sensitive data
• Inside the Hidden World of Elevator Phone Phreaking
• GDPR privacy law exploited to reveal personal data
• Pulse Secure VPN servers vulnerable to CVE-2019-11510 by country – Scan date: August 31, 2019
• Fraudsters deepfake CEO’s voice to trick manager into transferring $243,000
• 600,000 GPS trackers for people and pets are using 123456 as a password
• The Work Diary of Parisa Tabriz, Google’s ‘Security Princess’
• Google accused of secretly feeding personal data to advertisers
• Instagram Confirms Security Issue Exposed User Accounts And Phone Numbers—Exclusive
• Centralised DoH is bad for privacy, in 2019 and beyond
• Google Chrome Keystone is modifying /var symlink on non SIP Macs causing Boot Issues
• Twitter executive for Middle East is British Army 'psyops' soldier
• Vulnerabilities exploited in VPN products used worldwide
• Schneier slams Australia's encryption laws and CyberCon speaker bans
• China’s New Cybersecurity Program: NO Place to Hide
• Clash Over Surveillance Software Turns Personal in Germany
• New surveillance tech means you'll never be anonymous again
• The Untold Story of the 2018 Olympics Cyberattack, the Most Deceptive Hack in History
• SCHILLING: If You Value Freedom On The Internet, Stop Using Google Chrome
• Uncovered: 265 coordinated fake local media outlets serving Indian interests. map.
• How Attackers Could Hijack Your Android Camera to Spy on You
• Here’s why pop culture and passwords don’t mix
• Private Internet Access VPN to be acquired by malware company founded by former Israeli spy
• Is true hacking dead? What we lost.
• Some Fortinet products shipped with hardcoded encryption keys
• Microsoft says new Dexphot malware infected more than 80,000 computers
• We are pleased to announce the factorization of RSA-240
• Ministry for Foreign Affairs launches a bug bounty programme for finding vulnerabilities in online services
• The Great Cannon DDoS Tool Used Against Hong Kong Protestors’ Forum
• Mass scale manipulation of Twitter Trends discovered
• Two Carbanak hackers sentenced to eight years in prison in Kazakhstan
• New Kubernetes malware backdoors clusters via Windows containers
• Inside the Luxembourg free port storing riches for the super-wealthy
• Checking the Linux Kernel with Static Analysis Tools
• Projects and channels that have decided to leave Freenode

2020

• DNS Hijacking: A New Method of MitM Attack Observed in the Wild.
• The First Official NSA Exploit (CVE-2020-0601)
• Win10 Crypto Vulnerability: Cheating in Elliptic Curve Billiards 2
• United Nations Targeted With Emotet Malware Phishing Attack
• Spies Can Listen To Your Conversations By Analyzing A Light Bulb In Your Room
• Who’s Behind Wednesday’s Epic Twitter Hack?
• A catastrophe at Twitter
• Hackers Convinced Twitter Employee to Help Them Hijack Accounts
• Ransomware gang demands $7.5 million from Argentinian ISP
• The TikTok War
• TikTok: Logs, Logs, Logs
• On the Twitter Hack
• Hacking Zoom: Uncovering Tales of Security Vulnerabilities in Zoom
• Water Nue Phishing Campaign Targets C-Suite’s Office 365 Accounts
• Tripwire Research: IoT Smart Lock Vulnerability Spotlights Bigger Issues
• TeamViewer Flaw Could Let Hackers Steal System Password Remotely
• NSA and FBI Expose Russian Previously Undisclosed Malware “Drovorub” in Cybersecurity Advisory
• Terrifying Cybercrime and Cybersecurity Statistics & Trends - 2020
• Microsoft Put Off Fixing Zero Day for 2 Years, Security-in-bits analysis: Interesting tactic by Ratty & Adwind for distribution of JAR appended to signed MSI – CVE-2020-1464, GlueBall: The story of CVE-2020–1464
• Detection Deficit: A Year in Review of 0-days Used In-The-Wild in 2019
• The Big Tesla Hack: A hacker gained control over the entire fleet, but fortunately he’s a good guy
• Now you C me, now you don't: An introduction to the hidden attack surface of interpreted languages
• The Sound of Silence: Mining Security Vulnerabilities fromSecret Integration Channels in Open-Source Projects
• Hackers stole 738 GB of data from Australian government agency
• GhostDNSbusters: Illuminating GhostDNS Infrastructure
• Rampant Kitten – An Iranian Espionage Campaign
• We need to talk about criminal hackers using Cobalt Strike, says Cisco Talos paper: The art and science of detecting Cobalt Strike
• Let's Stop the 5G Hysteria: Understanding Hoaxes and Disinformation Campaigns
• Online avatar service Gravatar allows mass collection of user info
• ZeroLogon is now detected by Microsoft Defender for Identity (CVE-2020-1472 exploitation)
• Advisory 2020-017: Resumption of Emotet malware campaign
• An overview of targeted attacks and APTs on Linux
• More than 247,000 Microsoft Exchange servers are still vulnerable to attacks exploiting the CVE-2020-0688 RCE issue impacting Exchange Server. and Phishing for SYSTEM on Microsoft Exchange (CVE-2020-0688)
• The Fresh Smell of ransomed coffee
• NPM nukes NodeJS malware opening Windows, Linux reverse shells
• The state of checkra1n on iOS 14
• Attackers are abusing Google’s App Engine to circumvent Enterprise Security Solutions…Again!
• Hosting Provider Exposed 63M Records incl. WP & Magento
• New Ransom X Ransomware used in Texas TxDOT cyberattack
• Apple notarizes new Mac malware… again
• Windows kernel vulnerability disclosed by Google's Project Zero after bug exploited in the wild by hackers
• MICROSOFT TEAMS FOR MACOS LOCAL PRIVILEGE ESCALATION
• Cybercriminals Can Now Bypass Security Solutions and Implant Malicious Emails Directly into Inboxes with "Email Appender"
• macOS has checked app signatures online for over 2 years
• An Inconvenient Truth: Ransomware Gangs Are Pivoting To Healthcare As Pandemic Grips US
• Investigation with a twist: an accidental APT attack and averted data destruction
• How the U.S. Military Buys Location Data from Ordinary Apps
• My Phone Was Spying on Me, so I Tracked Down the Surveillants
• APT annual review: What the world’s threat actors got up to in 2020
• Samas Ransomware Uses Active Directory to Infect Entire Networks
• Experts Uncover 'Crutch' Russian Malware Used in APT Attacks for 5 Years
• The Tetrade: Brazilian banking malware goes global
• Your critical infrastructure bug won't be fixed and this is why
• Lazarus covets COVID-19-related intelligence
• China's Army Now Has Killer Robots: Meet the 'Sharp Claw'

2021

• A deeper dive into our May 2019 security incident
• ANNOUNCING PWN2OWN VANCOUVER 2021
• WORLD’S MOST DANGEROUS MALWARE EMOTET DISRUPTED THROUGH GLOBAL ACTION
• Centreon says only 15 entitites were targeted in recent Russian hacking spree
• Big name corporations more likely to commit fraud | WSU Insider | Washington State University
• Know, Prevent, Fix: A framework for shifting the discussion around vulnerabilities in open source
• Shadow Attacks Let Attackers Replace Content in Digitally Signed PDFs
• Researchers Unveil New Linux Malware Linked to Chinese Hackers
• Go malware is now common, having been adopted by both APTs and e-crime groups
• Data Breach – Seguradora
• Chinese government-run facial recognition system hacked by tax fraudsters: report
• This company was hit by ransomware. Here's what they did next, and why they didn't pay up
• USB threats to ICS systems have nearly doubled
• Newly-Discovered Vulnerabilities Could Allow for Bypass of Spectre Mitigations in Linux.
• BackBlaze mistakenly shared backup metadata with Facebook
• Hackers Exploit Unpatched VPNs to Install Ransomware on Industrial Targets
• U.S. Unveils Plan to Protect Power Grid From Foreign Hackers
• Experts demonstrated how to hack a utility and take over a smart meter
• Israel Launches ‘Stuxnet 3.0’ On Iran — CyberHoot
• Luca App: CCC calls for an immediate moratorium
• Sanctioned Firm Accused of Helping Russian Intelligence Was Part of Microsoft’s Early Vuln Access Program — MAPP
• Report: The Rise Of Global Cybersecurity Venture Funding
• Vulnerability Management is Hard! Using CVSS and other scoring to prioritize patching
• Cybercriminals Using Telegram Messenger to Control ToxicEye Malware
• Attackers can hide 'external sender' email warnings with HTML and CSS
• Cybercriminals evolving their tactics to exploit collective human interest
• Password manager Passwordstate hacked to deploy malware on customer systems
• Supply chain attack on the password manager Clickstudios - PASSWORDSTATE
• Analysis Report (AR21-112A): CISA Identifies SUPERNOVA Malware During Incident Response.
• Ransomware Attack Vectors Shift as New Software Vulnerability Exploits Abound
• Alert (AA21-116A) Russian Foreign Intelligence Service (SVR) Cyber Operations: Trends and Best Practices for Network Defenders
• Ransomware Taskforce (RTF) announce framework to combat ransomware
• Codecov starts notifying customers affected by supply-chain attack
• Attacks Targeting ADFS Token Signing Certificates Could Become Next Big Threat
• The Ease of Tracking Mobile Phones of U.S. Soldiers in Hot Spots
• Grand jury subpoena for Signal user data, Central District of California
• Browse The Intercept Anonymously and Securely Using Our New Tor Onion Service
• China’s state-sponsored hackers are targeting India’s infrastructure. And silence may not be golden.
• Malicious Office 365 Apps Are the Ultimate Insiders
• MTR in Real Time: Pirates pave way for Ryuk ransomware
• Cyber threats to critical infrastructure systems still low in S'pore but maritime sector a target
• Iran’s Cyber Power, A deep-dive
• DigitalOcean says customer billing data accessed in data breach
• An alarming 85% of organizations using Microsoft 365 have suffered email data breaches, research by Egress reveals
• Data of 100+ million Android users exposed via misconfigured cloud services
• Cybercrime, new Quakbot campaign via stolen email conversation
• It’s Time to Prepare for a Rise in Insider Threats
• The Full Story of the Stunning RSA Hack Can Finally Be Told
• Ransomware Unmasked: Dispute Reveals Ransomware TTPs
• Vulnerability Spotlight: Multiple vulnerabilities in Trend Micro Home Network Security Station
• New sophisticated email-based attack from NOBELIUM
• SolarWinds attackers launch new campaign
• Russian hacker Pavel Sitnikov arrested for sharing malware source code
• TeamTNT botnet makes 50,000 victims over the last three months
• Malicious PowerShell Hosted on script.google.com
• US nuclear weapon bunker security secrets spill from online flashcards since 2013
• Cyber-Insurance Fuels Ransomware Payment Surge
• Much of Malware Found by Industrial Firms on USB Drives in 2020 Targeted OT
• RockYou2021: largest password compilation of all time leaked online with 8.4 billion entries
• COMB: largest breach of all time leaked online with 3.2 billion records
• CyLab researchers discover novel class of vehicle cyberattacks
• Cybersecurity Framework Version 1.1 Manufacturing Profile
• Microsoft: Scammers bypass Office 365 MFA in BEC attacks
• REvil ransomware's new Linux encryptor targets ESXi virtual machines
• Kaseya supply chain attack delivers mass ransomware event to US companies
• Kaspersky Password Manager: All your passwords are belong to us
• Audacity is a poster child for what can be achieved with open-source software
• Morgan Stanley reports data breach after vendor Accellion hack
• This is how fast a password leaked on the web will be tested out by hackers
• Rising Ransomware Threat To Operational Technology Assets 508C
• U.S. Supreme Court revives LinkedIn bid to shield personal data
• Sprawling cyber-espionage campaign linked to Chinese military unit
• Russia’s most aggressive ransomware group disappeared. It’s unclear who made that happen.
• RTF Report: Combatting Ransomware
• A wireless carrier was just hit by a data breach – Check your email
• Beyond Kaseya: Everyday IT Tools Can Offer ‘God Mode’ for Hackers
• 15-Year-Old Linux Netfilter Vulnerability Let Hackers Bypass All Modern Security Mitigations
• Top prevalent malware with a thousand campaigns migrates to macOS
• A Controversial Tool Calls Out Thousands of Hackable Websites
• Amazon and Google patch major bug in their DNS-as-a-Service platforms
• Zoom Lied about End-to-End Encryption
• PyPI packages caught stealing credit card numbers, Discord tokens
• QOMPLX Reboots Punkspider
• LockBit ransomware now encrypts Windows domains using group policies
• Pegasus spyware found on journalists’ phones, French intelligence confirms
• Forensic Methodology Report: How to catch NSO Group’s Pegasus
• Detecting Cobalt Strike: Government-Sponsored Threat Groups
• Alert (AA21-209A): Top Routinely Exploited Vulnerabilities
• $600m in cryptocurrencies swiped from Poly Network
• ‘DeepBlueMagic’ - Newly Discovered Ransomware With Unique Modus Operandi
• TrickBot Employs Bogus 1Password Installer to Launch Cobalt Strike
• LockFile Ransomware Bypasses Protection Using Intermittent File Encryption
• FBI Reportedly Exposed Secret Terrorist Watchlist
• Afghans scramble to delete digital history, evade biometrics
• Cryptominer z0Miner Uses Newly Discovered Vulnerability CVE-2021-26084 to Its Advantage
• Financially motivated actor breaks certificate parsing to avoid detection
• BlackByte ransomware decryptor released
• Two Hidden Instructions Discovered in Intel CPUs Enable Microcode Modification
• Bizzaro: Brazilian Trojan ensued as sophisticated backdoor risking European & U.S. Banks
• Malware Can Use This Trick to Bypass Ransomware Defense in Antivirus Solutions
• NSA warns of threat actors compromising entire 5G networks via cloud systems
• Eberspächer Group’s infrastructure has been offline for days in a cyberattack (I believe ransomware).
• Beg Bounties
• Sushi has paid a bounty of $1M in USDC #bughunt
• An update on 0day CVE-2021-43798: Grafana directory traversal
• Ransomware gangs are abusing a zero-day in EntroLink VPN appliances
• Researchers Uncover 'Pink' Botnet Malware That Infected Over 1.6 Million Devices
• Zoom Supports Continued Access for Basic Users with Advertising Program
• Microsoft cannot advertise themselves as the security leader with 8000 security employees and trillions of signals if they cannot prevent their own Office365 platform being directly used to launch Conti ransomware.
• Antitrust battle latest: Google, Facebook 'colluded' to smash Apple's privacy protections
• The US is worried that hackers are stealing data today so quantum computers can crack it in a decade
• Addition of Certain Entities to the Entity List, Bureau of Industry and Security, Commerce.
• Kape Technologies/Crossrider: Owns multiple VPNs (ExpressVPN, PIA, CyberGhost, Zenmate), antivirus (Intego, Restoro) etc

2022

• Spamhaus Botnet Threat Update: Q4-2021
• iPhone flaw exploited by second Israeli spy firm-sources
• In Second Largest DeFi Hack Ever, Blockchain Bridge Loses $320M Ether
• Taiwan should adopt a “broken nest” policy and destroy TSMC in wake of any Chinese invasion, suggests US military paper
• UK Government Officials Infected with Pegasus
• Leaked Chats Show LAPSUS$ Stole T-Mobile Source Code
• El Gobierno revela que los teléfonos de Pedro Sánchez y Margarita Robles han sido infectados con Pegasus

2023

• Man used doll and victim's photo to access bank account
• Russian APT Group Caught Hacking Roundcube Email Servers
• Microsoft Warns of Widescale Credential Stealing Attacks by Russian Hackers
• IDOR in Microsoft Teams Allows for External Tenants to Introduce Malware
• IoT devices and Linux-based systems targeted by OpenSSH trojan campaign
• Malicious USB drives part of new self-propagating malware campaign
• Intel says Friday's mystery 'security update' microcode isn't really a security update Intel Issues New CPU Microcode Going Back To Gen8 For New, Undisclosed Security Updates
• The .zip gTLD: Risks and Opportunities
• APT28: від первинного ураження до створення загроз для контролеру домену за годину (CERT-UA#8399) (from initial damage to creating threats to a domain controller in an hour)
• Shall We Play a Game?: a malicious Python script based on a Tk interface.

2024

• Bitwarden Heist - How to Break Into Password Vaults Without Using Passwords
• Hacker hijacks Orange Spain RIPE account to cause BGP havoc
• NIST Identifies Types of Cyberattacks That Manipulate Behavior of AI Systems doi.org/10.6028/NIST.AI.100-2e2023
• Fingerprinting SSH Identification Strings

Politics

• How Q’s 'Lost Drops' Undermine the QAnon Myth
• Another View of Tiananmen
• Vault 8
• Scraping Russian Twitter Trolls With Python, Neo4j, and GraphQL
• Online Security Guide for Journalists
• Schneier on Security
• The Geopolitics of Cybersecurity
• We are taking new steps against broadening threats to democracy
• violencia-nao-tem-partido: Hate crimes monitor for political motivated assaults in Brazil.
• Our Security Community - Microsoft Tech Community - 57519
• Yale Professor Jason Stanley Identifies Three Essential Features of Fascism: Invoking a Mythic Past, Sowing Division & Attacking Truth.
• How social media is crippling democracy, and why we seem powerless to stop it
• WHY THE LEFT-WING NEEDS A GUN CULTURE
• GLOBAL COMMISSION INTRODUCES SIX CRITICAL NORMS TOWARDS CYBER STABILITY
• IGF 2018 WS #366 Proliferation, Cyber Stability and State Responsibility
• Web Browsing Data Offer Better Election Predictions | Research
• An Archive of 800+ Propaganda Maps Designed to Shape Opinions & Beliefs: Enter Cornell’s Persuasive Maps Collection
• Spies Without Borders: How the FSB Infiltrated the International Visa System
• A New Age of Warfare: How Internet Mercenaries Do Battle for Authoritarian Governments
• Twitter is Trying to Erase the Past
• At Least 70 Countries Have Had Disinformation Campaigns, Study Finds
• Freedom on the Net Countries
• OpenSanctions: OpenSanctions is a database of persons and companies of political, criminal, or economic interest. We combine sanctioned entities, politically exposed persons, and other public information. OpenSanctions.org
• TakeDown Spain Notes: Text of Spain government takedown notices as received. GitHub does not endorse or adopt any assertion contained in the following notices.
• China’s New Cybersecurity Program: NO Place to Hide
• Avast fights off cyber-espionage attempt, Abiss
• Hong Kong Police Already Have AI Tech That Can Recognize Faces
• Tracking down the developer of Android adware affecting millions of users
• (pt-br) Falha de cartórios expõe dados de ao menos 1 milhão de pais, mães e filhos
• ICANN races towards regulatory capture: the great .ORG heist. Private equity firm buys .org domain months after ICANN lifted price caps
• Fascism is back. Blame the Internet.
• A Guide to Cholinesterase Inhibitors in Wake of Suspected Alexei Navalny Poisoning
• In the New Cold War, Deindustrialization Means Disarmament
• I Lived Through A Stupid Coup. America Is Having One Now
• Google’s top security teams unilaterally shut down a counterterrorism operation
• In secret Facebook groups, America's best warriors share racist jabs, lies about 2020, even QAnon theories
• Indonesian government blocks hacking forum after data leak
• SB NKTsKI: Foreign ‘cyber mercenaries’ breached Russian federal agencies some comments
• Russia, Iran were top two sources of disinfo on Facebook targeting U.S. during Trump admin, says report
• Amazon's Antitrust Paradox," a law-review article showing how Amazon formed a monopoly without legal trouble.
• NATO summit communiqué compares repeat cyberattacks to armed attacks – and stops short of saying 'one-in, all-in' rule will always apply
• The D.N.C. Didn’t Get Hacked in 2020. Here’s Why.
• Security researcher says attacks on Russian government have Chinese fingerprints – and typos, too
• Russian Poet Dmitry Bykov Targeted by Navalny Poisoners
• A Timeline of CIA Atrocities
• MI5 Director General Ken McCallum gave his annual threat update today, 14 July 2021, which was filmed at our headquarters in Thames House, London.
• Attrition.org,is a computer security web site dedicated to the collection, dissemination and distribution of information about the security industry for anyone interested in the subject. Charlatans - EC-Council (ECC)
• Try This One Weird Trick Russian Hackers Hate
• Zelensky Compound NDA
• World Password Day – Readying Your Workforce for MFA
• Classified specs leaked on War Thunder forum for third time
• Conti Targets Critical Firmware
• Socialite, Widow, Jeweller, Spy: How a GRU Agent Charmed Her Way Into NATO Circles in Italy
• Revealing Europe’s NSO: Confidential data and sources uncover major surveillance outfit operating from within the European Union.
• Here Is the Manual for the Mass Surveillance Tool Cops Use to Track Phones: Police departments across the U.S. have been using Fog Reveal for ‘mass surveillance on a budget,’ investigations by the EFF and Associated Press revealed. Now, we're publishing the manual.

Online Voting

• Want to Know if the Election was Hacked? Look at the Ballots
• E-Voting Machines Need Paper Audits to be Trustworthy
• FBI Hacked into 8,000 Computers in 120 Countries Using A Single Warrant
• Ich sehe, also bin ich ... Du
• Public Testing of Brazilian e-Voting Machines
• Top Voting Machine Vendor Admits It Installed Remote-Access Software on Systems Sold to States
• Transparency: This repository contains artifacts generated by Free & Fair, including every proposal Free & Fair has submitted to governments, funding agencies, and other organizations in response to RFI, RFP, and other solicitations.
• Buying Used Voting Machines on eBay
• Voting undermines the will of the people – it's time to replace it with sortition

Health

• Cryptomining and IoT attacks gunning for healthcare industry
• Performance Matters

Brazil

• Roadsec SP 2018

Old

• Password Security:: Why the horse battery staple is not correct

Privacy

• "The truly harmful targeted ads aren’t the ones trying to sell us something we’ve already searched for. It’s the ones that undermine our autonomy by covertly manipulating us into new desires and behaviors, molding our consumption patterns to maximize long-term revenue extraction."
• TCP ISN CPU Information Leak Protection - tirdad
• (pt-br) Exclusivo: ViaQuatro expõe dados de mais de 10 mil usuários da Linha 4 do Metrô de SP
• Propaganda, Censorship, and Surveillance are attributes of the same underlying aspect: Monopoly and Centralised Control.
• This device keeps Alexa and other voice assistants from snooping on you
• Facebook Is Going After Its Critics in the Name of Privacy