Hasty Briefsbeta

All tags

#cybersecurity

651 stories total

Bilingual

Why 1Password hasn't released an MCP server
10 months ago
- AI agents are transforming software access, operation, and integration by automating workflows and interacting with tools/SaaS platforms.
- 1Password emphasizes security, using protocols like Model Context Protocol (MCP) with clear boundaries to manage sensitive data and credentials.
- MCP enables AI agents to interface with APIs but separates deterministic authentication (OAuth 2.1) from non-deterministic data flows to reduce risks.
- 1Password's MCP Server for Trelica allows secure access to low-risk organizational metadata (e.g., SaaS app lists, user mappings) but avoids exposing raw credentials.
- 1Password refuses to expose credentials via MCP due to non-deterministic agent behavior, leakage risks, and lack of strong revocation models.
- 1Password's approach focuses on secure agentic access: credential injection, explicit user authorization, short-lived credentials, and auditable access.
- Agentic AI is evolving work, and 1Password aims to support this securely, maintaining trust while enabling intelligent, autonomous software.
Hackers exploit a blind spot by hiding malware inside DNS records
10 months ago
- Hackers are hiding malware inside DNS records to evade detection.
- Malicious scripts fetch binary files via DNS lookups, bypassing traditional security checks.
- DNS traffic is often unmonitored, making it a blind spot for defenses.
- Researchers found Joke Screenmate malware stored in hexadecimal format within DNS TXT records.
- The malware was split into chunks across subdomains of whitetreecollective[.]com.
- Attackers reassemble the chunks via DNS requests, converting them back to binary.
- Encrypted DNS (DOH/DOT) adoption may increase the difficulty of monitoring such threats.
The Math of Password Hashing Algorithms and Entropy
10 months ago
- Billions of credentials have been leaked or stolen, often including plain text or hashed passwords.
- One-way hashing algorithms like SHA2 convert passwords into fixed-size hashes, making it infeasible to reverse-engineer the original password.
- Attackers use lookup tables (rainbow tables) to map hashes back to plain text passwords, making salts essential for security.
- Salts are random characters added to passwords before hashing, making precomputed lookup tables ineffective.
- Brute force attacks generate all possible password combinations to find a matching hash, with computational time increasing with password complexity.
- Password entropy (complexity and length) significantly impacts the time required for brute force attacks.
- Advanced hashing algorithms like BCrypt, SCrypt, and PBKDF2 slow down hash generation to increase security.
- The security debate centers on whether to enforce long passwords or rely on slow hashing algorithms to protect short passwords.
- FusionAuth uses PBKDF2 with 24,000 iterations as its default hashing scheme, balancing security and performance.
Microsoft Names Threat Actors
10 months ago
- Microsoft uses a weather-themed taxonomy to categorize threat actors for clarity and ease of reference.
- Threat actors are divided into five groups: Nation-state actors, Financially motivated actors, Private sector offensive actors (PSOAs), Influence operations, and Groups in development.
- Nation-state actors are cyber operators acting on behalf of a nation/state, focusing on espionage, financial gain, or retribution.
- Financially motivated actors are criminal groups focused on financial gain through ransomware, phishing, and other extortion methods.
- PSOAs are commercial entities that create and sell cyberweapons, targeting dissidents, journalists, and human rights defenders.
- Influence operations manipulate perceptions and behaviors to further a group or nation's interests.
- Groups in development are emerging threats tracked until they can be classified or merged with existing groups.
- Each category is assigned a weather family name (e.g., Typhoon for China, Tempest for financially motivated actors).
- Threat actors within the same family are distinguished by adjectives based on tactics, techniques, and procedures (TTPs).
- Microsoft provides detailed mappings of threat actor names, origins, and aliases for better identification and tracking.
- Resources include Kusto query language (KQL) queries and comprehensive mapping files for threat actor names.
Singapore actively dealing with ongoing cyberattack on critical infrastructure
10 months ago
- Singapore is actively dealing with a cyberattack by UNC3886, a China-nexus espionage group targeting critical infrastructure.
- UNC3886 is highly sophisticated, evades detection, and poses serious risks to national security, including espionage and service disruption.
- Suspected APT attacks in Singapore increased over fourfold between 2021 and 2024.
- Critical sectors affected include energy, water, banking, healthcare, transport, and government services.
- CSA is leading investigations and monitoring sectors while withholding operational details for security reasons.
- UNC3886 has targeted defense, telcos, and tech organizations in the US and Asia.
- Physical conflicts are spilling into cyberspace, with attacks on infrastructure and foreign influence campaigns.
- Nearly 80% of Singaporean organizations have faced cyberattacks, including from hacktivists and foreign actors.
- Cyberattacks could disrupt power, water, transport, and economic stability, impacting trust in Singapore.
- Singapore must strengthen cyberdefenses, reassess supply chains, and accept some attacks may succeed despite efforts.
Critical Train Protocol Flaw Allows Remote Brake Control, Risks Derailment
10 months ago
- CVSS v4 score of 7.2 for a vulnerability in End-of-Train and Head-of-Train remote linking protocol.
- Weak authentication allows attackers to send brake control commands via software-defined radio, risking operational disruption or brake failure.
- Affects all versions of the protocol; CVE-2025-1727 assigned with CVSS v3 base score of 8.1.
- Critical infrastructure sector impacted: Transportation Systems, primarily in the United States.
- Mitigations include minimizing network exposure, using firewalls, secure remote access methods like VPNs, and contacting device manufacturers for updates.
- No known public exploitation reported; vulnerability not remotely exploitable.
- AAR working on new equipment and protocols to address the vulnerability.
These are our favorite cyber books on hacking, espionage, crypto, surveillance
10 months ago
- Cybersecurity has grown from a niche specialty to a $170 billion industry.
- High-profile hacks like Sony, U.S. election leaks, and Colonial Pipeline have brought cybersecurity into mainstream awareness.
- Pop culture has embraced hackers through TV shows, movies, and books.
- A curated list of best cybersecurity books is provided, based on community suggestions and personal reads.
- Countdown to Zero Day by Kim Zetter details the Stuxnet cyberattack on Iran's nuclear facility.
- Dark Wire by Joseph Cox covers the FBI's Operation Trojan Shield, where criminals used FBI-monitored encrypted phones.
- The Cuckoo’s Egg by Cliff Stoll recounts the discovery of early KGB cyberespionage through a minor accounting discrepancy.
- Your Face Belongs to Us by Kashmir Hill explores the rise of facial recognition technology via Clearview AI.
- Cult of the Dead Cow by Joseph Menn tells the story of an influential hacking group from the '80s and '90s.
- Hack to the Future by Emily Crose provides a history of hacking culture from early mischief to modern geopolitical influence.
- Tracers in the Dark by Andy Greenberg follows cryptocurrency investigations, including takedowns of dark web marketplaces.
- Dark Mirror by Barton Gellman offers a first-person account of reporting on Edward Snowden's NSA leaks.
How the Free Software Foundation battles the LLM bots
9 months ago
- The Free Software Foundation (FSF) has been under attack since August 2024, with ongoing issues from aggressive LLM web crawlers.
- FSF's small tech team, consisting of two full-time employees and volunteers, maintains over 70 websites and services without using cloud services.
- Attacks include DDoS attempts, botnets, and crawlers ignoring robots.txt, with some attacks likely aimed at building LLM training datasets.
- Defense strategies include IP blocking, behavior-based blocking tools, and abuse reports to ISPs, though some mitigations are kept private to avoid aiding attackers.
- Other FOSS sites like Fedora, KDE, GNOME, and Linux Weekly News face similar issues, with some attacks causing frequent outages.
- FSF emphasizes running fully free software stacks, including BIOS, and avoids nonfree dependencies.
- Despite challenges, FSF has successfully mitigated many attacks, keeping key sites like gnu.org operational with normal response times.
- Volunteers and associate members are encouraged to support FSF's mission and sysadmin efforts.
'I love you': Virus caused B. in damage and exposed vulnerabilities which remain
9 months ago
- Onel de Guzman, a 23-year-old Filipino, was accused of creating and releasing the ILOVEYOU virus in May 2000, which caused an estimated $10 billion in damages globally.
- The ILOVEYOU virus spread rapidly via email, disguised as a love letter, and infected millions of computers worldwide, disrupting businesses, governments, and military operations.
- The virus exploited vulnerabilities in Microsoft Outlook, which was widely used at the time, and highlighted the dangers of social engineering in cyber attacks.
- Despite overwhelming evidence, de Guzman was never prosecuted due to the lack of cybercrime laws in the Philippines at the time.
- The ILOVEYOU virus remains one of the most far-reaching cyber attacks in history, exposing weaknesses in cybersecurity and human behavior that persist today.
- The incident led to increased awareness of cyber threats and prompted the Philippines to enact laws against computer hacking, though they could not be applied retroactively to de Guzman.
- Experts emphasize that human error remains the weakest link in cybersecurity, with social engineering continuing to be a primary method for cyber attacks.
LLM Alloying Improves Performance over Single Model
9 months ago
- XBOW developed a novel idea to boost vulnerability detection agent performance, increasing success rates from 25% to 55%.
- The idea involves 'model alloys,' alternating between different LLMs (like Sonnet and Gemini) within the same agent loop to combine their strengths.
- Model alloys work best when tasks require multiple unique insights and when models have complementary strengths.
- Alloys outperform individual models, especially when combining models from different providers (e.g., Sonnet 4.0 + Gemini 2.5 Pro).
- Key advantages include maintaining the same number of model calls while leveraging diverse model capabilities.
- Alloys are less effective when models are too similar or when tasks require steady progress rather than bursts of insight.
- Alternatives like task-specific model delegation or multi-agent debate were considered but deemed inefficient for XBOW's use case.
- Data shows alloyed agents (Sonnet + Gemini) achieved a 68.8% success rate, outperforming individual models (Sonnet: 57.5%, Gemini: 46.4%).
HTTP/1.1 Must Die – The Desync Endgame Begins
9 months ago
- HTTP/1.1 is inherently insecure and exposes millions of websites to hostile takeover.
- James Kettle from PortSwigger Research will reveal new classes of desync attack on August 6.
- The desync attacks enabled compromise of multiple CDNs, marking the start of the desync endgame.
- The full reveal will be shared by PortSwigger.
- Opportunity to watch the talk live at Black Hat USA or DEF CON.
Google Sues Operators of a 10M Device Android Set-Top Box Botnet
9 months ago
- Google and cybersecurity partners discovered BadBox, a botnet with 74,000 infected Android devices.
- BadBox 2.0 was identified by HUMAN’s Satori team, involving ad fraud, malware, and DDoS attacks.
- Over one million devices in 222 countries were infected by BadBox 2.0.
- Cheap Chinese set-top boxes were the main infected devices, but others like laptops and smartphones were also affected.
- Google, HUMAN Security, and Trend Micro are combating a new botnet with 10 million infected devices.
- Google filed a lawsuit in New York, targeting unknown defendants believed to be in China.
- Four groups were identified in the BadBox 2.0 operation: Infrastructure, Backdoor Malware, Evil Twin, and Ad Games.
- Google obtained legal permissions to block traffic and seize domains to disrupt the botnet.
- The FBI advises avoiding unofficial app marketplaces and monitoring home networks for suspicious activity.
- Google’s complaint suggests the entire supply chain is compromised, recommending destroying infected devices.
Weak password allowed hackers to sink a 158-year-old company
9 months ago
- A ransomware attack on KNP, a 158-year-old transport company, led to its collapse and 700 job losses.
- Hackers exploited a weak employee password to encrypt company data and lock internal systems.
- The National Cyber Security Centre (NCSC) deals with major cyber-attacks daily, aiming to protect UK businesses.
- Ransomware attacks are increasing, with an estimated 19,000 incidents in the UK last year.
- Many companies pay ransoms, with typical demands around £4 million, fueling further criminal activity.
- Hackers are using simpler tactics, like social engineering, to breach systems without advanced technical skills.
- The UK government is considering banning ransom payments by public bodies and requiring private companies to report attacks.
- Experts warn that ransomware poses a severe national security threat, with potential for catastrophic attacks.
- Companies are urged to improve cyber-security measures and resilience to prevent future attacks.
10k companies at risk from Microsoft Sharepoint security flaw
9 months ago
- Over 10,000 organizations globally are at risk due to a serious security flaw in Microsoft Sharepoint.
- The vulnerability is actively being exploited, with US federal and state agencies among the affected.
- Security researchers describe the flaw as a 'dream' for hackers, especially ransomware operators.
- Microsoft has issued a patch for SharePoint Subscription Edition and is working on fixes for SharePoint 2016 and 2019.
- Hackers can maintain access through backdoors or modified components even after patches are applied.
- Microsoft has provided precautionary measures, but sensitive documents may need to be temporarily removed from Sharepoint.
Serial spyware founder Scott Zuckerman wants FTC to unban him from the industry
9 months ago
- Scott Zuckerman, founder of spyware company Support King, seeks to overturn a 2021 FTC ban on his surveillance industry activities.
- The ban was imposed after his subsidiary SpyFone leaked private phone data (photos, messages, location) in 2018.
- Zuckerman claims the ban is an 'unnecessary burden,' hindering his other business ventures due to compliance costs.
- Despite the ban, Zuckerman was linked to another spyware operation (SpyTrac) in 2022, violating FTC orders.
- Privacy advocates, including EFF's Eva Galperin, oppose Zuckerman's petition, citing his history of flouting regulations.
- The FTC, now Republican-controlled, will review the petition, potentially signaling a shift in cybersecurity enforcement.
- Public feedback on Zuckerman's petition is open until August 19.
- FTC Chair Andrew Ferguson and other commissioners will decide, with Zuckerman appealing to their 'current enforcement philosophy.'
Tracking Phishing Bots via Locations
9 months ago
- Proposal to track phishing bots by exploiting their location information leak.
- Phishing bots often set their location to match their target's location.
- Monitoring these locations can help infer and track their collective activities and potential attacks.
Apple alerted Iranians to iPhone spyware attacks, say researchers
9 months ago
- Apple notified more than a dozen Iranians of government spyware targeting their iPhones.
- Miaan Group and cybersecurity researcher Hamid Kashfi documented cases of spyware attacks, including three confirmed instances.
- Victims include individuals with political activism backgrounds, some in Iran and one in Europe.
- Iran is suspected to be behind the attacks, though conclusive evidence is pending.
- Some victims discontinued investigations due to fear or sensitivity.
- Apple has sent similar notifications globally since 2021, aiding researchers in documenting spyware abuses.
- AccessNow provides a helpline for victims of spyware attacks, supported by Apple.
Microsoft servers hacked by Chinese groups, firm says
9 months ago
- Chinese 'threat actors' hacked Microsoft's SharePoint servers, targeting business data.
- Groups involved include state-backed Linen Typhoon, Violet Typhoon, and Storm-2603.
- Hackers exploited vulnerabilities in on-premises SharePoint servers, not cloud-based services.
- Microsoft released security updates and urged customers to install them promptly.
- Hackers stole cryptographic material to maintain access to victims' SharePoint data.
- Targets included governments, defense sectors, NGOs, think tanks, and financial institutions.
- Mandiant Consulting confirmed victims across multiple sectors and global regions.
- Linen Typhoon has a 13-year history of stealing intellectual property.
- Violet Typhoon focused on espionage against ex-government and military personnel.
- Storm-2603 is assessed as a China-based threat actor with medium confidence.
Tailscale: The State of Zero Trust
9 months ago
- Zero Trust adoption is still in a half-deployed state, with only 29% of organizations using identity-based access as their primary model.
- Legacy VPNs remain prevalent (41% usage), but 90% of users report issues like latency and throughput limitations.
- Only 1% of respondents are satisfied with their current access and connectivity setup, citing security (49%) and performance (45%) as top concerns.
- 88% of organizations experienced at least one security incident in the past two years, often due to misuse of privilege or employee error.
- 83% of respondents, including 87% of developers, admit to circumventing security measures to maintain productivity.
- Tool fragmentation is a major issue, with 92% of companies juggling multiple network security solutions, and only 8% using a unified platform.
- Tailscale predicts identity-first networking will replace IP-based designs, with AI playing a key role in both security and threats.
- Recommendations include auditing infrastructure, upgrading from legacy VPNs, and prioritizing identity-centric solutions for seamless security.
Addressing Privacy Fatigue
9 months ago
- Privacy fatigue is a real issue due to the complexity of the privacy ecosystem.
- Use a password manager like 1Password for strong, unique passwords and easy management.
- Review and clean up social media privacy settings to regain control over your information.
- Be selective about app permissions to avoid unnecessary data sharing.
- Consider switching to a privacy-respecting email provider like Fastmail for better data control.
- Privacy protection is an ongoing process; start with small, manageable steps.
- Fastmail's business model prioritizes user privacy, avoiding ads and data mining.

first prev11next

About|Login

#cybersecurity

Why 1Password hasn't released an MCP server

Hackers exploit a blind spot by hiding malware inside DNS records

The Math of Password Hashing Algorithms and Entropy

Microsoft Names Threat Actors

Singapore actively dealing with ongoing cyberattack on critical infrastructure

Critical Train Protocol Flaw Allows Remote Brake Control, Risks Derailment

These are our favorite cyber books on hacking, espionage, crypto, surveillance

How the Free Software Foundation battles the LLM bots

'I love you': Virus caused B. in damage and exposed vulnerabilities which remain

LLM Alloying Improves Performance over Single Model

HTTP/1.1 Must Die – The Desync Endgame Begins

Google Sues Operators of a 10M Device Android Set-Top Box Botnet

Weak password allowed hackers to sink a 158-year-old company

10k companies at risk from Microsoft Sharepoint security flaw

Serial spyware founder Scott Zuckerman wants FTC to unban him from the industry

Tracking Phishing Bots via Locations

Apple alerted Iranians to iPhone spyware attacks, say researchers

Microsoft servers hacked by Chinese groups, firm says

Tailscale: The State of Zero Trust

Addressing Privacy Fatigue