Hasty Briefsbeta

All tags

#cybersecurity

651 stories total

Bilingual

Take9 Won't Improve Cybersecurity
a year ago
- Take9 cybersecurity campaign suggests pausing for nine seconds before clicking links or downloading files, but it's criticized for being unrealistic and ineffective.
- The campaign's advice is deemed impractical for daily digital routines and lacks scientific backing for its claims about pausing in stressful situations.
- Previous awareness campaigns like 'Stop. Think. Connect.' have failed, indicating that simply pausing doesn't address the root issues of cybersecurity.
- The article argues that meaningful behavioral change requires more than pauses—it needs cognitive scaffolding and better system designs to help users identify threats.
- The blame-the-user mentality is criticized as bad public policy, shifting responsibility from insecure system designs to individuals.
- The essay suggests that security awareness campaigns should focus on context-specific warnings and system improvements rather than unrealistic user behavior changes.
Microsoft Confirms Password Deletion–Now Just 8 Weeks Away
a year ago
- Microsoft is ending the password era for its billion-plus users due to increasing security risks.
- Starting June 2025, users can no longer save new passwords in Microsoft Authenticator.
- Autofill with Authenticator will be disabled in July 2025.
- From August 2025, saved passwords in Authenticator will be inaccessible and unsaved generated passwords will be deleted.
- Microsoft is shifting password management to Edge, syncing saved passwords securely to users' Microsoft accounts.
- Authenticator will continue supporting passkeys, which Microsoft recommends over traditional passwords and 2FA.
- Microsoft advises users to delete passwords once passkeys are set up to eliminate legacy vulnerabilities.
- FIDO research shows 35% of people have had accounts compromised due to password vulnerabilities, with over half considering passkeys more convenient and secure.
Show HN: Changefly – Rebuilding the foundation of privacy and authentication
a year ago
- Changefly ID is a next-gen authentication system for various uses like logins, payments, and user verification.
- Developers can integrate Changefly ID in 3 steps: generate a private key, generate a connection key, and start authenticating users.
- The system uses cURL commands for API interactions, with JSON responses indicating success or failure.
- Changefly ID includes security measures like requiring a PIN for suspicious activities (e.g., IP mismatch).
- The service is free for personal projects, but users must back up their API keys.
- Changefly offers commercial licensing, dedicated support, and partner commissions for businesses.
- The mission of Changefly is to build a safer internet with privacy-focused, advanced security features.
AI Malware Is Here: New Report Shows How Fake AI Tools Are Spreading Ransomware
a year ago
- Cisco Talos discovered new threats including CyberLock ransomware, Lucky_Gh0$t ransomware, and Numero malware, all disguised as AI tool installers.
- CyberLock ransomware, developed in PowerShell, encrypts files and demands ransom, falsely claiming payments will go to humanitarian aid.
- Lucky_Gh0$t ransomware is a variant of Yashma ransomware, targeting files under 1.2GB and exhibiting destructive behavior for larger files.
- Numero malware manipulates Windows GUI components, rendering systems unusable, and is distributed as a fake AI video creation tool.
- Threat actors use SEO-poisoning and platforms like Telegram to distribute fraudulent AI tool installers, targeting businesses in B2B sales, tech, and marketing sectors.
- CyberLock ransomware uses a .NET loader, elevates privileges, and employs AES encryption, appending '.cyberlock' to encrypted files.
- Lucky_Gh0$t ransomware is distributed via a fake ChatGPT installer, includes legitimate Microsoft AI tools to evade detection, and uses RSA-encrypted AES keys.
- Numero malware evades analysis by checking for debuggers, manipulates desktop windows, and corrupts them with numeric strings.
- Cisco provides multiple security solutions to detect and block these threats, including Secure Endpoint, Secure Email, and Secure Firewall.
- Open-source detection tools like Snort and ClamAV have rules and detections available for these threats.
Coinbase's Indian Vendor Got Bribed. $400M in losses and reimbursements
a year ago
- A Coinbase Indian support contractor was bribed to leak sensitive user data.
- The leaked data included names, addresses, phone numbers, emails, partial SSNs, government ID images, and account histories.
- The data was used for highly convincing phishing attacks, bypassing MFA by exploiting social trust.
- Coinbase lost $400 million due to the breach, with 69,000 customers affected.
- The breach was not detected proactively; Coinbase found out after users reported suspicious activity.
- Security controls like Just-In-Time Access, session recording, scoped data views, and behavioral analytics could have prevented the breach.
- The attacker demanded $20 million from Coinbase, which refused but is now offering the same amount to catch the perpetrator.
- The incident highlights the risks of unchecked access for vendors and the need for better monitoring of internal workflows.
I Bought a Tesla and the Previous Owner Has Been Remotely Controlling My Car
a year ago
- A new Tesla Model S owner faced issues when the previous owner retained remote control, causing disruptions like activating AC, seat heaters, and honking the horn.
- The new owner, Vladdroid, countered by racking up Supercharger idle fees on the previous owner's account and eventually guessed the valet code to regain control.
- Tesla's ownership transfer process requires registration documents, causing delays and leaving buyers vulnerable to previous owners' digital access.
- The Tesla Model S experiences significant depreciation, losing 30–40% of its value within the first three years and up to 71% over five years.
- Connected-car vulnerabilities highlight risks in secondhand EV purchases, emphasizing the need for full digital resets and ownership confirmation.
DNS4EU for Public Is Available
a year ago
- DNS4EU Public Service is a fast, secure, and privacy-focused DNS resolution service for EU citizens.
- Five resolver options are available: Protective, Child Protection, Ad-Blocking, Child Protection & Ad-Blocking, and Unfiltered.
- The service blocks malicious websites, inappropriate content for children, and ads, with options for unfiltered access.
- DNS4EU ensures GDPR compliance by anonymizing user IP addresses and not collecting private data.
- The service is optimized for performance with servers across the EU and supports DNSSEC for security.
- Users can report incorrectly blocked domains or technical issues via provided forms.
- DNS4EU is free for end-users but not optimized for ISPs, governments, or enterprises due to rate limits.
- The service is backed by the European Union and operated by Whalebone, ensuring compliance with EU laws.
- Threat intelligence includes real-time updates, regional expertise, and collaboration with CERTs.
- Technical infrastructure includes Knot Resolver 6, Kubernetes, and anycast IP addressing for reliability.
OpenAI takes down covert operations tied to China, Russia, Iran
a year ago
- Chinese propagandists used ChatGPT to create social media posts, comments, and internal performance reviews.
- OpenAI disrupted 10 malicious AI operations in three months, with four likely originating in China.
- One Chinese operation, 'Sneer Review,' used ChatGPT to generate posts and comments on platforms like TikTok, X, and Facebook.
- Another Chinese operation posed as journalists and analysts, using ChatGPT for intelligence gathering and marketing materials.
- OpenAI also disrupted operations linked to Russia, Iran, the Philippines, Cambodia, and North Korea.
- The operations were largely disrupted early and did not gain significant real engagement.
The Rise of 'Vibe Hacking' Is the Next AI Nightmare
a year ago
- A single hacker could potentially launch 20 zero-day attacks simultaneously using AI.
- Polymorphic malware can now rewrite itself in real-time using generative AI.
- AI systems like XBOW are already topping bug bounty leaderboards by autonomously finding vulnerabilities.
- Generative AI lowers the barrier to entry for cybercrime, enabling 'vibe hacking' by novices.
- Blackhat LLMs like WormGPT and FraudGPT have emerged, though some may just be jailbroken versions of existing models.
- Established hacking groups pose a greater threat by using AI to scale up their operations.
- AI can help experienced hackers create sophisticated, adaptive malware that's hard to detect and mitigate.
- The cybersecurity arms race is evolving, with both attackers and defenders leveraging AI.
- The best defense against AI-powered threats is AI-powered security measures.
Low-cost Android devices turn home networks into crime platforms
a year ago
- Millions of low-cost media streaming, in-vehicle entertainment, and video projection devices are infected with malware called BadBox.
- BadBox is based on Triada, an advanced mobile Trojan discovered in 2016, which used rooting exploits and modified Android's Zygote process.
- Triada resurfaced in pre-infected devices in 2017, affecting thousands of devices, with Google taking measures to block it.
- In 2023, Human Security reported BigBox, a Triada-derived backdoor preinstalled on 74,000 devices, enabling ad fraud, proxy services, fake accounts, and device infections.
iVerify Uncovers Evidence of Zero-Click Mobile Exploitation in the US
a year ago
- iVerify detected anomalous activity on iPhones linked to political campaigns, media, A.I. companies, and governments in the U.S. and EU.
- Discovered a zero-click iMessage exploit (NICKNAME) via the 'imagent' process, patched in iOS 18.3.
- Evidence suggests targeted attacks, including Apple Threat Notifications to high-value EU officials.
- Exploitation signs included bulk iMessage attachment creation/deletion post-crash.
- All observed victims had prior CCP targeting or counter-CCP activities.
- Vulnerability likely triggered by rapid-fire nickname updates causing memory corruption.
- Patch confirmed in iOS 18.3.1, but potential for other active exploit chain elements remains.
Law Enforcement Is Finally Making Progress on Ransomware
a year ago
- Law enforcement is making significant progress against ransomware through operations like Endgame, targeting services like AVCheck and malware strains such as DanaBot and Lumma Stealer.
- Operation Endgame employs creative tactics, including videos with Russian subtitles and jingles, to deter cybercriminals and encourage them to leave illegal activities.
- Despite disruptions, malware operators like Bumblebee and TrickBot show resilience, bouncing back after takedowns, with Russia remaining a safe haven for cybercriminals.
- A spyware app, STFD-686, allegedly contributed to the Syrian regime's collapse by collecting sensitive military data, though poor army conditions may have played a larger role.
- GRU Unit 29155, known for assassination attempts, has expanded into cyber operations, recruiting hackers and conducting bizarre campaigns like graffiti in Ukraine.
- Positive developments include Microsoft and CrowdStrike's APT cheat sheet, sanctions against scam host Funnull Technology, and Firefox's new protections against crypto wallet theft.
- Leaks expose sensitive details on Russia's nuclear bases, and Meta and Yandex have been caught using localhost ports for tracking, bypassing privacy protections.
US lawmakers say UK has 'gone too far' by attacking Apple's encryption
a year ago
- US lawmakers criticize the UK for ordering Apple to weaken encryption, calling it a threat to global privacy and security.
- The UK's secret legal order under the Cloud Act allows access to encrypted data stored by Apple, raising concerns over US citizens' privacy.
- Lawmakers propose amendments to the Cloud Act to prevent undermining encryption and enhance cybersecurity protections.
- Experts warn that backdoors in encryption can be exploited by cybercriminals and foreign governments, posing national security risks.
- The UK's actions could set a precedent for other countries to issue similar orders against US tech companies.
- Apple is challenging the UK's order in the Investigatory Powers Tribunal, with hearings held in secret.
- The debate highlights the tension between privacy, security, and government surveillance in the digital age.
Goodbye CVE? European Vulnerability Database EUVD Now Live
a year ago
- ENISA launched the beta of the European Vulnerability Database (EUVD), a public platform for vulnerability handling in the EU.
- EUVD operates alongside but independently from the CVE system, aiming to improve coordination and transparency.
- Concerns over the CVE program's stability due to US government funding led to the creation of EUVD as a potential backup.
- EUVD offers additional functionalities, including highlighting exploited vulnerabilities and an enhanced search function.
- The database supports the Common Security Advisory Framework (CSAF) for machine-readable vulnerability advisories.
- EUVD uses its own identification system, allowing for independent validation of reports without replacing CVE entries.
- The platform focuses on underreported vulnerabilities relevant to the European digital landscape.
- Community feedback is mixed, with some praising the initiative and others questioning the need for another ID system.
- EUVD is part of broader efforts to improve digital sovereignty and cybersecurity capabilities in the EU.
- The database is in beta, with ENISA encouraging contributions from national authorities, private companies, and academic institutions.
I accidentally hacked a hotel switchboard
a year ago
- The author accidentally hacked into a San Francisco hotel’s switchboard using an Alinco DJ-X3E scanner.
- He intercepted various private conversations, including executive meetings, room service orders, and personal calls.
- The hotel’s wireless phone system was broadcasting unencrypted signals on FM 46–49 MHz, making it easy to eavesdrop.
- The incident occurred in 2004, shortly after 9/11, heightening the author’s anxiety about potential legal consequences.
- The author, Munir Kotadia, is a cybersecurity journalist with a diverse background and a passion for radio scanning.
- He reflects on his experiences as a refugee and technology journalist, highlighting the evolution of cyber threats.
- This story is an extract from his book, 'A Million Years in Tech.'
TSA Officially Warns Against Using Public USB Ports at Airports
a year ago
- TSA warns about 'juice jacking', a cyberattack where hackers manipulate public USB charging stations to steal data or install malware.
- Juice jacking can occur in airports, hotels, malls, and transit hubs, compromising devices to access banking apps, install spyware, or steal personal data.
- Experts advise against using public USB ports or cables, recommending personal power bricks or battery packs instead.
- Countermeasures include turning off the phone before charging or using a USB data blocker to prevent data transfer.
- Avoid sensitive transactions on public Wi-Fi and use a VPN for secure connections in public spaces.
Working with the EPA to Secure Exposed Water HMIs
a year ago
- Censys researchers discovered nearly 400 web-based HMIs for U.S. water facilities exposed online in October 2024.
- The exposed HMIs were categorized into three states: Authenticated, Read-only, and Unauthenticated (40 systems).
- Censys collaborated with the EPA and the vendor for remediation, leading to 58% of systems being secured by mid-November 2024.
- By May 2025, fewer than 6% of the systems remained online in a read-only or unauthenticated state.
- The discovery highlighted the risks of internet-exposed HMIs, which provide direct access and context to critical infrastructure.
- The EPA and manufacturer's swift response demonstrated effective collaboration in securing critical infrastructure.
Whole Foods' primary distributor forced to shut down systems after cyberattack
a year ago
- United Natural Foods, Inc. (UNFI) experienced a massive cyberattack, leading to some systems being taken offline.
- The company detected unauthorized activity on June 5, causing temporary disruptions to business operations.
- UNFI has contacted law enforcement and is working to restore systems while assessing the breach.
- The cyberattack has impacted grocery stores, including Whole Foods, with reports of empty shelves and delivery issues.
- UNFI signed a distribution agreement with Whole Foods last year, extending their partnership through 2032.
- Shares of UNFI fell more than 9% in early trading following the incident.
Telegram, the FSB, and the Man in the Middle
a year ago
- Telegram's infrastructure is controlled by Vladimir Vedeneev, who has ties to Russian intelligence services.
- Vedeneev's companies have provided services to the FSB and other Russian security agencies.
- Telegram's security claims are questioned due to vulnerabilities in its encryption and metadata handling.
- Pavel Durov, Telegram's founder, has a history of defiance against Russian authorities but faces scrutiny over his app's security.
- Telegram's network traffic can be monitored, potentially exposing user data and locations.
- Vedeneev had significant access to Telegram's servers and even signed contracts on its behalf.
- GlobalNet, a company linked to Vedeneev, has clients including Russian military and intelligence agencies.
- Telegram's MTProto protocol leaves unencrypted elements that can be used to track users.
- Durov's past with VKontakte and his departure from Russia are tied to his creation of Telegram.
- Telegram's growth is partly due to its perceived privacy, but its actual security is more complex.
Major US grocery distributor warns of disruption after cyberattack
a year ago
- United Natural Foods (UNFI) experienced a cyberattack, disrupting its order fulfillment and distribution.
- The cyberattack was detected last Thursday, leading to partial network shutdowns and operational disruptions.
- UNFI is implementing workarounds to continue servicing customers but faces ongoing business disruptions.
- As a major grocery distributor, UNFI supplies over 30,000 stores in the U.S. and Canada, including Whole Foods.
- UNFI and Whole Foods recently extended their distribution contract until May 2032.
- UNFI has not disclosed the nature of the cyberattack or whether a ransom was demanded.
- The incident has been reported to law enforcement, and system restoration efforts are underway.
- This cyberattack is part of a recent trend targeting the retail and grocery supply chain.
- UNFI has not provided a timeline for full system recovery.

first prev7next

About|Login

#cybersecurity

Take9 Won't Improve Cybersecurity

Microsoft Confirms Password Deletion–Now Just 8 Weeks Away

Show HN: Changefly – Rebuilding the foundation of privacy and authentication

AI Malware Is Here: New Report Shows How Fake AI Tools Are Spreading Ransomware

Coinbase's Indian Vendor Got Bribed. $400M in losses and reimbursements

I Bought a Tesla and the Previous Owner Has Been Remotely Controlling My Car

DNS4EU for Public Is Available

OpenAI takes down covert operations tied to China, Russia, Iran

The Rise of 'Vibe Hacking' Is the Next AI Nightmare

Low-cost Android devices turn home networks into crime platforms

iVerify Uncovers Evidence of Zero-Click Mobile Exploitation in the US

Law Enforcement Is Finally Making Progress on Ransomware

US lawmakers say UK has 'gone too far' by attacking Apple's encryption

Goodbye CVE? European Vulnerability Database EUVD Now Live

I accidentally hacked a hotel switchboard

TSA Officially Warns Against Using Public USB Ports at Airports

Working with the EPA to Secure Exposed Water HMIs

Whole Foods' primary distributor forced to shut down systems after cyberattack

Telegram, the FSB, and the Man in the Middle

Major US grocery distributor warns of disruption after cyberattack