Crypto-Gram: 2021 Archives

December 15, 2021

In this issue:

  1. Securing Your Smartphone
  2. Why I Hate Password Rules
  3. Wire Fraud Scam Upgraded with Bitcoin
  4. Is Microsoft Stealing People’s Bookmarks?
  5. New Rowhammer Technique
  6. “Crypto” Means “Cryptography,” Not “Cryptocurrency”
  7. Apple Sues NSO Group
  8. Proposed UK Law Bans Default Passwords
  9. Intel Is Maintaining Legacy Technology for Security Research
  10. Smart Contract Bug Results in $31 Million Loss
  11. Testing Faraday Cages
  12. Thieves Using AirTags to “Follow” Cars
  13. Someone Is Running Lots of Tor Relays
  14. New German Government is Pro-Encryption and Anti-Backdoors
  15. Google Shuts Down Glupteba Botnet, Sues Operators
  16. Law Enforcement Access to Chat Data and Metadata
  17. NSO Group’s Pegasus Spyware Used Against US State Department Officials
  18. On the Log4j Vulnerability
  19. Upcoming Speaking Engagements
Read This Issue →

November 15, 2021

In this issue:

  1. Book Sale: Click Here to Kill Everybody and Data and Goliath
  2. Security Risks of Client-Side Scanning
  3. Missouri Governor Doesn’t Understand Responsible Disclosure
  4. Ransomware Attacks against Water Treatment Plants
  5. Using Machine Learning to Guess PINs from Video
  6. Textbook Rental Scam
  7. Problems with Multifactor Authentication
  8. Nation-State Attacker of Telecommunications Networks
  9. New York Times Journalist Hacked with NSO Spyware
  10. How the FBI Gets Location Information
  11. More Russian SVR Supply-Chain Attacks
  12. Squid Game Has a Cryptocurrency
  13. Hiding Vulnerabilities in Source Code
  14. On Cell Phone Metadata
  15. Using Fake Student Accounts to Shill Brands
  16. US Blacklists NSO Group
  17. Squid Game Cryptocurrency Was a Scam
  18. Drones Carrying Explosives
  19. Hacking the Sony Playstation 5
  20. Advice for Personal Digital Security
  21. MacOS Zero-Day Used against Hong Kong Activists
  22. Upcoming Speaking Engagements
Read This Issue →

October 15, 2021

In this issue:

  1. Identifying Computer-Generated Faces
  2. Zero-Click iMessage Exploit
  3. Alaska’s Department of Health and Social Services Hack
  4. FBI Had the REvil Decryption Key
  5. ROT8000
  6. The Proliferation of Zero-days
  7. I Am Not Satoshi Nakamoto
  8. Tracking Stolen Cryptocurrencies
  9. Check What Information Your Browser Leaks
  10. Hardening Your VPN
  11. A Death Due to Ransomware
  12. Cheating on Tests
  13. Facebook Is Down
  14. Syniverse Hack
  15. The European Parliament Voted to Ban Remote Biometric Surveillance
  16. Airline Passenger Mistakes Vintage Camera for a Bomb
  17. Suing Infrastructure Companies for Copyright Violations
  18. Recovering Real Faces from Face-Generation ML System
  19. Upcoming Speaking Engagements
Read This Issue →

September 15, 2021

In this issue:

  1. Tetris: Chinese Espionage Tool
  2. Apple’s NeuralHash Algorithm Has Been Reverse-Engineered
  3. T-Mobile Data Breach
  4. More on Apple’s iPhone Backdoor
  5. Surveillance of the Internet Backbone
  6. Interesting Privilege Escalation Vulnerability
  7. Details of the Recent T-Mobile Breach
  8. Excellent Write-up of the SolarWinds Security Breach
  9. More Military Cryptanalytics, Part III
  10. Zero-Click iPhone Exploits
  11. History of the HX-63 Rotor Machine
  12. Hacker-Themed Board Game
  13. Tracking People by their MAC Addresses
  14. Lightning Cable with Embedded Eavesdropping
  15. Security Risks of Relying on a Single Smartphone
  16. More Detail on the Juniper Hack and the NSA PRNG Backdoor
  17. ProtonMail Now Keeps IP Logs
  18. Designing Contact-Tracing Apps
  19. Upcoming Speaking Engagements
Read This Issue →

August 15, 2021

In this issue:

  1. Colorado Passes Consumer Privacy Law
  2. REvil is Off-Line
  3. Candiru: Another Cyberweapons Arms Manufacturer
  4. NSO Group Hacked
  5. Nasty Windows Printer Driver Vulnerability
  6. Commercial Location Data Used to Out Priest
  7. Disrupting Ransomware by Disrupting Bitcoin
  8. Hiding Malware in ML Models
  9. De-anonymization Story
  10. AirDropped Gun Photo Causes Terrorist Scare
  11. Storing Encrypted Photos in Google’s Cloud
  12. I Am Parting With My Crypto Library
  13. The European Space Agency Launches Hackable Satellite
  14. Paragon: Yet Another Cyberweapons Arms Manufacturer
  15. Zoom Lied about End-to-End Encryption
  16. Using “Master Faces” to Bypass Face-Recognition Authenticating Systems
  17. Defeating Microsoft’s Trusted Platform Module
  18. Apple Adds a Backdoor to iMessage and iCloud Storage
  19. Cobalt Strike Vulnerability Affects Botnet Servers
  20. Using AI to Scale Spear Phishing
  21. Upcoming Speaking Engagements
Read This Issue →

July 15, 2021

In this issue:

  1. Andrew Appel on New Hampshire’s Election Audit
  2. VPNs and Trust
  3. Paul van Oorschot’s Computer Security and the Internet
  4. Intentional Flaw in GPRS Encryption Algorithm GEA-1
  5. Peloton Vulnerability Found and Fixed
  6. The Future of Machine Learning and Cybersecurity
  7. Apple Will Offer Onion Routing for iCloud/Safari Users
  8. Mollitiam Industries is the Newest Cyberweapons Arms Manufacturer
  9. Banning Surveillance-Based Advertising
  10. AI-Piloted Fighter Jets
  11. NFC Flaws in POS Devices and ATMs
  12. Risks of Evidentiary Software
  13. Insurance and Ransomware
  14. More Russian Hacking
  15. Stealing Xbox Codes
  16. Vulnerability in the Kaspersky Password Manager
  17. Details of the REvil Ransomware Attack
  18. Analysis of the FBI’s Anom Phone
  19. Iranian State-Sponsored Hacking Attempts
  20. China Taking Control of Zero-Day Exploits
  21. Upcoming Speaking Engagements
Read This Issue →

June 15, 2021

In this issue:

  1. Is 85% of US Critical Infrastructure in Private Hands?
  2. Adding a Russian Keyboard to Protect against Ransomware
  3. Apple Censorship and Surveillance in China
  4. Bizarro Banking Trojan
  5. Double-Encrypting Ransomware
  6. AIs and Fake Comments
  7. New Disk Wiping Malware Targets Israel
  8. The Story of the 2011 RSA Hack
  9. The Misaligned Incentives for Cloud Security
  10. Security Vulnerability in Apple’s Silicon “M1” Chip
  11. The DarkSide Ransomware Gang
  12. Security and Human Behavior (SHB) 2021
  13. The Supreme Court Narrowed the CFAA
  14. Vulnerabilities in Weapons Systems
  15. Information Flows and Democracy
  16. Detecting Deepfake Picture Editing
  17. FBI/AFP-Run Encrypted Phone
  18. TikTok Can Now Collect Biometric Data
  19. Upcoming Speaking Engagements
Read This Issue →

May 15, 2021

In this issue:

  1. DNI’s Annual Threat Assessment
  2. NSA Discloses Vulnerabilities in Microsoft Exchange
  3. Cybersecurity Experts to Follow on Twitter
  4. Details on the Unlocking of the San Bernardino Terrorist’s iPhone
  5. Biden Administration Imposes Sanctions on Russia for SolarWinds
  6. Backdoor Found in Codecov Bash Uploader
  7. On North Korea’s Cyberattack Capabilities
  8. When AIs Start Hacking
  9. Security Vulnerabilities in Cellebrite
  10. Identifying People Through Lack of Cell Phone Use
  11. Serious MacOS Vulnerability Patched
  12. Identifying the Person Behind Bitcoin Fog
  13. Tesla Remotely Hacked from a Drone
  14. New Spectre-Like Attacks
  15. The Story of Colossus
  16. Teaching Cybersecurity to Children
  17. Newly Declassified NSA Document on Cryptography in the 1970s
  18. Ransomware Shuts Down US Pipeline
  19. AI Security Risk Assessment Tool
  20. New US Executive Order on Cybersecurity
  21. Ransomware Is Getting Ugly
  22. Upcoming Speaking Engagements
Read This Issue →

April 15, 2021

In this issue:

  1. Security Analysis of Apple’s “Find My…” Protocol
  2. On the Insecurity of ES&S Voting Machines’ Hash Code
  3. Illegal Content and the Blockchain
  4. Exploiting Spectre Over the Internet
  5. Easy SMS Hijacking
  6. Details of a Computer Banking Scam
  7. Accellion Supply Chain Hack
  8. Determining Key Shape from Sound
  9. Hacking Weapons Systems
  10. System Update: New Android Malware
  11. Fugitive Identified on YouTube By His Distinctive Tattoos
  12. Malware Hidden in Call of Duty Cheating Software
  13. Wi-Fi Devices as Physical Object Sensors
  14. Phone Cloning Scam
  15. Signal Adds Cryptocurrency Support
  16. Google’s Project Zero Finds a Nation-State Zero-Day Operation
  17. Backdoor Added — But Found — in PHP
  18. More Biden Cybersecurity Nominations
  19. The FBI Is Now Securing Networks Without Their Owners’ Permission
  20. Upcoming Speaking Engagements
Read This Issue →

March 15, 2021

In this issue:

  1. On Vulnerability-Adjacent Vulnerabilities
  2. Deliberately Playing Copyrighted Music to Avoid Being Live-Streamed
  3. US Cyber Command Valentine’s Day Cryptography Puzzles
  4. Malicious Barcode Scanner App
  5. Browser Tracking Using Favicons
  6. Virginia Data Privacy Law
  7. WEIS 2021 Call for Papers
  8. Router Security
  9. GPS Vulnerabilities
  10. Dependency Confusion: Another Supply-Chain Vulnerability
  11. Twelve-Year-Old Vulnerability Found in Windows Defender
  12. On Chinese-Owned Technology Platforms
  13. The Problem with Treating Data as a Commodity
  14. National Security Risks of Late-Stage Capitalism
  15. Mysterious Macintosh Malware
  16. Encoded Message in the Perseverance Mars Lander’s Parachute
  17. Chinese Hackers Stole an NSA Windows Exploit in 2014
  18. Four Microsoft Exchange Zero-Days Exploited by China
  19. Threat Model Humor
  20. No, RSA Is Not Broken
  21. Hacking Digitally Signed PDF Files
  22. On Not Fixing Old Vulnerabilities
  23. More on the Chinese Zero-Day Microsoft Exchange Hack
  24. Fast Random Bit Generation
  25. Metadata Left in Security Agency PDFs
  26. Upcoming Speaking Engagements
Read This Issue →

February 15, 2021

In this issue:

  1. Cell Phone Location Privacy
  2. Injecting a Backdoor into SolarWinds Orion
  3. Sophisticated Watering Hole Attack
  4. SVR Attacks on Microsoft 365
  5. Insider Attack on Home Surveillance Systems
  6. Massive Brazilian Data Breach
  7. Dutch Insider Attack on COVID-19 Data
  8. Police Have Disrupted the Emotet Botnet
  9. New iMessage Security Features
  10. Including Hackers in NATO Wargames
  11. Georgia’s Ballot-Marking Devices
  12. More SolarWinds News
  13. Another SolarWinds Orion Hack
  14. Presidential Cybersecurity and Pelotons
  15. NoxPlayer Android Emulator Supply-Chain Attack
  16. SonicWall Zero-Day
  17. Web Credit Card Skimmer Steals Data from Another Credit Card Skimmer
  18. Ransomware Profitability
  19. Attack against Florida Water Treatment Facility
  20. Medieval Security Techniques
  21. Chinese Supply-Chain Attack on Computer Systems
Read This Issue →

January 15, 2021

In this issue:

  1. Another Massive Russian Hack of US Government Networks
  2. How the SolarWinds Hackers Bypassed Duo’s Multi-Factor Authentication
  3. Zodiac Killer Cipher Solved
  4. Mexican Drug Cartels with High-Tech Spyware
  5. More on the SolarWinds Breach
  6. US Schools Are Buying Cell Phone Unlocking Systems
  7. NSA on Authentication Hacks (Related to SolarWinds Breach)
  8. Eavesdropping on Phone Taps from Voice Assistants
  9. Investigating the Navalny Poisoning
  10. How China Uses Stolen US Personnel Data
  11. Russia’s SolarWinds Attack
  12. On the Evolution of Ransomware
  13. Brexit Deal Mandates Old Insecure Crypto Algorithms
  14. Amazon Has Trucks Filled with Hard Drives and an Armed Guard
  15. Military Cryptanalytics, Part III
  16. Latest on the SVR’s SolarWinds Hack
  17. Backdoor in Zyxel Firewalls and Gateways
  18. Extracting Personal Information from Large Language Models Like GPT-2
  19. Russia’s SolarWinds Attack and Software Security
  20. APT Horoscope
  21. Changes in WhatsApp’s Privacy Policy
  22. Cloning Google Titan 2FA keys
  23. On US Capitol Security — By Someone Who Manages Arena-Rock-Concert Security
  24. Finding the Location of Telegram Users
  25. Upcoming Speaking Engagements
  26. Click Here to Kill Everybody Sale
Read This Issue →
← 20202022 →Calendar

Sidebar photo of Bruce Schneier by Joe MacInnis.