Crypto-Gram: 2022 Archives
December 15, 2022
In this issue:
- Another Event-Related Spyware App
- Russian Software Company Pretending to Be American
- Failures in Twitter’s Two-Factor Authentication System
- Successful Hack of Time-Triggered Ethernet
- First Review of A Hacker’s Mind
- Breaking the Zeppelin Ransomware Encryption Scheme
- Apple’s Device Analytics Can Identify iCloud Users
- The US Has a Shortage of Bomb-Sniffing Dogs
- Computer Repair Technicians Are Stealing Your Data
- Charles V of Spain Secret Code Cracked
- Facebook Fined $276M under GDPR
- Sirius XM Software Vulnerability
- LastPass Security Breach
- Existential Risk and the Fermi Paradox
- CAPTCHA
- CryWiper Data Wiper Targeting Russian Sites
- The Decoupling Principle
- Leaked Signing Keys Are Being Used to Sign Malware
- Security Vulnerabilities in Eufy Cameras
- Hacking Trespass Law
- Apple Is Finally Encrypting iCloud Backups
- Obligatory ChatGPT Post
- Hacking Boston’s CharlieCard
- Recreating Democracy
November 15, 2022
In this issue:
- New Book: A Hacker’s Mind
- Hacking Automobile Keyless Entry Systems
- Qatar Spyware
- Museum Security
- Interview with Signal’s New President
- Adversarial ML Attack that Secretly Gives a Language Model a Point of View
- On the Randomness of Automatic Card Shufflers
- Australia Increases Fines for Massive Data Breaches
- Critical Vulnerability in Open SSL
- Apple Only Commits to Patching Latest OS Version
- Iran’s Digital Surveillance Tools Leaked
- NSA on Supply Chain Security
- The Conviction of Uber’s Chief Security Officer
- Using Wi-FI to See through Walls
- Defeating Phishing-Resistant Multifactor Authentication
- An Untrustworthy TLS Certificate in Browsers
- NSA Over-surveillance
- A Digital Red Cross
- Upcoming Speaking Engagements
October 15, 2022
In this issue:
- Relay Attack against Teslas
- Massive Data Breach at Uber
- Large-Scale Collection of Cell Phone Data at US Borders
- Credit Card Fraud That Bypasses 2FA
- Automatic Cheating Detection in Human Racing
- Prompt Injection/Extraction Attacks against AI Systems
- Leaking Screen Information on Zoom Calls through Reflections in Eyeglasses
- Leaking Passwords through the Spellchecker
- New Report on IoT Security
- Cold War Bugging of Soviet Facilities
- Differences in App Security/Privacy Based on Country
- Security Vulnerabilities in Covert CIA Websites
- Detecting Deepfake Audio by Modeling the Human Acoustic Tract
- NSA Employee Charged with Espionage
- October Is Cybersecurity Awareness Month
- Spyware Maker Intellexa Sued by Journalist
- Complex Impersonation Story
- Inserting a Backdoor into a Machine-Learning System
- Recovering Passwords by Measuring Residual Heat
- Digital License Plates
- Regulating DAOs
- Upcoming Speaking Engagements
September 15, 2022
In this issue:
- $23 Million YouTube Royalties Scam
- Remotely Controlling Touchscreens
- Zoom Exploit on MacOS
- USB “Rubber Ducky” Attack Tool
- Hyundai Uses Example Keys for Encryption System
- Signal Phone Numbers Exposed in Twilio Hack
- Mudge Files Whistleblower Complaint against Twitter
- Man-in-the-Middle Phishing Attack
- Security and Cheap Complexity
- Levels of Assurance for DoD Microelectronics
- FTC Sues Data Broker
- High-School Graduation Prank Hack
- Clever Phishing Scam Uses Legitimate PayPal Messages
- Montenegro Is the Victim of a Cyberattack
- The LockBit Ransomware Gang Is Surprisingly Professional
- Facebook Has No Idea What Data It Has
- Responsible Disclosure for Cryptocurrency Security
- New Linux Cryptomining Malware
- FBI Seizes Stolen Cryptocurrencies
- Weird Fallout from Peiter Zatko’s Twitter Whistleblowing
- Upcoming Speaking Engagements
August 15, 2022
In this issue:
- San Francisco Police Want Real-Time Access to Private Surveillance Cameras
- Facebook Is Now Encrypting Links to Prevent URL Stripping
- NSO Group’s Pegasus Spyware Used against Thailand Pro-Democracy Activists and Leaders
- Russia Creates Malware False-Flag App
- Critical Vulnerabilities in GPS Trackers
- Apple’s Lockdown Mode
- Securing Open-Source Software
- New UEFI Rootkit
- Microsoft Zero-Days Sold and Then Used
- Ring Gives Videos to Police without a Warrant or User Consent
- Surveillance of Your Car
- Drone Deliveries into Prisons
- SIKE Broken
- NIST’s Post-Quantum Cryptography Standards
- Hacking Starlink
- A Taxonomy of Access Control
- Twitter Exposes Personal Information for 5.4 Million Accounts
- Upcoming Speaking Engagements
July 15, 2022
In this issue:
- M1 Chip Vulnerability
- Attacking the Performance of Machine Learning Systems
- Tracking People via Bluetooth on Their Phones
- Hertzbleed: A New Side-Channel Attack
- Hidden Anti-Cryptography Provisions in Internet Anti-Trust Bills
- Symbiote Backdoor in Linux
- On the Subversion of NIST by the NSA
- On the Dangers of Cryptocurrencies and the Uselessness of Blockchain
- 2022 Workshop on Economics and Information Security (WEIS)
- When Security Locks You Out of Everything
- Ecuador’s Attempt to Resettle Edward Snowden
- ZuoRAT Malware Is Targeting Routers
- Analyzing the Swiss E-Voting System
- NIST Announces First Four Quantum-Resistant Cryptographic Algorithms
- Ubiquitous Surveillance by ICE
- Apple’s Lockdown Mode
- Nigerian Prison Break
- Security Vulnerabilities in Honda’s Keyless Entry System
- Post-Roe Privacy
- New Browser De-anonymization Technique
- Upcoming Speaking Engagements
June 15, 2022
In this issue:
- The NSA Says that There are No Known Flaws in NIST’s Quantum-Resistant Algorithms
- Attacks on Managed Service Providers Expected to Increase
- iPhone Malware that Operates Even When the Phone Is Turned Off
- Websites that Collect Your Data as You Type
- Bluetooth Flaw Allows Remote Unlocking of Digital Locks
- The Onion on Google Map Surveillance
- Forging Australian Driver’s Licenses
- The Justice Department Will No Longer Charge Security Researchers with Criminal Hacking
- Manipulating Machine-Learning Systems through the Order of the Training Data
- Malware-Infested Smart Card Reader
- Security and Human Behavior (SHB) 2022
- The Limits of Cyber Operations in Wartime
- Clever — and Exploitable — Windows Zero-Day
- Remotely Controlling Touchscreens
- Me on Public-Interest Tech
- Long Story on the Accused CIA Vault 7 Leaker
- Leaking Military Secrets on Gaming Discussion Boards
- Smartphones and Civilians in Wartime
- Twitter Used Two-Factor Login Details for Ad Targeting
- Cryptanalysis of ENCSecurity’s Encryption Implementation
- Hacking Tesla’s Remote Key Cards
- Upcoming Speaking Engagements
May 15, 2022
In this issue:
- Undetectable Backdoors in Machine-Learning Models
- Clever Cryptocurrency Theft
- Long Article on NSO Group
- Java Cryptography Implementation Mistake Allows Digital-Signature Forgeries
- SMS Phishing Attacks are on the Rise
- Zero-Day Vulnerabilities Are on the Rise
- Microsoft Issues Report of Russian Cyberattacks against Ukraine
- Video Conferencing Apps Sometimes Ignore the Mute Button
- Using Pupil Reflection in Smartphone Camera Selfies
- New Sophisticated Malware
- 15.3 Million Request-Per-Second DDoS Attack
- Corporate Involvement in International Cybersecurity Treaties
- Apple Mail Now Blocks Email Trackers
- ICE Is a Domestic Surveillance Agency
- Surveillance by Driverless Car
- Upcoming Speaking Engagements
April 15, 2022
In this issue:
- US Critical Infrastructure Companies Will Have to Report When They Are Hacked
- Breaking RSA through Insufficiently Random Primes
- “Change Password”
- Why Vaccine Cards Are So Easily Forged
- Developer Sabotages Open-Source Software Package
- White House Warns of Possible Russian Cyberattacks
- NASA’s Insider Threat Program
- Linux Improves Its Random Number Generator
- Gus Simmons’s Memoir
- A Detailed Look at the Conti Ransomware Gang
- Stalking with an Apple Watch
- Chrome Zero-Day from North Korea
- Bypassing Two-Factor Authentication
- Wyze Camera Vulnerability
- Hackers Using Fake Police Data Requests against Tech Companies
- Cyberweapons Arms Manufacturer FinFisher Shuts Down
- US Disrupts Russian Botnet
- AirTags Are Used for Stalking Far More than Previously Reported
- De-anonymizing Bitcoin
- John Oliver on Data Brokers
- Russian Cyberattack against Ukrainian Power Grid Prevented
- Industrial Control System Malware Discovered
- Upcoming Speaking Engagements
March 15, 2022
In this issue:
- Secret CIA Data Collection Program
- Vendors are Fixing Security Flaws Faster
- Possible Government Surveillance of the Otter.ai Transcription App
- Stealing Bicycles by Swapping QR Codes
- A New Cybersecurity “Social Contract”
- Bypassing Apple’s AirTag Security
- An Elaborate Employment Con in the Internet Age
- Privacy Violating COVID Tests
- Insurance Coverage for NotPetya Losses
- Decrypting Hive Ransomware Data
- Vulnerability in Stalkerware Apps
- Details of an NSA Hacking Operation
- Samsung Encryption Flaw
- Hacking Alexa through Alexa’s Speech
- Using Radar to Read Body Language
- Fraud on Zelle
- Where’s the Russia-Ukraine Cyberwar?
- Leak of Russian Censorship Data
- Upcoming Speaking Events
February 15, 2022
In this issue:
- An Examination of the Bug Bounty Marketplace
- UK Government to Launch PR Campaign Undermining End-to-End Encryption
- Are Fake COVID Testing Sites Harvesting Data?
- San Francisco Police Illegally Spying on Protesters
- China’s Olympics App Is Horribly Insecure
- Linux-Targeted Malware Increased by 35%
- Merck Wins Insurance Lawsuit re NotPetya Attack
- New DeadBolt Ransomware Targets NAS Devices
- Tracking Secret German Organizations with Apple AirTags
- Twelve-Year-Old Linux Vulnerability Discovered and Patched
- Me on App Store Monopolies and Security
- Finding Vulnerabilities in Open Source Projects
- Interview with the Head of the NSA’s Research Directorate
- The EARN IT Act Is Back
- Amy Zegart on Spycraft in the Internet Age
- Breaking 256-bit Elliptic Curve Encryption with a Quantum Computer
- Bunnie Huang’s Plausibly Deniable Database
- On the Irish Health Services Executive Hack
- Upcoming Speaking Engagements
January 15, 2022
In this issue:
- More Log4j News
- More on NSO Group and Cytrox: Two Cyberweapons Arms Manufacturers
- Stolen Bitcoins Returned
- Apple AirTags Are Being Used to Track People and Cars
- More Russian Cyber Operations against Ukraine
- People Are Increasingly Choosing Private Web Search
- Norton’s Antivirus Product Now Includes an Ethereum Miner
- Fake QR Codes on Parking Meters
- Apple’s Private Relay Is Being Blocked
- Faking an iPhone Reboot
- Using Foreign Nationals to Bypass US Surveillance Restrictions
- Using EM Waves to Detect Malware
- Upcoming Speaking Engagements
Sidebar photo of Bruce Schneier by Joe MacInnis.