Recent Issues

January 15, 2023

In this issue:

  1. A Security Vulnerability in the KmsdBot Botnet
  2. Apple Patches iPhone Zero-Day
  3. As Long as We’re on the Subject of CAPTCHAs
  4. How to Surrender to a Drone
  5. Trojaned Windows Installer Targets Ukraine
  6. Ukraine Intercepting Russian Soldiers’ Cell Phone Calls
  7. Critical Microsoft Code-Execution Vulnerability
  8. Hacking the JFK Airport Taxi Dispatch System
  9. LastPass Breach
  10. Arresting IT Administrators
  11. QR Code Scam
  12. Recovering Smartphone Voice from the Accelerometer
  13. Breaking RSA with a Quantum Computer
  14. Decarbonizing Cryptocurrencies through Taxation
  15. Remote Vulnerabilities in Automobiles
  16. Schneier on Security Audiobook Sale
  17. Identifying People Using Cell Phone Location Data
  18. ChatGPT-Written Malware
  19. Experian Privacy Vulnerability
  20. Threats of Machine-Generated Text
  21. Booklist Review of A Hacker’s Mind
  22. Upcoming Speaking Engagements
Read This Issue →

December 15, 2022

In this issue:

  1. Another Event-Related Spyware App
  2. Russian Software Company Pretending to Be American
  3. Failures in Twitter’s Two-Factor Authentication System
  4. Successful Hack of Time-Triggered Ethernet
  5. First Review of A Hacker’s Mind
  6. Breaking the Zeppelin Ransomware Encryption Scheme
  7. Apple’s Device Analytics Can Identify iCloud Users
  8. The US Has a Shortage of Bomb-Sniffing Dogs
  9. Computer Repair Technicians Are Stealing Your Data
  10. Charles V of Spain Secret Code Cracked
  11. Facebook Fined $276M under GDPR
  12. Sirius XM Software Vulnerability
  13. LastPass Security Breach
  14. Existential Risk and the Fermi Paradox
  15. CAPTCHA
  16. CryWiper Data Wiper Targeting Russian Sites
  17. The Decoupling Principle
  18. Leaked Signing Keys Are Being Used to Sign Malware
  19. Security Vulnerabilities in Eufy Cameras
  20. Hacking Trespass Law
  21. Apple Is Finally Encrypting iCloud Backups
  22. Obligatory ChatGPT Post
  23. Hacking Boston’s CharlieCard
  24. Recreating Democracy
Read This Issue →

November 15, 2022

In this issue:

  1. New Book: A Hacker’s Mind
  2. Hacking Automobile Keyless Entry Systems
  3. Qatar Spyware
  4. Museum Security
  5. Interview with Signal’s New President
  6. Adversarial ML Attack that Secretly Gives a Language Model a Point of View
  7. On the Randomness of Automatic Card Shufflers
  8. Australia Increases Fines for Massive Data Breaches
  9. Critical Vulnerability in Open SSL
  10. Apple Only Commits to Patching Latest OS Version
  11. Iran’s Digital Surveillance Tools Leaked
  12. NSA on Supply Chain Security
  13. The Conviction of Uber’s Chief Security Officer
  14. Using Wi-FI to See through Walls
  15. Defeating Phishing-Resistant Multifactor Authentication
  16. An Untrustworthy TLS Certificate in Browsers
  17. NSA Over-surveillance
  18. A Digital Red Cross
  19. Upcoming Speaking Engagements
Read This Issue →

October 15, 2022

In this issue:

  1. Relay Attack against Teslas
  2. Massive Data Breach at Uber
  3. Large-Scale Collection of Cell Phone Data at US Borders
  4. Credit Card Fraud That Bypasses 2FA
  5. Automatic Cheating Detection in Human Racing
  6. Prompt Injection/Extraction Attacks against AI Systems
  7. Leaking Screen Information on Zoom Calls through Reflections in Eyeglasses
  8. Leaking Passwords through the Spellchecker
  9. New Report on IoT Security
  10. Cold War Bugging of Soviet Facilities
  11. Differences in App Security/Privacy Based on Country
  12. Security Vulnerabilities in Covert CIA Websites
  13. Detecting Deepfake Audio by Modeling the Human Acoustic Tract
  14. NSA Employee Charged with Espionage
  15. October Is Cybersecurity Awareness Month
  16. Spyware Maker Intellexa Sued by Journalist
  17. Complex Impersonation Story
  18. Inserting a Backdoor into a Machine-Learning System
  19. Recovering Passwords by Measuring Residual Heat
  20. Digital License Plates
  21. Regulating DAOs
  22. Upcoming Speaking Engagements
Read This Issue →

September 15, 2022

In this issue:

  1. $23 Million YouTube Royalties Scam
  2. Remotely Controlling Touchscreens
  3. Zoom Exploit on MacOS
  4. USB “Rubber Ducky” Attack Tool
  5. Hyundai Uses Example Keys for Encryption System
  6. Signal Phone Numbers Exposed in Twilio Hack
  7. Mudge Files Whistleblower Complaint against Twitter
  8. Man-in-the-Middle Phishing Attack
  9. Security and Cheap Complexity
  10. Levels of Assurance for DoD Microelectronics
  11. FTC Sues Data Broker
  12. High-School Graduation Prank Hack
  13. Clever Phishing Scam Uses Legitimate PayPal Messages
  14. Montenegro Is the Victim of a Cyberattack
  15. The LockBit Ransomware Gang Is Surprisingly Professional
  16. Facebook Has No Idea What Data It Has
  17. Responsible Disclosure for Cryptocurrency Security
  18. New Linux Cryptomining Malware
  19. FBI Seizes Stolen Cryptocurrencies
  20. Weird Fallout from Peiter Zatko’s Twitter Whistleblowing
  21. Upcoming Speaking Engagements
Read This Issue →

August 15, 2022

In this issue:

  1. San Francisco Police Want Real-Time Access to Private Surveillance Cameras
  2. Facebook Is Now Encrypting Links to Prevent URL Stripping
  3. NSO Group’s Pegasus Spyware Used against Thailand Pro-Democracy Activists and Leaders
  4. Russia Creates Malware False-Flag App
  5. Critical Vulnerabilities in GPS Trackers
  6. Apple’s Lockdown Mode
  7. Securing Open-Source Software
  8. New UEFI Rootkit
  9. Microsoft Zero-Days Sold and Then Used
  10. Ring Gives Videos to Police without a Warrant or User Consent
  11. Surveillance of Your Car
  12. Drone Deliveries into Prisons
  13. SIKE Broken
  14. NIST’s Post-Quantum Cryptography Standards
  15. Hacking Starlink
  16. A Taxonomy of Access Control
  17. Twitter Exposes Personal Information for 5.4 Million Accounts
  18. Upcoming Speaking Engagements
Read This Issue →

July 15, 2022

In this issue:

  1. M1 Chip Vulnerability
  2. Attacking the Performance of Machine Learning Systems
  3. Tracking People via Bluetooth on Their Phones
  4. Hertzbleed: A New Side-Channel Attack
  5. Hidden Anti-Cryptography Provisions in Internet Anti-Trust Bills
  6. Symbiote Backdoor in Linux
  7. On the Subversion of NIST by the NSA
  8. On the Dangers of Cryptocurrencies and the Uselessness of Blockchain
  9. 2022 Workshop on Economics and Information Security (WEIS)
  10. When Security Locks You Out of Everything
  11. Ecuador’s Attempt to Resettle Edward Snowden
  12. ZuoRAT Malware Is Targeting Routers
  13. Analyzing the Swiss E-Voting System
  14. NIST Announces First Four Quantum-Resistant Cryptographic Algorithms
  15. Ubiquitous Surveillance by ICE
  16. Apple’s Lockdown Mode
  17. Nigerian Prison Break
  18. Security Vulnerabilities in Honda’s Keyless Entry System
  19. Post-Roe Privacy
  20. New Browser De-anonymization Technique
  21. Upcoming Speaking Engagements
Read This Issue →

June 15, 2022

In this issue:

  1. The NSA Says that There are No Known Flaws in NIST’s Quantum-Resistant Algorithms
  2. Attacks on Managed Service Providers Expected to Increase
  3. iPhone Malware that Operates Even When the Phone Is Turned Off
  4. Websites that Collect Your Data as You Type
  5. Bluetooth Flaw Allows Remote Unlocking of Digital Locks
  6. The Onion on Google Map Surveillance
  7. Forging Australian Driver’s Licenses
  8. The Justice Department Will No Longer Charge Security Researchers with Criminal Hacking
  9. Manipulating Machine-Learning Systems through the Order of the Training Data
  10. Malware-Infested Smart Card Reader
  11. Security and Human Behavior (SHB) 2022
  12. The Limits of Cyber Operations in Wartime
  13. Clever — and Exploitable — Windows Zero-Day
  14. Remotely Controlling Touchscreens
  15. Me on Public-Interest Tech
  16. Long Story on the Accused CIA Vault 7 Leaker
  17. Leaking Military Secrets on Gaming Discussion Boards
  18. Smartphones and Civilians in Wartime
  19. Twitter Used Two-Factor Login Details for Ad Targeting
  20. Cryptanalysis of ENCSecurity’s Encryption Implementation
  21. Hacking Tesla’s Remote Key Cards
  22. Upcoming Speaking Engagements
Read This Issue →

May 15, 2022

In this issue:

  1. Undetectable Backdoors in Machine-Learning Models
  2. Clever Cryptocurrency Theft
  3. Long Article on NSO Group
  4. Java Cryptography Implementation Mistake Allows Digital-Signature Forgeries
  5. SMS Phishing Attacks are on the Rise
  6. Zero-Day Vulnerabilities Are on the Rise
  7. Microsoft Issues Report of Russian Cyberattacks against Ukraine
  8. Video Conferencing Apps Sometimes Ignore the Mute Button
  9. Using Pupil Reflection in Smartphone Camera Selfies
  10. New Sophisticated Malware
  11. 15.3 Million Request-Per-Second DDoS Attack
  12. Corporate Involvement in International Cybersecurity Treaties
  13. Apple Mail Now Blocks Email Trackers
  14. ICE Is a Domestic Surveillance Agency
  15. Surveillance by Driverless Car
  16. Upcoming Speaking Engagements
Read This Issue →

April 15, 2022

In this issue:

  1. US Critical Infrastructure Companies Will Have to Report When They Are Hacked
  2. Breaking RSA through Insufficiently Random Primes
  3. “Change Password”
  4. Why Vaccine Cards Are So Easily Forged
  5. Developer Sabotages Open-Source Software Package
  6. White House Warns of Possible Russian Cyberattacks
  7. NASA’s Insider Threat Program
  8. Linux Improves Its Random Number Generator
  9. Gus Simmons’s Memoir
  10. A Detailed Look at the Conti Ransomware Gang
  11. Stalking with an Apple Watch
  12. Chrome Zero-Day from North Korea
  13. Bypassing Two-Factor Authentication
  14. Wyze Camera Vulnerability
  15. Hackers Using Fake Police Data Requests against Tech Companies
  16. Cyberweapons Arms Manufacturer FinFisher Shuts Down
  17. US Disrupts Russian Botnet
  18. AirTags Are Used for Stalking Far More than Previously Reported
  19. De-anonymizing Bitcoin
  20. John Oliver on Data Brokers
  21. Russian Cyberattack against Ukrainian Power Grid Prevented
  22. Industrial Control System Malware Discovered
  23. Upcoming Speaking Engagements
Read This Issue →
← Earlier NewsletterLater Newsletter →

Sidebar photo of Bruce Schneier by Joe MacInnis.