In a famous scene from the 1992 movie Sneakers, a hacker classic, the main characters park a surveillance van across the street from their target's office and point a telephoto lens through his window—only to find that their view of his computer keyboard is blocked by the surprise entrance of …
Read More »Tricky Web Timing Attacks Are Getting Easier to Use—and Abuse
Researchers have long known that they can glean hidden information about the inner workings of a website by measuring the amount of time different requests take to be fulfilled and extrapolating information—and potential weaknesses—from slight variations. Such “web timing attacks” have been described for years, but they would often be …
Read More »USPS Text Scammers Duped His Wife, So He Hacked Their Operation
The flood of text messages started arriving early this year. They carried a similar thrust: The United States Postal Service is trying to deliver a parcel but needs more details, including your credit card number. All the messages pointed to websites where the information could be entered. Like thousands of …
Read More »Computer Crash Reports Are an Untapped Hacker Gold Mine
When a bad software update from the security firm CrowdStrike inadvertently caused digital chaos around the world last month, the first signs were Windows computers showing the Blue Screen of Death. As websites and services went down and people scrambled to understand what was happening, conflicting and inaccurate information was …
Read More »A Flaw in Windows Update Opens the Door to Zombie Exploits
New research being presented at the Black Hat security conference in Las Vegas today shows that a vulnerability in Windows Update could be exploited to downgrade Windows to older versions, exposing a slew of historical vulnerabilities that then can be exploited to gain full control of a system. Microsoft says …
Read More »A New Plan to Break the Cycle of Destructive Critical Infrastructure Hacks
An endless parade of data breaches, brutally disruptive ransomware attacks, and crippling IT outages has somehow become the norm around the world. And in spite of escalating impacts to critical infrastructure and daily life, progress has been intermittent and often fleeting. Something's gotta give—and at the BSides Las Vegas security …
Read More »How Project 2025 Would Put US Elections at Risk
The winner of the 2024 US presidential election will confront complicated questions about whether the government is doing enough to protect the country from cyber threats. But one leading conservative group is sidestepping those questions and pushing to shrink the government’s main cyber agency, calling it a bastion of far-left …
Read More »US Hands Over Russian Cybercriminals in WSJ Reporter Prisoner Swap
If it seems like there’s suddenly a whole lot more data breaches, you may be right. Part of this apparent spike is thanks to the growing popularity of infostealer malware. These types of malicious software are increasingly being used by cybercriminals to scoop up as many login credentials and other …
Read More »A $500 Open Source Tool Lets Anyone Hack Computer Chips With Lasers
In modern microchips, where some transistors have been shrunk to less than a 10th of the size of a Covid-19 virus, it doesn't take much to mess with the minuscule electrical charges that serve as the 0s and 1s underpinning all computing. A few photons from a stray beam of …
Read More »How Infostealers Pillaged the World’s Passwords
For the past two months, cybercriminals have advertised for sale hundreds of millions of customer records from major companies like Ticketmaster, Santander Bank, and AT&T. And while massive data breaches have been a fact of life for more than a decade now, these recent examples are significant, because they are …
Read More »