An iOS zero-click radio proximity exploit odyssey

NOTE: This specific issue was fixed before the launch of Privacy-Preserving Contact Tracing in iOS 13.5 in May 2020. For 6 months of 2020, while locked down in the corner of my bedroom surrounded by my lovely, screaming children, I've been working on a magic spell of my own.

Googleprojectzero

Rumor Control | CISA

Mis- and Disinformation can undermine public confidence in the electoral process, as well as in our democracy. This video is also available directly on YouTube. This webpage is for people with questions about the security of their vote and preemptively debunks potential areas for disinformation.

Cisa

How an ICE Contractor Tracks Phones Around the World

Do you work at Venntel, Babel Street, or other company providing location data to the government? Did you used to? Do you know anything else about the sale of location data? We'd love to hear from you.

Vice

Marine Officer: Let Troops Take LSD Before Analyzing Intel

LSD is already an (unofficial) staple of the U.S. military's nuclear enterprise; now it's time to bring mind-expanding substances to the wide world of intelligence, a Marine Corps officer has argued. Writing in the February 2019 edition of the Marine Corps Gazette, Maj.

Task & Purpose

Why the Biden administration needs a National Cyber Director more than ever

As the Biden-Harris administration thinks about cyber appointments and cyber strategy for the first 100 days of the administration, appointing a National Cyber Director role requiring Senate confirmation is critical.

CyberScoop

US alert urges think tanks to be on guard for foreign hacking activity

Written by Shannon Vavra Dec 2, 2020 | CYBERSCOOP Think tanks should be on high alert for nation-state hacking attempts in the coming days, the FBI and Department of Homeland Security warned in a joint report issued Tuesday.

CyberScoop

Amazon to roll out tools to monitor factory workers and machines

Amazon is rolling out cheap new tools that will allow factories everywhere to monitor their workers and machines, as the tech giant looks to boost its presence in the industrial sector. Launched by Amazon's cloud arm AWS, the new machine learning-based services include hardware to monitor the health of heavy machinery, and computer vision capable of detecting whether workers are complying with social distancing.

Ft

Business Case for GRC Solution Implementation - Frank McGovern

In November 2019, I wrote a story on Twitter focused on the business case analysis I performed around implementing a Governance, Risk, and Compliance (GRC) product while in my previous role. (Thread Reader Link). The story received positive feedback and several people asked me to expand on some of the details and outline it in ...

Frank McGovern

Threat actor leverages coin miner techniques to stay under the radar - here's how to spot them - Microsoft Security

BISMUTH, which has been running increasingly complex cyberespionage attacks as early as 2012, deployed Monero coin miners in campaigns from July to August 2020. The group's use of coin miners was unexpected, but it was consistent with their longtime methods of blending in.

Microsoft Security

A hacker is selling access to the email accounts of hundreds of C-level executives | ZDNet

A threat actor is currently selling passwords for the email accounts of hundreds of C-level executives at companies across the world. The data is being sold on a closed-access underground forum for Russian-speaking hackers named Exploit.in, ZDNet has learned this week.

ZDNet

Baltimore County Public Schools Closed Due to Ransomware Attack

Schools in the Baltimore County Public Schools (BCPS) system are closed Nov. 30 and Dec. 1 as officials investigate and remediate a ransomware attack that hit its network systems the day before Thanksgiving, pausing classes for some 115,000 students attending school online due to the pandemic.

Dark Reading

Watch This Google Hacker Pwn 26 iPhones With a 'WiFi Broadcast Packet of Death'

Do you research and develop exploits for iPhones, Android phones, or other software? We'd love to hear from you. Using a non-work phone or computer, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, on Wickr at lorenzofb, OTR chat at lorenzofb@jabber.ccc.de, or email lorenzofb@vice.com .

Vice