The internet is breaking. Here's how to save it.

Written by Dan Kaminsky Oct 3, 2016 | CYBERSCOOP We could lose this internet. Or we could save it. I prefer the latter. And speaking to you as somewhat of an outsider - a hacker for decades, based in San Francisco - I need your help.


Apple ransomware leak corroborates 2021 MacBook Pro features: HDMI, MagSafe, SD card slot - 9to5Mac

A hacker group called REvil is currently in the process of blackmailing Apple supplier Quanta for about $50 million. The group claims to have thousands of leaked files that include information about upcoming Apple products. 9to5Mac has had a look at some of the files already released.


Court clears 39 post office operators convicted due to 'corrupt data'

Dozens of former post office workers have had their convictions for theft, fraud and false accounting quashed by the court of appeal after judges ruled the convictions were due to "corrupt data" from the Post Office's IT system.

the Guardian

We Hack Purple

Application Security Training, for IT Professionals Learn how to create secure software, from industry experts. Our online courses teach application security theory and hands-on technical lessons. Whether you are a CISO that needs to get a better picture of your application security posture, a software developer that is concerned about creating secure software, or a person who wants to become an AppSec professional, we have something for you.


How I hacked Clubhouse (and made it safer for all) - Bug Bounties & VDPs

How I hacked Clubhouse (and made it safer for all) w/ Katie Moussouris - Technical details & cat videos:


Federal court approved FBI's continued use of warrantless surveillance power despite repeated violations of privacy rules

A secretive federal court approved the FBI's use of a powerful warrantless surveillance authority in November despite finding that the bureau had repeatedly violated rules meant to protect Americans' privacy. Between mid-2019 and early 2020, FBI personnel conducted queries of data troves containing Americans' emails and other communications, seeking information without proper justification, according to a redacted ruling by the Foreign Intelligence Surveillance Court made public Monday.

Washington Post

Ransomware gang wants to short the stock price of their victims | The Record by Recorded Future

The operators of the Darkside ransomware are expanding their extortion tactics with a new technique aimed at companies that are listed on NASDAQ or other stock markets. In a message posted on their dark web portal, the Darkside crew said it is willing to notify crooked market traders in advance so they can short a company's stock price before they list its name on their website as a victim.

The Record by Recorded Future

Ghostwriter Update: Cyber Espionage Group UNC1151 Likely Conducts Ghostwriter Influence Activity

In July 2020, Mandiant Threat Intelligence released a public report detailing an ongoing influence campaign we named "Ghostwriter." Ghostwriter is a cyber-enabled influence campaign which primarily targets audiences in Lithuania, Latvia and Poland and promotes narratives critical of the North Atlantic Treaty Organization's (NATO) presence in Eastern Europe.


Cloud security tops among list of skills needed to pursue cyber career

Current and aspiring cybersecurity professionals named cloud security, data analysis and coding/programming as the top three most important skills to possess if you're looking to join the cyber workforce today. Those findings came from a new survey-based research report from the International Information System Security Certification Consortium, or (ISC)².

SC Media

Check Your Pulse: Suspected APT Actors Leverage Authentication Bypass Techniques and Pulse Secure Zero-Day

Executive Summary Mandiant recently responded to multiple security incidents involving compromises of Pulse Secure VPN appliances. This blog post examines multiple, related techniques for bypassing single and multifactor authentication on Pulse Secure VPN devices, persisting across upgrades, and maintaining access through webshells.