Articles By This Author

solarwinds
Featured Government Nation-state Technology

Researchers Find Links Between SolarWinds Campaign and Tools Used by Russian Hackers

Federal investigators still can’t say with certainty who was behind the recent hacking campaign that compromised countless government agencies and private companies. But cybersecurity researchers say they’ve found evidence linking tools used in the months-long espionage campaign to malware used by Russian cyber operators….

U.S. Capitol
Cybercrime Featured Government Nation-state People

Sen. Warner Says U.S. ‘Underestimate[s] and Underreport[s]’ on Russian Hacks Following SolarWinds Breach

A Senate Democrat who has been a top backer of cybersecurity and intelligence policies accused the Trump administration of “watering down” Russia’s responsibility for the SolarWinds breach and warned that the hackers had compromised several high-profile victims that remain unidentified. Mark Warner, who as Vice-chair of the Senate Intelligence Committee spearheaded a five-volume report on the 2016 Russian election interference campaign, called that statement “one more outrageous effort to underestimate and underreport on Russian activity…”

Magnifying lens
Cybercrime Featured Government Nation-state

The SolarWinds Hack and the Perils of Attribution

On Tuesday, a multi-agency task force stood up by the U.S. National Security Council to investigate and respond to the SolarWinds compromise issued a statement alleging that hackers “likely Russian in origin” were behind the intrusion, offering the first official indication that the government believes the attacks were ordered by the Kremlin. But nearly a month after the compromise was first detected, none of the private security companies that are leading the investigation into the intrusions—and often provide the forensic data necessary to identify the perpetrators behind state-sponsored cyber-campaigns—have pinned the blame on a specific group….

iphone hacker
Featured Government Nation-state Technology

Spyware Attack Targeting Dozens of Journalists Used Pernicious Zero-Click Exploit, Researchers Say

The mobile phones of dozens of employees at news outlet Al Jazeera were hacked using a stealthy ‘zero-click’ exploit developed by NSO Group, a heavily scrutinized Israeli commercial spyware vendor, according to a new report by researchers at Citizen Lab. The security research group associated with the University of Toronto said that the 36 journalists identified in their report likely represent a “minuscule fraction” of the total victims of the company’s spyware given the size of NSO Group’s customer base and the reach of the vulnerability, which affects iPhones prior to the iOS 14 update that was released this fall and included several security enhancements….

A state capitol
Featured Government

Why Email Is Still an Election Day Disinformation Risk

As Election Day looms, federal officials, private companies, and information security experts are urging voters to be on guard for misleading information, especially from sites like Facebook, YouTube, and Twitter, where viral information can whipsaw across the country in the blink of an eye. But one disinformation vector may be hiding in plain sight: email….

Jack Rhysider
Featured People

A Conversation With Jack Rhysider About How He Started His Hit Hacking Podcast Darknet Diaries—and What It Has Taught Him About Infosec

“On a weekly basis, I get some CEO messaging me saying that they would love to be on the show. My first question is always, ‘Have you ever been hacked? And are you willing to talk about that?’ Because that’s the story I want. I want a first-hand experience of the worst day of your life on the job…”

Vastaamofi in Finland was hit by a ransomware attack
Cybercrime Featured

Hacker Directly Targets Patients Following a Data Breach at a Finnish Mental Health Provider

A data breach involving a mental health provider in Finland has devolved into a horrifying extortion scheme that includes the abuse of hypersensitive medical data. “It’s an indescribable feeling when you know that someone has information of your traumas and is willing to use it against you,” said one patient who received a ransom email over the weekend and asked not to be named given the sensitivity of the information involved. “I feel like I have once again taken a step back in my treatment. It hurts to know that my journey to better health might take even longer now.”

The Department of Justice unsealed a series of cybersecurity indictments.
Featured Government

Flurry of Indictments Signal a New U.S. Strategy for Combating Foreign Hackers

The federal government isn’t always known for its speed in the cybersecurity realm. But last week it moved at a breakneck pace to pull back the curtain on foreign cyberthreats. In a series of enforcement actions, the Department of Justice unsealed seven federal indictments charging 16 foreign nationals from China, Russia, Iran, and Malaysia with hacking-related crimes…