Hack-attacks with stolen certs tell you the future of FBI vs Apple

Since 2014, Suckfly, a hacker group apparently based in Chengdu, China, has used at least 9 signing certs to make their malware indistinguishable from official updates from the vendor. Read the rest

Head of NSA's hacker squad explains how to armor networks against the likes of him

Rob Joyce runs the NSA's Tailored Access Operations group, the spies who figure out how to hack systems, publishing a spook's version of the Skymall catalog, filled with software and hardware that other spies can order for use. Read the rest

How the market for zero-day vulnerabilities works

Zero-days -- bugs that are unknown to both vendors and users -- are often weaponized by governments, criminals, and private arms dealers who sell to the highest bidders. The market for zero-days means that newly discovered bugs are liable to go unpatched until they are used in a high-profile cyberattack or independently discovered by researchers who'd rather keep their neighbors safe than make a profit. Read the rest

Spear phishers with suspected ties to Russian government spoof fake EFF domain, attack White House

The spear-phishing attempt appears to be part of "Pawn Storm," a massive attack that's been underway across the net for more than a month, and involved a rare zero-day (previously unknown) Java exploit. Read the rest

Elaborate spear-phishing attempt against global Iranian and free speech activists, including an EFF staffer

Citizenlab details an "elaborate phishing campaign" against Iranian expats and activists, combining phone-calls from fake Reuters reporters, mostly convincing Google Docs login-screens, and a sophisticated attempt to do a "real-time man-in-the-middle attack" against Google's two-factor authentication. Read the rest

EFF announces the 2015 Pioneer Award winners

Caspar Bowden, Citizen Lab, Anriette Esterhuysen and the Association for Progressive Communications, and Kathy Sierra will be awarded the EFF's prestigious prize recognizing the leaders who are extending freedom and innovation on the electronic frontier. Read the rest

US Government Office of Personnel Management has a second, much worse breach

The second attack is being blamed on Chinese state actors, and it netted the archives of Standard Form 86, which records applicants' mental illnesses, drug and alcohol use, past arrests and bankruptcies and lists of contacts and relatives. Read the rest

Cyberwar's hidden victims: NGOs

A new report from the storied Citizen Lab at the University of Toronto documents the advanced, persistent threats levied against civil society groups and NGOs -- threats that rival those facing any government or Fortune 100 company, but whose targets are much less well-equipped to defend themselves. Read the rest