Wired security reporter Andy Greenberg's latest book is Sandworm (previously), a true-life technothriller that tells the stories of the cybersecurity experts who analyzed and attributed as series of ghastly cyberwar attacks that brought down parts of the Ukrainian power grid, and then escaped the attackers' control and spread all over the world. Read the rest

Wired has published another long excerpt from Sandworm, reporter Andy Greenberg's (previously) forthcoming book on the advanced Russian hacking team who took the US-Israeli Stuxnet program to the next level, attacking Ukrainian power infrastructure, literally blowing up key components of the country's power grid by attacking the embedded code in their microcontrollers. Read the rest

Citizen Lab (previously) is one of the world's top research institutions documenting cyber-attacks against citizen groups, human rights activists, journalists and others; ten years ago, they made their reputation by breaking a giant story about "Ghostnet," malicious software that the Chinese state used to convert the computers of the world's Tibetan embassies into spying devices. Read the rest

The security firm Cybereason says that it has identified a likely state-sponsored attack on ten global mobile phone networks that they have attributed to "the Chinese-affiliated threat actor APT10," which has been "underway for years." Read the rest

At Defcon, Tencent's Wu HuiYu and Qian Wenxiang presented Breaking Smart Speakers: We are Listening to You, detailing their work in successfully exploiting an Amazon Alexa speaker, albeit in a very difficult-to-achieve fashion. Read the rest

VPNFilter is a virulent, sophisticated, multistage worm that has successfully infected 500,000 home routers, leaving them vulnerable to both surveillance (the malware snoops network traffic for passwords) and region-wide internet shutdowns (VPNFilter can brick the routers it infects, and an attacker could shut down most or all of the home/small business internet access in a region by triggering this). Read the rest

VPNFilter is a sophisticated, multi-stage malware package, part of the new breed of boot-persistent malware (software that can survive a reboot); it targets home routers and network-attached storage devices, then steals passwords and logins that traverse the network and exfiltrates it to the creators' servers. Read the rest

A group of researchers have published a paper and associated website describing a clever attack on encrypted email that potentially allows an attacker to read encrypted emails sent in the past as well as current and future emails; EFF has recommended switching off PGP-based email encryption for now, to prevent attackers from tricking your email client into decrypting old emails and sending them to adversaries. Read the rest

A pair of researchers have written an eye-opening editorial and call to action on the ways that repressive states have used the internet to attack dissidents, human rights advocates and political oppositions -- and how the information security community and tech companies have left these people vulnerable. Read the rest

Dutch left-leaning daily de Volkskrant has published a remarkable -- but thinly sourced -- report claiming that a Dutch spy agency called the General Intelligence and Security Service of the Netherlands (AIVD) hacked into the network of a notorious Russian spy group called "Cozy Bear" or APT29, thought to be an arm of the Russian spy apparatus, and obtained direct evidence of Russian state involvement in the hacking of the DNC during the 2016 US election campaign. Read the rest

Five years ago, Benjamin Delpy was working for an unspecified French government agency and teaching himself to program in C, and had discovered a vital flaw in the way that Windows protected its users' passwords. Read the rest

Respected security researcher Dan Wallach from Rice University has published a short (18 page) guide to securing small organizations against three kinds of cyberattack: Untargeted, ​remote ​(spammers, ​phishers, ​ransomware ​griefers, ​etc.); Targeted, ​remote ​(spear ​phishers); and Targeted, ​in ​person ​(immigration ​agents, ​police, ​criminal ​trespass). Read the rest

Kaspersky -- a respected Russia-based security company -- has been under a cloud since they were accused of stealing NSA cyberweapons on behalf of the Russian government. But the company has a perfectly innocent -- if complicated and at times bizarre explanation for how it came to be in possession of the NSA's crown jewels. Read the rest

A leaked recording of Facebook security chief Alex Stamos (who refused to help with an illegal NSA spying program when he was CSO for Yahoo) has him describing the company's IT culture as being "like a college campus, almost" while the company has the "threat profile of a Northrop Grumman or a Raytheon or another defense contractor." Read the rest

This month, University of Washington researchers will present Exploring ADINT: Using Ad Targeting for Surveillance on a Budget — or — How Alice Can Buy Ads to Track Bob at the Workshop on Privacy in the Electronic Society in Dallas; the paper details a novel way that stalkers and other low-level criminals can accomplish state-grade surveillance on the cheap with targeted ad-purchases. Read the rest

Rule #1 of hacking is "attribution is hard" (other contenders: "don't be on fire," "don't get involved in a land-war in Asia" or "there is no security in obscurity"), which is to say, it's really hard to say who hacked you, in part because it's really easy for hackers to make it look like someone else did the deed. Read the rest

Equifax sources say that the massive breach of 140,000,000 Americans' personal information was the result of state-sponsored hackers, likely from China, but attribution is hard and inexact. Read the rest