Once again, a stalkerware company's had its servers pwned and wiped by a hacker who thinks they're selling an immoral product

It's been less than a year since a public-spirited hacker broke into the servers of Florida stalkerware vendor Retina-X, wiping out all the photos and data the company's customers had stolen from other peoples' phones (including their kids' phones) by installing the spying apps Phonesheriff on them. Read the rest

Dissidents are getting destroyed by information attacks and tech isn't doing enough to help

A pair of researchers from Toronto's storied Citizen Lab (previously) have written an eye-opening editorial and call to action on the ways that repressive states have used the internet to attack dissidents, human rights advocates and political oppositions -- and how the information security community and tech companies have left these people vulnerable. Read the rest

Cryptojacking malware discovered running on critical infrastructure control systems

Radiflow reports that they discovered cryptojacking software -- malware that mines cryptocurrency -- running in the monitoring and control network of an unnamed European water utility, the first such discovery, and a point of serious concern about the security and integrity of critical infrastructure to both targeted and untargeted attacks. Read the rest

IBM Security survey finds users value "security" over "convenience"

IBM Security's 2018 survey of 4,000 adults worldwide found that for the first time in the history of their research, the majority of users say that they'd take extra steps in the name of "security" even if it meant that their usage would be less "convenient." Read the rest

Cryptocurrency-mining malware spotted on more than 4200 sites including UK, US, and Australian government sites

Security researcher Scott Helme has spotted a third-party exploit that injects a script that mines cryptocurrency on over 4,200 sites, from the UK NHS to the US Courts' official site to the sites of other esteemed security researchers. Read the rest

Your smart TV is trivial to hack and leaks your personal information like crazy unless you disable all its useful features

Consumer Reports dragged a bunch of its top-rated smart TVs back into its labs to re-evaluate them, this time checking them for hard-to-evaluate information security risks and defects, which are not normally factored into its ratings. Read the rest

Modechai Guri: the guy who gets data out of airgapped computers

Computers that are isolated from the internet and local networks are said to be "airgapped," and it's considered a best practice for securing extremely sensitive systems. Read the rest

British court rules that the inhumane conditions in American prisons mean UK hacking suspect can't be legally extradited

Lauri Love is a British man on the autism spectrum who also has depression and severe eczema, who was facing extradition to America on charges of hacking US military and private agencies. Read the rest

139 pieces of (seemingly nonfunctional) malware that exploit Spectre and Meltdown are now circulating in the wild

This week, AV-TEST's census of samples of circulating malware that attempt to exploit the Meltdown and Spectre bugs hit 139, up from 77 on January 17. Read the rest

The Internet of Connected Sex Toys is every bit as horrifyingly insecure and poorly thought out as you imagine

The rush to put networked sensors and controllers into sex toys is grounded in foolish, convenient untruths, like the idea that the incredibly sensitive data generated by these systems can be anonymized and then analyzed for insights without exposing users to risk. Read the rest

The latest IoT botnet displays evidence of a halfway clever botmaster

The amazing and frightening thing about the Mirai botnet's reign of terror wasn't that it was a super-sophisticated cyberweapon: rather, it was a clumsy, amateurish fuggly hack that turned out to have been produced by a couple of dum-dums with a Minecraft racket. Read the rest

OK, panic again: patching Spectre and Meltdown has been a disaster

When the news of two showstopping bugs in virtually every computer in use today broke, it was scary stuff -- experts predicted that mitigating these bugs would be difficult and impose severe performance penalties on patched systems; a week later, Google released research suggesting that the fear was misplaced, and that patching would be an orderly and relatively painless process. Read the rest

Thanks to "consent" buried deep in sales agreements, car manufacturers are tracking tens of millions of US cars

Millions of new cars sold in the US and Europe are "connected," having some mechanism for exchanging data with their manufacturers after the cars are sold; these cars stream or batch-upload location data and other telemetry to their manufacturers, who argue that they are allowed to do virtually anything they want with this data, thanks to the "explicit consent" of the car owners -- who signed a lengthy contract at purchase time that contained a vague and misleading clause deep in its fine-print. Read the rest

A newly discovered strain of Android malware contains never-seen surveillance features

A new research report from Kaspersky Labs details their analysis of Skygofree, a newly discovered strain of malware that offers some of the most comprehensive and invasive surveillance tools ever seen for Android.

Read the rest

Playing low frequency noise to disrupt hard-drives: denial of service for CCTVs, data-centers, and other computing environments

A group of Princeton and Purdue researchers have demonstrated a successful acoustic attack against mechanical hard-drives where low-frequency noise keyed to the resonant frequency of the drive components is played nearby, causing the drive to vibrate so that the drive can neither be read nor written to. Read the rest

Intel's Management Engine, a secure-computer-within-your-computer, is really, really insecure

Back in 2016, we published a good technological explainer about Intel's Management Engine, an evolution of the decade-plus old idea of "Trusted Computing," in which a separate, isolated system-on-a-chip lives alongside of your computer, performing cryptographic work and overseeing the functions of your computer. Read the rest

Federal prosecutors say that Ohio man used MacOS malware that covertly operated cameras and mics and exfiltrated porn searches for 13 years

An indictment in the US District Court for the Northern District of Ohio's Eastern Division alleges that Phillip R Durachinsky created a strain of MacOS "creepware" called Fruitfly, which was able to covertly operate the cameras and microphones of infected computers as well as capturing and sharing porn searches from the infected machines; the indictment alleges that Durachinsky used the software for 13 years, targeting individuals, schools, and federal agencies including the Department of Energy. Read the rest

More posts