Andy Greenberg (previously) is Wired's senior security reporter; he did amazing work covering Russian cyberwarfare in Ukraine, which he has expanded into a forthcoming book: Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin's Most Dangerous Hackers (I read it for a blurb and a review; it's excellent). Read the rest

I once found myself staying in a small hotel with a "State Department" family whose members clearly all worked for some kind of three letter agency (the family patriarch had been with USAID with the tanks rolled into Budapest) and I had some of the weirdest discussions of my life with them. Read the rest

The American ransomware epidemic shows no signs of slowing, as the confluence of underinvestment in IT and information security and the NSA's reckless stockpiling of computer vulnerabilities means that petty criminals can extort vast sums from distant municipalities by seizing their entire networked infrastructure. Read the rest

As city after city has remitted hundreds of thousands of dollars to pay off ransomware criminals who hijacked their crucial systems, the US Conference of Mayors had unanimously adopted a resolution to never pay these ransoms again, on the basis that these payments "encourage continued attacks on other government systems, as perpetrators financially benefit," Read the rest

Once upon a time, companies were able to insist -- with a straight face -- that the real problem with the security defects in their products was the researchers who went public with them, warning customers and users that the products they were trusting were not trustworthy. Read the rest

The city council of Riviera Beach, Florida has voted unanimously to pay $600,000 to criminals who seized control of the city's computers through a ransomware attack, after three weeks of being locked out of the city systems (the city has also voted to spend $1m replacing its computers). Read the rest

ETS was originally called "Enterprise TLS," implying that it was an "enterprise-grade" version of TLS, the system used to secure internet sessions (if you visit a URL that starts with "https://", it's being protected with TLS). Read the rest

The epidemic of cryptojacking malware isn't merely an outgrowth of the incentive created by the cryptocurrency bubble -- that's just the motive, and the all-important the means and opportunity were provided by the same leaked NSA superweapon that powered last year's Wannacry ransomware epidemic. Read the rest

Mich from ha.cking bought a $25 "S8 data line locator" device -- a cellular spying tool, disguised as a USB cable and marketed to the general public -- and did a teardown of the gadget, offering a glimpse into the world of "trickle down surveillance" where the kinds of surveillance tools used by the NSA are turned into products and sold to randos over the internet for $25. Read the rest

In March, Wikileaks published the Vault 7 leaks, a cache of CIA cyberweapons created under the doctrine of "NOBUS" ("No One But Us"), in which security agencies suppress the publication of bugs in widely used software, choosing instead to develop attack-tools that exploit these bugs, on the assumption that no one else will ever discover those bugs and use them to attack the people they're charged with defending. Read the rest

The global epidemic of Wannacry ransomware infections was the result of petty criminals fusing an old ransomware strain with a leaked NSA cyberweapon that was released by The Shadow Brokers, and the result was tens of millions of dollars' worth of economic harm. Read the rest

An audit of Inmarsat's AmosConnect 8 (originally sold by Stratos Global, now an Inmarsat division) reveals that the ship-to-satellite internet product has a deliberate hidden backdoor -- and an accidental SQL code-injection vulnerability -- that allows anyone in the world to take over all, interrupt, and/or spy on the internet access on many of the world's largest ships and oil rigs. Read the rest

Motherboard has retracted this story: "Correction: This piece was based on the premise that a new piece of WannaCry ransomware spread in the same manner as the one that was responsible for widespread attacks on Friday, and that it did not contain a so-called kill switch. However, after the publication of this article one of the researchers making this claim, Costin Raiu, director of global research and analysis team at Kaspersky Lab, realized that was not the case. The ransomware samples without the kill switch did not proflierate in the same manner, and so did not pose the same threat to the public. Motherboard regrets the error."

Yesterday, the world got a temporary respite from the virulent Wcry ransomware worm, which used a leaked NSA cyberweapon to spread itself to computers all over the world, shutting down hospitals, financial institutions, power companies, business, and private individuals' computers, demanding $300 to reactivate them. Read the rest