Security News

Israel military said it bombed building housing Hamas cyber forces.

Japan to deploy malware against opponents in case the country is under attack.

Magecart group breached PrismRBS and modified the PrismWeb​ e-commerce platform.

Firefox users report having add-ons disabled, being unable to re-activate or (re)-install extensions.

Researchers are making space blankets using technology based on squid skin. Honestly, it's hard to tell how much squid is actually involved in this invention. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.... Bruce Schneier

Hacker threatens to release the code if victims don't pay in 10 days.

NCC Group researcher finds security flaws impacting more than 100 Jenkins plugins.

Hacker "Subby" brute-forces the backends of 29 IoT botnets that were using weak or default credentials.

The Crypto Wars have been waging off-and-on for a quarter-century. On one side is law enforcement, which wants to be able to break encryption, to access devices and communications of terrorists and criminals. On the other are almost every cryptographer and computer security expert, repeatedly explaining that there's no way to provide this capability without also weakening the security of... Bruce Schneier

Gate-like checkpoints are being used to record biometrics and device digital fingerprints for Xinjiang residents.

Wall Street Market seized by law enforcement agencies from Germany, the US, the Netherlands, and Romania.

Mozilla also plans to be more aggressive towards taking down extensions that break its policies, with a focus on security issues.

9 out of 10 SAP production systems are believed to be vulnerable to new exploits.

OpenCart, OSCommerce, WooCommerce, Shopify are also being targeted.

Social Security numbers and financial data may have been stolen.

Politico has a long article making the case that the lead GDPR regulator, Ireland, has too cozy a relationship with Silicon Valley tech companies to effectively regulate their privacy practices. Despite its vows to beef up its threadbare regulatory apparatus, Ireland has a long history of catering to the very companies it is supposed to oversee, having wooed top Silicon... Bruce Schneier

The former parliamentary member denies any wrongdoing.

GAO report highlight lack of oil&gas security staff, outdated cyber-security risk assessment methodologies.

Another security flaw in a vendor's bloatware apps puts users at risk.

Google gives users more control over search and location data in the face of impending government scrutiny.