List of data breaches and cyber attacks in…

By our reckoning, September 2021 saw 97 security incidents comprising 91,127,815 million breached records. What is unusual about this month is that a single incident accounted for most of those records: 61 million of them,…

List of mandatory documents required by ISO 45001

ISO 45001 is the international standard that contains best practices for OH&S (occupational health and safety). Its goal is to reduce injuries and diseases in the workplace, including the promotion and protection of physical and…

The European Space Agency Launches Hackable Satellite

Of course this is hackable: A sophisticated telecommunications satellite that can be completely repurposed while in space has launched. […] Because the satellite can be reprogrammed in orbit, it can respond to changing demands during…

De-anonymization Story

This is important: Monsignor Jeffrey Burrill was general secretary of the US Conference of Catholic Bishops (USCCB), effectively the highest-ranking priest in the US who is not a bishop, before records of Grindr usage obtained…

Loading

Hiding Malware in ML Models

Interesting research: “EvilModel: Hiding Malware Inside of Neural Network Models”. Abstract: Delivering malware covertly and detection-evadingly is critical to advanced malware campaigns. In this paper, we present a method that delivers malware covertly and detection-evadingly…

Disrupting Ransomware by Disrupting Bitcoin

Ransomware isn’t new; the idea dates back to 1986 with the “Brain” computer virus. Now, it’s become the criminal business model of the internet for two reasons. The first is the realization that no one…

Commercial Location Data Used to Out Priest

A Catholic priest was outed through commercially available surveillance data. Vice has a good analysis: The news starkly demonstrates not only the inherent power of location data, but how the chance to wield that power…

Friday Squid Blogging: The Evolution of Squid

Good video about the evolutionary history of squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines…