Category Archives: Risk Assessment

Dear Confide: “We would never” isn’t the same as “we can’t”

Posted on March 9, 2017 by Dan Goodin

Confidential messenger service provides no authentication or integrity assurances. Continue reading Dear Confide: “We would never” isn’t the same as “we can’t”→

Assange accuses CIA of “historic act of devastating incompetence”

Posted on March 9, 2017 by Sean Gallagher

Assange: Cache of cyber weapons was passed around “out of control” by contract hackers. Continue reading Assange accuses CIA of “historic act of devastating incompetence”→

Critical vulnerability under “massive” attack imperils high-impact sites [Updated]

Posted on March 9, 2017 by Dan Goodin

Exploits for easy-to-spot bug are trivial, reliable, and publicly available. Continue reading Critical vulnerability under “massive” attack imperils high-impact sites [Updated]→

Malware 101: The CIA’s DOs and DON‘Ts for tool developers

Posted on March 8, 2017 by Sean Gallagher

WikiLeaks dump includes a best (and worst) practices guide for exploit developers. Continue reading Malware 101: The CIA’s DOs and DON‘Ts for tool developers→

After NSA hacking exposé, CIA staffers asked where Equation Group went wrong

Posted on March 7, 2017 by Dan Goodin

CIA hackers wasted no time analyzing the blunders made by their NSA counterparts. Continue reading After NSA hacking exposé, CIA staffers asked where Equation Group went wrong→

WikiLeaks publishes docs from what it says is trove of CIA hacking tools

Posted on March 7, 2017 by Sean Gallagher

Docs claim CIA can defeat WhatsApp, Signal, Telegram encryption, among other apps. Continue reading WikiLeaks publishes docs from what it says is trove of CIA hacking tools→

This hard drive will self destruct. Data-wiping malware targets Europe

Posted on March 6, 2017 by Dan Goodin

Meaner strain of Shamoon makes comeback, joined by new, never-before disk wiper. Continue reading This hard drive will self destruct. Data-wiping malware targets Europe→

Mike Pence used an AOL e-mail account for state business and it got hacked

Posted on March 3, 2017 by Dan Goodin

As a candidate, Trump VP castigated Clinton for use of a private e-mail server. Continue reading Mike Pence used an AOL e-mail account for state business and it got hacked→

Researchers uncover PowerShell Trojan that uses DNS queries to get its orders

Posted on March 2, 2017 by Sean Gallagher

Delivered by “secure” Word doc, pure PowerShell malware gets its orders via DNS. Continue reading Researchers uncover PowerShell Trojan that uses DNS queries to get its orders→

Yahoo cookie hacks affected 32 million accounts, CEO forgoes bonus

Posted on March 2, 2017 by Dan Goodin

Nation-sponsored attackers targeted 26 specific accounts. Continue reading Yahoo cookie hacks affected 32 million accounts, CEO forgoes bonus→