Hacks Against Ukraine’s Emergency Response Services Rise During Bombings

The internet infrastructure company Cloudflare has offered the free web security service Project Galileo for nearly a decade, giving human rights and public interest organizations around the world access to defenses against DDoS attacks and other common online hacking techniques. More than 2,271 websites in 111 countries now use the service, including 81 Ukrainian organizations, … Read more

LockBit Ransomware Samples for Apple Macs Hint at New Risks for macOS Users

Security researchers are examining newly discovered Mac ransomware samples from the notorious gang LockBit, marking the first known example of a prominent ransomware group toying with macOS versions of its malware. Ransomware is a pervasive threat, but attackers typically don’t bother creating versions of their malware to target Macs. That’s because Apple’s computers, while popular, … Read more

This Is the New Leader of Russia’s Infamous Sandworm Hacking Unit

For years, the hacking unit within Russia’s GRU military intelligence agency known as Sandworm has carried out some of the worst cyberattacks in history—blackouts, fake ransomware, data-destroying worms—from behind a carefully maintained veil of anonymity. But after half a decade of the spy agency’s botched operations, blown cover stories, and international indictments, perhaps it’s no … Read more

AI-Generated Voice Deep Fakes Aren’t Scary Good—Yet

Amid the generative-artificial-intelligence frenzy of the last few months, security researchers have been revisiting the concern that AI-generated voices, or voice deepfakes, have gotten convincing enough and easy enough to produce that scammers will start using them en masse.  There have been a couple of high-profile incidents in recent years in which cybercriminals have reportedly … Read more

How AI could write our laws

Second, we should strengthen disclosure requirements on lobbyists, whether they’re entirely human or AI-assisted. State laws regarding lobbying disclosure are a hodgepodge. North Dakota, for example, only requires lobbying reports to be filed annually, so that by the time a disclosure is made, the policy is likely already decided. A lobbying disclosure scorecard created by … Read more

Cuba Ransomware Gang Abused Microsoft Certificates to Sign Malware

Less than two weeks ago, the United States Cybersecurity & Infrastructure Security Agency and FBI released a joint advisory about the threat of ransomware attacks from a gang that calls itself “Cuba.” The group, which researchers believe is, in fact, based in Russia, has been on a rampage over the past year targeting an increasing … Read more

Log4j’s Log4Shell Vulnerability: One Year Later, It’s Still Lurking

Apache had to scramble at the beginning of December 2021 to be ready to release patches for Log4Shell when it publicly disclosed the situation on December 9 of last year. As a result, researchers quickly found edge cases and workarounds to the patches, and Apache was forced to release multiple iterations, which added to the … Read more

Are You a Victim of Crypto Crime? Good Luck Getting Help

Most day-to-day crime-fighting gets done at the local level, but when it comes to crypto crime, local law enforcement is not prepared to pick up the slack. Many smaller municipalities don’t have online reporting options, which means you’ll have to talk to a human being—who could decline to write up a report if they don’t … Read more

A Matrix Update Patches Serious End-to-End Encryption Flaws

Developers of the open source Matrix messenger protocol have released an update to fix critical end-to-end encryption vulnerabilities that subvert the confidentiality and authentication guarantees that have been key to the platform’s meteoric rise. Matrix is a sprawling ecosystem of open source and proprietary chat and collaboration clients and servers that are fully interoperable. The … Read more

Microsoft Exchange Server Has a Zero-Day Problem

There were global ripples in tech policy this week as VPN providers were forced to pull out of India as the country’s new data collection law takes hold, and UN countries prepare to elect a new head of the International Telecommunications Union—a key internet standards body. After explosions and damage to the Nord Stream gas … Read more