Security News

Alexandra Elbakyan, the creator of controversial research trove Sci-Hub, has claimed that Apple informed her it has handed over information about her account to the FBI. Elbakyan made the allegation in a week-old tweet that went unremarked-upon for longer than you'd imagine, given that Apple and the FBI have a history of conflict over whether the bureau should be allowed to peer into Apple customers' devices. At first I thought it was a spam and was about to delete the email, but it turned out to be about FBI requesting my data from Apple pic.

While it's true that threat hunting, incident response, and threat research all have their foundations in science, throughout my entire career I have found it is also fundamentally true that the most successful threat hunters, incident responders, and threat researchers are far more artist than scientist. When you write reports about your threat research that will be released publicly, do not simply annotate the threat you documented.

Chinese web giant Tencent's Blade Team, a security research group, showed they could circumvent payment schemes used at electric vehicle charging stations. Their exploits also changed the charging voltage and current, an act that could damage the EV. "The construction of charging stations is accelerating all over the world, but there is little research on the security of electric vehicle infrastructure," said TenCent Blade Team senior security researcher Wu HuiYu.

In an effort to support this cybersecurity strategy, ENISA releases a report intended to look into digital strategic autonomy in the EU and suggests future research directions. Digital strategic autonomy can be defined as the ability of Europe to source products and services designed to meet the EU's specific needs and values, while avoiding being subject to the influence of the outside world.

Most recently a consulting Practice Manager and Executive Security Strategist at NTT Ltd., Ireland is a technology leader with management experience in security services, consulting, financial services, healthcare, manufacturing, law enforcement and emergency services and three decades of technical experience in information security, IT systems, networks and enterprise operations. "We are so pleased to have Matt Ireland on board," said NTT Research President and CEO, Kazuhiro Gomi.

As a simple illustration, if you want to examine some opportunistic attackers, one useful technique is to search for a hot topic and add phrases like "Free download" to the search. The bigger point here is that finding examples like this did not require any sophistication beyond doing 15 minutes of creative searching from my research laptop while sitting in bed.

The Linux Foundation announced Linux Foundation Research, a new division that will broaden the understanding of open source projects, ecosystem dynamics, and impact, with never before seen insights on the efficacy of open source collaboration as a means to solve many of the world's pressing problems. Through a series of research projects and related content, Linux Foundation Research will leverage the Linux Foundation's vast repository of data, tools, and communities across industry verticals and technology horizontals.

Security researcher David Sopas has published a new open-source project: MindAPI, a mind map with resources for making API security research easier. "After years of using it, I decided to implement my API security research experience and apply it on something that I could share not only with the infosec community, but also with developers."

Guardicore announced that Amit Serper has joined the Guardicore Labs cyber research team as Area VP of Security Research for North America. Serper unveiled his first research with Guardicore Labs - demonstrating how the Purple Fox rootkit now propagates as a worm.

Most security agencies fail to properly sanitize Portable Document Format files before publishing them, thus exposing potentially sensitive information and opening the door for attacks, researchers have discovered. An analysis of roughly 40,000 PDFs published by 75 security agencies in 47 countries has revealed that these files can be used to identify employees who use outdated software, according to Supriya Adhatarao and Cédric Lauradoux, two researchers with the University Grenoble Alpes and France's National Institute for Research in Computer Science and Automation.