Lake City's online systems were compromised about three weeks ago by malware attackers. This week the city agreed to pay the ransom requested by the attackers. But one cybersecurity expert says paying the ransom is not a good idea.
Jake WilliamsLake City, FL fired their director of IT after being crippled by ransomware and paying $460k in ransom. But is it really the IT director's fault? Did Lake City set themselves up for a wrongful termination suit? 1/2
Backdoor discovered in Agama cryptocurrency wallet. Unconventional tactic saves users from getting robbed.
Jake WilliamsThis story by @campuscodi is absolutely mental. The company learned of a vulnerability in a third party library, then hacked their own users and took their cryptocurrency for safe keeping before real hackers could. Legal? Ethical? Where's the line?
Research by: Nadav Grossman Introduction In this article, we tell the story of how we found a logical bug using the WinAFL fuzzer and exploited it in WinRAR to gain full control over a victim’s computer. The exploit works by just extracting an...
Jake WilliamsA WinRAR vulnerability existed for 19 years without being discovered. This speaks to how vulnerabilities can hide in legacy software. I regularly hear "if it was vulnerable, there would be an exploit already. Um, ok. 19 years...
The founder says the charge is ‘baseless,’ but that hasn’t stopped employees at some of the most important infosec companies from posting misogynistic comments in a closed Facebook group.
Jake WilliamsThis article from @lorenzofb unearths a dark side of our community that many pretend doesn't exist. The fact that they congregate in the open, most of them without using pseudonyms, indicates they think they are safe to spew misogyny. They should not be.
The following editorial will take you inside the dark world of data brokering, as we expose the backroom deals in which fifteen years of customer data from defunct Canadian retailer NCIX were sold.
Jake WilliamsThis is one of the most eggregious data breaches ever and highlights #supplyChain risk. Vendor stops paying rent, warehouse seizes servers and sells them (with data) unaltered. Millions of records, including plaintext passwords, already sold. Wow.
As the 2 billion user-strong platform grapples with misinformation, a training document for Facebook content moderators incorrectly claimed an image was of violence in Myanmar.
Jake WilliamsThis is a VERY IMPORTANT story from @josephfcox about Facebook's own "Fake News" training documents. By convention, the training materials should be written by the experts, but they themselves fell for fake news. This is a *hard* problem. 1/n
Air marshals are conducting a new domestic surveillance program, tracking people as they fly and move through airports. It might be illegal.
Jake WilliamsFollowing around other federal law enforcement officers who may be "unknown terrorists" reminds me of the SNL skit where NSA was listening to grandma every time she said something was "the bomb" - except this is real. No less stupid, just real.
Yesterday, Zack Whittaker from ZDNet published a story about ICE attempting to gain information about a Twitter user who publishes information about data lef...
Jake WilliamsICE is targeting an infosec researcher, attempting to learn their true identity. They served a subpoena to Twitter, possibly related to export control issues. Will this have a chilling effect on research? What are our responsibilities? My thoughts here