Search Results for “Wired”


May 4, 2020
Andy Greenberg / Wired

Andy Greenberg / Wired  
Apple and Google Release Details on Their Coronavirus Contact Tracing App, Only Governments Will Have Access to API, Location Tracking Banned

Apple and Google have released new details on their Bluetooth-based system that will let health care authorities track potential encounters with Covid-19, making clear that only government agencies, preferably at the national level, will be given access to the application programming interface. However, the two tech giants are willing to work with regional and state-level authorities. If government-run apps want access to Apple and Google’s Bluetooth-based system, they won’t be allowed to collect location data. They must ask for consent before collecting information on a user’s proximity to others. They will also need permission to upload any information from the phones of Covid-19 positive people as well. The two companies also published sample user interfaces for the first time. However, they say the images for how the contact tracing system will work are merely for reference because health agencies will build the final apps.

Related: Data Protection Report, ET news, CPO Magazine, The Register – Security, DataBreachToday.com, TechTarget, MSSP Alert, Computer Business Review, Voice of America, Panda Security Mediacenter, MacDailyNews, MacDailyNews, The Sun, TechTarget, Vox, Reuters, Ars Technica, RT USAAndroid Authority, xda-developers, CNBC, Slashdot, MacDailyNews, Engadget, The Verge

Tweets:@a_greenberg @Wired @josephmenn @ncweaver @lukOlejni

Data Protection Report: StopCovid: the French contact-tracing app
ET news: France’s StopCovid app to begin testing before wider rollout
CPO Magazine: MIT Researchers Develop a COVID-19 Contact Tracing App That Preserves Privacy Using Random IDs
The Register – Security: India makes contact-tracing app compulsory in viral hot zones despite most local phones not being smart
DataBreachToday.com: Digital Contact-Tracing Apps: Hype or Helpful?
TechTarget: Research institutes warn of necessity for UK contact-tracing app to…
MSSP Alert: COVID-19, Contact Tracing and U.S. Government Surveillance Concerns: Research
Computer Business Review: ICO Releases Data Protection Guide for Contact Tracing Apps
Voice of America: European Virus Tracing Apps Highlight Battle for Privacy
Panda Security Mediacenter: What to expect from the upcoming Apple and Google contact tracing apps
MacDailyNews: France continues to insist on centralized COVID-19 contact tracing while Apple refuses to budge
The Sun: What is the contact tracing app and how do I download it?
TechTarget: NHSX contact-tracing app needs legislative oversight
Vox: Contact tracing, explained
Reuters: Apple, Google ban use of location tracking in contact tracing apps
Ars Technica: Here’s how Apple, Google will warn you if you’ve been exposed to COVID-19
RT USA: Google & Apple set some lucky programmers up for lucrative monopoly with new rules for contact-tracing app
Android Authority: Google, Apple lay out strict rules for Exposure Notification API, no GPS data
xda-developers: [Update 5: Screenshots, No Location Tracking] Google and Apple announce the Contact Tracing API and Bluetooth spec to warn users of COVID-19
CNBC : Apple and Google reveal what their coronavirus contact tracing system might look like (CNBC: Top News)
Slashdot: Apple, Google Ban Use of Location Tracking in Contact Tracing Apps
MacDailyNews: Apple, Google ban use of location tracking in contact tracing apps
Engadget: Apple and Google tell health departments their privacy requirements for coronavirus tracking
The Verge: Apple and Google show what their exposure notification system could look like

@a_greenberg: Google and Apple have clarified a few more privacy restrictions for the apps that will use their Bluetooth-based Covid-19 exposure alert system. They've also shown some examples of what it could look like: http://wired.com/story/apple-go… This will not be a fun push notification to get.
@Wired: Apple and Google have released new details on their contact tracing plans. Only government agencies will be able to access the application programming interface, and the apps will not be allowed to collect location data. Here's how the apps might look:
@josephmenn: Apple, Google ban use of location tracking in contact tracing apps
@ncweaver: OK, I'm starting to agree with @stewartbaker that Apple & Google are taking the privacy thing too far: https://reuters.com/article/us-health-coronavirus-usa-apps-idUSKBN22G28W Keeping location data on the phone for contact tracing for 14 days, along with the bluetooth contact data, is privacy sensitive and reasonable.
@lukOlejni: Google and Apple will ban the use of geolocation to contact tracing #COVID?19, including for government apps. Technological policing? ;) https://reuters.com/article/us-health-coronavirus-usa-apps-idUSKBN22G28W?taid=5eb053bc3b463d000141f938


May 7, 2020
Lily Hay Newman / Wired

Lily Hay Newman / Wired  
GitHub Makes Its Automated Scanning Tools Available to Spot Vulnerabilities in Open Source Projects on Its Platform

Microsoft-owned code repository GitHub is making available its automated scanning for its GitHub Advanced Security suite that will make it easier to root out vulnerabilities in the open source projects managed on its platform. The new features code scanning and secret scanning are currently in beta and leverage the CodeQL code analysis engine, which has been offered for free to open source projects as part of an initiative announced by GitHub last year.

April 7, 2020
Andy Greenberg / Wired

Andy Greenberg / Wired  
Zero-Day Exploits Now Used by Wider Array of Countries Thanks in Part to Hackers-for-Hire Including NSO Group, Gamma Group, and Hacking Team

Although once restricted to the most sophisticated hackers, the global map of zero-day exploit hacking has expanded far beyond the United States, Russia, and China, as more countries than ever buy themselves a spot on it, according to researchers at FireEye. FireEye’s analysis, which draws in data from other research organizations’ as well as Google Project Zero’s database of active zero-days, was able to link 55 of those secret hacking techniques to state-sponsored operations, going so far as to name which country’s government it believes to be responsible in each case. The map highlights how less expected countries, such as the United Arab Emirates and Uzbekistan, now leverage zero-day weapons, thanks in part to a rising industry of hackers-for-hire including NSO Group, Gamma Group, and Hacking Team, that develop zero-day tools and sell them to intelligence agencies around the world.

May 12, 2020
Andy Greenberg / Wired

Andy Greenberg / Wired  
WannaCry Hero Marcus Hutchins Reveals the Backstory to His Arrest by the FBI for Helping to Develop the Kronos Banking Trojan

In a highly personal, detailed, and revelatory backstory, WannaCry hero Marcus Hutchins, also known as MalwareTechBlog, tells the tale of how at a young age he became involved in the development of the Kronos banking trojan, for which he was arrested by the FBI immediately following DEF CON in 2017. Hutchins walks through his childhood and family life to describe his precocious interest in and talent for digital and computer technology. He also discusses his early involvement in dark web forums and marketplaces, where he gained access to illegal drugs, including amphetamines. Fueled by the stimulants and consumed by long hours of software and minor malware development, Hutchins got ensnared into deeper and deeper involvement with the developer of the Kronos banking malware and divulged more personal details with him – and another online contact – than he should have. Those divulgences ultimately led to his arrest in Las Vegas.

Tweets:@a_greenberg @malwaretechblog @malwaretechblog @nxthompson @dannyjpalmer @martijn_grooten @gsuberland @bobmcmillan @evacide @malwarejake @malwaretechblog

@a_greenberg: Three years ago today, Marcus Hutchins stopped WannaCry, an $8 billion cyberattack. Then the FBI arrested him. Today we're publishing a 14,000-word cover story that finally tells his full, untold tale, from 15yo criminal to hero to convict to redemption.
@malwaretechblog: Ok, here we go.
@malwaretechblog: This is something I've wanted to do for a long time. I felt it better to share the full unadulterated story, and let people make up their own minds. It meant discussing a lot of uncomfortable facts about my past, but I want the story not to be some airbrushed half-truth.
@nxthompson: Three years ago, Marcus Hutchins saved the internet when he stopped WannaCry, one of the worst cyberattacks in history. But then the FBI mysteriously arrested him. Why? Here's the incredible story of his life, from criminal to hero to convict to ...
@dannyjpalmer: It's three years ago today the world was hit by WannaCry ransomware - and the NHS was one of the major casualties. Here's what was the first of my many reports on the attack - which back then we were still referring to as 'WannaCrypt' https://zdnet.com/article/hospitals-across-england-hit-by-cyber-attack-systems-knocked-offline/ via @ZDNet
@martijn_grooten: This is such a well-written and important piece. FWIW, I am quoted as saying (in July 2017): "I can vouch for Marcus being a really nice guy and also for having strong ethics". I explicitly did not make any claims about his innocence. I would still vouch for him today.
@gsuberland: @MalwareTechBlog Hey, just thought I'd say that I would've put in for your legal defence funds regardless of whether or not you'd actually done what they accused you of. Nobody deserves to go through the US legal system without the means to traverse it fairly.
@bobmcmillan: This is a very good story. Classic @a_greenberg One thing that I've always wondered is why did the FBI pursue this case? Often they will flip a suspect in exchange for intel, but in this case, Hutchins was already providing law enforcement with valuable info. Why stop that?
@evacide: When I start to lose faith in humanity, I remember that @tarah put up her entire Symantec severance and dashed barefoot across Vegas to bail out @MalwareTechBlog, whom she had barely met.
@malwarejake: I've said it before and I'll say it again: @deviantollam and @tarah are outstanding human beings. This story from @a_greenberg highlights their selfless acts in helping @MalwareTechBlog through his legal ordeal. Outstanding article, outstanding humans.
@malwaretechblog: Article doesn't go into legal strategy, but @marciahofmann, @brianeklein & Dan Stiller were incredible. Not only did they support my decision to reject deal, but also got my aggravated felony charges dropped (these would have resulted in a permanent ban from entering the US).


May 28, 2020
Andy Greenberg / Wired

Andy Greenberg / Wired  
NSA Warns That Russian State-Backed Hacker Group Sandworm Has Been Exploiting Known Flaw in Exim Mail Transfer Agent

Using its newly created blog, and its even more brand new Twitter account devoted to cybersecurity, the NSA issued an advisory that the Russian hacker group known as Sandworm, a unit of the GRU military intelligence agency, has been actively exploiting a known vulnerability in Exim, a commonly used mail transfer agent that runs on email servers around the world. Exim is an alternative to more prominent players like Exchange and Sendmail. NSA says that Sandworm has been exploiting vulnerable Exim mail servers since at least August of 2019, using the hacked servers as an initial infection point on target systems and likely pivoting to other parts of the victim’s network. The vulnerability used by Sandworm allows an attacker to merely send a malicious email to the server and immediately gain the ability to run code on the server remotely. In its intrusions, the NSA warns. The spy agency recommends that administrators patch their Exim software immediately, comb their traffic logs for signs of exploitation, and segment their networks to make it harder for intruders to exploit their initial compromise of a mail server.

Related: Cyberscoop, ZDNet, NSA, Washington Examiner, SiliconANGLE, iTnews – Security, Security Affairs, Bleeping Computer, CBSNews.com, RT USA, Dark Reading: Attacks/Breaches, Law & Disorder – Ars Technica, Japan Today, Associated Press Technology, TribLIVE, Washington Examiner, FCW, Jerusalem Post, Task & Purpose, Reuters: U.S., Security – Computing, Infosecurity Magazine, HOTforSecurity, Help Net Security, The State of Security, Computer Business Review, The Register

Tweets:@NSACyber @a_greenberg @campuscodi @shanvav @Adam_K_Levin @Bing_Chris @bleepincomputer @bleepincomputer @bleepincomputer

Cyberscoop: NSA calls out Russian military hackers targeting mail relay software
ZDNet: NSA warns of new Sandworm attacks on email servers
NSA: Exim Mail Transfer Agent Actively Exploited by Russian GRU Cyber Actors
Washington Examiner: NSA accuses Russian military hackers of targeting US systems
SiliconANGLE: NSA warns Russian hacking group is targeting unpatched email servers
iTnews – Security: NSA warns ‘Sandworm’ hackers targeting email servers
Security Affairs: NSA warns Russia-linked APT group is exploiting Exim flaw since 2019
Bleeping Computer: NSA: Russian govt hackers exploiting critical Exim flaw since 2019
CBSNews.com: NSA warns of new “Sandworm” cyberattacks by Russia-backed hackers
RT USA: NSA urges email providers to update software warning that ‘Russian military hackers’ already gained ‘dream access’ to them
Dark Reading: Attacks/Breaches: NSA Warns Russia’s ‘Sandworm’ Group Is Targeting Email Servers
Law & Disorder – Ars Technica: Russian hackers are exploiting bug that gives control of US servers
Japan Today: NSA: Russian agents have been hacking major email program
Associated Press Technology: NSA: Russian agents have been hacking major email program
TribLIVE: NSA: Russian agents have been hacking major email program
Washington Examiner: NSA accuses Russian military hackers of targeting US systems
FCW: NSA warns Russian hackers exploited email flaw
Jerusalem Post: NSA warns of ongoing Russian hacking campaign against US systems
Task & Purpose: NSA warns of ongoing Russian hacking campaign against US systems
Reuters: U.S.: NSA warns of ongoing Russian hacking campaign against U.S. systems
Security – Computing: Hackers linked with Russian military intelligence are exploiting Exim mail transfer agent bug to target US organisations, NSA warns
CyberSecurity Help s.r.o.: Sandworm hacking group exploiting Exim flaw since at least 2019
Infosecurity Magazine: NSA: Russian Military Sandworm Group is Hacking Email Servers
HOTforSecurity: Russian ’Sandworm‘ Hackers Attacking Exim Email Servers, Says NSA
Help Net Security: NSA warns about Sandworm APT exploiting Exim flaw
The State of Security: Sandworm Team Exploiting Vulnerability in Exim Mail Transfer Agent
Computer Business Review: Exim Vulnerability: GRU Widely Exploited Critical 2019 Bug, Warns NSA
The Register: It’s not every day the NSA publicly warns of attacks by Kremlin hackers – so take this critical Exim flaw seriously

@NSACyber: Sandworm Team, Russian GRU Main Center for Special Technologies actors, continue to exploit Exim mail transfer agent #vulnerability, CVE-2019-10149. Patch to the latest version to protect your networks. Learn more here: https://nsa.gov/News-Features/
@a_greenberg: NSA warns Russia's Sandworm hackers have been exploiting Exim mail servers using a bug from last June. Not exactly surprising, but given the source and Sandworm's history—from NotPetya to the attacks on US State Boards of Election in 2016—worth watching.
@campuscodi: BREAKING: NSA warns of new Sandworm APT attacks on email servers - attacks target Exim email server - they exploit CVE-2019-10149 (Return of the WIZard) - attacks have been happening since August 2019 - Sandworm plants backdoors, creates new admin user https://zdnet.com/article/nsa-wa
@shanvav: BREAKING: NSA calls out Russian military hackers targeting mail relay software https://hubs.ly/H0qVX_P0 by @shanvav
@Adam_K_Levin: A Russian hacking group tied to power-grid attacks in Ukraine, and other nefarious Kremlin operations is exploiting a vulnerability that allows it to take control of computers operated by the US government and its partners.
@Bing_Chris: NSA warns of ongoing Russian hacking campaign against U.S. systems
@bleepincomputer: The @NSACyber attributes the attacks to Sandworm Team, a.k.a: * BlackEnergy Group * ELECTRUM * Hades/OlympicDestroyer * Voodoo Bear
@bleepincomputer: The earliest attacks were tracked to August 2019, less than a month after Exim was patched for CVE-2019-10149 The flaw allows execution of arbitrary commands with root privileges on Exim mail servers.
@bleepincomputer: Attackers can exploit this vulnerability remotely on servers where "verify = recipient" ACL is removed by sending an email


April 17, 2020
Andy Greenberg / Wired

Andy Greenberg / Wired  
Google and Apple Face as Host of Privacy-Related Questions Regarding Their Proposed COVID-19 Tracing Apps, As Well as Fears of Surveillance and False-Positive Emotional Turmoil

When announcing last week that they will jointly develop COVID-19 tracing apps, Apple and Google said that starting next month they’ll add new features to their mobile operating systems that make it possible for certain approved apps, run by government health agencies, to use Bluetooth radios to track physical proximity between phones. If someone later receives a positive COVID-19 diagnosis, they can report it through the app, and any users who have been in recent contact will receive a notification. The system will be entirely opt-in, with no location data and only positive coronavirus users reported. Security and privacy experts have nevertheless pointed to serious privacy flaws with the proposed tracing system, including the fundamental questions of whether users are signing up for a surveillance system or will subject themselves to a more intrusive ad delivery system. On top of that is the emotional turmoil any false-positive tests may cause individuals.

Related: The Daily Swig, IT World Canada, Popular Science, Axios, Computer Business Review, The Sun, Roll Call, TechTarget, Startups News | Tech News, The Daily Swig, iMore, Android Central , The Register – Security, Pocket-lint, Pocket-lint, WRAL Tech Wire, MacRumors, Fortune, Business Insider, VentureBeat, AppleInsider, The Hacker News, MacDailyNews

The Daily Swig: Coronavirus: UK contact-tracing app raises privacy concerns
IT World Canada: Federal privacy commissioner issues framework for COVID-19 measures
Popular Science: Can smartphone apps track COVID-19 without violating your privacy?
Axios: Bluetooth-based coronavirus contact tracing finds broad support in tech and government
Computer Business Review: Europe Publishes Contact-Tracing App Guidelines
The Sun: Government’s London-centric coronavirus plan to ditch contract tracing, blasted by expert
Roll Call: ACLU cautiously approves COVID-19 tracking apps
TechTarget: EU warns no compromise on privacy as NHS clashes with tech firms on contact tracing
Startups News | Tech News: IoT tech startup Nodle launches Coalition, a free, privacy-first contact tracing app to help stop the spread of coronavirus (COVID-19)
The Daily Swig: Coronavirus contact-tracing apps are worse than useless – Schneier
iMore: UK’s NHS clashes with Google and Apple over contact tracing
Android Central : UK’s NHS clashes with Google and Apple over contact tracing
The Register – Security: Europe publishes draft rules for coronavirus contact-tracing app development, on a relaxed schedule
Pocket-lint: The EU has published draft rules for how contact tracing apps should work
Pocket-lint: How the NHSX coronavirus contact-tracing app will work
WRAL Tech Wire: Will contact tracing via apps help fight pandemic at risk of personal privacy?
MacRumors: Apple and Google in ‘Standoff’ With UK Health Service Over COVID-19 Contact Tracing App
Fortune: Researchers working on ‘contact tracing’ say they welcome Apple and Google’s help
Business Insider: The UK scrambles to launch its COVID-19 contact-tracing app, after getting derailed by Apple and Google
VentureBeat: ProBeat: Apple and Google’s contact detection API will fail, but they should build it anyway
AppleInsider: Security experts have concerns about Apple and Google contact tracing
The Hacker News: Google and Apple Plan to Turn Phones into COVID-19 Contact-Tracking Devices
MacDailyNews: ACLU has concerns with Apple-Google’s COVID-19 contact-tracing plan


May 20, 2020
Lily Hay Newman / Wired

Lily Hay Newman / Wired  
Nigerian Cybercriminal Group Scattered Canary Has Stolen Hundreds of Thousands in Scam Unemployment, COVID-19 Relief Payments

An actor within the Nigerian cybercriminal group Scattered Canary is filing fraudulent unemployment claims and receiving benefits from multiple states, while also receiving Cares payouts from the Internal Revenue Service, researchers at Agari report. The Secret Service last week warned of a scheme to defraud state and federal authorities of employment funds. The Scattered Canary scheme has netted hundreds of thousands of dollars in scam payments from regular unemployment, the extra $600 per week that out-of-work Americans can claim during the pandemic, plus the one-time $1,200 payment eligible adults are receiving under the Cares Act are all vulnerable targets for cybercriminals. Agari researchers say that Scattered Canary, which is a full-service, business email compromise operations, has filed at least 174 fraudulent unemployment claims in Washington since April 29 and 17 fraudulent claims in Massachusetts on May 15 and 16 that were all accepted.

May 19, 2020
Andy Greenberg / Wired

Andy Greenberg / Wired  
Internet Infrastructure Leaders Update Software to Block Technique That Could Trigger Mass Scale DDoS Attacks

A technique called NXNSAttack that could allow a relatively small number of computers to carry out distributed denial of service (DDoS) attacks on a massive scale, overwhelming targets with fraudulent requests for information until they’re knocked offline has been revealed by researchers from Tel Aviv University and the Interdisciplinary Center of Herzliya in Israel. NXNSAttack takes advantage of vulnerabilities in common DNS software, causing unwitting DNS servers to perform hundreds of thousands of requests every time a hacker’s machine sends just one. The researchers have contacted internet infrastructure companies, including Google, Microsoft, Cloudflare, Amazon, Dyn (now owned by Oracle), Verisign, and Quad9, all of whom have now updated their software to address the problem, as have several makers of the DNS software those companies use.

May 10, 2020
Andy Greenberg / Wired

Andy Greenberg / Wired  
Thunderspy Attack Exploits Flaw in Intel’s Thunderbolt Interface to Open New Avenue for ‘Evil Maid’ Attack

A new technique called Thunderspy can bypass the login screen of a sleeping or locked computer, and even its hard disk encryption, on Thunderbolt-enabled Windows or Linux PCs manufactured before 2019. The technique can allow attackers to gain full access to the computer’s data, Eindhoven University of Technology researcher Björn Ruytenberg revealed. Although the attack in many cases requires opening a target laptop’s case with a screwdriver, it leaves no trace of intrusion and can be completed in a few minutes, opening a new avenue to the so-called “Evil Maid” attack. Intel’s Thunderbolt interface, which promises faster speeds by allowing more direct access to memory, has frequently posed security problems. As a consequence, researchers recommend taking advantage of a Thunderbolt feature known as “security levels.” However, using the Thuderspy attack, attackers can even bypass this protection level. Intel, and some PC makers, say they have protection against this attack, although Ruytenberg says the flaws he found extend to Intel’s hardware, and can’t be fixed with a mere software update.

Related: Thunderspy, fossBytes, Reddit – cybersecurity, Engadget, Sensors Tech Forum, TechNadu, Silicon Republic, TechSpot, The Next Web, IT Pro, iPhone Hacks, 9to5Mac, Security News | Tech Times, fossBytes, Engadget, SecurityWeek, ZDNet Security, SlashGear » security, Neowin, Reddit – cybersecurity, The Verge, Silicon Republic, WCCFtech, BetaNews, Appleosophy, 9to5Mac, Naked Security, MSSP Alert, BGR, DataBreachToday.com, Techradar, TechWorm, Schneier on Security, Reddit-hacking, CISO MAG, TechJuice, HOTforSecurity, Ars Technica

Tweets:@a_greenberg @0Xiphorus @campuscodi @campuscodi @kennwhite @mattiasgeniar @paulmillr @markwilsonwords

Thunderspy: When Lightning Strikes Thrice: Breaking Thunderbolt 3 Security
fossBytes: Any PC Manufactured Before 2019 Is Vulnerable To ‘Thunderspy’ Attack
Reddit – cybersecurity: A Thunderspy attack on all PCs with Thunderbolt ports shipped between 2011 and 2020 allows an attacker with only five minutes of physical access to the device to read and copy all its data, even if the drive is encrypted and the computer is locked or set
Engadget: Thunderbolt flaw lets hackers steal your data in ‘five minutes’
Sensors Tech Forum: Thunderspy Attack Used To Hack Thunderbolt Ports: Millions of PCs Affected
TechNadu: “ThunderSpy” Is Threatening to Steal Your Data Right From the Laptop Port
Silicon Republic: Thunderspy: What you need to know about unpatchable flaw in older PCs
TechSpot: New Thunderbolt flaw lets hackers bypass security features in five minutes
The Next Web: There’s a new Thunderbolt bug, check if your computer is affected
IT Pro: Thunderbolt flaw exposes millions of PCs to attack | IT PRO
iPhone Hacks: Major Thunderbolt Security Exploit ‘Thunderpsy’ Allows Hacker to Steal Data from Encrypted Drive, Partially Affects macOS
9to5Mac: Major Thunderbolt security flaws found, affect Macs shipped 2011-2020
Security News | Tech Times: [HACKERS] Millions of PCs with Intel Thunderbolt Flaws are Vulnerable to Hacking; Thunderspy Attack Takes Only Five Minutes
fossBytes: Any PC Manufactured Before 2019 Is Vulnerable To ‘Thunderspy’ Attack
Engadget: Thunderbolt flaw lets hackers steal your data in ‘five minutes’
SecurityWeek: Thunderspy: More Thunderbolt Flaws Expose Millions of Computers to Attacks
ZDNet Security: Thunderbolt flaws affect millions of computers – even locking unattended devices won’t help
SlashGear: New Thunderbolt hack exposes your files: How to check if you’re safe
Neowin: Thunderbolt flaw allows a hacker to obtain access to a PC’s data within minutes
Reddit – cybersecurity: A Thunderspy attack on all PCs with Thunderbolt ports shipped between 2011 and 2020 allows an attacker with only five minutes of physical access to the device to read and copy all its data, even if the drive is encrypted and the computer is locked or set
The Verge: Thunderbolt flaw allows access to a PC’s data in minutes
Silicon Republic: Thunderspy: What you need to know about unpatchable flaw in older PCs
WCCFtech: Thunderbolt Security Flaw in Intel Chips Affects All Compatible Macs and PCs
BetaNews: Thunderspy vulnerability in Thunderbolt 3 allows hackers to steal files from Windows and Linux machines
Appleosophy: Severe Thunderbolt flaw discovered affecting Mac’s shipped between 2011-2020
9to5Mac: Major Thunderbolt security flaws found, affect Macs shipped 2011-2020
Naked Security: Thunderspy – why turning your computer off is a cool idea!
MSSP Alert: Intel Thunderbolt Vulnerability Details Explained
BGR : This Thunderbolt vulnerability puts millions of PCs in danger
DataBreachToday.com: New Thunderbolt Flaws Disclosed to Intel
Techradar: Buy Windows 10: the cheapest prices in May 2020
TechWorm: Thunderbolt Vulnerability Affects millions of PCs Manufactured Before 2019
Schneier on Security: Attack Against PC Thunderbolt Port
Reddit-hacking: Thunderbolt flaws affect millions of computers – even locking unattended devices won’t help
CISO MAG: Millions of Computers Open to Thunderbolt Port Vulnerabilities
TechJuice: Major security flaw discovered in Thunderbolt-equipped devices
HOTforSecurity: Thunderspy Attack Affects all Computers with Thunderbolt Released in the Past Decade
Ars Technica: Thunderspy: What is is, why it’s not scary, and what to do about it

@a_greenberg: Dutch researcher @0Xiphorushas has detailed a new physical access technique that could let hackers break into any of millions of PCs via their Thunderbolt ports. The good news is it requires unscrewing the case briefly. The bad news is it's unpatchable.
@0Xiphorus: This has been a long time coming. Today we release Thunderspy. Find full details at https://thunderspy.io. Thanks to @a_greenberg for reporting. #Thunderspy #Intel #Thunderbolt
@campuscodi: Thunderspy works even if you follow best security practices by locking or suspending your computer when leaving briefly, and if your system administrator has set up the device with Secure Boot, strong BIOS and operating system account passwords, and enabled full disk encryption.
@campuscodi: Oh, look. Some disclosure drama
@kennwhite: “Thunderspy [Intel exploit] enables creating arbitrary Thunderbolt device identities and cloning user-authorized Thunderbolt devices, even in the presence of Security Levels pre-boot protection and cryptographic device authentication”
@mattiasgeniar: "If your computer has a Thunderbolt port, an attacker who gets brief physical access to it can read and copy all your data, even if your drive is encrypted and your computer is locked or set to sleep." tl;dr: stop using computers. ¯\_(?)_/¯ https://thunderspy.io
@paulmillr: This looks bad. An attacker could read your encrypted drive & contents of a RAM, even when the laptop is sleeping. All it takes is inserting a device into USB/Thunderbolt port. All macbooks are affected, even with Linuxes. Can't be fixed in software.
@markwilsonwords: Thunderspy vulnerability in Thunderbolt 3 allows hackers to steal files from Windows and Linux machines https://betanews.com/2020/05/11/thunderspy-security-vulnerability/ via @BetaNews


May 9, 2020
Lily Hay Newman / Wired

Lily Hay Newman / Wired  
In-Person DEFCON and Black Hat Conferences Are Canceled This Year For Real, DEFCON Will Continue in ‘Safe Mode’ Virtual Format

After the infosec community joked for years that DEFCON, the preeminent hacker conference held every year in Las Vegas, would be canceled, this year, due to the coronavirus, the in-person version of DEFCON, along with the in-person version of its sister conference Black Hat, has been canceled for real. Both events will now shift to virtual mode.  The founder of both events, Jeff Moss, also known as the Dark Tangent, said in a forum post that the 28th Defcon would be known as “Safe Mode,” a play on what most operating systems use for their diagnostic and recovery mode. The conference organizing team will begin to coordinate talks, help facilitate subject-specific “villages” that are usually independent in-person events, and host events like remote capture-the-flag hacker challenges, remote Ham radio licensure exams, movie nights, and a Mystery Challenge.

Related: Dark Tangent, Reddit – cybersecurity, BleepingComputer.com, ZDNet, Neowin, Slashdot

Tweets:@defcon @harrihursti @steve_tornio @runasand @tactifail @racheltobac @marcwrogers @find_evil @snubs @hacks4pancakes

Dark Tangent: DEF CON 28 has entered “Safe Mode with Networking” I have shut down the in person conference
Reddit-hacking: Black Hat and DEF CON security conferences to take place in a virtual format | ZDNet
BleepingComputer.com: Black Hat and Def Con security conferences go virtual due to pandemic
ZDNet: Black Hat and DEF CON security conferences to take place in a virtual format
Neowin: DEF CON 2020 to take place online on Discord, Las Vegas conference cancelled
Slashdot: In-Person DEF CON 28 Event Is Canceled

@defcon: The @thedarktangent blog post on the #defconiscancelled situation is here: http://forum.defcon.org/node/232005 Please read and share. Thank you. #defconlovesyou #StaySafe
@harrihursti: In-person @DEFCON is officailly cancelled. The annual hoax announcement is not a hoax this time. @VotingVillageDC will organize a virtual event. Stay tuned!
@steve_tornio: Defcon and Black Hat may be cancelled, but MGM and Caesars staff will still be coming to your house unannounced to rifle through your things.
@runasand: Do I need a burner phone for virtual defcon or no
@tactifail: Interesting thing about @defcon 28. If you look at the ASCII table, you’ll notice that there is no octal value for 28 because 28 in octal doesn’t exist; it goes right from 027 to 030. 030 is the CAN character. For “canceled”. Coincidence? I think not.
@racheltobac: With the number of folks buying @defcon swag on eBay right now I’m just going to come right out and say that we should keep our heads on a swivel for an “eBay package delay” phish. It won’t be from me, but I bet we’ll see at least one in the community Robot faceSign of the hornsFishing pole and fish
@marcwrogers: DEF CON is officially cancelled. https://forum.defcon.org/node/232005 we will be putting on an online event instead. Details in the post. #DEFCON #DEFCONisCANCELLED
@find_evil: #DEFCON may be canceled IRL for the first time ever but the virtual event will still proceed — and I, for one, am looking forward to it ?
@snubs: YALL. DEF CON is actually, really cancelled. https://forum.defcon.org/node/232005 #defcon @defcon Everyone in charge made the right choice. Thank you @thedarktangent and all involved for considering our health and safety a priority. ??
@hacks4pancakes: What’s something good you hope comes out of @defcon Safe Mode? Positive thoughts and ideas only. Go!