Displaying items by tag: Jake Williams

The world's biggest hotel booking site Booking.com was breached by an American acting on behalf of US intelligence in 2016, who stole details of thousands of reservations in the Middle East, but the site kept it quiet, a new book authored by three Dutch journalists claims.

CIA-backed threat intelligence firm Recorded Future has issued a document in which it claims that a China-linked group named RedEcho is targeting the Indian power industry. That's the meaning from the headline which is very definitive.

Comments made by Microsoft president Brad Smith to the US Senate Select Committee on Intelligence, which held a hearing on the SolarWinds attacks last week, claiming that there is more security in the cloud than in on-premises servers, have met a tough response from former NSA hacker Jake Williams, who characterised them as having caused more harm to security than the SolarWinds attackers did in the first place.

ANALYSIS The assertion by Microsoft President Brad Smith during a 60 Minutes interview with CBS on Sunday that the supply chain attack revealed by security firm FireEye in December was "the largest and most sophisticated attack the world has ever seen" has once again raised the question of the extent to which Microsoft was involved in this attack.

UPDATED 11 February: Ex-NSA hacker and former owner of security company Immunity, Dave Aitel, has launched a fresh salvo of tweets against a book published by New York Times cyber security reporter Nicole Perlroth, after securing and reading a copy of the tome which was published on Tuesday US time.

Former NSA hacker and ex-owner of security company Immunity, Dave Aitel, has once again criticised New York Times' cyber security reporter Nicole Perlroth, claiming that nearly every detail in a piece the journalist wrote to promote an upcoming book of hers is wrong.

Attackers who claim they are responsible for the supply chain attack on the Texas firm SolarWinds, say they have data from their exploits which they wish to sell.

Federal authorities are likely to be looking into security practices at Texas-based SolarWinds and would have secured evidence during a raid on their offices in the wake of the revelations about cyber attacks being launched using the company's supply chain as a vector, a senior infosec practitioner says.

Former NSA hacker Jake Williams has criticised the SEC filing made by security firm SolarWinds following the disclosure that the company's Orion network management software had been compromised and used to breach numerous companies in many regions of the globe.

Microsoft's new security chip, announced last week, will have an impact on hardware-only attacks, an American security professional says, adding that it could also assist in firmware security, but would result in added costs.

Several companies, including IQVIA, the firm managing AstraZeneca's COVID vaccine trial, and Bristol Myers Squibb, which is leading a group of companies in developing a quick coronavirus test, have been affected by a ransomware attack on Windows systems at Philadelphia firm eResearchTechnology.

The company that organises the Black Hat hackers conference in the US has reached a legal settlement with a company known as Crown Sterling over a sponsored talk that was presented at the 2019 conference and then taken down from the conference website after several attendees questioned its veracity.

A row has broken out between researchers from Google after ex-NSA hacker Patrick Wardle revealed the details of two zero-day vulnerabilities in the Mac version of Zoom that could be exploited to give the attacker root access. Neither vulnerability is remotely exploitable and can only be taken advantage of by a local attacker – someone who has physical access to the machine in question.

The row between information security professionals and The New York Times, over an article it ran recently, claiming that a ransomware attack on local government offices in Baltimore, Maryland, was carried out through the use of a leaked NSA exploit known as EternalBlue, has moved in a different direction, with some of the infosec people themselves coming under attack – from their peers.

A number of information security professionals in the US have sharply criticised The New York Times over an article it ran recently, claiming that a ransomware attack on local government offices in Baltimore, Maryland, was carried out through the use of a leaked NSA exploit known as EternalBlue.

A number of well-respected security professionals have slammed the news agency Bloomberg for an op-ed it ran on Tuesday, claiming that WhatsApp's end-to-end encryption was a gimmick, after reports emerged that the app could be exploited by mobile spyware by merely calling the phone of a would-be victim.

There are many things that one can say about America's premier spy agency, the NSA, but one can never accuse it of not instilling an incredible degree of loyalty among most of its employees, to the extent that those who left its portals decades ago still carry water for it when someone attacks the agency.

Israel has crossed the Rubicon with its attack on alleged cyber attackers belonging to the Palestinian group Hamas, a well-known information security professional says, adding that this action must be condemned by the international community else it risks becoming a new norm of warfare.

A number of security researchers have sharply criticised security blogger Brian Krebs, a former employee of the Washington Post, after he doxxed two of them on Twitter, apparently because he disagreed with them about the operations of Spamhaus, an organisation set up to track email spammers and spam-related activity.

Former NSA contractor Harold Martin has pleaded guilty to taking a huge amount of classified data home and is likely to be jailed for six more years, which would bring his total stay in prison to nine years.