Displaying items by tag: Jake Williams

Security firm Malwarebytes has been one of the few companies or individuals that refused to swallow a bogus report about three million smart toothbrushes being used in a DDoS attack.

Apparently stung by the criticism of both vendors and security practitioners over the lack of logs to analyse a recent breach of its cloud service, Microsoft has backed down to some extent on charging customers for providing access to logging services.

Well-known American security expert Jake Williams has weighed in on the recent breach of Microsoft's cloud at a number of government agencies, saying that it was not acceptable that any security provider should charge a logging tax.

Former NSA hacker Jake Williams could find himself the target of Democrat ire after he took on a paid job to determine the veracity of emails found on a laptop belonging to Hunter Biden, the son of US President Joe Biden.

The world's biggest hotel booking site Booking.com was breached by an American acting on behalf of US intelligence in 2016, who stole details of thousands of reservations in the Middle East, but the site kept it quiet, a new book authored by three Dutch journalists claims.

CIA-backed threat intelligence firm Recorded Future has issued a document in which it claims that a China-linked group named RedEcho is targeting the Indian power industry. That's the meaning from the headline which is very definitive.

Comments made by Microsoft president Brad Smith to the US Senate Select Committee on Intelligence, which held a hearing on the SolarWinds attacks last week, claiming that there is more security in the cloud than in on-premises servers, have met a tough response from former NSA hacker Jake Williams, who characterised them as having caused more harm to security than the SolarWinds attackers did in the first place.

ANALYSIS The assertion by Microsoft President Brad Smith during a 60 Minutes interview with CBS on Sunday that the supply chain attack revealed by security firm FireEye in December was "the largest and most sophisticated attack the world has ever seen" has once again raised the question of the extent to which Microsoft was involved in this attack.

UPDATED 11 February: Ex-NSA hacker and former owner of security company Immunity, Dave Aitel, has launched a fresh salvo of tweets against a book published by New York Times cyber security reporter Nicole Perlroth, after securing and reading a copy of the tome which was published on Tuesday US time.

Former NSA hacker and ex-owner of security company Immunity, Dave Aitel, has once again criticised New York Times' cyber security reporter Nicole Perlroth, claiming that nearly every detail in a piece the journalist wrote to promote an upcoming book of hers is wrong.

Attackers who claim they are responsible for the supply chain attack on the Texas firm SolarWinds, say they have data from their exploits which they wish to sell.

Federal authorities are likely to be looking into security practices at Texas-based SolarWinds and would have secured evidence during a raid on their offices in the wake of the revelations about cyber attacks being launched using the company's supply chain as a vector, a senior infosec practitioner says.

Former NSA hacker Jake Williams has criticised the SEC filing made by security firm SolarWinds following the disclosure that the company's Orion network management software had been compromised and used to breach numerous companies in many regions of the globe.

Microsoft's new security chip, announced last week, will have an impact on hardware-only attacks, an American security professional says, adding that it could also assist in firmware security, but would result in added costs.

Several companies, including IQVIA, the firm managing AstraZeneca's COVID vaccine trial, and Bristol Myers Squibb, which is leading a group of companies in developing a quick coronavirus test, have been affected by a ransomware attack on Windows systems at Philadelphia firm eResearchTechnology.

The company that organises the Black Hat hackers conference in the US has reached a legal settlement with a company known as Crown Sterling over a sponsored talk that was presented at the 2019 conference and then taken down from the conference website after several attendees questioned its veracity.

A row has broken out between researchers from Google after ex-NSA hacker Patrick Wardle revealed the details of two zero-day vulnerabilities in the Mac version of Zoom that could be exploited to give the attacker root access. Neither vulnerability is remotely exploitable and can only be taken advantage of by a local attacker – someone who has physical access to the machine in question.

The row between information security professionals and The New York Times, over an article it ran recently, claiming that a ransomware attack on local government offices in Baltimore, Maryland, was carried out through the use of a leaked NSA exploit known as EternalBlue, has moved in a different direction, with some of the infosec people themselves coming under attack – from their peers.

A number of information security professionals in the US have sharply criticised The New York Times over an article it ran recently, claiming that a ransomware attack on local government offices in Baltimore, Maryland, was carried out through the use of a leaked NSA exploit known as EternalBlue.

A number of well-respected security professionals have slammed the news agency Bloomberg for an op-ed it ran on Tuesday, claiming that WhatsApp's end-to-end encryption was a gimmick, after reports emerged that the app could be exploited by mobile spyware by merely calling the phone of a would-be victim.