Spies hack Wi-Fi networks in far-off land to launch attack on target next door
“Nearest Neighbor Attack” finally lets Russia’s Fancy Bear into target’s Wi-Fi network.
Dan Goodin
–
|
39
Dan Goodin
Senior Security Editor
[email protected]
Dan Goodin is Senior Security Editor at Ars Technica, where he oversees coverage of malware, computer espionage, botnets, hardware hacking, encryption, and passwords. A journalist with more than 25 years experience, he has been chronicling the exploits of white-hat, grey-hat and black-hat hackers since 2005 as a reporter for the Associated Press and later, The Register. He has a Bachelors Degree in English from the University of Massachusetts and a Masters of Journalism from UC Berkeley. In his spare time, he enjoys gardening, cooking, and following the independent music scene. Based in San Francisco, Dan can receive encrypted messages over Signal at DanArs.82. You can find him on Mastodon at here and on Bluesky at here.
Recent stories by
Dan Goodin
5 charged in “Scattered Spider,” one of the most profitable phishing scams ever
Phishing attacks were so well-orchestrated that they fooled some of the best in the business.
Dan Goodin
–
|
56
Law enforcement operation takes down 22,000 malicious IP addresses worldwide
Operation Synergia II took aim at phishing, ransomware, and information stealing.
Dan Goodin
–
|
24
Suspect arrested in Snowflake data-theft attacks affecting millions
Threat actor exploited account credentials swept up by infostealers years earlier.
Dan Goodin
–
|
11
Hundreds of code libraries posted to NPM try to install malware on dev machines
These are not the the developer tools you think they are.
Dan Goodin
–
|
63
Thousands of hacked TP-Link routers used in yearslong account takeover attacks
The botnet is being skillfully used to launch "highly evasive" password-spraying attacks.
Dan Goodin
–
|
105
Android Trojan that intercepts voice calls to banks just got more stealthy
FakeCall malware can reroute calls intended for banks to attacker-controlled numbers.
Dan Goodin
–
|
35
Here’s the paper no one read before declaring the demise of modern cryptography
The advance was incremental at best. So why did so many think it was a breakthrough?
Dan Goodin
–
|
108
Most Read
Kremlin-backed hackers have new Windows and Android malware to foist on Ukrainian foes
"Civil Defense" pushes hybrid espionage/influence campaign targeting recruits.
Dan Goodin
–
|
17
Location tracking of phones is out of control. Here’s how to fight back.
Unique IDs assigned to Android and iOS devices threaten your privacy. Who knew?
Dan Goodin
–
|
203
FortiGate admins report active exploitation 0-day. Vendor isn’t talking.
Vulnerability allowing remote code execution has been discussed since at least 9 days ago.
Dan Goodin
–
|
68
Here’s how SIM swap in alleged bitcoin pump-and-dump scheme worked
False information posted to official SEC account caused spike in the currency.
Dan Goodin
–
|
47
Two accused of DDoSing some of the world’s biggest tech companies
Hospitals, government agencies, and a large roster of tech companies all targeted.
Dan Goodin
–
|
43
North Korean hackers use newly discovered Linux malware to raid ATMs
Once, FASTCash ran only on Unix. Then came Windows. Now it can target Linux, too.
Dan Goodin
–
|
38
Invisible text that AI chatbots understand and humans can’t? Yep, it’s a thing.
A quirk in the Unicode standard harbors an ideal steganographic code channel.
Dan Goodin
–
|
88
Archive.org, a repository of the history of the Internet, has a data breach
31 million records containing email addresses and password hashes exposed.
Dan Goodin
–
|
137
Two never-before-seen tools, from same group, infect air-gapped devices
It's hard enough creating one air-gap-jumping tool. GoldenJackal did it 2x in 5 years.
Dan Goodin
–
|
143
Thousands of Linux systems infected by stealthy malware since 2021
The ability to remain installed and undetected makes Perfctl hard to fight.
Dan Goodin
–
|
49
Attackers exploit critical Zimbra vulnerability using cc’d email addresses
When successful, attacks install a backdoor. Getting it to work reliably is another matter.
Dan Goodin
–
|
8
Crook made millions by breaking into execs’ Office365 inboxes, feds say
Email accounts inside 5 US companies unlawfully breached through password resets.
Dan Goodin
–
|
44
Systems used by courts and governments across the US riddled with vulnerabilities
With hundreds of courts and agencies affected, chances are one near you is, too.
Dan Goodin
–
|
36
Meta pays the price for storing hundreds of millions of passwords in plaintext
Company failed to follow one of the most sacrosanct rules for password storage.
Dan Goodin
–
|
190
Tails OS joins forces with Tor Project in merger
The organizations have worked closely together over the years.
Dan Goodin
–
|
58
NIST proposes barring some of the most nonsensical password rules
Proposed guidelines aim to inject badly needed common sense into password hygiene.
Dan Goodin
–
|
352
Hacker plants false memories in ChatGPT to steal user data in perpetuity
Emails, documents, and other untrusted content can plant malicious memories.
Dan Goodin
–
|
105
11 million devices infected with botnet malware hosted in Google Play
Necro infiltrated Google Play in 2019. It recently returned.
Dan Goodin
–
|
44
Google calls for halting use of WHOIS for TLS domain verifications
WHOIS data is unreliable. So why is it used in TLS certificate applications?
Dan Goodin
–
|
34
Ever wonder how crooks get the credentials to unlock stolen phones?
iServer provided a simple service for phishing credentials to unlock phones.
Dan Goodin
–
|
34
Massive China-state IoT botnet went undetected for four years—until now
75% of infected devices were located in homes and offices in North America and Europe.
Dan Goodin
–
|
66
Secure Boot-neutering PKfail debacle is more prevalent than anyone knew
Keys were marked "DO NOT TRUST." More devices than previously known used them anyway.
Dan Goodin
–
|
56
1.3 million Android-based TV boxes backdoored; researchers still don’t know how
Infection corrals devices running AOSP-based firmware into a botnet.
Dan Goodin
–
|
108
As quantum computing threats loom, Microsoft updates its core crypto library
Two algorithms added so far, two more planned in the coming months.
Dan Goodin
–
|
45
Rogue WHOIS server gives researcher superpowers no one should ever have
.mobi top-level-domain managers changed the location of its WHOIS server. No one got the memo.
Dan Goodin
–
|
101
Found: 280 Android apps that use OCR to steal cryptocurrency credentials
Optical Character Recognition converts passwords shown in images to machine-readable text.
Dan Goodin
–
|
49
US charges Russian military officers for unleashing wiper malware on Ukraine
WhisperGate campaign targeted Ukrainian critical infrastructure and allies worldwide.
Dan Goodin
–
|
54
Zyxel warns of vulnerabilities in a wide range of its products
Most serious vulnerabilities carry severity ratings of 9.8 and 8.1 out of a possible 10.
Dan Goodin
–
|
17