Tech News
NATO boss mocks Russian navy, which is on the hunt for Red October “the nearest mechanic”
Security - Posted On:2025-10-14 17:45:00 Source: arstechnica
When one of its Kilo-class, diesel-electric submarines recently surfaced off the coast of France, Russia denied that there was a problem with the vessel. The sub was simply surfacing to comply with maritime transit rules governing the English Channel, the Kremlin said—Russia being, of course, a noted follower of international law.
But social media accounts historically linked to Russian security forces suggested a far more serious problem on the submarine Novorossiysk. According to The Maritime Executive, "Rumors began to circulate on well-informed social media channels that the Novorossiysk had suffered a fuel leak. They suggested the vessel lacked onboard capabilities and was forced to surface to empty flooded compartments. Some reports said it was a dangerous fuel leak aboard the vessel, which was commissioned in 2012."
France 24 quoted further social media reports as saying, "The submarine has neither the spare parts nor the qualified specialists onboard to fix the malfunction," and it "now poses an explosion hazard."
Japan is running out of its favorite beer after ransomware attack
Security - Posted On:2025-10-02 10:00:00 Source: arstechnica
Japan is just a few days away from running out of Asahi Super Dry as the producer of the nation’s most popular beer wrestles with a devastating cyber attack that has shut down its domestic breweries.
The vast majority of Asahi Group’s 30 factories in Japan have not operated since Monday after the attack disabled its ordering and delivery system, the company said.
Retailers are already expecting empty shelves as the outage stretches into its fourth day with no clear timeline for factories recommencing operations. Super Dry could also run out at izakaya pubs, which rely on draught and bottles.
Rocket Report: Keeping up with Kuiper; New Glenn’s second flight slips
Security - Posted On:2025-09-26 09:30:01 Source: arstechnica
Welcome to Edition 8.12 of the Rocket Report! We often hear from satellite operators—from the military to venture-backed startups—about their appetite for more launch capacity. With so many rocket launches happening around the world, some might want to dismiss these statements as a corporate plea for more competition, and therefore lower prices. SpaceX is on pace to launch more than 150 times this year. China could end the year with more than 70 orbital launches. These are staggering numbers compared to global launch rates just a few years ago. But I'm convinced there's room for more alternatives for reliable (and reusable) rockets. All of the world's planned mega-constellations will need immense launch capacity just to get off the ground, and if successful, they'll go into regular replacement and replenishment cycles. Throw in the still-undefined Golden Dome missile shield and many nations' desire for a sovereign launch capability, and it's easy to see the demand curve going up.
As always, we welcome reader submissions. If you don't want to miss an issue, please subscribe using the box below (the form will not appear on AMP-enabled versions of the site). Each report will include information on small-, medium-, and heavy-lift rockets, as well as a quick look ahead at the next three launches on the calendar.
Sharp words from Astra’s Chris Kemp. Chris Kemp, the chief executive officer of Astra, apparently didn't get the memo about playing nice with his competitors in the launch business. Kemp made some spicy remarks at the Berkeley Space Symposium 2025 earlier this month, billed as the largest undergraduate aerospace event at the university (see video of the talk). During the speech, Kemp periodically deviated from building up Astra to hurling insults at several of his competitors in the launch industry, Ars reports. To be fair to Kemp, some of his criticisms are not without a kernel of truth. But they are uncharacteristically rough all the same, especially given Astra's uneven-at-best launch record and financial solvency to date.
US uncovers 100,000 SIM cards that could have “shut down” NYC cell network
Security - Posted On:2025-09-23 13:30:01 Source: arstechnica
The US Secret Service announced this morning that it has located and seized a cache of telecom devices large enough to "shut down the cellular network in New York City." And it believes a nation-state is responsible.
According to the agency, "more than 300 co-located SIM servers and 100,000 SIM cards" were discovered at multiple locations within the New York City area. Photos of the seized gear show what appear to be "SIM boxes" bristling with antennas and stuffed with SIM cards, then stacked on six-shelf racks. (SIM boxes are often used for fraud.) One photo even shows neatly stacked towers of punched-out SIM card packaging, suggesting that whoever put the system together invested some quality time in just getting the whole thing set up.
The gear was identified as part of a Secret Service investigation into "anonymous telephonic threats" made against several high-ranking US government officials, but the setup seems designed for something larger than just making a few threats. The Secret Service believes that the system could have been capable of activities like "disabling cell phone towers, enabling denial of services attacks and facilitating anonymous, encrypted communication between potential threat actors and criminal enterprises."
Microsoft’s Entra ID vulnerabilities could have been catastrophic
Security - Posted On:2025-09-20 08:45:00 Source: arstechnica
As businesses around the world have shifted their digital infrastructure over the last decade from self-hosted servers to the cloud, they’ve benefitted from the standardized, built-in security features of major cloud providers like Microsoft. But with so much riding on these systems, there can be potentially disastrous consequences at a massive scale if something goes wrong. Case in point: Security researcher Dirk-jan Mollema recently stumbled upon a pair of vulnerabilities in Microsoft Azure’s identity and access management platform that could have been exploited for a potentially cataclysmic takeover of all Azure customer accounts.
Known as Entra ID, the system stores each Azure cloud customer’s user identities, sign-in access controls, applications, and subscription management tools. Mollema has studied Entra ID security in depth and published multiple studies about weaknesses in the system, which was formerly known as Azure Active Directory. But while preparing to present at the Black Hat security conference in Las Vegas in July, Mollema discovered two vulnerabilities that he realized could be used to gain global administrator privileges—essentially god mode—and compromise every Entra ID directory, or what is known as a “tenant.” Mollema says that this would have exposed nearly every Entra ID tenant in the world other than, perhaps, government cloud infrastructure.
“I was just staring at my screen. I was like, ‘No, this shouldn’t really happen,’” says Mollema, who runs the Dutch cybersecurity company Outsider Security and specializes in cloud security. “It was quite bad. As bad as it gets, I would say.”
The US is now the largest investor in commercial spyware
Security - Posted On:2025-09-11 10:30:01 Source: arstechnica
The United States has emerged as the largest investor in commercial spyware—a global industry that has enabled the covert surveillance of journalists, human rights defenders, politicians, diplomats, and others, posing grave threats to human rights and national security.
In 2024, 20 new US-based spyware investors were identified, bringing the total number of American backers of this technology to 31. This growth has largely outpaced other major investing countries such as Israel, Italy, and the United Kingdom, according to a new report published today by the Atlantic Council.
The study surveyed 561 entities across 46 countries between 1992 and 2024, identifying 34 new investors. This brings the total to 128, up from 94 in the dataset published last year.
Sextortion with a twist: Spyware takes webcam pics of users watching porn
Security - Posted On:2025-09-04 19:15:00 Source: arstechnica
Sextortion-based hacking, which hijacks a victim's webcam or blackmails them with nudes they're tricked or coerced into sharing, has long represented one of the most disturbing forms of cybercrime. Now one specimen of widely available spyware has turned that relatively manual crime into an automated feature, detecting when the user is browsing pornography on their PC, screenshotting it, and taking a candid photo of the victim through their webcam.
On Wednesday, researchers at security firm Proofpoint published their analysisof an open-source variant of “infostealer” malware known as Stealerium that the company has seen used in multiple cybercriminal campaigns since May of this year. The malware, like all infostealers, is designed to infect a target's computer and automatically send a hacker a wide variety of stolen sensitive data, including banking information, usernames and passwords, and keys to victims' crypto wallets. Stealerium, however, adds another, more humiliating form of espionage: It also monitors the victim's browser for web addresses that include certain NSFW keywords, screenshots browser tabs that include those words, photographs the victim via their webcam while they're watching those porn pages, and sends all the images to a hacker—who can then blackmail the victim with the threat of releasing them.
“When it comes to infostealers, they typically are looking for whatever they can grab,” says Selena Larson, one of the Proofpoint researchers who worked on the company's analysis. “This adds another layer of privacy invasion and sensitive information that you definitely wouldn't want in the hands of a particular hacker.”
Blame the governor! Oklahoma’s “board meeting porn” scandal goes gonzo.
Security - Posted On:2025-07-31 16:15:00 Source: arstechnica
Only a week has passed since two Oklahoma Board of Education members complained about seeing nude women appear on a TV set during an official board meeting. And yet we've already reached the "just asking questions" stage of the scandal lifecycle, with the state's hard-right education boss wondering aloud if Oklahoma's governor might not be behind the whole thing.
On the surface, this appears an odd reaction. One might have expected Superintendent of Public Instruction Ryan Walters to agree with his outraged board members. You know, a sort of "Together we will unmask the degenerates who are making a mockery of our meetings with their streaming retro pornography!"
But no. Walters first put out a press release, titled "Response to the Most Absurd, False, and Gutter Political Attack from a Desperate, Failing Establishment," in which he said that "any suggestion that a device of mine was used to stream inappropriate content on the television set is categorically false."
St. Paul, MN, was hacked so badly that the National Guard has been deployed
Security - Posted On:2025-07-31 08:45:00 Source: arstechnica
Hacking attacks—many using ransomware—now hit US cities every few days. They are expensive to mitigate and extremely disruptive. Abilene, Texas, for instance, had 477 GB of data stolen this spring. The city refused to pay the requested ransom and instead decided to replace every server, desktop, laptop, desk telephone, and storage device. This has required a "temporary return to pen-and-paper systems" while the entire city network is rebuilt, but at least Abilene was insured against such an attack.
Sometimes, though, the hacks hit harder than usual. That was the case in St. Paul, Minnesota, which suffered a significant cyberattack last Friday that it has been unable to mitigate. Things have gotten so bad that the city has declared a state of emergency, while the governor activated the National Guard to assist.
According to remarks by St. Paul Mayor Melvin Carter, the attack was first noticed early in the morning of Friday, July 25. It was, Carter said, "a deliberate, coordinated digital attack, carried out by a sophisticated external actor—intentionally and criminally targeting our city’s information infrastructure."
St. Paul, MN was hacked so badly that the National Guard has been deployed
Security - Posted On:2025-07-30 17:15:01 Source: arstechnica
Hacking attacks—many using ransomware—now hit US cities every few days. They are expensive to mitigate and extremely disruptive. Abilene, Texas, for instance, had 477 GB of data stolen this spring. The city refused to pay the requested ransom and instead decided to replace every server, desktop, laptop, desk telephone, and storage device. This has required a "temporary return to pen-and-paper systems" while the entire city network is rebuilt, but at least Abilene was insured against such an attack.
Sometimes, though, the hacks hit harder than usual. That was the case in St. Paul, Minnesota, which suffered a significant cyberattack last Friday that it has been unable to mitigate. Things have gotten so bad that the city has declared a state of emergency, while the governor activated the National Guard to assist.
According to remarks by St. Paul Mayor Melvin Carter, the attack was first noticed early in the morning of Friday, July 25. It was, Carter said, "a deliberate, coordinated digital attack, carried out by a sophisticated external actor—intentionally and criminally targeting our city’s information infrastructure."
Microsoft to stop using China-based teams to support Department of Defense
Security - Posted On:2025-07-26 07:30:00 Source: arstechnica
Last week, Microsoft announced that it would no longer use China-based engineering teams to support the Defense Department’s cloud computing systems, following ProPublica’s investigation of the practice, which cybersecurity experts said could expose the government to hacking and espionage.
But it turns out the Pentagon was not the only part of the government facing such a threat. For years, Microsoft has also used its global workforce, including China-based personnel, to maintain the cloud systems of other federal departments, including parts of Justice, Treasury and Commerce, ProPublica has found.
This work has taken place in what’s known as the Government Community Cloud, which is intended for information that is not classified but is nonetheless sensitive. The Federal Risk and Authorization Management Program, the US government’s cloud accreditation organization, has approved GCC to handle “moderate” impact information “where the loss of confidentiality, integrity, and availability would result in serious adverse effect on an agency’s operations, assets, or individuals.”
North Korean hackers ran US-based “laptop farm” from Arizona woman’s home
Security - Posted On:2025-07-25 19:30:00 Source: arstechnica
Christina Chapman, a 50-year-old Arizona woman, has just been sentenced to 102 months in prison for helping North Korean hackers steal US identities in order to get "remote" IT jobs with more than 300 American companies, including Nike. The scheme funneled millions of dollars to the North Korean state.
Why did Chapman do it? In a letter sent this week to the judge, Chapman said that she was "looking for a job that was Monday through Friday that would allow me to be present for my mom" who was battling cancer. (Her mother died in 2023.) But "the area where we lived didn't provide for a lot of job opportunities that fit what I needed. I also thought that the job was allowing me to help others."
She offered her "deepest and sincerest apologies to any person who was harmed by my actions," thanked the FBI for busting her, and said that when she gets out of prison, she hopes to "pursue the books that I have been working on writing and starting my own underwear company."
Hackers—hope to defect to Russia? Don’t Google “defecting to Russia.”
Security - Posted On:2025-07-24 16:45:01 Source: arstechnica
To the casual observer, cybercriminals can look like swashbuckling geniuses.
They possess technical skills formidable enough to penetrate the networks of the biggest companies on the planet.
They cover their tracks using technology that is arcane to most people—VPNs, encrypted chat apps, onion routing, aliases in dark web forums.
After $380M hack, Clorox sues its “service desk” vendor for simply giving out passwords
Security - Posted On:2025-07-23 16:00:00 Source: arstechnica
Hacking is hard. Well, sometimes.
Other times, you just call up a company's IT service desk and pretend to be an employee who needs a password reset, an Okta multifactor authentication reset, and a Microsoft multifactor authentication reset... and it's done. Without even verifying your identity.
So you use that information to log in to the target network and discover a more trusted user who works in IT security. You call the IT service desk back, acting like you are now this second person, and you request the same thing: a password reset, an Okta multifactor authentication reset, and a Microsoft multifactor authentication reset. Again, the desk provides it, no identity verification needed.
New Windows 11 build adds self-healing “quick machine recovery” feature
Security - Posted On:2025-07-11 18:30:01 Source: arstechnica
Microsoft is adding a new recovery mode to Windows to help revive crashing PCs. Called quick machine recovery (QMR), this technology enables Windows 11 PCs to boot into the Windows Recovery Environment (WinRE, also used by Windows install media and IT shops for various recovery and diagnostic purposes), connect to the Internet, and download Microsoft-provided fixes for "widespread boot issues" that could be keeping the PC from booting properly.
Initially announced in late 2024 as part of the "Windows Resiliency Initiative," QMR is one of a couple of steps that Microsoft is taking to prevent a repeat of mid-2024's CrowdStrike outage, when a bugged update to one of CrowdStrike's security products brought down millions of Windows PCs and servers and caused widespread service outages in many industries. Fixing some of those PCs required booting and fixing each one individually; QMR should make it possible to apply that kind of fix remotely even if a PC is so broken that it can't boot into Windows proper.
The initial version of the QMR feature is rolling out to Windows 11 PCs enrolled in the Canary channel of Microsoft's Windows Insider testing program. This is the least stable and most experimental of the four Windows 11 testing channels. As Microsoft adds features and fixes bugs, it should gradually move to the Dev, Beta, and Release Preview channels before rolling out to the Windows user base more broadly.
US critical infrastructure exposed as feds warn of possible attacks from Iran
Security - Posted On:2025-07-01 18:15:01 Source: arstechnica
Hackers working on behalf of the Iranian government are likely to target industrial control systems used at water treatment plants and other critical infrastructure to retaliate against recent military strikes by Israel and the US, federal government agencies are warning. One cybersecurity company says many US-based targets aren't adequately protected against the threat.
“Based on the current geopolitical environment, Iranian-affiliated cyber actors may target US devices and networks for near-term cyber operations,” an advisory jointly published by the The Cybersecurity and Infrastructure Security Agency, FBI, Department of Defense Cyber Crime Center, and the National Security Agency stated. “Defense Industrial Base (DIB) companies, particularly those possessing holdings or relationships with Israeli research and defense firms, are at increased risk.”
Of particular interest to the would-be hackers are control systems that automate industrial processes inside water treatment plants, dams, and other critical infrastructure, particularly when those systems are manufactured by Israel-based companies. Between November 2023 and January 2024, near the onset of the conflict between Israel and Hamas, federal agencies said hackers affiliated with the Iranian Islamic Revolutionary Guard Corps actively targeted and compromised Israeli-made programmable-logic controllers and human-machine interfaces used in multiple sectors, Including US Water and Wastewater Systems Facilities. At least 75 devices, including at least 34 in US-based water facilities, were compromised.
US critical infrastructure exposed as feds worn of possible attacks from Iran
Security - Posted On:2025-07-01 16:00:01 Source: arstechnica
Hackers working on behalf of the Iranian government are likely to target industrial control systems used at water treatment plants and other critical infrastructure to retaliate against recent military strikes by Israel and the US, federal government agencies are warning. One cybersecurity company says many US-based targets aren't adequately protected against the threat.
“Based on the current geopolitical environment, Iranian-affiliated cyber actors may target US devices and networks for near-term cyber operations,” an advisory jointly published by the The Cybersecurity and Infrastructure Security Agency, FBI, Department of Defense Cyber Crime Center, and the National Security Agency stated. “Defense Industrial Base (DIB) companies, particularly those possessing holdings or relationships with Israeli research and defense firms, are at increased risk.”
Of particular interest to the would-be hackers are control systems that automate industrial processes inside water treatment plants, dams, and other critical infrastructure, particularly when those systems are manufactured by Israel-based companies. Between November 2023 and January 2024, near the onset of the conflict between Israel and Hamas, federal agencies said hackers affiliated with the Iranian Islamic Revolutionary Guard Corps actively targeted and compromised Israeli-made programmable-logic controllers and human-machine interfaces used in multiple sectors, Including US Water and Wastewater Systems Facilities. At least 75 devices, including at least 34 in US-based water facilities, were compromised.
Microsoft changes Windows in attempt to prevent next CrowdStrike-style catastrophe
Security - Posted On:2025-06-27 14:30:01 Source: arstechnica
In the summer of 2024, corporate anti-malware provider CrowdStrike pushed a broken update to millions of PCs and servers running some version of Microsoft's Windows software, taking down systems that both companies and consumers relied on for air travel, payments, emergency services, and their morning coffee. It was a huge outage, and it caused days and weeks of pain as the world's permanently beleaguered IT workers brought systems back online, in some cases touching each affected PC individually to remove the bad update and get the systems back up and running.
The outage was ultimately CrowdStrike's fault, and in the aftermath of the incident, the company promised a long list of process improvements to keep a bad update like that from going out again. But because the outage affected Windows systems, Microsoft often had shared and sometimes even top billing in mainstream news coverage—another in a string of security-related embarrassments that prompted CEO Satya Nadella and other executives to promise that the company would refocus its efforts on improving the security of its products.
The CrowdStrike crash was possible partly due to how anti-malware software works in Windows. Security vendors and their AV products generally have access to the Windows kernel, the cornerstone of the operating system that sits between your hardware and most user applications. But most user applications don't have kernel access specifically because a buggy app (or one hijacked by malware) with kernel access can bring the entire system down rather than just affecting the app. The bad CrowdStrike update was bad mostly because it was being loaded so early in Windows' boot process that many systems couldn't check for and download CrowdStrike's fix before they crashed.
Cybercriminals turn to “residential proxy” services to hide malicious traffic
Security - Posted On:2025-06-08 08:00:01 Source: arstechnica
For years, gray market services known as “bulletproof” hosts have been a key tool for cybercriminals looking to anonymously maintain web infrastructure with no questions asked. But as global law enforcement scrambles to crack down on digital threats, they have developed strategies for getting customer information from these hosts and have increasingly targeted the people behind the services with indictments. At the cybercrime-focused conference Sleuthcon in in Arlington, Virginia on Friday, researcher Thibault Seret outlined how this shift has pushed both bulletproof hosting companies and criminal customers toward an alternative approach.
Rather than relying on web hosts to find ways of operating outside law enforcement's reach, some service providers have turned to offering purpose-built VPNs and other proxy services as a way of rotating and masking customer IP addresses and offering infrastructure that either intentionally doesn't log traffic or mixes traffic from many sources together. And while the technology isn't new, Seret and other researchers emphasized to WIRED that the transition to using proxies among cybercrminals over the last couple of years is significant.
“The issue is, you cannot technically distinguish which traffic in a node is bad and which traffic is good,” Seret, a researcher at the threat intelligence firm Team Cymru, told WIRED ahead of his talk. “That's the magic of a proxy service—you cannot tell who’s who. It's good in terms of internet freedom, but it's super, super tough to analyze what’s happening and identify bad activity.”
Spy-catcher saw “stupid” tech errors others made. FBI says he then made his own.
Security - Posted On:2025-05-30 17:15:00 Source: arstechnica
Twenty-eight-year-old Nathan Laatsch was, until yesterday, a cybersecurity employee at the Defense Intelligence Agency (DIA). He had a Top Secret clearance and worked in the Insider Threat Division. Laatsch spent his days—you'll understand the past tense in a moment—"enabling user monitoring on individuals with access to DIA systems," including employees under surreptitious internal investigation.
Given that Laatsch was one of those who "watched the watchers," he appears to have had supreme confidence in his own ability to avoid detection should he decide to go rogue. "Stupid mistakes" made by other idiots would "not be difficult for me to avoid," he once wrote. DIA couldn't even launch an investigation of Laatsch without him knowing that something was up.
The Greeks had a word for this: hubris.