Dan Goodin, Ars Technica

Dan Goodin

Ars Technica

San Francisco, CA, United States

Contact Dan

Discover and connect with journalists and influencers around the world, save time on email research, monitor the news, and more.

Start free trial

  • Unknown
  • Ars Technica
  • Ars Technica UK

Past articles by Dan:

Software for sale is fueling a torrent of phishing attacks that bypass MFA

Some forms of multi-factor authentication only go so far in preventing account takeovers. → Read More

Malware infecting widely used security appliance survives firmware updates

Update-resistant malware is part of a pattern by highly motivated threat actors. → Read More

Go ahead and unplug this door device before reading. You’ll thank us later.

The Akuvox E11 door phone/intercom is riddled with security holes. → Read More

Threat actors are using advanced malware to backdoor business-grade routers

Hiatus hacking campaign has infected roughly 100 Draytek routers. → Read More

Unkillable UEFI malware bypassing Secure Boot enabled by unpatchable Windows flaw

BlackLotus represents a major milestone in the continuing evolution of UEFI bootkits. → Read More

Google adds client-side encryption to Gmail and Calendar. Should you care?

New service occupies a middle ground between E2EE and mere server-side encryption → Read More

LastPass says employee’s home computer was hacked and corporate vault taken

Already smarting from a breach that stole customer vaults, LastPass has more bad news. → Read More

Conservative News Corp. empire says hackers were inside its network for 2 years

News Corp. disclosed the breach last year. Now, company says it lasted 23 months. → Read More

Signal CEO: We “1,000% won’t participate” in UK law to weaken encryption

The UK's Safety Online Bill would require Signal to police user messages. → Read More

A world of hurt for Fortinet and Zoho after users fail to install patches

Attackers are capitalizing on organizations' failure to patch critical vulnerabilities. → Read More

GoDaddy says a multi-year breach hijacked customer websites and accounts

Three breaches over as many years all carried out by the same threat actor. → Read More

Researchers unearth Windows backdoor that’s unusually stealthy

Frebniis abuses Microsoft IIS to smuggle malicious commands in web traffic. → Read More

Health info for 1 million patients stolen using critical GoAnywhere vulnerability

With exploit code in the wild and devastating results, organizations should patch pronto. → Read More

Latest attack on PyPI users shows crooks are only getting better

The code found in the malicious packages closely resembled legit offerings. → Read More

~11,000 sites have been infected with malware that’s good at avoiding detection

It's not clear precisely how the WordPress sites become infected in the first place. → Read More

This week’s Reddit breach shows company’s security is (still) woefully inadequate

This week's intrusion into Reddit's network didn't have to happen, but it did. → Read More

Valve waited 15 months to patch high-severity flaw. A hacker pounced

Vulnerability had a 8.8 severity rating. Valve took its time patching anyway. → Read More

Hackers are selling a service that bypasses ChatGPT restrictions on malware

ChatGPT restrictions on the creation of illicit content are easy to circumvent. → Read More

Mysterious leak of Booking.com reservation data is being used to scam customers

Somehow, scammers keep accessing customer reservation details, other private data. → Read More

Hackers are mass infecting servers worldwide by exploiting a patched hole

Servers running unpatched versions of ESXi are sitting ducks for ESXiArgs attacks. → Read More