Dan Goodin
Ars Technica
San Francisco, CA, United States
Contact Dan
Discover and connect with journalists and influencers around the world, save time on email research, monitor the news, and more.
| Recent: |
|
| Past: |
|
Past articles by Dan:
Software for sale is fueling a torrent of phishing attacks that bypass MFA
Some forms of multi-factor authentication only go so far in preventing account takeovers. → Read More
Malware infecting widely used security appliance survives firmware updates
Update-resistant malware is part of a pattern by highly motivated threat actors. → Read More
Go ahead and unplug this door device before reading. You’ll thank us later.
The Akuvox E11 door phone/intercom is riddled with security holes. → Read More
Threat actors are using advanced malware to backdoor business-grade routers
Hiatus hacking campaign has infected roughly 100 Draytek routers. → Read More
Unkillable UEFI malware bypassing Secure Boot enabled by unpatchable Windows flaw
BlackLotus represents a major milestone in the continuing evolution of UEFI bootkits. → Read More
Google adds client-side encryption to Gmail and Calendar. Should you care?
New service occupies a middle ground between E2EE and mere server-side encryption → Read More
LastPass says employee’s home computer was hacked and corporate vault taken
Already smarting from a breach that stole customer vaults, LastPass has more bad news. → Read More
Conservative News Corp. empire says hackers were inside its network for 2 years
News Corp. disclosed the breach last year. Now, company says it lasted 23 months. → Read More
Signal CEO: We “1,000% won’t participate” in UK law to weaken encryption
The UK's Safety Online Bill would require Signal to police user messages. → Read More
A world of hurt for Fortinet and Zoho after users fail to install patches
Attackers are capitalizing on organizations' failure to patch critical vulnerabilities. → Read More
GoDaddy says a multi-year breach hijacked customer websites and accounts
Three breaches over as many years all carried out by the same threat actor. → Read More
Researchers unearth Windows backdoor that’s unusually stealthy
Frebniis abuses Microsoft IIS to smuggle malicious commands in web traffic. → Read More
Health info for 1 million patients stolen using critical GoAnywhere vulnerability
With exploit code in the wild and devastating results, organizations should patch pronto. → Read More
Latest attack on PyPI users shows crooks are only getting better
The code found in the malicious packages closely resembled legit offerings. → Read More
~11,000 sites have been infected with malware that’s good at avoiding detection
It's not clear precisely how the WordPress sites become infected in the first place. → Read More
This week’s Reddit breach shows company’s security is (still) woefully inadequate
This week's intrusion into Reddit's network didn't have to happen, but it did. → Read More
Valve waited 15 months to patch high-severity flaw. A hacker pounced
Vulnerability had a 8.8 severity rating. Valve took its time patching anyway. → Read More
Hackers are selling a service that bypasses ChatGPT restrictions on malware
ChatGPT restrictions on the creation of illicit content are easy to circumvent. → Read More
Mysterious leak of Booking.com reservation data is being used to scam customers
Somehow, scammers keep accessing customer reservation details, other private data. → Read More
Hackers are mass infecting servers worldwide by exploiting a patched hole
Servers running unpatched versions of ESXi are sitting ducks for ESXiArgs attacks. → Read More