Lightnews — Scholar-powered news

Reposted by Dan Black

State of Statecraft Conference @what-is-sos.bsky.social · Jul 8

State of Statecraft (SOS) is a new security and intelligence conference that brings together experts on espionage, sabotage, influence, and other unique forms of covert statecraft to share their work with a community hyper-focused on tackling state-sponsored operations.

1 5 17

Dan Black @danwblack.bsky.social · Jul 18

APT28 🤝 war crimes

2 8

Dan Black @danwblack.bsky.social · Jun 21

Extending the veneer of grassroots activism «by default» to an entire category of threat activity routinely orchestrated (if not carried out directly) by intelligence agencies is just flat out irresponsible at this point.

I beg of you: stop using the label "hacktivism".

1 4

Reposted by Dan Black

SwiftOnSecurity @swiftonsecurity.com · Jun 13

... maybe Teams isn't so bad

Mark Chadbourn @chadbourn.bsky.social · Jun 13

The strike on the Revolutionary Guard HQ was during a crisis meeting of senior Iranian leaders.

9 36 310

Reposted by Dan Black

Ankit Panda @nktpnd.bsky.social · May 10

Short thread (hopefully in plain English) on the nuclear deterrence dynamics in the India-Pakistan relationship and where this goes if escalation continues. <1>

25 560 1.4K

Reposted by Dan Black

Ollie Whitehouse @ollieatnowhere.bsky.social · May 3

Weekly summary is out..

ctoatncsc.substack.com/p/cto-at-ncs...

CTO at NCSC Summary: week ending May 4th

The age of advanced cryptography techniques edges ever closer..

ctoatncsc.substack.com

3 5

Dan Black @danwblack.bsky.social · Apr 29

Fascinating to see reference to GRU unit 20728 from FR relative to Russia's offensive cyber program -- as far as I'm aware, a first from a Western service?

www.diplomatie.gouv.fr/fr/dossiers-...

Russie – Attribution de cyberattaques contre la France au service de renseignement militaire russe (APT28) (29.04.25)

La France condamne avec la plus grande fermeté le recours par le service de renseignement militaire russe (GRU) au mode opératoire d'attaque APT28, (…)

www.diplomatie.gouv.fr

3 7 17

Dan Black @danwblack.bsky.social · Apr 17

Finally

1 3

Dan Black @danwblack.bsky.social · Apr 15

Credibility of claims aside, the slow creep toward direct mirroring of US public attribution has reached its final stop:

www.reuters.com/technology/c...

China accuses US of launching 'advanced' cyberattacks, names alleged NSA agents

Chinese police in the northeastern city of Harbin have accused the United States National Security Agency (NSA) of launching "advanced" cyberattacks during the Asian Winter Games in February, targeting essential industries.

www.reuters.com

2 10

Reposted by Dan Black

Shashank Joshi @shashj.bsky.social · Apr 4

This is very cool. "Sensational stories of flying saucers dominated U.S. newspaper headlines from June to July 1947. Could they have been purposely planted as part of a U.S. strategic deception operation, aimed at breaking the Soviet Diplomatic Code?" www.tandfonline.com/doi/abs/10.1...

Flying Saucers: An Opening Salvo of the Cold War?

Sensational stories of flying saucers dominated U.S. newspaper headlines from June to July 1947. Could they have been purposely planted as part of a U.S. strategic deception operation, aimed at bre...

www.tandfonline.com

7 31 140

Dan Black @danwblack.bsky.social · Mar 26

Incredibly important piece here, bravo @lhn.bsky.social and @agreenberg.bsky.social

www.wired.com/story/signal...

SignalGate Isn’t About Signal

The Trump cabinet’s shocking leak of its plans to bomb Yemen raises myriad confidentiality and legal issues. The security of the encrypted messaging app Signal is not one of them.

www.wired.com

9 22

Reposted by Dan Black

Signal @signal.org · Mar 25

In order to help protect people from falling victim to sophisticated phishing attacks, Signal introduced new user flows and in-app warnings. This work has been completed for some time and is unrelated to any current events. 5/

2 55 810

Reposted by Dan Black

Signal @signal.org · Mar 25

The memo used the term ‘vulnerability’ in relation to Signal—but it had nothing to do with Signal’s core tech. It was warning against phishing scams targeting Signal users. 3/

2 100 1K

Reposted by Dan Black

Signal @signal.org · Mar 25

One piece of misinfo we need to address is the claim that there are ‘vulnerabilities’ in Signal. This isn’t accurate. Reporting on a Pentagon advisory memo appears to be at the heart of the misunderstanding: npr.org/2025/03/25/n.... 2/

12 150 1.1K

Reposted by Dan Black

Lorenzo Franceschi-Bicchierai @lorenzofb.bsky.social · Mar 25

It's never a bad time to take a look at your online accounts and see if you spot a weird device or login.

We have a comprehensive guide on how to check if your Gmail, Apple ID, Facebook, IG, WhatsApp, Telegram, Discord, etc have been hacked.

techcrunch.com/2025/03/25/h...

How to tell if your online accounts have been hacked | TechCrunch

This is a guide on how to check whether someone compromised your online accounts.

techcrunch.com

5 81 150

Dan Black @danwblack.bsky.social · Mar 25

Russia's intelligence services have spent time and resources to develop Signal-specific tradecraft because it is best-in-class for secure communications.

It is Signal's lack of vulnerability that makes the app the high priority target that it is.

Kevin Collier @kevincollier.bsky.social · Mar 25

It's really crucial to understand how badly framed this is. There is no Signal vulnerability. The Pentagon email did a bad job explaining a Google report from a month ago and NPR repeated it.

This is like saying because you got a phishing email at your Gmail address, there's a Google vulnerability.

David Folkenflik @davidfolkenflik.bsky.social · Mar 25

News: NPR’s Tom Bowman reports of a Pentagon-wide warning about Signal’s security vulnerability - one week ago 👇🏼

4 14 36

Reposted by Dan Black

Kevin Collier @kevincollier.bsky.social · Mar 25

It's really crucial to understand how badly framed this is. There is no Signal vulnerability. The Pentagon email did a bad job explaining a Google report from a month ago and NPR repeated it.

This is like saying because you got a phishing email at your Gmail address, there's a Google vulnerability.

David Folkenflik @davidfolkenflik.bsky.social · Mar 25

News: NPR’s Tom Bowman reports of a Pentagon-wide warning about Signal’s security vulnerability - one week ago 👇🏼

REPORTABLE: NPR’s Tom Bowman has learned that a Pentagon-wide email went out one week ago warning about the vulnerability of using the messaging app Signal. "A vulnerability has been identified in the Signal messenger application," the email begins. The app is the same one used by Defense Secretary Pete Hegseth and other leading national security officials within the administration to discuss bombing Houthi sites in Yemen – journalist Jeffrey Goldberg was inadvertently added to the group and privy to the highly sensitive discussions.

16 150 490

Reposted by Dan Black

James Sullivan @mrjamessullivan.bsky.social · Mar 23

We are looking for a motivated Research Analyst to join our cyber and tech team at @rusi.bsky.social. You need to be able to work in London. Full job spec below 👇

royalunitedservicesinstitute.peoplehr.net/Pages/JobBoa...

Research Analyst

This position sits in RUSI’s Cyber and Tech Research group, which seeks to shine a light on UK and international cyber and technology issues. We take what can sometimes be complex and technical subjec...

royalunitedservicesinstitute.peoplehr.net

25 36

Dan Black @danwblack.bsky.social · Mar 25

Developing low visibility, low signature forms of compromise for signal accounts is a clear area of investment for Russia's services as well.

Generally speaking if you use the app for sensitive comms: audit your linked devices. Do it now.

cloud.google.com/blog/topics/...

6 16

Reposted by Dan Black

Matthew Green @matthewdgreen.bsky.social · Mar 25

Right now a single technical organization is being asked to defend (at least) one side in a major regional war, the political communications of the entire US administration, the communications of anyone opposed to that administration, big piles of NGOs, and millions of “ordinary” folks to boot.

2 4 35

Reposted by Dan Black

Ben Read @benread.bsky.social · Mar 24

For no reason at all, re-upping this blog from @danwblack.bsky.social, which shows the high interest that Russian APTs have in getting access to Signal messages.

cloud.google.com/blog/topics/...

Signals of Trouble: Multiple Russia-Aligned Threat Actors Actively Targeting Signal Messenger | Google Cloud Blog

Russia state-aligned threat actors target Signal Messenger accounts used by individuals of interest to Russia's intelligence services.

cloud.google.com

2 10 20

Reposted by Dan Black

John Scott-Railton @jsrailton.bsky.social · Mar 19

🚨NEW REPORT: first forensic confirmation of #Paragon mercenary spyware infections in #Italy...

Known targets: Activists & journalists.

We also found deployments around the world. Including ... #Canada?

And a lot more... Thread on our @citizenlab.ca investigation 1/

citizenlab.ca/2025/03/a-fi...

Virtue or Vice? A First Look at Paragon’s Proliferating Spyware Operations
By Bill Marczak, John Scott-Railton, Kate Robertson, Astrid Perry, Rebekah Brown, Bahr Abdul Razzak, Siena Anstis, and Ron Deibert March 19, 2025
Clicca qui per leggere un riassunto del report in italiano.

Key Findings
Introducing Paragon Solutions. Paragon Solutions was founded in Israel in 2019 and sells spyware called Graphite. The company differentiates itself by claiming it has safeguards to prevent the kinds of spyware abuses that NSO Group and other vendors are notorious for.
Infrastructure Analysis of Paragon Spyware. Based on a tip from a collaborator, we mapped out server infrastructure that we attribute to Paragon’s Graphite spyware tool. We identified a subset of suspected Paragon deployments, including in Australia, Canada, Cyprus, Denmark, Israel, and Singapore.
Identifying a Possible Canadian Paragon Customer. Our investigation surfaced potential links between Paragon Solutions and the Canadian Ontario Provincial Police, and found evidence of a growing ecosystem of spyware capability among Ontario-based police services.
Helping WhatsApp Catch a Zero-Click. We shared our analysis of Paragon’s infrastructure with Meta, who told us that the details were pivotal to their ongoing investigation into Paragon. WhatsApp discovered and mitigated an active Paragon zero-click exploit, and later notified over 90 individuals who it believed were targeted, including civil society members in Italy.

Please drop me a reply or note letting me know if this alt text helps you.

Android Forensic Analysis: Italian Cluster. We forensically analyzed multiple Android phones belonging to Paragon targets in Italy (an acknowledged Paragon user) who were notified by WhatsApp. We found clear indications that spyware had been loaded into WhatsApp, as well as other apps on their devices.
A Related Case of iPhone Spyware in Italy. We analyzed the iPhone of an individual who worked closely with confirmed Android Paragon targets. This person received an Apple threat notification in November 2024, but no WhatsApp notification. Our analysis showed an attempt to infect the device with novel spyware in June 2024. We shared details with Apple, who confirmed they had patched the attack in iOS 18.
Other Surveillance Tech Deployed Against The Same Italian Cluster. We also note 2024 warnings sent by Meta to several individuals in the same organizational cluster, including a Paragon victim, suggesting the need for further scrutiny into other surveillance technology deployed against these individuals.

Please drop me a note /reply letting me know if this alt text helps you.

4 110 190

Reposted by Dan Black

Nate Schenkkan @nateschenkkan.bsky.social · Mar 15

Gorbachev believed the Soviet Union had to reform or die. But his reforms were so incoherent and inconsistent, yet persistent, he wound up destroying the USSR-something practically no one when he started thought was a possible outcome.

3 7 27

Dan Black @danwblack.bsky.social · Mar 8

One of things I miss the most now that I'm fully remote is the old in-office nerding out about what was in the news.

This podcast has really helped to fill that void. Highly recommend.

Ryan Naraine @ryanaraine.bsky.social · Mar 8

NEW POD ALERT: Revisiting the US/Russia cyber stand down order and the diplomatic optics. Plus, a dissection of ‘The Lamberts’ and connections to US intelligence agencies, attribution around ‘Operation Triangulation’, VMware 0days and i-Soon indictments securityconversations.com/episode/revi...

Revisiting the Lamberts, i-Soon indictments, VMware zero-days - Security Conversations

Three Buddy Problem – Episode 37: This week, we revisit the public reporting on a US/Russia cyber stand down order, CISA declaring no change to […]

securityconversations.com

1 2 16

Reposted by Dan Black

Shashank Joshi @shashj.bsky.social · Mar 5

Our new leader. The @economist.com has always been staunchly Transatlanticist. We don't say this lightly: "Europe must prepare to be abandoned or extorted. Not to prepare for that could leave Europe vulnerable to Russia and to an increasingly hostile America" www.economist.com/leaders/2025...

The lesson from Trump’s Ukrainian weapons freeze

And the grim choice facing Volodymyr Zelensky

www.economist.com

23 400 1K