Zero Day $10 / month

Zero Day Substack focuses on the nexus of cybersecurity, national security, and the geopolitical landscape, highlighting incidents of cyberattacks, espionage, and the challenges in securing digital infrastructure against state-sponsored actors and hackers. It covers real-world cases, legal ramifications, and the evolving tactics of cyber warfare.

Cybersecurity National Security Cyberattacks Espionage Legal and Regulatory Issues Supply-Chain Security Surveillance Digital Infrastructure

The hottest Substack posts of Zero Day

And their main takeaways
1319 implied HN points 20 Oct 23
  1. North Korean IT workers tricked US companies into hiring them to secretly funnel money to North Korean weapons programs.
  2. They used elaborate methods to conceal their identities, such as fake profiles, stolen documents, and VPNs.
  3. The FBI discovered the scheme, seized funds, and warned that North Korean activity is still ongoing.
899 implied HN points 26 Oct 23
  1. The StripedFly malware was initially thought to be a crypto miner but turned out to be a sophisticated spy platform that infected over a million victims worldwide since 2017.
  2. One unique aspect of StripedFly is the custom-coded TOR client used for communication and data transfer, which shows the attackers' high level of skill and security consciousness.
  3. StripedFly includes a ransomware component named ThunderCrypt, raising questions about the intent behind including ransomware in an espionage tool and how it fits into the overall operation.
839 implied HN points 28 Jun 23
  1. The SEC has sent notices to SolarWinds' employees over potential legal action related to the Russian hack.
  2. Receiving Wells notices is rare, especially for a CISO, and can lead to penalties and restrictions on future roles.
  3. SEC is expanding its focus on cybersecurity breaches and companies may face consequences for misleading disclosures or failing to address vulnerabilities.
Get a weekly roundup of the best Substack posts, by hacker news affinity:
1259 implied HN points 09 Apr 23
  1. A leaked Pentagon document suggests Russian hacktivists breached a Canadian gas pipeline company, with the ability to cause an explosion and instructions from the FSB.
  2. The hackers claimed to have caused damage to the Canadian facility, including increasing valve pressure and disabling alarms, aiming to impact income, not cause loss of life.
  3. US authorities are investigating the authenticity of the leak, which included several documents about Russia's war plans and intelligence on various countries.
1259 implied HN points 06 Apr 23
  1. Kim Zetter is working on various projects that are taking longer than expected.
  2. She is co-teaching a course about government surveillance and classified leaks at Johns Hopkins SAIS.
  3. Students in the course show a deep understanding of surveillance nuances and the importance of balancing security with civil liberties.
1139 implied HN points 20 Apr 23
  1. Hackers compromised a software maker by embedding malware in another company's program, leading to a chain of infections.
  2. This breach shows the potential for threaded supply-chain hacks to infect multiple software suppliers and customers.
  3. Financially motivated North Korean hackers were behind the attack on 3CX and it's recommended that compromised software be deleted immediately.
899 implied HN points 17 May 23
  1. Volexity discovered a sophisticated hacking group named Dark Halo inside a U.S. think tank's network during incident-response.
  2. The hackers used a backdoor in the organization's Microsoft Exchange server and bypassed the Duo multi-factor authentication system.
  3. Volexity suspected the hackers gained access to the network through a backdoor in the SolarWinds software, which was later confirmed by security firm Mandiant.
140 HN points 08 Aug 23
  1. Radiation sensors at Chernobyl spiked after the Russian invasion, leading to suspicions of data manipulation.
  2. Patterns in the data from sensors indicated possible data manipulation rather than actual radiation spikes.
  3. The disappearance of the server and hard drives from the Ecocenter raised questions about who may have tampered with the sensor data.
7 HN points 25 Jul 23
  1. TETRA radio communication technology used by police and critical infrastructure was found to have a backdoor, reducing encryption strength.
  2. Keeping encryption algorithms secret can hinder security, as seen in the TETRA case where a deliberate weakness was discovered.
  3. ETSI created new secret algorithms to address vulnerabilities, but the debate continues on whether secrecy is the best approach for security.