Lily Hay Newman

@lhn@mastodon.online
4.3K Followers
299 Following
112 Posts
Security reporter for WIRED Magazine. she/her/my man. Well, it's definitely a hole, they weren't lying about that. Signal +1 (347) 722-1347
WIREDhttps://www.wired.com/author/lily-hay-newman/
Lily Hay NewmanFeb 25
“We can’t ignore the fact that we are a small minority in our industry, and that a lot of the changes that are happening around us are not lifting us up,” says Edera CEO and cofounder Emily Long. “We take great pride and responsibility in continuing to be in the front on this. ... You start to see that just by existing and being different, you are showing what’s possible.” https://www.wired.com/story/edera-cloud-tech-security/
A Team of Female Founders Is Launching Cloud Security Tech That Could Overhaul AI Protection

Cloud “container” defenses have inconsistencies that can give attackers too much access. A new company, Edera, is taking on that challenge and the problem of the male-dominated startup world.

WIRED
Lily Hay NewmanFeb 21
"There were these interviews we all had to do with the DOGE people the day after the inauguration. In mine, one of them asked me to describe what I was doing at VA and then said something like, ‘If you’re doing all that work, why aren’t you working in the private sector where you could be making twice as much money?’ And I said, ‘Because I don’t care about the money. I care about serving veterans.’ " https://www.wired.com/story/doge-usds-purge-veterans-affairs-site-cybersecurity/
DOGE’s USDS Purge Included the Guy Who Keeps Veterans’ Data Safe Online

The cybersecurity lead for VA.gov was fired last week. He tells WIRED that the Veterans Affairs digital hub will be more vulnerable without someone in his role.

WIRED
Lily Hay NewmanFeb 6
BrianKrebsFeb 6

Drop what you are doing and read this incredible story from Wired, if you can. After that, come back here.

https://www.wired.com/story/edward-coristine-tesla-sexy-path-networks-doge/

It mentions that a 19 y/o man who's assisting Musk's team and who has access to sensitive government systems is Edward Coristine. Wired said Coristine, who apparently goes by the nickname "Big Balls," runs a number of companies, including one called Tesla.Sexy LLC

"Tesla.Sexy controls dozens of web domains, including at least two Russian-registered domains. One of those domains, which is still active, offers a service called Helfie, which is an AI bot for Discord servers targeting the Russian market.While the operation of a Russian website would not violate US sanctions preventing Americans doing business with Russian companies, it could potentially be a factor in a security clearance review."

The really interesting part for me is Coristine's work history at a company called Path Networks, which Wired describes generously as a company "known for hiring reformed black-hat hackers."

"At Path Network, Coristine worked as a systems engineer from April to June of 2022, according to his now-deleted LinkedIn resume. Path has at times listed as employees Eric Taylor, also known as Cosmo the God, a well-known former cybercriminal and member of the hacker group UGNazis, as well as Matthew Flannery, an Australian convicted hacker whom police allege was a member of the hacker group LulzSec. It’s unclear whether Coristine worked at Path concurrently with those hackers, and WIRED found no evidence that either Coristine or other Path employees engaged in illegal activity while at the company."

The founder of Path is a young man named Marshal Webb. I wrote about Webb back in 2016, in a story about a DDoS defense company he co-founded called BackConnect LLC. Working with Doug Madory, we determined that BackConnect had a long history of hijacking Internet address space that it didn't own.

https://krebsonsecurity.com/2016/09/ddos-mitigation-firm-has-history-of-hijacks/

Incidentally, less than 24 hours after that story ran, my site KrebsOnSecurity.com was hit with the biggest DDoS attack the Internet had ever seen at the time. That sustained attack kept my site offline for nearly 4 days.

https://krebsonsecurity.com/2016/09/krebsonsecurity-hit-with-record-ddos/

Here's the real story behind why Coristine only worked at Path for a few months. He was fired after Webb accused him of making it known that one of Path's employees was Curtis Gervais, a serial swatter from Canada who was convicted of perpetrating dozens of swattings and bomb threats -- including at least two attempts on our home in 2014. [BTW the aforementioned Eric Taylor was convicted of a separate (successful) swatting against our home in 2013.

https://krebsonsecurity.com/2017/09/canadian-man-gets-9-months-detention-for-serial-swattings-bomb-threats/

https://krebsonsecurity.com/2017/02/men-who-sent-swat-team-heroin-to-my-home-sentenced/

In the screenshot here, we can see Webb replying to a message from Gervais stating that "Edward has been terminated for leaking internal information to the competitors."

Wired cited experts saying it's unlikely Coristine could have passed a security clearance needed to view the sensitive government information he now has access to.

Want to learn more about Path? Check out the website https://pathtruths.com/

DOGE Teen Owns ‘Tesla.Sexy LLC’ and Worked at Startup That Has Hired Convicted Hackers

Experts question whether Edward Coristine, a DOGE staffer who has gone by “Big Balls” online, would pass the background check typically required for access to sensitive US government systems.

WIRED
Lily Hay NewmanJan 23
Days before she resigned from CISA, I did an exit interview with Jen Easterly. She was steadfastly manifesting the future she wanted for her agency, but buried in there she got real: "Any stepping back of what we've put in place will be to the detriment of the safety and security of the American people" https://www.wired.com/story/big-interview-jen-easterly-cisa-cybersecurity/
Under Trump, US Cyberdefense Loses Its Head

Chinese hacks, rampant ransomware, and Donald Trump’s budget cuts all threaten US security. In an exit interview with WIRED, former CISA head Jen Easterly argues for her agency’s survival.

WIRED
Lily Hay NewmanOct 22, 2024
Unsecured databases are still a major issue as illustrated by this UN Women exposure that involved granular financial data from grant applicants/awardees as well as some personal details and testimonials of vulnerable individuals from all over the world https://www.wired.com/story/un-women-database-exposure/
Exposed United Nations Database Left Sensitive Information Accessible Online

The 115,000-plus files related to UN Women included detailed financial disclosures from organizations around the world—and personal details and testimonials from vulnerable individuals.

WIRED
Lily Hay NewmanOct 14, 2024
New secure secret import/export specifications are going to finally make passkeys portable between ecosystems https://www.wired.com/story/passkey-portability-fido-alliance/
The War on Passwords Is One Step Closer to Being Over

“Passkeys,” the secure authentication mechanism built to replace passwords, are getting more portable and easier for organizations to implement thanks to new initiatives the FIDO Alliance announced on Monday.

WIRED
Lily Hay NewmanSep 30, 2024
Pig butchering scam operations, which often rely on human trafficking and forced labor, have broken out of Southeast Asia (Cambodia, Myanmar, Laos etc) and emerged in numerous other regions including the Middle East, Eastern Europe, Latin America and West Africa https://www.wired.com/story/pig-butchering-scam-invasion/
The Pig Butchering Invasion Has Begun

Scamming operations that once originated in Southeast Asia are now proliferating around the world, likely raking in billions of dollars in the process.

WIRED
Lily Hay NewmanAug 15, 2024
An old Verizon demo app lurking deep in stock Android creates exposure for almost all Pixel phones. A fix from Google is coming but hasn't been pushed yet. And Palantir says it is concerned enough about the situation to ban all corporate Android devices https://www.wired.com/story/google-android-pixel-showcase-vulnerability/
Nearly All Google Pixel Phones Exposed by Unpatched Flaw in Hidden Android App

A fix is coming, but data analytics giant Palantir says it’s ditching Android devices altogether because Google’s response to the vulnerability has been troubling.

WIRED
Lily Hay NewmanAug 12, 2024
On the hunt for corporate devices being sold secondhand, @mandatory had some wild finds including a trove of Apple Store data, a Mac Mini from the Foxconn assembly line and an iPhone 14 developer use prototype https://www.wired.com/story/apple-prototypes-corporate-data/
Apple Prototypes and Corporate Secrets Are for Sale Online—If You Know Where to Look

On the hunt for corporate devices being sold secondhand, a researcher found a trove of Apple corporate data, a Mac Mini from the Foxconn assembly line, an iPhone 14 prototype, and more.

WIRED
Lily Hay NewmanAug 9, 2024
gotta have some ATM hacking @defcon https://www.wired.com/story/vss-atm-vulnerabilities-defcon-2024/
Flaws in Ubiquitous ATM Software Could Have Let Attackers Take Over Cash Machines

Six vulnerabilities in ATM-maker Diebold Nixdorf’s popular Vynamic Security Suite could have been exploited to control ATMs using “relatively simplistic attacks.”

WIRED