News Items

  • news

    Visible to the public Logical Foundations of Cyber-Physical Systems (15-424)

    This video sequence accompanies the textbook on Logical Foundations of Cyber-Physical Systems, which teaches undergraduate students the core principles behind CPSs. Designing algorithms for CPSs is challenging due to their tight coupling with physical behavior, while it is vital that these algorithms be correct because we rely on them for safety-critical tasks.

  • news

    Visible to the public 2019 SaTC PI Meeting – Save the Dates

    The 2019 SATC PI meeting will be held at the Hilton Alexandria Mark Center in Alexandria, VA at 5000 Seminary Rd, Alexandria, VA 22311 from October 27-29, 2019. More details regarding registration will be sent shortly, and will be available through https://cps-vo.org/group/satc-pimtg19.

  • news

    Visible to the public Verification Tool Competition

    ARCH brings together researchers and practitioners to establish a curated set of benchmarks for verification, testing and reachability, and evaluate them in a friendly competition. ARCH started in 2014 and has sustained a vibrant community since. Since 2017, ARCH has organized as a part of the workshop the International Competition on Verifying Continuous and Hybrid Systems (ARCH-COMP, https://cps-vo.org/group/ARCH/), now in its 3rd iteration.

  • news

    Visible to the public Game-theoretic Paper Wins Annual Paper Competition

    The winner of the 6th Annual Best Scientific Cybersecurity Paper Competition is How Shall We Play a Game? A Game-theoretical Model for Cyber-warfare Games by Tiffany Bao, Yan Shoshitaishvili, Ruoyu Wang, Christopher Kruegel, Giovanni Vigna, and David Brumley. These researchers are from Carnegie Mellon University and University of California, Santa Barbara. This paper was originally accepted at 30th IEEE Computer Security Foundations Symposium (CSF '17).

    To learn more visit the competition homepage: https://cps-vo.org/group/sos/papercompetition/pastcompetitions

  • news

    Visible to the public Secretary of Energy Rick Perry Announces $68.5 Million for Advanced Vehicle Technologies Research

    WASHINGTON, D.C. - Today, U.S. Secretary of Energy Rick Perry announced up to $68.5 million in available funding for early-stage research of advanced vehicle technologies that will enable more affordable mobility, strengthen domestic energy security, and enhance U.S. economic growth.

  • news

    Visible to the public 2018 NSF CPS Program Solicitation

    The 2018 Cyber-Physical Systems Program Solicitation has been released. The submission window for proposals is April 27, 2018 - May 8, 2018. Please see the full solicitation for additional details and the summary of program requirements: https://cps-vo.org/node/45729

  • news

    Visible to the public NSA SoS Lablet Call for Proposals is Open

    The National Security Agency has distributed its BAA (really a request for proposals) for its next generation of SoS Lablets. These lablets include lablets on the 5 Hard Problem areas in Science of Security, on the Science of Privacy and dealing with Cyber Physical Systems. Proposals are due August 21. While the SoS team is not the point of contact for the contracting process, we can aid in directing: https://cps-vo.org/group/SoS/contact

  • news

    Visible to the public U.S. Department of Transportation Launches Smart City Challenge to Create a City of the Future

    Smart City Challenge

  • news

    Visible to the public NEW 2016 NSF-USDA Solicitation: Innovations at the Nexus of Food, Energy, and Water Systems (INFEWS)

    Innovations at the Nexus of Food, Energy and Water Systems (INFEWS)


    Program Solicitation
    NSF 16-524

    National Science Foundation

  • news

    Visible to the public Sticky News Item

    This news item always appears at the top of the 'recent news' list because the 'pin to top of lists' box is checked under 'publishing options' below. News Items can also be set to show in the spotlight slideshow feature.

  • news

    Visible to the public Sticky News Item

    This news item always appears at the top of the 'recent news' list because the 'pin to top of lists' box is checked under 'publishing options' below. News Items can also be set to show in the spotlight slideshow feature.

  • news

    Visible to the public "Sprint Customer Data Breached via Samsung Website Flaw"

    Sprint customer accounts have been compromised via the Samsung website. In a letter to impacted customers, Sprint stated that hackers may have viewed personal information such as phone numbers, device types, billing addresses, names, and more. The exposure of this type of information to hackers could lead to identity theft and fraud. This article continues to discuss the breach of Sprint customer accounts, the personal information that may have been viewed by hackers, Sprint's response to this incident, and the need for wireless providers to take a proactive approach to identifying and addressing security vulnerabilities.

    SC Media reports "Sprint Customer Data Breached via Samsung Website Flaw"

  • news

    Visible to the public "Companies with Zero-Trust Network Security Move Toward Biometric Authentication"

    New research reveals that organizations with zero-trust network security are increasingly utilizing biometrics to verify users' access to business applications. Zero-trust security refers to an approach in which individuals and devices are not trusted until they are verified, despite whether they are inside or outside the network perimeter. According to the 2019 Duo Trusted Access Report, biometrics have been enabled on most mobile devices used to access business applications. In addition there has been a slight decrease in the use of SMS-based two-factor authentication. This article continues to discuss what has created challenges for enterprise IT security teams over the years, early efforts to address these challenges, the zero-trust network security principle, and the increased use of biometric authentication.

    CSO Online reports "Companies with Zero-Trust Network Security Move Toward Biometric Authentication"

  • news

    Visible to the public System Security Circus 2018

    What's the overall status of cybersecurity conferences? Great question. There is a site that keeps track of those statistics.

    Some interesting facts. CMU leads all institutions with over 200 papers. UC Berkeley is at 2 etc.

    http://s3.eurecom.fr/~balzarot/notes/top4_2018/

    The graphs are pretty familiar too: http://s3.eurecom.fr/~balzarot/notes/top4_2018/graphs.html

  • news

    Visible to the public "$4.6 Million Award Creates Program to Train Cybersecurity Professionals"

    A multi-disciplinary team of researchers at the University of Arkansas has been awarded $4.63 million by the National Science Foundation in support of creating a program aimed at cultivating security skills and sustaining a cybersecurity workforce. The Cyber-Centric Multidisciplinary Security Workforce Development program will provide education and training in cybersecurity, transportation security, and critical infrastructure security for graduate and undergraduate students. Job training, research opportunities, and internships, will also be provided to students. This article continues to discuss the program in relation to its purpose, structure, and support.

    The University of Arkansas reports "$4.6 Million Award Creates Program to Train Cybersecurity Professionals"

  • news

    Visible to the public "Bluetooth LE’s Anti-Tracking Technology Beaten"

    In a new study that was conducted, researchers discovered a way around the Media Access Control (MAC) address randomization feature used by Bluetooth Low Energy (BLE), which protects users and their devices from being identified and tracked. The researchers were able to obtain the identifying tokens and the MAC address of devices using Bluetooth Low Energy. Once this is complete the attacker can continue tracking the identifying tokens and the Mac address through subsequent transmissions. It is important to start to take bluetooth security seriously, especially as more and more devices are beginning to use bluetooth technology.

    Naked Security reports: "Bluetooth LE's Anti-Tracking Technology Beaten"

  • news

    Visible to the public A Move With Top Movers And Packers In Bangalore

  • news

    Visible to the public "Software Developers Face Secure Coding Challenges"

    DevOps service provider, GitLab, conducted a survey aimed at highlighting trends that are impacting developers to which 4,000 developers, managers, and executives at software-producing companies responded. The results of the survey reveal a disparity between expectations and reality in regard to writing secure code and an organization's security practices that significantly contributes to the challenges faced by companies in the security of software. This article continues to discuss key findings of the survey in relation to which software development methodologies are being used by most companies, major issues faced by companies in securing their software, and the security benefits of a mature DevOps implementation.

    Dark Reading reports "Software Developers Face Secure Coding Challenges"

  • news

    Visible to the public "Supply Chains May Pose Weakest Security Link"

    Vulnerabilities in the U.S. military supply chain are being exploited by adversaries to execute attacks aimed at stealing valuable technical data, damaging critical infrastructure, gaining access to connected systems, degrading systems, and more. It has been recommended that the U.S. takes a holistic approach to responding to such threats by scoring supply chain liabilities based on their level of risk. The scoring of suppliers would require the performance of internal or external monitoring and frequent assessments of security risks. This article continues to discuss the exploitation of vulnerabilities contained by the U.S. military supply chain and the recommended approach to improving supply chain security that involves risk scoring.

    SIGNAL Magazine reports "Supply Chains May Pose Weakest Security Link"

  • news

    Visible to the public "Hack Brief: A Card-Skimming Hacker Group Hit 17K Domains—and Counting"

    Magecart is made up of sophisticated hacking groups that perform web-based card-skimming attacks to steal credit card numbers. The threat detection firm, RiskIQ, released a new report, which reveals the scanning of misconfigured Amazon S3 buckets by Magecart hackers to insert malware and steal credit card numbers from the ecommerce sites linked to these buckets. As the misconfiguration of Amazon S3 buckets can allow anyone with an Amazon Web Services account to write to them, hackers could easily insert malicious code. According to RiskIQ, 17,000 domains have been affected so far. This article continues to discuss new discoveries made by researchers surrounding Magecart groups in relation their latest operations and techniques, as well as the impact of these groups.

    Wired reports "Hack Brief: A Card-Skimming Hacker Group Hit 17K Domains--and Counting"

  • news

    Visible to the public "How can Attackers Abuse Artificial Intelligence?"

    In a study on how attackers can abuse artificial intelligence a few things were discovered. It was discovered that adversaries will continue to learn how to compromise AI systems as the technology continues to spreads. The number of ways attackers can manipulate the output of AI, makes attacks on AI difficult to detect and to mitigate. Powers competing to develop better types of AI for offensive/defensive purposes, may end up precipitating an "AI arms race". It was also discovered that securing AI systems against attacks may cause ethical issues. For example, increased monitoring of activity may infringe on a users privacy. Lastly, it was discovered that AI tools and models developed by advanced, well-resourced threat actors will eventually proliferate and become adopted by lower-skilled adversaries.

    Help Net Security reports: "How can Attackers Abuse Artificial Intelligence?"

  • news

    Visible to the public "WhatsApp, Telegram Had Security Flaws That Let Hackers Change What You See"

    Security researchers from Symantec have discovered a vulnerability contained by popular encrypted messaging applications, WhatsApp and Telegram. The exploitation of this vulnerability could enable the modification of images and audio files by hackers. According to researchers, the vulnerability could allow hackers to manipulate photos of invoices, resulting in money being received by incorrect recipients. This article continues to discuss the use of secure messaging apps, the vulnerability found to be contained by WhatsApp and Telegram, how this vulnerability was discovered by researchers, and the discovery of a fake version of one of the apps.

    CNET reports "WhatsApp, Telegram Had Security Flaws That Let Hackers Change What You See"

  • news

    Visible to the public "Dutch Researchers Are Developing Quantum Technology to Secure Your Bank Account"

    According to researchers, quantum computers will deem current encryption algorithms obsolete as such computers will contain quantum-mechanical properties that could allow them to perform calculations much faster than regular computers. Therefore, the quantum technology research group, Qutech, and the Dutch bank, ABN AMRO, are collaborating in the development of quantum technology aimed at securing banking systems against future quantum attacks. This article continues to discuss expectations and concerns surrounding quantum computers, the partnership in support of developing quantum technology to secure banking systems, and quantum key distribution (QKD).

    TNW reports "Dutch Researchers Are Developing Quantum Technology to Secure Your Bank Account"

  • news

    Visible to the public "Academics Steal Data From Air-Gapped Systems via a Keyboard’s LEDs"

    Security researchers at Ben-Gurion University have demonstrated that it is possible for data to be extracted from secure air-gapped computers by attackers, using the Caps Lock, Num Lock, and Scroll Lock LEDs on a keyboard. The attack, called CTRL-ALT-LED poses a threat to highly secure environments such as those that store top-secret documents or non-public proprietary information. The CTRL-ALT-LED exfiltration method has been tested on different optical capturing devices, including security cameras, smartphone cameras, high-grade optical/light sensors, and more. This article continues to discuss how the CTRL-ALT-LED attack works and other research on the exfiltration of data via keyboard LEDs.

    ZDNet reports "Academics Steal Data From Air-Gapped Systems via a Keyboard's LEDs"

  • news

    Visible to the public Apple Quietly Removes Zoom’s Hidden web Server From Macs

    It was discovered that Zoom, whose web conferencing software has more than four million users across desktop and mobile platforms, including Windows has multiple vulnerabilities. The vulnerabilities that were discovered include: CVE-2019-13449 (the original denial-of service flaw), CVE-2019-13567 (webcam takeover), and CVE-2019-13567 (a proof-of-concept making possible Remote Code Execution). The first and third issues should be fixed by updating to Zoom client version 4.4.2 on macOS and the second vulnerability is unpatched but mitigated by removing the web server.

    Naked Security reports: "Apple Quietly Removes Zoom's Hidden web Server From Macs"

  • news

    Visible to the public "Cybersecurity Training Study Reveals Phishing Identification and Data Protection Are the Top Problem Areas for End Users"

    Proofpoint has released its fourth annual report on end users' understanding of different cybersecurity topics and best practices, titled Beyond the Phish. The report reveals that employees are still inadequately knowledgeable about phishing and data protection, further emphasizing the need for organizations to implement or improve security awareness training. This article continues to discuss what the report features and key findings pertaining to how knowledgable employees are about cyber threats and cybersecurity best practices, along with the importance of effective security awareness training for employees.

    AIT News Desk reports "Cybersecurity Training Study Reveals Phishing Identification and Data Protection Are the Top Problem Areas for End Users"

  • news

    Visible to the public "Researchers Detail Privacy-Related Legal, Ethical Challenges With Satellite Data"

    Satellite technology offers a number of benefits, such as clearer communications, accurate location information, faster emergency responses, and more. However, researchers at Penn State University are emphasizing the dangers posed to national security and civil liberties by the unauthorized access or exposure of satellite data. Satellite data can reveal sensitive information such as the position of secret military bases, global peacekeeping operations, and more, posing a significant threat to national security. This article continues to discuss the uses of satellite technology, the potential threats created by unchecked satellite data, the role of satellites in the realm of IoT devices, and four ways in which the approach to regulating satellites and the use of satellite data can be improved.

    Phys.org reports "Researchers Detail Privacy-Related Legal, Ethical Challenges With Satellite Data"

  • news

    Visible to the public "Research Shows Humans Are Attacking Artificial Intelligence Systems"

    A research group led by De Montfort University Leicester (DMU) has brought further attention to the increased manipulation of artificial intelligence (AI) software in search engines, social media platforms, and more, by online hackers to execute cyberattacks. According to a report published by the European Union-funded project, SHERPA, hackers are increasingly abusing existing AI systems to perform malicious activities instead of creating new attacks in which machine learning is used. This article continues to discuss hackers' increased use of AI systems for malicious purposes, the possible malicious uses of AI identified by researchers, the advancement of AI, and the purpose of the SHERPA project.

    DMU reports "Research Shows Humans Are Attacking Artificial Intelligence Systems"

  • news

    Visible to the public "More than 2 million cyber incidents in 2018 created $45 billion in losses"

    In 2018, the financial impact of ransomware rose by 60%, losses from business email compromise doubled, and cryptojacking incidents more than tripled, even though the overall amount of breaches and exposed records were down in 2018. This data shows that cybercriminals are getting better at monetizing their activities. In 2018 there were 2 million cyber incidents, and created 45 billion dollars in losses.

    Help Net Security reports: "More than 2 million cyber incidents in 2018 created $45 billion in losses"

  • news

    Visible to the public "25 Million Android Devices Infected by ‘Agent Smith’ Malware"

    Researchers from the security firm, Check Point, have discovered a new malware targeting Android devices, dubbed Agent Smith, which is capable of replacing legitimate apps on a device with malicious copies. The fake apps display advertisements from which the threat actors gain profit. Agent Smith could also be used by attackers to steal banking credentials. This malware has mostly infected Android devices in India, Bangladesh, Pakistan, and Indonesia. This article continues to discuss Agent Smith in regard to its stages, impact, and targets, as well as the first signs of this malware traced by researchers.

    Bleeping Computer reports "25 Million Android Devices Infected by 'Agent Smith' Malware"

  • news

    Visible to the public "Coast Guard Warns Shipping Firms of Maritime Cyberattacks"

    An advisory about possible maritime cyberattacks has been issued by the U.S. Coast Guard to all shipping companies. The advisory was issued in response to an incident in which a large commercial vessel was hit by a malware attack, disrupting the proper functioning of the ship. The shipping industry has been urged to regularly asses the cybersecurity of vessels, segment shipboard networks, enforce the use of passwords, install patches, and more. This article continues to discuss the malware attack faced by a commercial vessel in February 2019 and the Coast Guard's warning to shipping firms about such attacks.

    Dark Reading reports "Coast Guard Warns Shipping Firms of Maritime Cyberattacks"

  • news

    Visible to the public "Researchers Find Worrying Security Vulnerability in GE Healthcare Anesthesia Machines"

    GE Healthcare's anesthesia and respiratory devices have been discovered to contain a security vulnerability. According to the CyberMDX researchers who discovered the vulnerability, attackers could exploit it to perform malicious activities such as silence alarms, alter logs, manipulate gas compositions, and more. The vulnerability affects Aestiva anesthesia delivery equipment as well as Aespire models, 7100 and 7900. This article continues to discuss the devices affected by the security vulnerability, what the exploitation of this vulnerability requires, the malicious activities that could be carried out by attackers through this exploitation, and GE Healthcare's response to this discovery made by researchers.

    TNW reports "Researchers Find Worrying Security Vulnerability in GE Healthcare Anesthesia Machines"

  • news

    Visible to the public "SMBs Struggle with Encryption, Patching and Skills Gap"

    According to Alert Logic's new report, titled Criminal Watch: SMB Threatscape 2019, small and midsize businesses (SMBs) are weak in the realms of encryption, workload configuration, visibility, and more, leaving them vulnerable to cyberattacks. The report also highlights the running of outdated and unsupported operating systems by most devices used by SMBs. This article continues to discuss key findings shared in the report pertaining to the security of SMBs and the lack of skilled cybersecurity professionals.

    Infosecurity Magazine reports "SMBs Struggle with Encryption, Patching and Skills Gap"

  • news

    Visible to the public "YouTube’s Policy on Hacking Videos Makes Everyone Less Safe"

    Instructional hacking videos were deemed harmful or dangerous by Youtube's updated policies, despite the value of such videos to the security community. According to those within the security community, blocking content on instructional ethical hacking reinforces the idea that anyone who discovers security vulnerabilities in products and raises awareness about how these vulnerabilities work, is a malicious actor or criminal. Blocking such videos can also leave the identified vulnerabilities unaddressed. This article continues to discuss the updates made to Youtube's policies to block instructional hacking videos, the purpose of such videos, and how blocking this type of content impacts the security community.

    Slate reports "YouTube's Policy on Hacking Videos Makes Everyone Less Safe"

  • news

    Visible to the public "Researchers Hack VR Worlds"

    Security researchers, Alex Radocea and Philip Pettersson, demonstrated the possibility of hacking into virtual reality (VR) worlds on three different platforms, including VR Chat, Steam VR, and High Fidelity. Radocea and Pettersson warned that the infiltration of immersive VR worlds by hackers can lead to eavesdropping and the creation of fake images. Attackers could also hack VR worlds for the purpose of displaying inappropriate images to chatroom users and taking control over users' systems. This article continues to discuss the platforms used to demonstrate how to hack VR worlds, the attacks that could be executed via VR systems, and other research surrounding the hacking of such systems.

    Naked Security reports "Researchers Hack VR Worlds"

  • news

    Visible to the public "PGP Ecosystem Targeted in ‘Poisoning’ Attacks"

    Robert Hansen and Daniel Gillmor are researchers that have recently been targeted by PGP poisoning attacks. PGP (Pretty Good Privacy) is an encryption software used for the authentication and privacy of email messages. PGP poisoning attacks refer to the spamming of certificates with a significant number of signatures or certifications. This article continues to discuss the PGP framework, what is exploited in PGP poisoning attacks, the impact that these attacks could have on security, and suggestions made by researchers as to how such attacks can be mitigated, along with the efforts that have been made by researchers to highlight and address these attacks.

    Threatpost reports "PGP Ecosystem Targeted in 'Poisoning' Attacks"

  • news

    Visible to the public "Newly Reported Flaws in Cameras, Locks Add to Scrutiny of Smart-Home Security"

    Security flaws have been discovered in Netgear Arlo smart home security cameras and Zipato smart hubs, further raising concerns surrounding the security of smart home technology. According to researchers, the security flaws discovered in these devices could be exploited by malicious actors to hijack cameras connected to a single hub, manipulate footage, unlock doors, and more. This article continues to discuss the security vulnerabilities found in the Netgear Arlo system and the ZipaMicro smart-home device from Zipato, as well as the attacks that could be executed through the exploitation of these vulnerabilities.

    CyberScoop reports "Newly Reported Flaws in Cameras, Locks Add to Scrutiny of Smart-Home Security"

  • news

    Visible to the public "More Than 1,000 Android Apps Harvest Data Even After You Deny Permissions"

    Researchers from the International Computer Science Institute have discovered that over 1,000 Android apps circumvent privacy permission settings, bringing further attention to the difficulty of maintaining online privacy when using phones and mobile apps. As these apps violate permissions, they can gather information such as a user's geolocation. This article continues to discuss the bypassing of privacy protections by Android apps, the type of data gathered by these apps, how this discovery was made by researchers, responses to this finding, and the lack of tools for consumers to control their privacy.

    CNET reports "More Than 1,000 Android Apps Harvest Data Even After You Deny Permissions"

  • news

    Visible to the public "Phishing Attacks Incorporate QR Codes to Help Evade URL Analysis"

    Security researchers from Cofense discovered the use of QR codes in phishing attack campaigns to bypass URL analysis. Phishing emails have been disguised as SharePoint emails, which contain a QR code to be scanned by recipients in order to view an important document. The QR code redirects recipients to a malicious site where phishers can obtain their account login credentials for AOL, Microsoft, and more. This article continues to discuss the exploitation of QR codes in phishing attack campaigns to evade security controls.

    Security Intelligence reports "Phishing Attacks Incorporate QR Codes to Help Evade URL Analysis"

  • news

    Visible to the public "To Benefit from DevOps Implementation, Security and Dev Teams Must Communicate Better"

    Trend Micro conducted a survey to which 1,310 IT decision makers who work in enterprise and SMB organizations responded. The results of the survey indicate that most IT leaders believe the success of DevOps implementation depends on the improvement of communication between IT security and software development teams. This article continues to discuss key findings of the survey in relation to the adoption of a DevOps culture by organizations and what needs to be improved to increase chances of successful DevOps implementation.

    Help Net Security reports "To Benefit from DevOps Implementation, Security and Dev Teams Must Communicate Better"

  • news

    Visible to the public "Automated Cryptocode Generator Is Helping Secure the Web"

    Researchers at Massachusetts Institute of Technology (MIT) presented a paper at the recent IEEE Symposium on Security and Privacy in which they gave details about an automated cryptocode generator that they have developed. The mathematical algorithms ran by cryptographic protocols used in the security of online communications are written and rewritten by a group of experts. This manual process can result in the production of nonoptimal algorithms and the introduction of bugs due to human errors. Therefore, MIT researchers developed Fiat Cryptography, a system that will automatically generate and verify optimized cryptographic algorithms. This article continues to discuss the purpose, development, and use of the Fiat Cryptography system.

    EurekAlert! reports "Automated Cryptocode Generator Is Helping Secure the Web"

  • news

    Visible to the public "Ransomware Hits Georgia Courts As Municipal Attacks Spread"

    The Administrative Office of the Georgia Courts has been hit by a ransomware attack, resulting in the shutdown of court websites and systems. This ransomware attack is just one of many that have recently been faced by municipalities. Municipalities that have fallen victim to these attacks, including Key Biscayne, Lake City, and Riviera Beach agreed to pay ransomware attackers. However, the U.S. government advises victims to not give into the demands for ransom payments. Ransomware attackers would be motivated to execute more attacks if their demands are met. This article continues to discuss the recent ransomware attacks on municipalities, the increase in targeted ransomware attacks, the decision to pay ransoms, and the actors behind recent attacks.

    Wired reports "Ransomware Hits Georgia Courts As Municipal Attacks Spread"

  • news

    Visible to the public "Security Flaws in a Popular Smart Home Hub Let Hackers Unlock Front Doors"

    Security researchers, Chase Dardaman and Jason Wheeler, discovered security flaws in the popular ZipaMicro smart hub developed by Zipato. These flaws could be exploited by hackers to unlock front doors using a smart lock. According to researchers, security flaws in smart home hubs such as the ZipaMicro could be abused by landlords to enter a tenant's home as such devices can control a home's smart devices, including smart front door locks. The discovery further emphasizes the importance of improving the security of smart home technology. This article continues to discuss the security flaws discovered in the ZipaMicro smart home hub, the possible exploitation of these flaws by attackers, and Zipato's response to this discovery.

    TechCrunch reports "Security Flaws in a Popular Smart Home Hub Let Hackers Unlock Front Doors"

  • news

    Visible to the public "Cyberwarfare in Space: Satellites at Risk of Hacker Attacks"

    The London-based independent policy institute, Chatham House, recently released a research paper, titled Cybersecurity of NATO's Space-based Strategic Assets. The paper calls for the North Atlantic Treaty Organization (NATO) and its member countries to examine and make efforts to improve the cybersecurity of space-based satellite control systems as these systems have been discovered to be vulnerable to cyberattacks that pose a significant threat to global security. Since most modern military engagements depend on space systems, cyberattacks on such systems could lead to the distribution of false information to troops, redirection of movements, and more. This article continues to discuss key points made in the Chatham House paper in regard to the vulnerability of space-based satellite control systems to cyberattacks, the risk posed by cyberattacks on these systems, and how NATO countries should strengthen the cybersecurity of satellite systems.

    ZDNet reports "Cyberwarfare in Space: Satellites at Risk of Hacker Attacks"

  • news

    Visible to the public "Facebook Abused to Spread Remote Access Trojans Since 2014"

    In a new study, it was discovered that Facebook has been exploited to act as a distribution platform for a set of Remote Access Trojans (RATs) for years. The aim of the operation has been to spread RATs including Houdini, Remcos, and SpyNote. So far tens of thousands of victims from Libya, Europe, the US, and China are believed to have been compromised. The threat actor behind the campaign has used the political turmoil in Libya to their advantage. When someone interested in Libyan politics clicked on the URLs, they would instead be sent to malicious content.

    ZDNet reports: "Facebook Abused to Spread Remote Access Trojans Since 2014"

  • news

    Visible to the public HotSoS 2019 Paper Synopses

    HotSoS 2019 Paper Synopses


  • news

    Visible to the public "Personalized Medicine Software Vulnerability Uncovered by Sandia Researchers"

    Open source genome mapping software used in the personalization of medicine has been discovered by researchers at Sandia National Laboratories to be vulnerable to cyberattacks in which patients' genetic information can be altered. Personalized medicine refers to the customization of health care based on findings from the analysis of a patient's genetic information. Burrows-Wheeler Aligner (BWA) is a software package often used in the process of personalized medicine. According to Sandia researchers, BWA has a vulnerability that could be exploited by hackers to execute man-in-the-middle attacks. These attacks could lead to the modification of genetic information, thus leading to incorrect analyses and drug prescriptions. This article continues to discuss the process of personalized medicine and the vulnerability of a program used in this process, along with the research behind the discovery of this vulnerability.

    Phys.org reports "Personalized Medicine Software Vulnerability Uncovered by Sandia Researchers"

  • news

    Visible to the public "Keeping Children Safe in the ‘Internet of Things’ Age"

    Children need to be protected when they use programmable Internet computing devices such as the BBC micro:bit. The BBC micro:bit is a small easily-programmable device that could be used by children in the creation of digital technologies. Although such devices provide educational benefits to children, the security of these devices must be taken into consideration. Therefore, a team of scientists at Lancaster University developed new guidelines to help designers implement security into such devices in order to strengthen the protection of children in the digital world. The framework provided by scientists helps designers visualize the different ways in which their devices could be used by children and adopt approaches to mitigating the risks posed by these devices. This article continues to discuss the use of programmable IoT devices by children, the risks posed by these devices, and the framework developed by researchers to help designers address these risks.

    Lancaster University "Keeping Children Safe in the 'Internet of Things' Age"

  • news

    Visible to the public "Data Management Firm Exposed Client Info on Open Amazon S3 Buckets: Researchers"

    While a study was being conducted, it was discovered that data from Netflix, TD Bank, Ford and other companies was left exposed for an unknown period of time on publicly configured cloud storage buckets operated by data integration and management company Attunity. The three companies were publicly accessible using Amazon S3 buckets on 13 May. The oldest of the three companies, which contained the most sensitive information, was uploaded in September 2014; however, it is not clear if the data was publicly accessible since that time. Once Attunity was alerted, their personnel responded quickly to ensure that the data was secured.

    SC Magazine reports: "Data Management Firm Exposed Client Info on Open Amazon S3 Buckets: Researchers"