News Items

  • news

    Visible to the public Follow @SoS_VO_org on Twitter!

    Follow @SoS_VO_org on Twitter!

    The SoS-VO team is excited to announce that we recently updated the homepage of the website to link to the official Science of Security & Privacy twitter account where we will be making daily announcements about noteworthy news items, upcoming opportunities, and impending deadlines in the SoS community.

  • news

    Visible to the public Predictive Intelligence for Pandemic Prevention (PIPP) Webinars

    Predictive Intelligence for Pandemic Prevention (PIPP) Webinars

    February 16, 2021 11:00 AM to
    February 17, 2021 6:45 PM
    Virtual Workshop

    Save the Date

    February 25, 2021 11:00 AM to
    February 26, 2021 6:00 PM
    Virtual Workshop

    Save the Date

  • news

    Visible to the public NSF 21-044 Dear Colleague Letter: Computer and Information Science and Engineering Graduate Fellowships

    NSF 21-044

    Dear Colleague Letter: Computer and Information Science and Engineering Graduate Fellowships (CSGrad4US)

    February 2, 2021

    Dear Colleagues:

  • news

    Visible to the public Computing Community Consortium (CCC) report on Assured Autonomy released

    The Computing Community Consortium (CCC) released a report on assured autonomy, titled Assured Autonomy: Path Toward Living With Autonomous Systems We Can Trust. The report is the result of a year-long effort by the CCC and over 100 members of the research community, led by Ufuk Topcu (The University of Texas at Austin).

  • news

    Visible to the public HoTSoS 2021: Works-in-Progress Co-Chairs

    Meet the HoTSoS 2021 Team:
    Works-in-Progress Co-Chairs

    Kurt Kelville (MIT) and Aron Laszka (University of Houston) are our Works-in-Progress Co-Chairs for the 2021 Symposium. Happy to have these two on the Program Committee Team!

    About the Chairs

  • news

    Visible to the public Call for Participation: Canberra Artificial Intelligence Summer School

    Call for Participation

    Canberra Artificial Intelligence Summer School

    Virtual, December 4-7th, 2020



    [If interested in staying up-to-date, please join this Discord channel!]


  • news

    Visible to the public Take my word for it: Privacy and COVID alert apps can coexist


    Since the COVID-19 pandemic began, technologists across the country have rushed to develop digital apps for contact tracing and exposure notifications. New York, New Jersey, Pennsylvania, and Delaware have all recently announced the launch of such apps, announcements which generated excitement. But the advent of these tools has also created questions. Chief among them: Do these apps protect privacy?

  • news

    Visible to the public now supports DOI!

    The latest release of the has added Zenodo support for generating archives and including DOI information for content types such as files, news items, web pages, and wiki pages!

  • news

    Visible to the public Solicitation: NSF Secure and Trustworthy CyberSpace (SaTC) [Solicitation 21-500]

    Secure and Trustworthy Cyberspace (SaTC)

    NSF 21-500

    NSF 19-603

    National Science Foundation

    Directorate for Computer and Information Science and Engineering
         Division of Computer and Network Systems
         Division of Computing and Communication Foundations
         Division of Information and Intelligent Systems
         Office of Advanced Cyberinfrastructure

  • news

    Visible to the public NIST Releases Draft Security Feature Recommendations for IoT Devices

    NIST Releases Draft Security Feature Recommendations for IoT Devices

    "Core Baseline" guide offers practical advice for using everyday items that link to computer networks.

    August 01, 2019

  • news

    Visible to the public NSA-approved cybersecurity law and policy course now available online

    NSA-approved cybersecurity law and policy course now available online

    Cyber Scoop

    Shannon Vavra

    August 27th, 2019

    Anyone who is interested in cybersecurity law and policy can now take an online course that was partly shaped by National Security Agency.

  • news

    Visible to the public Verification Tool Competition

    ARCH brings together researchers and practitioners to establish a curated set of benchmarks for verification, testing and reachability, and evaluate them in a friendly competition. ARCH started in 2014 and has sustained a vibrant community since. Since 2017, ARCH has organized as a part of the workshop the International Competition on Verifying Continuous and Hybrid Systems (ARCH-COMP,, now in its 3rd iteration.

  • news

    Visible to the public Game-theoretic Paper Wins Annual Paper Competition

    The winner of the 6th Annual Best Scientific Cybersecurity Paper Competition is How Shall We Play a Game? A Game-theoretical Model for Cyber-warfare Games by Tiffany Bao, Yan Shoshitaishvili, Ruoyu Wang, Christopher Kruegel, Giovanni Vigna, and David Brumley. These researchers are from Carnegie Mellon University and University of California, Santa Barbara. This paper was originally accepted at 30th IEEE Computer Security Foundations Symposium (CSF '17).

    To learn more visit the competition homepage:

  • news

    Visible to the public Secretary of Energy Rick Perry Announces $68.5 Million for Advanced Vehicle Technologies Research

    WASHINGTON, D.C. - Today, U.S. Secretary of Energy Rick Perry announced up to $68.5 million in available funding for early-stage research of advanced vehicle technologies that will enable more affordable mobility, strengthen domestic energy security, and enhance U.S. economic growth.

  • news

    Visible to the public 2018 NSF CPS Program Solicitation

    The 2018 Cyber-Physical Systems Program Solicitation has been released. The submission window for proposals is April 27, 2018 - May 8, 2018. Please see the full solicitation for additional details and the summary of program requirements:

  • news
  • news

    Visible to the public NSA SoS Lablet Call for Proposals is Open

    The National Security Agency has distributed its BAA (really a request for proposals) for its next generation of SoS Lablets. These lablets include lablets on the 5 Hard Problem areas in Science of Security, on the Science of Privacy and dealing with Cyber Physical Systems. Proposals are due August 21. While the SoS team is not the point of contact for the contracting process, we can aid in directing:

  • news

    Visible to the public U.S. Department of Transportation Launches Smart City Challenge to Create a City of the Future

    Smart City Challenge

  • news

    Visible to the public NEW 2016 NSF-USDA Solicitation: Innovations at the Nexus of Food, Energy, and Water Systems (INFEWS)

    Innovations at the Nexus of Food, Energy and Water Systems (INFEWS)

    Program Solicitation
    NSF 16-524

    National Science Foundation

  • news

    Visible to the public Sticky News Item

    This news item always appears at the top of the 'recent news' list because the 'pin to top of lists' box is checked under 'publishing options' below. News Items can also be set to show in the spotlight slideshow feature.

  • news

    Visible to the public Sticky News Item

    This news item always appears at the top of the 'recent news' list because the 'pin to top of lists' box is checked under 'publishing options' below. News Items can also be set to show in the spotlight slideshow feature.

  • news

    Visible to the public The Empire strickes back at the DarkSide Ransomware Group

    The DarkSide Ransomware group lost all its servers used to pull off ransomware attacks such as the recent one against Colonial Pipeline. The hackers said they had lost access to key parts of their infrastructure--the servers used for its blog, payment processing, and denial of service operations. DarkSide didn't release where those servers were located or which country's law enforcement had seized them. The takedown rattled other underground ransomware forums.

  • news

    Visible to the public "When AI Becomes the Hacker"

    Bruce Schneier, an internationally renowned security technologist, has been examining the potential unintended consequences of Artificial Intelligence (AI) on society, particularly how AI systems could evolve in a way that enables them to automatically and inadvertently abuse societal systems. Schneier highlights the idea of the AI being the hacker rather than malicious actors hacking AI systems. The main question posed in his research is, "what if artificial intelligence systems could hack social, economic, and political systems at the computer scale, speed, and range such that humans couldn't detect it in time and suffered the consequences?" It's the stage at which AI systems can creatively find hacks. Schneier points out that AI systems are already doing that in software to find vulnerabilities in computer code but are not very proficient at it. However, AI systems will likely improve while humans stay the same in their capability to discover vulnerabilities. He predicts that AI systems will soon be able to defeat humans in capture-the-flag hacking contests because AI technology will evolve and surpass human abilities. We should be prepared for AI systems that can create their own solutions regarding hacks and vulnerabilities, and the use of this evolution by humans to make money. According to Schneier, the biggest risk posed by AI systems is that they will find a way to hack rules without humans realizing it. The core problem is that AI doesn't have the same human cognitive functions like empathy or a hunch that could allow it to know where not to cross the line. There are many studies on incorporating context, ethics, and values into AI programs, but they still aren't built-in functions of AI systems used today. Schneier admits that the idea of AI systems being hackers remains speculative, but it's an issue that should be considered and addressed. He recommends using AI to improve defense activities, such as finding and fixing all vulnerabilities in a program before it is released. This article continues to discuss key insights shared by Bruce Schneier in his research on the potential dangers of AI hackers.

    Dark Reading reports "When AI Becomes the Hacker"

  • news

    Visible to the public "Ransomware’s New Swindle: Triple Extortion"

    Ransomware attacks are exploding at a staggering rate, and so are the ransoms being demanded. Now security experts are warning against a new threat called triple extortion. Triple extortion means that attackers are expanding out to demand payments from customers, partners, and other third parties related to the initial breach to grab even more cash for their crimes. Researchers at Check Point discovered that ransomware payments have spiked by 171 percent over the past year, averaging about $310,000. Researchers said the first case of triple extortion they observed in the wild was in October when a Finnish psychotherapy clinic was breached. Even after the clinic paid the ransom, the attackers threatened patients of the clinic with releasing their therapy session notes unless they too paid up.

    Threatpost reports: "Ransomware's New Swindle: Triple Extortion"

  • news

    Visible to the public "Publishing Exploits Early Doesn't Encourage Patching or Help Defense, Data Shows"

    A new study conducted by Kenna Security and the Cyentia Institute explores whether exploit code releases before patch availability help or harm security defenders. Some believe that releasing exploit code as soon as a vulnerability is discovered helps in penetration testing, presents an incentive for patching, and makes the vulnerability seem more real. Others believe that the early publication of exploits allows hackers, including those who would otherwise be unable to generate the code themselves, to reappropriate the exploit code. Kenna Security and the Cyentia Institute analyzed 6 billion vulnerabilities impacting 12 million active assets across almost 500 organizations during the study. Three key hypotheses explored in the study are that publishing exploit code encourages fixes, published exploits improve defense, and releasing exploit code accelerates breaches. They found that publishing exploits had minimal impact on whether organizations applied fixes, and releasing exploits pre-patch left a larger window of time between publishing a vulnerability and creating defensive signatures. It was discovered that network defenders were nearly exactly as likely to mitigate a problem when an exploit had been published before the patch. Patches were found to be more common when the first exploit was released after the patch. According to the study, hackers are also more likely to target vulnerabilities when an exploit is released, as vulnerabilities with exploit code were exploited 15 times more than those without a published exploit. This article continues to discuss key findings from the study on whether publishing exploits before patches are available does more harm than good.

    SC Media reports "Publishing Exploits Early Doesn't Encourage Patching or Help Defense, Data Shows"

  • news

    Visible to the public "Colonial Reportedly Paid $5 Million Ransom"

    The East Coast fuel pipeline was offline for five days after an attack struck last Thursday. However, contrary to initial reports that it refused to engage with the DarkSide threat group, the company actually paid the ransom within hours of the attack. Colonial Pipeline paid the adversaries 5 million dollars. It is unclear whether the company's cyber-insurance policy funded the payment. Researchers stated that the biggest factor at play here is the feedback loop of malicious activity created by surrendering and paying the ransom. Paying the ransom allows the groups to achieve a greater level of sophistication during their next attacks, whether that be via training, new tooling, purchasing credentials, or recruitment. Researchers also stated that feeding this industry only ensures that they become collectively more of a threat, in the long run, facilitating more breaches and more payments. Thus, the cycle continues. The news of the company paying the ransom comes as new figures from Check Point revealed that the number of ransomware victims it is monitoring has soared 102% year-on-year at the start of 2021. In April, the most heavily targeted sector was healthcare, with average weekly attacks during the month hitting nearly 110, followed by utilities (59) and insurance/legal (34).

    Infosecurity reports: "Colonial Reportedly Paid $5 Million Ransom"

  • news

    Visible to the public  "All Wi-Fi Devices Impacted by New FragAttacks Vulnerabilities"

    Mathy Vanhoef, a researcher at New York University Abu Dhabi, discovered a set of new Wi-Fi security vulnerabilities dubbed FragAttacks (fragmentation and aggregation attacks). These vulnerabilities impact all computers, smartphones, and other Wi-Fi devices released since 1997. Three of the vulnerabilities are said to be Wi-Fi 802.11 standard design flaws in the frame aggregation and fragmentation functionalities, while the other vulnerabilities stem from widespread programming mistakes made in Wi-Fi products. Experiments conducted by Vanhoef show that every Wi-Fi product is affected by at least one of the vulnerabilities and that most Wi-Fi products are impacted by many vulnerabilities. According to Vanhoef, the discovered vulnerabilities affect all Wi-Fi security protocols, including WEP and WPA3. Attackers have to be in the Wi-Fi range of targeted devices in order to abuse these design and implementation flaws. The exploitation of these flaws can allow attackers to steal sensitive user data and execute malicious, which could lead to the full takeover of devices. Vendors are developing patches for their products to mitigate the FragAttacks bugs. Cisco Systems, HPE/Aruba Networks, Juniper Networks, Microsoft, and more, have already released security updates and advisories for FragAttacks security. This article continues to discuss the discovery, impact, and mitigation of the FragAttacks vulnerabilities.

    Bleeping Computer reports "All Wi-Fi Devices Impacted by New FragAttacks Vulnerabilities"

  • news

    Visible to the public "NCSU Team Builds Smallest RFID Chip, Could Mean Better Security"

    Researchers at North Carolina State University (NCSU) have developed what is believed to be the smallest Gen2-compatible RFID (Radio Frequency Identification) chip. This chip is expected to drive the cost of RFID tags down. The chip's design also allows RFID tags to be embedded into computer chips and other high-value chips, thus strengthening the security of supply chains for high-end technologies. Gen2-compatible RFID chips are state-of-the-art and are already widely deployed, but the new RFID chips differ in that their size measures 125 micrometers by 245 micrometers. Manufacturers have made smaller RFID chips using earlier technologies, but the researchers have not been able to identify smaller RFID chips compatible with the current Gen2 technology. The design of the circuits used by the team is compatible with a wide range of semiconductor technologies, including those implemented into conventional computer chips. As this makes it possible to incorporate RFID tags into computers, users will be able to track individual chips throughout their lifecycle, which could help reduce counterfeiting and enable the ability to verify whether a component is what it claims to be. According to the researchers, these new RFID chips can be built using existing manufacturing technologies. This article continues to discuss the creation of the smallest Gen2-compatible RFID chip by a team of NCSU researchers, as well as the advantages and future of these chips.

    WRAL TechWire reports "NCSU Team Builds Smallest RFID Chip, Could Mean Better Security"

  • news

    Visible to the public "66% of CISOs Feel Unprepared for Cyberattacks"

    Proofpoint's 2021 Voice of the CISO report shares findings from a survey to which more than 1,400 CISOs at mid-sized to large companies across different industries worldwide responded. According to these findings, 66 percent of CISOs feel unprepared to handle cyberattacks. Over 50 percent of the CISOs expressed more concern about the consequences of a cyberattack in 2021 than in 2020. The survey also revealed that most CISOs consider human error the greatest vulnerability, which stems from the increase in remote work due to the COVID-19 pandemic. The security challenges presented by the widespread work-from-home model are expected to extend into the next year and beyond. CISOs are encouraged to increase efforts to secure more points of attack and educate users on long-term remote and hybrid work. This article continues to discuss key findings from the Proofpoint 2021 Voice of the CISO report regarding CISOs' growth in concerns surrounding cyberattacks in 2021 and the types of attacks that are of top concern to them.

    Dark Reading reports "66% of CISOs Feel Unprepared for Cyberattacks"

  • news

    Visible to the public "Four Years On: Two-thirds of Global Firms Still Exposed to WannaCry"

    According to new research, over two-thirds (67%) of organizations are still running an insecure Windows protocol. Security researchers at ExtraHop used its network detection and response (NDR) capabilities to analyze anonymized metadata from an unspecified number of customer networks to understand better where they may be vulnerable to outdated protocols. The resulting security advisory report revealed the widespread use of Server Message Block version one (SMBv1), which contained a buffer overflow vulnerability which was exploited by the NSA-developed EternalBlue and related attack tools. North Korean threat actors used this insecure Windows protocol for WannaCry, and Russian state operatives use this protocol for their NotPetya operation. The researchers also found that this wasn't the only insecure protocol. They also discovered that 81% of enterprises still use HTTP plaintext credentials, and a third (34%) have at least 10 clients running NTLMv1, which could enable attackers to launch machine-in-the-middle (MITM) attacks or take complete control of a domain. The researchers also warned that 70% of enterprises are also running LLMNR, which can be exploited to access users' credential hashes. These, in turn, could be cracked to expose log-in information, the researchers claimed.

    Infosecurity reports: "Four Years On: Two-thirds of Global Firms Still Exposed to WannaCry"

  • news

    Visible to the public "Biden Executive Order Mandates Zero Trust and Strong Encryption"

    President Biden has issued a long-awaited executive order (EO) designed to improve supply chain security, incident detection, response, and overall resilience to threats. The executive order comes amidst unprecedented attacks on the US government and critical infrastructure, in the form of the SolarWinds, Exchange Server, and Colonial Pipeline attacks, to name just a few. Among the key measures is a requirement for all federal government software suppliers to meet strict rules on cybersecurity. Eventually, the plan is to create an "energy star" label so both government and public buyers can quickly and easily see whether software was developed securely. Other measures included in the executive order are an "aircrash investigation-style" Cybersecurity Safety Review Board, which will make recommendations for improvements after any significant incident, and a standardized playbook for government incident response. The executive order will also mandate a drive to secure cloud services and zero trust, including multi-factor authentication and data encryption at rest and in transit, by default. Security experts have welcomed the executive order.

    Infosecurity reports: "Biden Executive Order Mandates Zero Trust and Strong Encryption"

  • news

    Visible to the public "Faster and More Precise: Researcher Improves Performance of Image Recognition Neural Network"

    There have been advancements in Machine Learning (ML) regarding image recognition as this technology can now identify objects in photographs and videos. The adoption and implementation of image recognition continue to grow. However, such systems still call for improvements. Andrey Savchenko, a Professor at HSE University, developed an image recognition algorithm that functions 40 percent faster than analogues. It has been demonstrated to be capable of speeding up the real-time processing of video-based image recognition systems. Convolutional Neural Networks (CNNs) include a sequence of convolutional layers. They are widely used in computer vision. Savchenko was able to speed up the work of a pre-trained CNN using arbitrary architecture, containing 90 to 780 layers. This resulted in a 40 percent increase in recognition speed while at the same time controlling accuracy loss to no more than 0.5 to 1 percent. He used statistical methods like sequential analysis and multiple hypothesis testing. High accuracy is essential for image recognition systems. An incorrect decision made by a face recognition system can lead to someone from the outside gaining access to confidential information or the user being denied access repeatedly due to the neural network's inability to identify them. Sometimes speed can be sacrificed, but it is important in the application of video surveillance systems where there is a desire to make decisions in real-time. Professor Savchenko emphasizes the need to recognize an object in a video quickly without losing accuracy. This article continues to discuss the image recognition algorithm developed by Professor Savchenko that can speed up the real-time processing of video-based image recognition systems while controlling the loss in accuracy.

    HSE University reports "Faster and More Precise: Researcher Improves Performance of Image Recognition Neural Network"

  • news

    Visible to the public "Home Working Parents and Young Adults Are Most Risky IT Users"

    During new research conducted by researchers at HP Inc., they surveyed 8443 adults and 1100 IT decision-makers. The researchers found that young adults and parents of young children could be inviting cyber-threats by using work devices for risky personal tasks. Most (71%) of employees surveyed are accessing more company data more frequently from home than they did pre-pandemic, with over three-quarters (76%) admitting that working-from-home (WFH) has blurred the lines between their personal and professional lives. While a third (33%) of respondents are now downloading more to their devices from the internet, the figure rises to 60% for those aged 18-24-years-old. The researchers stated that this age group is more likely (60%) to watch online streaming services than the average (36%). In addition, over two-fifths (43%) of parents of children aged 5-16-years-old admitted to using work devices to play more games today than pre-pandemic. Over half (57%) of this group are also likely to use their work device for homework and online learning, versus an average of 40%. The researchers stated that this matters because threat actors are increasingly looking to target these behaviors. The research also revealed a significant number of home workers are using potentially insecure personal devices for work to access corporate applications (37%) and networks/servers (32%). Over half (51%) of IT decision-makers have seen evidence of compromised personal PCs being used to access company and customer data over the past year.

    Infosecurity reports: "Home Working Parents and Young Adults Are Most Risky IT Users"

  • news

    Visible to the public "Kansas Identity Theft Spike Could Be Linked to Data Breach"

    A Department of Labor data breach may have impacted the state with the highest identity theft rate in the country. According to new data released by the Federal Trade Commission (FTC), the reported rate of identity theft in Kansas in 2020 was higher than that of any other state and more than three times greater than the national average. Last year, 43,211 Kansans informed the FTC that someone had stolen or attempted to steal their identity, a year-on-year increase of 1,802%. Kansas lawmakers are investigating the possibility of a connection between the surge in identity theft and an alleged data breach at the Kansas Department of Labor (KDOL). An investigation into a possible breach was launched after a woman accidentally entered the wrong Social Security number into the KDOL website in February and was shown someone else's personal information. A February report from the Kansas Legislative Post Audit Division stated that just under a quarter ($600m) of the roughly $2.6bn Kansas paid in state and federal unemployment benefits in 2020 could have been fraudulent.

    Infosecurity reports: "Kansas Identity Theft Spike Could Be Linked to Data Breach"

  • news

    Visible to the public "Protecting Critical Energy Infrastructure"

    Both Israel and the US are facing more costly cyberattacks that could result in significant damage to critical energy infrastructure. A new consortium led by Ben-Gurion University of the Negev (BGU) and Arizona State University (ASU) will receive up to $6 million under a U.S.-Israel Energy Center research funding grant for energy infrastructure cybersecurity. Georgia Tech Research Corporation (GT) and several other tech partners are also included in the consortium. The consortium is working on a project titled "Comprehensive Cybersecurity Technology for Critical Power Infrastructure AI-Based Centralized Defense and Edge Resilience." This consortium aims to develop, integrate, and test technologies, as well as demonstrate high-value technologies capable of mitigating cyberattacks on the energy infrastructure. Data analytics, Artificial Intelligence (AI), and Machine Learning (ML) will be applied. This article continues to discuss the new consortium that brings BGU, ASU, and GT together and allocates resources to develop new technology for improving the cybersecurity of critical energy infrastructure.

    Homeland Security News Wire reports "Protecting Critical Energy Infrastructure"

  • news

    Visible to the public "Artificial Intelligence Could Accelerate Breach Notification Time, Expert Says"

    Dr. Frederic Lemieux, faculty director and professor of the practice for applied intelligence at Georgetown University, has brought further attention to the use of Artificial Intelligence (AI) in cybersecurity to increase the speed of data breach notifications. Lemieux suggested that increasingly efficient pattern recognition is helping companies detect anomalies in large pools of data. AI is helping to point out possible security issues to human analysts, such as an employee logging on to sensitive networks at odd hours, an email attachment including malicious data, and other unusual behavior. Cybersecurity costs are prohibitive, and companies are experiencing situations where the average cost of a data breach is about $8 million in the US. The time to discover a data breach can go up to 28 days, with the average number of days for containment being 80, thus increasing the appeal for AI solutions. Security professionals are also using AI tools for asset inventories to help highlight areas of a company that are vulnerable to digital threats. This article continues to discuss how AI tools are helping security professionals improve the cybersecurity of their companies.

    CyberScoop reports "Artificial Intelligence Could Accelerate Breach Notification Time, Expert Says"

  • news

    Visible to the public "NIST Previews Post-Quantum Cryptography Challenges"

    The National Institute of Standards and Technology's (NIST) National Cybersecurity Center of Excellence (NCCoE) has released the final version of a white paper titled "Getting Ready for Post-Quantum Cryptography: Exploring Challenges Associated with Adopting and Using Post-Quantum Cryptographic Algorithms." The purpose of this paper is to help organizations prepare for post-quantum cryptography. NIST has been working with researchers to develop cryptographic algorithms that can withstand the privacy and security threats that quantum computers will present. The paper emphasizes that the transition from today's standards to the new post-quantum public-key standards will likely be more challenging than the introduction of new classical cryptographic algorithms. As there is still a lack of implementation planning, it may take decades before the community replaces most of the vulnerable public-key systems being used today. It will not be easy to replace currently used encryption standards with quantum-resistant ones as some quantum-resistant candidate algorithms involve enormous signature sizes, require excessive processing, and use significantly large public or private keys. These factors would make it challenging to implement the solution widely. NIST emphasizes the need for various post-quantum algorithms in order to overcome sensitivity to large signature sizes and other implementation constraints. This article continues to discuss NIST's key points surrounding post-quantum cryptography challenges and how to overcome them.

    GCN reports "NIST Previews Post-Quantum Cryptography Challenges"

  • news

    Visible to the public "Energy Department Leading White House Interagency Response to Pipeline Attack"

    The White House has formed an interagency task force in response to the ransomware attack on Colonial Pipeline Company, which transports 45% of the US East Coast's supply of diesel, gasoline, and jet fuel. According to the FBI, the attack was executed by the cybercriminal ransomware group called DarkSide. The interagency team includes the Department of Homeland Security's (DHS) Cybersecurity and Infrastructure Security Agency (CISA), the FBI, the Department of Transportation (DOT), the Department of Defense (DOD), and other agencies, with the Department of Energy (DOE) as the lead agency for incidence response in this case. The Transportation Security Administration (TSA) has oversight over pipeline cybersecurity. Colonial Pipeline Company has said that its operations team is currently working to develop a restart plan for its pipeline system. This article continues to discuss the interagency response to the pipeline attack, Colonial's response to the attack, and the FBI's suggestion to companies not to pay ransoms demanded by cybercriminals.

    NextGov reports "Energy Department Leading White House Interagency Response to Pipeline Attack"

  • news

    Visible to the public "Scientists Will Protect the Smart City from Cyber Threats"

    St. Petersburg is participating in the development of a Smart City program that will provide new services to increase citizens' safety. This system depends on digital services. The environment adapts to the needs of humanity through the use of Internet of Things (IoT) systems. Therefore, cyberattacks against this infrastructure could pose a significant danger. Specialists at Peter the Great St. Petersburg Polytechnic University (SPbPU) developed a methodology for assessing cyber risks in a Smart City's intelligent system. They tested the methodology on the "smart crossroads" test bench, which is a component of the smart transport system of a Smart City. The scientists pointed out that cybercriminals' goals are to disrupt large enterprises and urban infrastructure and to intercept the control over them. Using wireless links, attackers can remotely infiltrate a target subnet or a group of devices, intercept traffic, launch denial-of-service (DoS) attacks, and hijack IoT devices to create botnets. The methodology developed by SPbPU researchers can be used to analyze cybersecurity risks, identify threats, calculate risks, and analyze the resulting risk values. It is based on a quantitative approach and is said to be easily computable. This article continues to discuss the Smart City program, potential cyberattacks against digital infrastructures in a Smart City, and the methodology developed by SPbPU researchers to assess cyber risks in the intelligent systems of a Smart City.

    EurekAlert! reports "Scientists Will Protect the Smart City from Cyber Threats"

  • news

    Visible to the public "Amazon: We Blocked 10 Billion Bad Listings in 2020"

    Amazon claims to have blocked billions of "bad" listings before they went live on its e-commerce platform last year in a bid to prevent rampant counterfeiting on the site. Amazon also thwarted over six million attempts to create new selling accounts during 2020, up from the 2.5 million reported in 2019. The e-commerce giant claimed that fewer than 0.01% of products sold on the platform received a counterfeit-related complaint from a customer, but the problem is serious. Only 6% of attempted new seller account registrations passed Amazon's verifications processes. Last year the company claimed to have seized and destroyed more than two million products sent to its fulfillment centers after detecting last minute that the products were counterfeit. Amazon has invested over $700 million in 2020 and employed more than 10,000 people to fight fraud and abuse on the platform. Counterfeit items aren't the only challenge facing Amazon. A mass scheme to pay consumers for fake reviews has recently emerged. E-commerce fraud is expected to surge by 18% from 2020 to top $20 billion globally by the end of this year as scammers continue to target shoppers driven online by the pandemic.

    Infosecurity reports: "Amazon: We Blocked 10 Billion Bad Listings in 2020"

  • news

    Visible to the public "200K Veterans’ Medical Records Likely Stolen by Ransomware Gang"

    A cybersecurity researcher named Jeremiah Fowler found an exposed database sitting exposed online without even basic password protection on April 18th. The database was filled with the medical records of nearly 200,000 U.S. military veterans. The database was exposed online by a vendor working for United Valor which is a Veterans Administration. The exposed data included patient names, birth dates, medical information, contact information, doctor information, and appointment times. All of this data could be used in socially engineered attacks, Fowler explained. The database also exposed unencrypted passwords and billing details. Fowler stated that the database was set to open and visible in any browser (publicly accessible), and anyone could edit, download or even delete data without administrative credentials. The researcher also found evidence that ransomware attackers might have exfiltrated the data. The dataset also contained a ransomware message titled "read_me" that claimed all of the records were downloaded, and they would be leaked unless 0.15 Bitcoin ($8,148) was paid.

    Threatpost reports: "200K Veterans' Medical Records Likely Stolen by Ransomware Gang"

  • news

    Visible to the public "Making Bitcoin More Secure"

    Guan-Hua Tu, an assistant professor in the College of Engineering at Michigan State University (MSU), and his team are developing ways to protect popular bitcoin applications used for cryptocurrency management. Tu and his team are finding vulnerabilities in these apps that could leave a user's money and personal information at risk of theft by cybercriminals. They are also raising awareness about these vulnerabilities to help users better protect themselves and developing an app aimed at addressing those vulnerabilities. Users are encouraged not to use smartphone wallet apps developed by untrusted developers and to manage their bitcoin using a computer instead of a smartphone. The researchers developed the Spartan app, which is designed to run simultaneously on the same phone as a wallet and monitor for intrusions. The app alerts users when an attack occurs and provides remedies based on the type of attack. For example, the app can add noise to outgoing bitcoin messages to prevent an attacker from retrieving accurate information. The team is developing the app for Android phones and plans to make it available for download in the Google Play app store. This article continues to discuss the vulnerabilities found in bitcoin wallet apps, the attacks made possible by these vulnerabilities, the Spartan app designed to protect against those attacks, and how users can protect themselves from the security flaws of a smartphone bitcoin wallet app.

    MSU Today reports "Making Bitcoin More Secure"

  • news

    Visible to the public "University Cancels Exams After Cyber-Attack"

    Rensselaer Polytechnic Institute (RPI) was forced to shut down most of their computer network after unauthorized access was detected on Friday. Student assessments, research, and other academic activities have been impacted. All final examinations, term papers, and project reports that were due between May 8th and May 10th have been canceled. Rensselaer Polytechnic Institute, which has around 7,900 students, is a private university situated in Troy, New York. Information Technology and Web Science are among the academic disciplines taught at the institute. RPI did not share any further details of the incident, such as what information may have been accessed. The institute has also not shared when its network will be up and running again. The university is currently making modifications to grading policies to accommodate for the disruption caused by the cyberattack.

    Infosecurity reports: "University Cancels Exams After Cyber-Attack"

  • news

    Visible to the public "An Ambitious Plan to Tackle Ransomware Faces Long Odds"

    A public-private partnership has been formed in support of developing a coordinated response to ransomware attacks. A comprehensive framework, supervised by the Institute for Security and Technology's (IST) Ransomware Task Force (RTF), proposes the use of a more aggressive public-private response to ransomware instead of the traditional piecemeal approach. Members of the task force include Amazon Web Services, Cisco, Microsoft, the Federal Bureau of Investigation (FBI), the Department of Homeland Security's (DHS) Cybersecurity and Infrastructure Security Agency (CISA), and the United Kingdom National Crime Agency (NCA). The framework includes recommendations from cybersecurity firms, incident responders, nonprofits, government agencies, and academics. It also calls on organizations in the public and private sector to increase efforts towards improving defenses, developing response plans, regulating cryptocurrencies, and strengthening and expanding international law enforcement collaboration. The report outlines the threat posed by ransomware actors and actions that could minimize the threat. It delves into how the US could work out diplomatic relationships to involve more countries in ransomware response, and engage those that have served as safe havens for ransomware groups. This article continues to discuss the purpose and recommendations of the RTF report, along with questions surrounding the new framework aimed at tackling ransomware in a coordinated manner.

    Wired reports "An Ambitious Plan to Tackle Ransomware Faces Long Odds"

  • news

    Visible to the public "An Uncrackable Combination of Invisible Ink and Artificial Intelligence"

    Although electronic records continue to advance, paper is still a common method of preserving data. Invisible ink can be used to hide classified economic, commercial, or military information, but many popular inks have toxic compounds or can be seen with predictable methods like chemicals, light, or heat. Carbon nanoparticles, which are low in toxicity, can be invisible under ambient lighting but can create vibrant images when exposed to ultraviolet (UV) light. Advances in Artificial Intelligence (AI) models can ensure that messages can only be deciphered on properly trained computers. A team of researchers trained an AI model to identify and decrypt symbols printed in a fluorescent carbon nanoparticle ink that reveal hidden messages when exposed to UV light. They taught the AI model, made up of multiple algorithms, to recognize the symbols illuminated by UV light and decode them through the use of a special code book. Then they tested whether the AI model can decode messages printed using a combination of regular red ink and the UV fluorescent ink. The AI model read the regular ink symbols as "STOP," with 100% accuracy. When a UV light illuminated the writing, the invisible ink showed the desired message "BEGIN." According to the researchers, since these algorithms can notice modifications in symbols, this approach has the potential to encrypt messages securely using hundreds of different unpredictable symbols. This article continues to discuss the approach to improving paper information recording and security protection using invisible ink and AI.

    Science Daily reports "An Uncrackable Combination of Invisible Ink and Artificial Intelligence"

  • news

    Visible to the public "Ransomware Takes Down East Coast Fuel Pipeline"

    After a ransomware attack that knocked offline the country's largest fuel pipeline, the US government has been forced to issue emergency legislation. The government legislation put in place is designed to relax rules restricting the transportation of fuel by road. Colonial Pipeline confirmed over the weekend that it had suffered a severe cyber attack. The attack was launched by the Russian-speaking DarkSide group, who claim to have also stolen 100GB of data in a classic "double extortion" play. Colonial Pipeline stated that they proactively took specific systems offline to quickly contain the threat after learning of the attack. Their mainlines (Lines 1, 2, 3, and 4) remain offline. Some smaller lateral lines between terminals and delivery points are now operational. Researchers suggest that if the outage persists, there are likely to be shortages and price rises across the 12 states the pipeline travels through and beyond. It is estimated that the pipeline carries 2.5 million barrels a day, representing nearly half of the East Coast's supply of diesel, gasoline, and jet fuel.

    Infosecurity reports: "Ransomware Takes Down East Coast Fuel Pipeline"

  • news

    Visible to the public "US Physics Laboratory Exposed Documents, Credentials"

    A group of security researchers found weaknesses at the Fermilab physics laboratory in the US that could lead to the exposure of documents, proprietary applications, project details, and more. Fermilab is a particle accelerator and physics laboratory in Batavia, Illinois, and is a part of the US Department of Energy (DOE). The lab has remediated the security issues that were unintentionally exposing a lot of information. One database they discovered allowed them to have unauthenticated access to over 5,700 documents and more than 50,000 file entries. They used Amass to enumerate Fermilab's subdomains. They also used dirsearch and Nmap for discovering open ports and enumerating services. These probes revealed multiple entry points. One of the entry points led into the lab's IT ticketing system, which revealed 4,500 trouble tickets. A malicious actor could gather project names, configuration data, and communication information by viewing the ticketing system. The researchers also found that part of a web application exposed names, emails, user IDs, security workgroups, assigned login groups, and documents. It was emphasized that Fermilab's security issues could have made its network and equipment targets for a ransomware attack. This article continues to discuss the discovery of Fermilab's security issues and the lab's quick response to the researchers' findings.

    Data Breach Today reports "US Physics Laboratory Exposed Documents, Credentials"

  • news

    Visible to the public "Closing Network Pathways to Sensitive Data to Help Secure Medical Devices"

    The Cybersecurity and Infrastructure Security Agency (CISA) released ICS Medical Advisory (ICSMA-21-084-01) that covers a specific vulnerability discovered in the Philips Gemini PET/CT family of scanners. These scanners store patient data in detachable media without access control. Legacy medical devices like this line of PET/CT scanners heighten the problem of unsecured Protected Health Information (PHI) storage. Due to the irregularity and, in some cases, lack of support for operating systems, many of the vulnerabilities impacting these devices are difficult or impossible to remediate. However, it would be significantly capital intensive for organizations to do a mass replacement of older devices. Therefore, a different approach must be taken to address PHI availability and future remediation requirements. Many healthcare networks are flat or segmented by department, creating issues when entire departments are hit with ransomware attacks in which malware is spread laterally and infects all devices in a large segment. Edge micro-segmentation is the recommended approach for medical device security, which fills healthcare networks with endpoints that are each on their own protected segment. This new network architecture design also applies security to traffic as it enters and exits a micro-segment. The adoption of this approach would prevent the direct exposure of medical devices within a network and the lateral spread of malware. This article continues to discuss the challenges faced in protecting healthcare networks from security threats, the expansion of the attack surface by flat and minimally segmented networks, and how edge micro-segmentation improves medical device security.

    Homeland Security Today reports "Closing Network Pathways to Sensitive Data to Help Secure Medical Devices"

  • news

    Visible to the public Possible security threats linked to recycled phone numbers.

    Possible security threats linked to recycled phone numbers.

  • news

    Visible to the public "CaptureRx Data Breach Impacts Healthcare Providers"

    At least three American healthcare providers have suffered a data breach after a cyber-attack on an administrative services company in Texas. CaptureRx, which is based in San Antonio, fell victim to a ransomware attack on February 6. On February 19, an investigation into the attack determined that certain files had been accessed without authorization. Cybercriminals exfiltrated files containing the personal health information (PHI) of more than 24,000 individuals during the attack. CaptureRx serves the Mohawk Valley Health System affiliate Faxton St. Luke's Healthcare in New York, Thrifty Drug Stores (Thrifty White), and Gifford Health Care of Randolph, Vermont, among others. A review of the attack, completed on March 19, determined that the security breach impacted 17,655 patients of Faxton St. Luke's Healthcare and a further 6,777 patients at Gifford Health Care. The number of Thrifty Drug Store patients affected by the attack has not yet been determined. CaptureRx is currently unclear how many of its healthcare provider clients have been affected by the attack. Nor has the company finished its final tally of how many individuals had their PHI exposed because of the incident. Data exposed and stolen by the ransomware attackers included names, dates of birth, prescription information, and, for a limited number of patients, medical record numbers.

    Infosecurity reports: "CaptureRx Data Breach Impacts Healthcare Providers"