News Items

  • news

    Visible to the public Follow @SoS_VO_org on Twitter!

    Follow @SoS_VO_org on Twitter!

    The SoS-VO team is excited to announce that we recently updated the homepage of the website to link to the official Science of Security & Privacy twitter account where we will be making daily announcements about noteworthy news items, upcoming opportunities, and impending deadlines in the SoS community.

  • news

    Visible to the public Predictive Intelligence for Pandemic Prevention (PIPP) Webinars

    Predictive Intelligence for Pandemic Prevention (PIPP) Webinars

    February 16, 2021 11:00 AM to
    February 17, 2021 6:45 PM
    Virtual Workshop

    Save the Date

    February 25, 2021 11:00 AM to
    February 26, 2021 6:00 PM
    Virtual Workshop

    Save the Date

  • news

    Visible to the public NSF 21-044 Dear Colleague Letter: Computer and Information Science and Engineering Graduate Fellowships

    NSF 21-044

    Dear Colleague Letter: Computer and Information Science and Engineering Graduate Fellowships (CSGrad4US)

    February 2, 2021

    Dear Colleagues:

  • news

    Visible to the public Computing Community Consortium (CCC) report on Assured Autonomy released

    The Computing Community Consortium (CCC) released a report on assured autonomy, titled Assured Autonomy: Path Toward Living With Autonomous Systems We Can Trust. The report is the result of a year-long effort by the CCC and over 100 members of the research community, led by Ufuk Topcu (The University of Texas at Austin).

  • news

    Visible to the public 9th Annual Best Scientific Cybersecurity Paper Competition


  • news

    Visible to the public HoTSoS 2021: Works-in-Progress Co-Chairs

    Meet the HoTSoS 2021 Team:
    Works-in-Progress Co-Chairs

    Kurt Kelville (MIT) and Aron Laszka (University of Houston) are our Works-in-Progress Co-Chairs for the 2021 Symposium. Happy to have these two on the Program Committee Team!

    About the Chairs

  • news

    Visible to the public NSA and SoS Announce Winner of the 8th Paper Competition

    The National Security Agency and Science of Security annouced that "Spectre Attacks: Exploiting Speculative Execution" as the winner of its 8th Annual Best Cybersecurity Research Paper competition.

    Originally published at the 2019 IEEE Security & Privacy Symposium, the winning paper, in combination with Meltdown, another award-winning paper released earlier by the same researchers, launched a global effort to mitigate critical vulnerabilities in processors.

  • news

    Visible to the public Call for Participation: Canberra Artificial Intelligence Summer School

    Call for Participation

    Canberra Artificial Intelligence Summer School

    Virtual, December 4-7th, 2020



    [If interested in staying up-to-date, please join this Discord channel!]


  • news

    Visible to the public Take my word for it: Privacy and COVID alert apps can coexist


    Since the COVID-19 pandemic began, technologists across the country have rushed to develop digital apps for contact tracing and exposure notifications. New York, New Jersey, Pennsylvania, and Delaware have all recently announced the launch of such apps, announcements which generated excitement. But the advent of these tools has also created questions. Chief among them: Do these apps protect privacy?

  • news

    Visible to the public Science of Security and Privacy 2019 Annual Report

    The Science of Security and Privacy 2019 Annual Report is now available.

    This report highlights the progress and accomplishments of the Science of Security and Privacy initiative.

  • news

    Visible to the public now supports DOI!

    The latest release of the has added Zenodo support for generating archives and including DOI information for content types such as files, news items, web pages, and wiki pages!

  • news

    Visible to the public Solicitation: NSF Secure and Trustworthy CyberSpace (SaTC) [Solicitation 21-500]

    Secure and Trustworthy Cyberspace (SaTC)

    NSF 21-500

    NSF 19-603

    National Science Foundation

    Directorate for Computer and Information Science and Engineering
         Division of Computer and Network Systems
         Division of Computing and Communication Foundations
         Division of Information and Intelligent Systems
         Office of Advanced Cyberinfrastructure

  • news

    Visible to the public NIST Releases Draft Security Feature Recommendations for IoT Devices

    NIST Releases Draft Security Feature Recommendations for IoT Devices

    "Core Baseline" guide offers practical advice for using everyday items that link to computer networks.

    August 01, 2019

  • news

    Visible to the public NSA-approved cybersecurity law and policy course now available online

    NSA-approved cybersecurity law and policy course now available online

    Cyber Scoop

    Shannon Vavra

    August 27th, 2019

    Anyone who is interested in cybersecurity law and policy can now take an online course that was partly shaped by National Security Agency.

  • news

    Visible to the public Verification Tool Competition

    ARCH brings together researchers and practitioners to establish a curated set of benchmarks for verification, testing and reachability, and evaluate them in a friendly competition. ARCH started in 2014 and has sustained a vibrant community since. Since 2017, ARCH has organized as a part of the workshop the International Competition on Verifying Continuous and Hybrid Systems (ARCH-COMP,, now in its 3rd iteration.

  • news

    Visible to the public Game-theoretic Paper Wins Annual Paper Competition

    The winner of the 6th Annual Best Scientific Cybersecurity Paper Competition is How Shall We Play a Game? A Game-theoretical Model for Cyber-warfare Games by Tiffany Bao, Yan Shoshitaishvili, Ruoyu Wang, Christopher Kruegel, Giovanni Vigna, and David Brumley. These researchers are from Carnegie Mellon University and University of California, Santa Barbara. This paper was originally accepted at 30th IEEE Computer Security Foundations Symposium (CSF '17).

    To learn more visit the competition homepage:

  • news

    Visible to the public Secretary of Energy Rick Perry Announces $68.5 Million for Advanced Vehicle Technologies Research

    WASHINGTON, D.C. - Today, U.S. Secretary of Energy Rick Perry announced up to $68.5 million in available funding for early-stage research of advanced vehicle technologies that will enable more affordable mobility, strengthen domestic energy security, and enhance U.S. economic growth.

  • news

    Visible to the public 2018 NSF CPS Program Solicitation

    The 2018 Cyber-Physical Systems Program Solicitation has been released. The submission window for proposals is April 27, 2018 - May 8, 2018. Please see the full solicitation for additional details and the summary of program requirements:

  • news
  • news

    Visible to the public NSA SoS Lablet Call for Proposals is Open

    The National Security Agency has distributed its BAA (really a request for proposals) for its next generation of SoS Lablets. These lablets include lablets on the 5 Hard Problem areas in Science of Security, on the Science of Privacy and dealing with Cyber Physical Systems. Proposals are due August 21. While the SoS team is not the point of contact for the contracting process, we can aid in directing:

  • news

    Visible to the public U.S. Department of Transportation Launches Smart City Challenge to Create a City of the Future

    Smart City Challenge

  • news

    Visible to the public NEW 2016 NSF-USDA Solicitation: Innovations at the Nexus of Food, Energy, and Water Systems (INFEWS)

    Innovations at the Nexus of Food, Energy and Water Systems (INFEWS)

    Program Solicitation
    NSF 16-524

    National Science Foundation

  • news

    Visible to the public Sticky News Item

    This news item always appears at the top of the 'recent news' list because the 'pin to top of lists' box is checked under 'publishing options' below. News Items can also be set to show in the spotlight slideshow feature.

  • news

    Visible to the public Sticky News Item

    This news item always appears at the top of the 'recent news' list because the 'pin to top of lists' box is checked under 'publishing options' below. News Items can also be set to show in the spotlight slideshow feature.

  • news

    Visible to the public  "A New and Non-Intrusive Method for Preventing Cyber Attacks on Android Devices"

    Android is the most targeted mobile operating system by malware. Researchers at the Singapore Management University (SMU) have discovered a new way to prevent cyberattacks on Android devices. The method is said to be dynamic, intelligent, and non-intrusive in detecting malware on Android devices. The researchers are leveraging a side-channel for detecting sensitive and unusual behaviors on mobile apps. Their method is convenient as it does not require rooting or gaining privilege control from Android users. Android operating system upgrades do not affect the detection method. The method of detection also does not breach the Personal Data Protection Act of 2012 since it does not extract data in its performance. The research team designed the side-channel monitoring system by taking input from side-channel readings and using artificial intelligence and deep machine learning (ML) to train a deep neural network model to determine if sensitive or uncharacteristic behavior has been exhibited on mobile apps. This approach to monitoring and detection offers researchers a way to dynamically monitor apps' behaviors instead of statically analyzing each app's code. Using this method, stealthy attacks can be detected. Testing of the technique showed that it could detect sensitive behavior, with a 98.5 percent accuracy rate. This article continues to discuss the growing sophistication of cyberattacks, the heavy targeting of the Android operating system by hackers, challenges associated with designing a malware detection system for Android, and the side-channel monitoring solution designed by SMU researchers to protect Android devices from cyberattacks.

    SMU reports "A New and Non-Intrusive Method for Preventing Cyber Attacks on Android Devices"

  • news

    Visible to the public "Hackers Are Finding Ways to Hide Inside Apple's Walled Garden"

    Apple's walled garden refers to the company's tech ecosystem in which devices' features and security are tightly controlled. Most experts agree that the locked-down approach of iOS has solved some significant security problems. However, it has been discovered that this locked-down nature is a double-edged sword in that the most advanced hackers can use the higher barriers to avoid capture. Bill Marczak, a senior researcher at the cybersecurity watchdog Citizen Lab, points out that while Apple's walled garden makes it more difficult for a lot of less-skilled to break iPhones, the 1 percent of hackers with the greatest skill and higher amount of resources who successfully infiltrates the iPhone can end up being protected by Apple's extraordinary defenses. According to Marczak, as Apple continues to improve iPhone's security by investing millions in raising the wall, the best hackers also purchase or develop zero-click exploits that allow them to secretly take over iPhones. These exploits allow attackers to access restricted areas of the phone without showing any sign to the target that they have been compromised. Marczak argues that the iPhone's security barriers can help hackers avoid detection by investigators and prevent further understanding of their malicious behavior. It has been suggested that a framework is created to allow device owners or authorized individuals to have greater forensic abilities to see if a device has been compromised, but this approach could be undermined through social engineering. This article continues to discuss the concept of Apple's walled garden, how this approach can benefit the most sophisticated hackers, and why it is difficult to fix this problem.

    MIT Technology Review reports "Hackers Are Finding Ways to Hide Inside Apple's Walled Garden"

  • news

    Visible to the public "NVIDIA and Harvard Researchers Use AI to Make Genome Analysis Faster And Cheaper"

    Researchers from NVIDIA and Harvard have made an enormous breakthrough in genetic research by developing a deep-learning toolkit that can significantly reduce the time and cost needed to run rare and single-cell experiments. The AtacWorks toolkit can run inference on a whole genome, a process that generally takes a little over two days, in just half an hour. It's able to do so thanks to NVIDIA's Tensor Core GPUs. AtacWorks works with ATAC-seq, a well-established method designed to find open areas in the genome of healthy and diseased cells. These "open areas" are subsections of an individual's DNA used to determine and activate specific functions. This is the part of a person's genome that could give scientists indications on whether a person could have Alzheimer's, heart disease, or cancer. ATAC-seq usually requires the analysis of tens of thousands of cells, but AtacWorks can get the same results using only tens of cells. Researchers also applied AtacWorks to a dataset of stem cells that produce red and white blood cells, subtypes that typically can't be studied using traditional methods. But with AtacWorks, they were able to identify separate parts of the DNA associated with white blood cells and red blood cells, respectively. Researchers' ability to analyze the genome faster and cheaper will go a long way in identifying the specific mutations or biomarkers that could lead to certain diseases. It could even help drug discovery by assisting researchers to figure out how a disease works.

    Engadget reports: "NVIDIA and Harvard Researchers Use AI to Make Genome Analysis Faster And Cheaper"

  • news

    Visible to the public "MITRE Launches Ransomware Support Hub for Hospitals and Health Systems"

    MITRE recently revealed its new Ransomware Resource Center, which is aimed at helping healthcare organizations improve their resilience against ransomware attacks. The center offers tools and strategies for IT and infosec professionals to help combat the growing frequency and sophistication of such cyberattacks. The MITRE Ransomware Resource Center provides an array of resources tailored to specific roles within the healthcare sector, including business managers, technical managers, IT professionals, or cybersecurity practitioners. Its offerings are also tailored around the five stages of the National Institute of Standards and Technology (NIST) Cybersecurity Framework: identify, protect, detect, respond, and recover. MITRE has highlighted a recent report stating that 560 healthcare facilities were hit with ransomware attacks in 2020, along with another report that shows a 45 percent increase in exploitation attempts within the past four months. This article continues to discuss the launch of a ransomware support hub for hospitals and health systems by MITRE, as well as the growing threat of ransomware targeting healthcare and the public health sector.

    Healthcare IT News reports "MITRE Launches Ransomware Support Hub for Hospitals and Health Systems"

  • news

    Visible to the public "At Least 30,000 U.S. Organizations Newly Hacked Via Holes in Microsoft’s Email Software"

    At least 30,000 organizations across the United States, including a significant number of small businesses, towns, cities, and local governments, have been hacked by an unusually aggressive Chinese cyber-espionage unit over the past few days. The Chinese cyber-espionage unit is focused on stealing emails from victim organizations. The espionage group is exploiting four newly-discovered flaws in Microsoft Exchange Server email software and has seeded hundreds of thousands of victim organizations worldwide with tools that give the attackers total remote control over affected systems. On March 2, Microsoft released emergency security updates to plug four security holes in Exchange Server versions 2013 through 2019 that hackers were actively using to siphon email communications from internet-facing systems running Exchange. In the three days since then, security experts say the same Chinese cyber-espionage group has dramatically stepped up attacks on any vulnerable, unpatched Exchange servers worldwide. In each incident, the intruders have left behind a "web shell," an easy-to-use, password-protected hacking tool that can be accessed over the internet from any browser. The web shell gives the attackers administrative access to the victim's computer servers. Microsoft said the Exchange flaws are being targeted by a previously unidentified Chinese hacking crew it dubbed "Hafnium," and said the group had been conducting targeted attacks on email systems used by a range of industry sectors, including infectious disease researchers, law firms, higher education institutions, defense contractors, policy think tanks, and NGOs

    Krebs on Security reports: "At Least 30,000 U.S. Organizations Newly Hacked Via Holes in Microsoft's Email Software"

  • news

    Visible to the public International Women's Day and need for more diversity in Cyber Security Workforce

    The Rule of Steve is that in a physical or virtual room of cyber security professionals, there are more men named Steve than women. Does that still apply now that we're in 2021 on International Women's Day? Diversity has improved over the last several years, but still has a long way to go in this field. And with over 3.1 million jobs to be filled, we need all the people--including women and minorities to help fill these critical posit

  • news

    Visible to the public "Three New Malware Strains Linked to SolarWinds Hackers"

    Researchers at Microsoft and the cybersecurity firm FireEye have shared details about new pieces of malware believed to be linked to the threat actors behind the SolarWinds supply chain attack. Microsoft is tracking the threat actor behind the SolarWinds attack as "NOBELIUM." The company identified three new malware strains named GoldMax, GoldFinder, and Sibot, supposedly used by the group following the compromise of the targeted organization's network. According to Microsoft, these malware strains have been used to maintain persistence and perform other specific activities. GoldMax was written in the Go programming language and is designed to act as a command-and-control (C2) backdoor, creating scheduled tasks that impersonate system management software for persistence. GoldFinder is described as a custom HTTP tracer tool. Sibot has been described as a dual-purpose malware written in VBScript that allows attackers to download and execute payload from a remote server, and maintain persistence. This article continues to discuss recent findings surrounding the three new malware strains linked to the threat actors behind the SolarWinds attack, as well as the threat groups that have targeted the software company.

    Security Week reports "Three New Malware Strains Linked to SolarWinds Hackers"

  • news

    Visible to the public "US Warns of Fake Unemployment Benefit Websites"

    The United States Justice Department has warned that cyber-criminals are impersonating state workforce agencies (SWAs) to steal Americans' personal data. The fake websites are designed to trick consumers into thinking they are applying for unemployment benefits and disclosing personally identifiable information and other sensitive data. To trick victims into accessing these fake websites, the cyber-criminals have been sending spam text messages and emails purporting to be from an SWA. Contained in the communications is a link to a spoofed SWA website. As of February 2021, there were 10 million unemployed individuals in America. The department advised people not to click on a link in an unsolicited email or text message. The department asks anyone who has received a text message or email claiming to be from an SWA and containing a link or other contact information to report the communication to the National Center for Disaster Fraud (NCDF).

    Infosecurity reports: "US Warns of Fake Unemployment Benefit Websites"

  • news

    Visible to the public "NSA Pushes Zero Trust Principles to Help Prevent Sophisticated Hacks"

    The National Security Agency (NSA) strongly recommends the adoption of a Zero Trust security model for all critical networks within National Security Systems, the Department of Defense's critical networks, and Defense Industrial Base critical networks and systems. NSA recently released a guide that includes examples of how the implementation of Zero Trust could have prevented some of the methods used by attackers to compromise at least nine federal agencies and a hundred companies in the SolarWinds supply chain attack. The attackers' focus on evading detection indicates that such tactics will continue to grow in use and complexity, calling for the consideration of Zero Trust principles. Using a Zero Trust approach, devices themselves would be validated in addition to passwords. Therefore, if an attacker uses a stolen password but the device is unknown, the device will fail authentication and authorization checks, thus resulting in the denial of access and the logging of the malicious activity. The agency also recommends the use of strong multi-factor authentication. This article continues to discuss NSA's recommendation to embrace the Zero Trust security model and how the implementation of this model can help organizations prevent sophisticated hacks.

    NextGov reports "NSA Pushes Zero Trust Principles to Help Prevent Sophisticated Hacks"

  • news

    Visible to the public "Cutting off Stealthy Interlopers: A Framework for Secure Cyber-Physical Systems"

    Researchers from Daegu Gyeongbuk Institute of Science and Technology (DGIST) in Korea conducted a study in which they developed a framework for Cyber-Physical Systems (CPSs). The framework is resilient against a sophisticated type of cyberattack known as the pole-dynamics attack (PDA), which can make the physical system unstable. A PDA attack is performed by connecting to a node in the network of the CPS and then injecting false sensor data. If the sensors of the system's physical elements do not give proper readings, the control signals transmitted by the control algorithm to the physical actuators are incorrect, thus potentially causing them to malfunction and behave dangerously. The researchers adopted a technique called Software-Defined Networking (SDN) to address PDAs. The network of the CPS can be made more dynamic by distributing the relaying of signals via controllable SDN switches. The proposed approach also involves the use of a novel attack-detection algorithm embedded in the SDN switches to alarm the centralized network manager if false sensor data is being injected. This article continues to discuss the new framework developed to help CPSs detect and recover from sophisticated cyberattacks.

    Science Daily reports "Cutting off Stealthy Interlopers: A Framework for Secure Cyber-Physical Systems"

  • news

    Visible to the public "AI Enhanced Design to Counter Threats to Critical Infrastructure and Military Electronics"

    Dr. Basel Halak of the Cyber Security Research Group at the University of Southampton will improve the security of anti-tamper embedded devices in a new Royal Academy of Engineering Industrial Fellowship. Embedded systems have become popular targets for hacking, with smart devices vulnerable to being taken over and controlled by malicious actors. Dr. Halak emphasizes that the compromise of hardware products poses significant threats if they are used in critical infrastructure and military applications. The ever-evolving security threat landscape calls for effective and adaptive defense solutions. This fellowship aims to develop responsive and adaptive defense mechanisms to combat security threats to critical infrastructure and military electronics. The mechanism will be developed using Machine Mearning (ML) algorithms to rapidly detect malicious behaviors exhibited by embedded systems and increase the speed at which a potential attack is stopped. This article continues to discuss the Industrial Fellowship awarded to Dr. Halak to develop a mechanism that will strengthen the security of anti-tamper embedded devices.

    The University of Southampton reports "AI Enhanced Design to Counter Threats to Critical Infrastructure and Military Electronics"

  • news

    Visible to the public "Ransomware Attack on Arizona Optometrist"

    Cyber-criminals successfully hit Cochise Eye and Laser with ransomware in January, encrypting the office's patient scheduling and billing software. The company is located in Sierra Vista, Arizona, and the ransomware attack affects up to 100,000 patients. Patient data stored in the billing software included names, dates of birth, addresses, phone numbers, and in some cases, Social Security numbers. A spokesperson for the office stated that no signs had been found to indicate that any data theft or exfiltration had taken place. The optometrist's office said it planned to increase cybersecurity following the attack. Although no evidence has been found that data was taken, the incident is still considered a breach of protected health information. It has been reported to the HHS' Office for Civil Rights. The eye-care provider advised its patients to place a fraud alert on their credit file and to request and review their credit reports.

    Infosecurity reports: "Ransomware Attack on Arizona Optometrist"

  • news

    Visible to the public "Ransomware Attacks Soared 150% in 2020"

    Researchers at Group-IB have discovered that ransomware surged by 150% in 2020, with the average extortion amount doubling. The average ransom demand stood at $170,000 last year, but groups like Maze, DoppelPaymer, and RagnarLocker averaged between $1 million and $2 million. The average ransomware victim suffered 18 days of outages last year. Maze group (20%), Egregor group (15%), and Conti group (15%) accounted for most of the attacks analyzed by Group-IB. The Ransomware-as-a-Service (RaaS) model accounted for the majority (64%) of attacks studied, and 15 new affiliate programs appeared in 2020. Over half (52%) of attacks investigated by the researchers used publicly accessible RDP servers to gain initial access, followed by phishing (29%) and exploitation of public-facing applications (17%).

    Infosecurity reports: "Ransomware Attacks Soared 150% in 2020"

  • news

    Visible to the public "Researchers Discover That Privacy-Preserving Tools Leave Private Data Unprotected"

    Researchers at the NYU Tandon School of Engineering explored the machine-learning frameworks behind privacy preservation tools used for technologies such as facial expression recognition systems to see how effective such tools are at protecting private data. In a paper titled "Subverting Privacy-Preserving GANs: Hiding Secrets in Sanitized Images," the researchers looked into the possibility of recovering private data from images that had been sanitized by privacy-protecting Generative Adversarial Networks (PP-GANs) and that had passed empirical tests. The team discovered that PP-GAN designs could be subverted to pass privacy checks while enabling secret information to be obtained from sanitized images. The study presents the first comprehensive security analysis of PP-GANs and highlights the inadequacy of existing privacy checks at detecting sensitive information leakage. Using a new steganographic method, the researchers were able to modify an advanced PP-GAN to hide a secret, such as a user ID, from supposedly sanitized images. The adversarial PP-GAN can hide sensitive information in sanitized output images that can pass privacy checks, with a 100 percent rate at recovering secrets. This article continues to discuss findings from the study on the subversion of PP-GANs.

    The NYU Tandon School of Engineering reports "Researchers Discover That Privacy-Preserving Tools Leave Private Data Unprotected"

  • news

    Visible to the public "Telemarketing Biz Exposes 114,000 in Cloud Config Error"

    Security researchers at vpnMentor found an unsecured AWS S3 bucket on December 24 last year. The bucket was traced to Californian business CallX, whose analytics services are used by clients to improve their media buying and inbound marketing. The AWS S3 bucket leaked the personal details of potentially tens of thousands of consumers. The researchers found 114,000 files left publicly accessible in the leaky bucket. Most of the files were audio recordings of phone conversations between CallX clients and their customers. An additional 2000 transcripts of text chats were also viewable. Personally identifiable information (PII) contained in these files included full names, home addresses, phone numbers, and more. Unfortunately, the bucket remains open. VpnMentor has tried to contact CallX with no response. The research team first reached out to the firm on January 3, 2021, and then to AWS on January 6.

    Infosecurity reports: "Telemarketing Biz Exposes 114,000 in Cloud Config Error"

  • news

    Visible to the public "Free Cybersecurity Tool Aims to Help Smaller Businesses Stay Safer Online"

    The U.K.'s National Cyber Security Centre (NCSC) created the Cyber Action Plan tool to help small businesses improve their cybersecurity. The tool offers personalized cybersecurity advice to micro-businesses and sole traders. According to the U.K. government's most recent Cyber Security Breaches Survey, nearly half of micro and small businesses reported cybersecurity breaches or cyberattacks in 2020. Micro businesses and sole traders are invited to take a short questionnaire in order to get a personalized list of actions associated with Cyber Aware behaviors. Cybersecurity guidance for start-ups and other small businesses is more important than ever due to the COVID-19 pandemic. Small businesses have had to figure out how to get online and remain competitive during the pandemic, which has increased their vulnerability to cyber threats. This article continues to discuss how the NCSC's Cyber Action Plan tool will help small businesses strengthen their cybersecurity.

    ZDNet reports "Free Cybersecurity Tool Aims to Help Smaller Businesses Stay Safer Online"

  • news

    Visible to the public "Password Reuse at 60% as 1.5 Billion Combos Discovered Online"

    Researchers at SpyCloud found nearly 1.5 billion breached login combos circulating online last year and billions of records, including personal information (PII). The researchers also found that password reuse and weak hashing algorithms were widespread. In 2020 there were 854 breaches, up a third from 2019, and each data leak leaked on average 5.4 million records. SpyCloud found that 60% of credentials were reused across multiple accounts, exposing victims to credential stuffing and other brute force tactics. Of the 270,000 .gov emails recovered, the researchers found that password reuse was even higher, at 87%. Nearly two million passwords contained "2020," while almost 200,000 featured COVID-related keywords like "corona" and "pandemic." The most common password was "123456," followed by "123456789" and "12345678." "Password" and "111111" also appeared more than 1.2 million times each. The researchers also found that a third (32%) of breached passwords used the weak MD5 algorithm, and 22% used SHA1. Only 17% of passwords were salted.

    Infosecurity reports: "Password Reuse at 60% as 1.5 Billion Combos Discovered Online"

  • news

    Visible to the public "Ryuk Ransomware Updated With 'Worm-Like Capabilities'"

    A report recently released by CERT-FR, the French government's computer emergency readiness team, recently issued a report about a new Ryuk ransomware variant with worm-like capabilities that allow it to spread automatically within the networks it infects. According to CERT-FR, Ryuk now propagates itself from machine to machine within the Windows domain by using scheduled tasks. After the ransomware is launched, it spreads itself on every reachable machine on which Windows Remote Procedure Call (RPC) access is possible. The RPC service supports communication between Windows processes. The addition of worm-like capabilities to Ryuk ransomware indicates that its operators are attempting to improve the automation of their ability to rapidly spread malware from one infected system to multiple systems across a network in order to reduce the "intrusion to infection" time. This article continues to discuss the update of Ryuk ransomware with worm-like capabilities, as well as the history, prevalence, distribution, and human operation of Ryuk.

    BankInfoSecurity reports "Ryuk Ransomware Updated With 'Worm-Like Capabilities'"

  • news

    Visible to the public "Vendor Quickly Patches Serious Vulnerability in NATO-Approved Firewall"

    A patch was released for a critical vulnerability found in a firewall appliance made by Genua, a Germany-based cybersecurity company. The firewall called Genugate is said to be the only firewall in the world to receive a "highly resistant" rating by the German government. According to Genua, its Genugate firewall is also classified as "NATO Restricted." Genua's products have been used by industrial, government, military, and other critical infrastructure organizations. SEC Consult recently revealed that the Genugate firewall is impacted by a critical authentication bypass vulnerability contained by its administration interfaces. Once a threat actor has gained access to an organization's network, they can use the vulnerability to log in to the firewall's administration panel as any user. If an attacker has full admin/root access rights within the admin web interface, they can reconfigure the entire firewall, including the firewall ruleset, email filtering configuration, web application firewall settings, proxy settings, and more. Attackers could modify the firewall's configuration to access otherwise unreachable systems or redirect company traffic to an attacker-controlled proxy server by exploiting this vulnerability. The highly critical security vulnerability seems to affect all versions of the Genugate firewall. This article continues to discuss the use of the Genugate firewall by critical infrastructure organizations, the critical authentication bypass vulnerability affecting the firewall, and what the abuse of this flaw could allow attackers to do.

    Security Week reports "Vendor Quickly Patches Serious Vulnerability in NATO-Approved Firewall"

  • news

    Visible to the public "Did a Weak Password Result in SolarWinds Hack?"

    The investigation of the SolarWinds Orion software supply chain hacking attack continues. The attack on SolarWinds' Orion IT management platform impacted government agencies, critical infrastructure, and private-sector organizations. SolarWinds' top management is now blaming an intern for the use of a significantly weak password, which is believed to be the root cause of the SolarWinds hack. It has been suggested that the password was publicly accessible via a GitHub repository since June 2018, prior to it being addressed in November 2019 after a security researcher reported it. Sudhakar Ramakrishna, the CEO of SolarWinds, confirmed that the password, "solarwinds123," had been in use as early as 2017. This article continues to discuss the use of a weak password believed to be the main cause of the SolarWinds supply chain attack and other recent findings surrounding the hack in relation to its impact and the state-sponsored group behind its execution.

    CISO MAG reports "Did a Weak Password Result in SolarWinds Hack?"

  • news

    Visible to the public "Quarter of Healthcare Apps Contain High Severity Bugs"

    Researchers at Veracode have discovered that about 75% of healthcare applications contain some kind of vulnerability. A quarter of healthcare apps contain high severity flaws. The researchers also found that the healthcare sector fixes 70% of the vulnerabilities found within applications, putting it behind several other industries in terms of total volume addressed. However, the vulnerabilities that are fixed are usually fixed faster than any other sector on average except for retail. Veracode claimed that this is because healthcare apps are often smaller in size, relatively new, and have a lower density of bugs than software in verticals like tech, financial services, manufacturing, and government. Researchers also found that healthcare organizations do a better job than most at handling CRLF injection and cryptography-related bugs. However, the sector is still not scanning apps for issues regularly enough and is the least likely of any vertical to scan for flaws in open source components. The researchers argued that a failure to scan frequently for flaws means many are going unfixed and could be exploited in future attacks. Data breaches in healthcare cost more than any other sector and are estimated at over $7.1 million per incident.

    Infosecurity reports: "Quarter of Healthcare Apps Contain High Severity Bugs"

  • news

    Visible to the public "Flaws Fixed Incorrectly, as Secure Coding Education Lags"

    Research conducted by HackEDU, a provider of interactive cybersecurity training and secure code development courses for software engineers, attributes code fixing failures to a lack of formal training. Based on feedback mostly from security, development, and compliance leaders, more than 50 percent of developers are not trained in secure coding practices. The study involved data from assessments, lessons, challenges, and vulnerability reports from HackEDU customers and students. Vulnerabilities stemming from broken access control and broken object-level authorizations have been proven to be the most challenging to fix, while fixes for command injection and SQL injection vulnerabilities are often discovered to be incorrect. HackEDU emphasizes the importance of educating developers on secure coding practices as it would help ensure these flaws are reduced or eliminated. In order for developers to properly address harder-to-fix vulnerabilities, they must understand the fundamentals. Memorizing syntax or a framework and then applying it as a patch is not enough. This article continues to discuss HackEDU's findings on the lack of formal training in secure coding among developers, the types of vulnerabilities often fixed incorrectly, and the importance of improving education for developers on secure coding practices.

    SC Media reports "Flaws Fixed Incorrectly, as Secure Coding Education Lags"

  • news

    Visible to the public "Data is Most at Risk on Email, With 83% of Organizations Experiencing Email Data Breaches"

    Researchers from Egress conducted a news study where they interviewed 500 IT leaders and 3,000 remote-working employees in the US and UK across vertical sectors, including financial services, healthcare, and legal. The researchers found that 95% of IT leaders believe that company data is at risk on email and that 83 percent of organizations have suffered a data breach via this channel in the last 12 months. The researchers also found that human error was at the root of nearly one-quarter of incidents, with 24% caused by an employee sharing data in error. Most participants (85%) stated that they are sending more emails due to remote working, heightening the risk of an email data breach. Of the participants, 59% of the IT leaders reported an increase in email data leaks since implementing remote working due to the pandemic.

    Help Net Security reports: "Data is Most at Risk on Email, With 83% of Organizations Experiencing Email Data Breaches"

  • news

    Visible to the public "Privacy Issues and Security Risks in Alexa Skills"

    A new study from a team of researchers from Germany's Ruhr-Universitat Bochum, North Carolina State University, and Google suggests that Alexa Skills often have security weaknesses and data protection problems that attackers can exploit to perform malicious activities. These Skills are voice-driven Alexa capabilities. The researchers analyzed more than 90,000 Alexa Skills from the Amazon store across seven countries. They found problems with Skills that create security and privacy risks for users. This article continues to discuss the researchers' discovery of privacy issues and security risks in Alexa Skills, as well as the source of security gaps and data protection problems associated with these Skills.

    Ruhr-Universitat Bochum reports "Privacy Issues and Security Risks in Alexa Skills"

  • news

    Visible to the public "Cybersecurity Researchers Build a Better 'Canary Trap'"

    A canary trap in the performance of espionage is the spread of multiple versions of false documents to hide a secret. The canary trap technique can be used to detect information leaks or create distractions that conceal valuable information. A team of cybersecurity researchers developed a new data protection system called WE-FORGE that uses Artificial Intelligence (AI) to expand upon the canary trap method. The system protects intellectual property such as drug designs and military technologies by producing false documents. WE-FORGE improves upon the canary technique by using natural language processing to automatically generate multiple fake files that are sufficiently similar to the original ones to be believable but different enough to be incorrect. The system also adds randomness to prevent adversaries from identifying real documents. WE-FORGE can create many fake versions of any technical design document, thus making it significantly difficult for adversaries to determine which document is real once they have successfully hacked a system. The use of this technique causes adversaries to waste their time and resources, as well as have lower confidence. This article continues to discuss the concept of canary traps in espionage and how the WE-FORGE data protection system builds on this technique to better deceive would-be attackers.

    Dartmouth College reports "Cybersecurity Researchers Build a Better 'Canary Trap'"

  • news

    Visible to the public "Go Malware Detections Increase 2000%"

    Researchers at an Israeli security firm Intezer have found that new malware written in the Go programming language has spiked by 2000% over the past four years. Go programming language is sometimes referred to as Golang and was first used for malware around nine years ago. Many adversaries choose to use the Go language to create malware because it works across Windows, Linux, and Mac operating systems and is relatively challenging for researchers to reverse engineer. Go was used by Russian state-backed actors to target Eastern European countries with a variant of the Zebrocy malware last year. Kremlin hackers have also used the language to develop the WellMess malware, which targeted COVID-19 vaccine researchers in the UK, Canada, and the US. The researchers stated that traditional anti-virus programs have a hard time identifying Go malware.

    Infosecurity reports: "Go Malware Detections Increase 2000%"