News Items

  • news

    Visible to the public NSA and SoS Announce Winner of the 8th Paper Competition

    The National Security Agency and Science of Security annouced that "Spectre Attacks: Exploiting Speculative Execution" as the winner of its 8th Annual Best Cybersecurity Research Paper competition.

    Originally published at the 2019 IEEE Security & Privacy Symposium, the winning paper, in combination with Meltdown, another award-winning paper released earlier by the same researchers, launched a global effort to mitigate critical vulnerabilities in processors.

  • news

    Visible to the public Call for Participation: Canberra Artificial Intelligence Summer School

    Call for Participation

    Canberra Artificial Intelligence Summer School

    Virtual, December 4-7th, 2020

    FREE

    Website: http://canberraai.net/caiss2020/
    Discord: https://discord.com/invite/rcKuNm4

    [If interested in staying up-to-date, please join this Discord channel!]


    Introduction

  • news

    Visible to the public Take my word for it: Privacy and COVID alert apps can coexist

    BY LORRIE CRANOR, OPINION CONTRIBUTOR -- 11/10/20 09:30 AM EST

    Since the COVID-19 pandemic began, technologists across the country have rushed to develop digital apps for contact tracing and exposure notifications. New York, New Jersey, Pennsylvania, and Delaware have all recently announced the launch of such apps, announcements which generated excitement. But the advent of these tools has also created questions. Chief among them: Do these apps protect privacy?

  • news

    Visible to the public Science of Security and Privacy 2019 Annual Report

    The Science of Security and Privacy 2019 Annual Report is now available.

    This report highlights the progress and accomplishments of the Science of Security and Privacy initiative.

  • news

    Visible to the public CPS-VO.org now supports DOI!

    The latest release of the CPS-VO.org has added Zenodo support for generating archives and including DOI information for content types such as files, news items, web pages, and wiki pages!

  • news

    Visible to the public Solicitation: NSF Secure and Trustworthy CyberSpace (SaTC) [Solicitation 21-500]

    Secure and Trustworthy Cyberspace (SaTC)

    PROGRAM SOLICITATION
    NSF 21-500

    REPLACES DOCUMENT(S):
    NSF 19-603

    National Science Foundation

    Directorate for Computer and Information Science and Engineering
         Division of Computer and Network Systems
         Division of Computing and Communication Foundations
         Division of Information and Intelligent Systems
         Office of Advanced Cyberinfrastructure

  • news

    Visible to the public NIST Releases Draft Security Feature Recommendations for IoT Devices

    NIST Releases Draft Security Feature Recommendations for IoT Devices

    "Core Baseline" guide offers practical advice for using everyday items that link to computer networks.

    August 01, 2019

  • news

    Visible to the public NSA-approved cybersecurity law and policy course now available online

    NSA-approved cybersecurity law and policy course now available online

    Cyber Scoop

    Shannon Vavra

    August 27th, 2019

    Anyone who is interested in cybersecurity law and policy can now take an online course that was partly shaped by National Security Agency.

  • news

    Visible to the public Verification Tool Competition

    ARCH brings together researchers and practitioners to establish a curated set of benchmarks for verification, testing and reachability, and evaluate them in a friendly competition. ARCH started in 2014 and has sustained a vibrant community since. Since 2017, ARCH has organized as a part of the workshop the International Competition on Verifying Continuous and Hybrid Systems (ARCH-COMP, https://cps-vo.org/group/ARCH/), now in its 3rd iteration.

  • news

    Visible to the public Game-theoretic Paper Wins Annual Paper Competition

    The winner of the 6th Annual Best Scientific Cybersecurity Paper Competition is How Shall We Play a Game? A Game-theoretical Model for Cyber-warfare Games by Tiffany Bao, Yan Shoshitaishvili, Ruoyu Wang, Christopher Kruegel, Giovanni Vigna, and David Brumley. These researchers are from Carnegie Mellon University and University of California, Santa Barbara. This paper was originally accepted at 30th IEEE Computer Security Foundations Symposium (CSF '17).

    To learn more visit the competition homepage: https://cps-vo.org/group/sos/papercompetition/pastcompetitions

  • news

    Visible to the public Secretary of Energy Rick Perry Announces $68.5 Million for Advanced Vehicle Technologies Research

    WASHINGTON, D.C. - Today, U.S. Secretary of Energy Rick Perry announced up to $68.5 million in available funding for early-stage research of advanced vehicle technologies that will enable more affordable mobility, strengthen domestic energy security, and enhance U.S. economic growth.

  • news

    Visible to the public 2018 NSF CPS Program Solicitation

    The 2018 Cyber-Physical Systems Program Solicitation has been released. The submission window for proposals is April 27, 2018 - May 8, 2018. Please see the full solicitation for additional details and the summary of program requirements: https://cps-vo.org/node/45729

  • news

    Visible to the public NSA SoS Lablet Call for Proposals is Open

    The National Security Agency has distributed its BAA (really a request for proposals) for its next generation of SoS Lablets. These lablets include lablets on the 5 Hard Problem areas in Science of Security, on the Science of Privacy and dealing with Cyber Physical Systems. Proposals are due August 21. While the SoS team is not the point of contact for the contracting process, we can aid in directing: https://cps-vo.org/group/SoS/contact

  • news

    Visible to the public U.S. Department of Transportation Launches Smart City Challenge to Create a City of the Future

    Smart City Challenge

  • news

    Visible to the public NEW 2016 NSF-USDA Solicitation: Innovations at the Nexus of Food, Energy, and Water Systems (INFEWS)

    Innovations at the Nexus of Food, Energy and Water Systems (INFEWS)


    Program Solicitation
    NSF 16-524

    National Science Foundation

  • news

    Visible to the public Sticky News Item

    This news item always appears at the top of the 'recent news' list because the 'pin to top of lists' box is checked under 'publishing options' below. News Items can also be set to show in the spotlight slideshow feature.

  • news

    Visible to the public Sticky News Item

    This news item always appears at the top of the 'recent news' list because the 'pin to top of lists' box is checked under 'publishing options' below. News Items can also be set to show in the spotlight slideshow feature.

  • news

    Visible to the public "Ransomware Attack Cripples Vancouver Public Transportation Agency"

    A ransomware attack against TransLink, the public transportation agency for Vancouver, Canada, occurred on December 1st. Vancouver residents could not use their Compass metro cards or pay for new tickets via the agency's Compass ticketing kiosks. The company has not yet revealed the ransomware strain's name, the gange behind the breach, or what information was taken because they are still in the middle of a forensic investigation. The attackers did have one of the agency's printers print out a ransom note, and based on the ransom's note, TransLink had its systems infected with a version of the Egregor ransomware.

    ZDNet reports: "Ransomware Attack Cripples Vancouver Public Transportation Agency"

  • news

    Visible to the public "The Internet's Most Notorious Botnet Has an Alarming New Trick"

    A team of researchers from the security firms AdvIntel and Eclypsium has announced that a new component of the TrickBot trojan now gives hackers the ability to plant a backdoor in a computer's Unified Extensible Firmware Interface (UEFI). Planting malware in the firmware would allow TrickBot to circumvent most antivirus detection and software updates, as well as to resist operating system reinstalls or the replacement of storage devices. This technique, dubbed TrickBoot, could corrupt a computer's firmware to the point where its motherboard would have to be replaced. This article continues to discuss the persistence of TrickBot, the new firmware-focused feature of TrickBot, what companies should do to avoid falling victim to TrickBot, and what the TrickBoot technique means for firmware hacking.

    Wired reports "The Internet's Most Notorious Botnet Has an Alarming New Trick"

  • news

    Visible to the public "Phishing Ploy Targets COVID-19 Vaccine Distribution Effort"

    IBM security researchers detected a phishing campaign aimed at collecting vital information about the World Health Organization's efforts surrounding the distribution of the COVID-19 vaccine to developing countries. The threat actors behind the campaign, as well as its success, remain unknown. According to Nick Rossmann, the IBM team's global threat intelligence lead, the motive behind the operation could be to gather information on the entire refrigeration process, including how the vaccines will be shipped and stored. Other motives may be to undermine the legitimacy of the vaccine or launch destructive attacks. This article continues to discuss the phishing campaign's targets, operations, and possible goals, in addition to the FBI's efforts to protect vaccine development and delivery from cyber threats and more traditional human-centric espionage by adversaries.

    AP News report "Phishing Ploy Targets COVID-19 Vaccine Distribution Effort"

  • news

    Visible to the public "Turla’s ‘Crutch’ Backdoor Leverages Dropbox in Espionage Attacks"

    Researchers have found a previously undocumented backdoor, and document stealer, which is being used by the Russian-speaking Turla advanced persistent threat espionage group. The researchers are calling the malware "Crutch." The malware can bypass security measures by abusing legitimate tools, including the file-sharing service Dropbox, to hide behind normal network traffic. The Crutch toolset has been designed to exfiltrate sensitive documents and other files to Dropbox accounts, which Turla operators control.

    Threatpost reports: "Turla's 'Crutch' Backdoor Leverages Dropbox in Espionage Attacks"

  • news

    Visible to the public "Which Security Practices Lead to Best Security Outcomes?"

    According to a recent Cisco report, a proactive technology refresh and a well-integrated technology stack are two security practices most likely than others to help organizations create a security culture, manage top risk, prevent security incidents, and more. Cisco polled more than 4,800 active IT security and privacy professionals from 25 different countries. Findings suggest that the recruitment and retention of security talent have improved through a well-integrated technology stack. The factors contributing to a strong security culture include proper equipment, a sound security strategy, timely incident response, and accurate threat detection. This article continues to discuss key findings from the Cisco report on the factors that contribute to the overall success of an organization's security program.

    Help Net Security reports "Which Security Practices Lead to Best Security Outcomes?"

  • news

    Visible to the public "New Graph-Based Statistical Method Detects Threats To Vehicular Communications Networks"

    Researchers at the University of Maryland, Baltimore County (UMBC) and the University of Michigan-Dearborn worked together to develop a technique for detecting breaches in the security of vehicular communications networks. The Controller Area Network (CAN) is the most popular intra-vehicular communications network in the automobile industry as it is simple to use. However, the simplicity of this network that makes it appealing for consumers and manufacturers increases the risk of security incidents. Using the CAN, it is possible to remotely control a vehicle from other devices, making it both a feature and a major security concern. A malicious actor can take over the network and send new commands to the vehicle that could disable brakes or cause engine failure, posing a significant threat to consumers' safety. The method developed by the researchers to eradicate these possible threats involves the creation of graph-based anomaly detection techniques. This article continues to discuss the new graph-based statistical method designed to detect intruders or threats to vehicular communications networks and the importance of addressing the vulnerabilities associated with these networks.

    ScienMag reports "New Graph-Based Statistical Method Detects Threats To Vehicular Communications Networks"

  • news

    Visible to the public "Half of Docker Hub Images Feature Critical Flaws"

    Researchers at Prevasio scanned all four million images hosted at Docker Hub, the world's most popular repository service for Linux-based containers. They found that over half of the publicly available Docker Hub container images contain at least one critical vulnerability. Additionally, over 6000 were rated potentially harmful or malicious. Of these, the largest number (44%) were coin miners, followed by malicious npm packages (23%), hacking tools (20%), and Windows malware (6%).

    Infosecurity reports: "Half of Docker Hub Images Feature Critical Flaws"

  • news

    Visible to the public HoTSoS 2021: Social Media Chair

    Meet the HoTSoS 2021 Team:
    Social Media Chair

    HoTSoS is just around the corner again, and introductions to the 2021 Program Committee are in order. First up on the docket is John Symons (KU)! John will be serving as our Social Media Chair and we are very excited to have him! 

    About the Chair

  • news

    Visible to the public "Google Researcher Demonstrates iPhone Exploit With Wi-Fi Takeover"

    A security researcher with Google's Project Zero discovered a vulnerability that could have allowed hackers to take over a person's iPhone without having to trick victims into clicking any malicious links or downloading malware. The exploitation of this vulnerability only requires that the hacker is within Wi-Fi range of a person's phone. Ian Beer, the Google researcher who discovered this vulnerability, demonstrated the use of a Raspberry Pi and off-the-shelf Wi-Fi adapters to steal photos from an iPhone in a different room within a few minutes. Beer also showed how the same vulnerability allowed him to repeatedly reboot more than 20 iPhones simultaneously. This article continues to discuss Beer's demonstrated exploitation of the iPhone vulnerability, from where the vulnerability stems, the patch released to address it, and other discovered iOS vulnerabilities.

    CNET reports "Google Researcher Demonstrates iPhone Exploit With Wi-Fi Takeover"

  • news

    Visible to the public "Malicious NPM Packages Used to Install njRAT Remote Access Trojan"

    The open-source security firm Sonatype found malicious NPM packages that install the njRAT remote access trojan. NPM, short for Node Package Manager, is a packet manager for the JavaScript programming language. Using njRAT, a threat actor can get full remote access to a victim's computer to perform malicious activities such as modifying the Windows Registry, deleting files, logging keystrokes, stealing passwords, killing processes, taking screenshots, executing commands, and more. This article continues to discuss the installation of the njRAT remote access trojan via NPM packages, the malicious activities that threat actors can perform using njRAT, and other findings surrounding the use of NPM packages to install malware.

    BleepingComputer reports "Malicious NPM Packages Used to Install njRAT Remote Access Trojan"

  • news

    Visible to the public "Driven by Ransomware, Cyber Claims Rise in Number & Value"

    The insurance company Allianz recently released a report highlighting cyberattacks and security incidents as the top business risk for companies and the rise in cyber insurance claims. According to the firm's "Trend in Cyber Risk" report, the number of insurance claims increased by 27% in the first nine months of 2020, with 39% of companies now considering cyber incidents as the most important risk. The major factors behind the growth in claims are the expansion of the cyber insurance market and the growing cost of cybercrime to companies. The growing commercialization of hacking tools has also contributed to the increase in ransomware claims. There has been an increase in the distribution of high-end hacking tools for sale among cybercriminals to execute ransomware attacks. The insurer Coalition has also seen a surge in ransomware claims as the firm's 2020 "Cyber Insurance Claims Report" revealed that ransomware attacks made up over 40% of policyholder claims. This article continues to discuss the rise in cyber insurance claims, growth in ransomware claims, and how companies can avoid most of the attacks that lead to claims.

    Dark Reading reports "Driven by Ransomware, Cyber Claims Rise in Number & Value"

  • news

    Visible to the public "Electronic Medical Records Cracked Open by OpenClinic Bugs"

    Researchers at Bishop Fox have discovered four vulnerabilities in the OpenClinic application used for sharing electronic medical records. Its latest version is 0.8.2 and was released in 2016. According to researchers, the four bugs involve missing authentication, insecure file upload, cross-site scripting (XSS), and path-traversal. The most concerning flaw found would allow a remote, unauthenticated attacker to read patients' personal health information (PHI) from the application.

    Threatpost reports: "Electronic Medical Records Cracked Open by OpenClinic Bugs"

  • news

    Visible to the public "Cyber-Attack Exposes Data of 295,000 Colorado Springs Patients"

    AspenPointe, a nonprofit mental health and behavioral health services provider based in Colorado Springs, Colorado, experienced a cyberattack in September 2020 that resulted in the exposure of protected health information (PHI) on more than 295,000 patients. Due to the attack, the healthcare provider had to take its systems offline, which disrupted operations for several days. An investigation of the incident revealed that cybercriminals accessed patient data, including full names, dates of birth, driver's license numbers, bank account information, Social Security numbers, diagnosis codes, admission dates, and more. AspenPointe is now notifying patients about the cyberattack and offering those affected 12 months of complimentary identity theft protection services and a $1M insurance reimbursement policy. This article continues to discuss the impact of the AspenPointe data breach and the healthcare provider's response to this incident.

    Infosecurity Magazine reports "Cyber-Attack Exposes Data of 295,000 Colorado Springs Patients"

  • news

    Visible to the public HoTSoS 2021: Student Presentation Co-Chairs

    Meet the HoTSoS 2021 Team:
    Student Presentation Co-Chairs

    The HoTSoS Program Committee is happy to have a newly created "Student Presentation Chair" position, and even happier to have Julie Haney (NIST) and Hanan Hibshi (CMU) co-serving!

    About the Chairs

  • news

    Visible to the public "Magecart Attack Convincingly Hijacks PayPal Transactions at Checkout"

    Researchers have recently discovered that the Magecart gang has come up with a new credit-card skimming technique for hijacking PayPal transactions during checkout just in time for the Christmas holiday shopping season. The technique uses postMessage to inject convincing PayPal iframes into the checkout process of an online purchase. Once the victim enters and submits payment info, the skimmer exfiltrates the data to apptegmaker.com, a domain registered in October 2020 and connected to tawktalk.com. The latter was seen used in previous Magecart group attacks. The skimmer then clicks the order button behind the malicious iframe and sends the victim back to the legitimate checkout page to complete the transaction.

    Threatpost reports: "Magecart Attack Convincingly Hijacks PayPal Transactions at Checkout"

  • news

    Visible to the public "MacOS Backdoor Appears to Be Update of Tool Previously Used by Vietnam-Linked Group"

    According to Trend Micro researchers, the hacking group dubbed APT32 or OceanLotus appears to be using an updated version of a tool that can infiltrate macOS computers. The malicious software comes as a .zip file that uses a Microsoft Word Icon. It is designed to circumvent detection by antivirus software. When the malware is activated, it works as a backdoor for other payloads capable of pulling data from the infected machine. This discovery indicates that APT32 is continuing to update its tactics in the launch of espionage campaigns against Southeast Asia. The group was recently discovered to have used fake news sites to spy on users, infect their machines with malware, and use the Google Play Store to distribute spyware apps. This article continues to discuss APT32's macOS backdoor and other recent discoveries surrounding the hacking group.

    CyberScoop reports "MacOS Backdoor Appears to Be Update of Tool Previously Used by Vietnam-Linked Group"

  • news

    Visible to the public "Security Flaw Could Allow Hackers to Trick Lab Scientists Into Making Viruses"

    Cybersecurity researchers from the Ben-Gurion University of the Negev demonstrated an end-to-end attack that can change data on a bioengineer's computer. As this cyberattack could meddle with DNA orders, it could lead to the development of toxins and viruses. According to the researchers, this attack works by infecting a researcher's computer with a Trojan Horse. When that researcher orders synthetic DNA, the malware then obfuscates the order to appear legitimate to the DNA shop's security software. The DNA shop fills the order, and the obfuscated DNA sub-strings go undetected by the researcher's security software. The use of this method allowed researchers to bypass security for 16 out of 50 orders they used to test the technique. This research emphasizes the importance of developing methods that can detect these types of adapted envelope attacks as it is impossible for humans to check each DNA sequence. This article continues to discuss the attack demonstrated by researchers to trick lab scientists into creating viruses and how this issue could be addressed.

    TNW reports "Security Flaw Could Allow Hackers to Trick Lab Scientists Into Making Viruses"

  • news

    Visible to the public "TurkeyBombing Puts New Twist on Zoom Abuse"

    Cybercriminals have targeted victims with phishing emails hoping that many families would be using Zoom to call family and friends over the Thanksgiving weekend. The major phishing campaign is aimed at stealing Microsoft credentials. Threat actors already stole nearly 4,000 credentials before the holiday was even over, according to researchers. The email states, "You received a video conference invitation," and included a link to review the malicious invitation. If a victim takes the bait, the phishing page records the victims' email addresses, passwords, IP addresses, and geographic location. If it is determined the credentials successfully allow access to a privileged account, the adversaries attempt to breach the account via Internet Message Access Protocol (IMAP) credential verification.

    Threatpost reports: "TurkeyBombing Puts New Twist on Zoom Abuse"

  • news

    Visible to the public "Security Researcher Accidentally Discovers Windows 7 and Windows Server 2008 Zero-Day"

    A security researcher accidentally discovered a zero-day vulnerability that affects the Windows 7 and Windows Server 2008 R2 operating system while working on a Windows security tool. The vulnerability stems from two misconfigured registry keys for the RPC Endpoint Mapper and DNSCache service, which are part of Windows systems. According to the researcher who found the vulnerability, an attacker can modify the registry keys to activate a sub-key that is usually used by the Windows Performance Monitoring mechanism. On Windows 7 and Windows Server 2008, performance subkeys allow developers to load custom DLLs that run with SYSTEM-level privileges. This article continues to discuss the discovery, potential exploitation, and disclosure of the zero-day vulnerability impacting Windows 7 and Windows Server 2008 R2.

    ZDNet reports "Security Researcher Accidentally Discovers Windows 7 and Windows Server 2008 Zero-Day"

  • news

    Visible to the public Vincd Houghton is new director of the National Cryptologic Museum

    New director of the National Cryptologic Museum, Vince Houghton, brings experience from former job at the Spy Museum.

    https://www.securitymagazine.com/articles/94032-vince-houghton-named-director-of-nsas-national-cryptologic-museum

  • news

    Visible to the public "Automation to Shape Cybersecurity Activities in 2021"

    WatchGuard predicts that automation will shape cybersecurity attack and defense activities in 2021. According to the global leader in network security and intelligence, manual techniques will be replaced by automation tools to launch spear-phishing campaigns. Automation tools will help cybercriminals gather victim-specific data from social media sites and company websites. On the other hand, automation is expected to help cloud service providers, including Amazon, Google, and Microsoft, prevent cybercriminals from abusing their services to execute attacks. As we continue to face the COVID-19 crisis, automated spear-phishing attacks are also expected to exploit fears stemming from the pandemic, political issues, and the economy. This article continues to discuss how automation will change cybercriminal and cybersecurity activities, as well as the expected increase in the abuse of Virtual Private Networks (VPNs) and Remote Desktop Protocol (RDP) solutions, targeting of security gaps in legacy endpoints, and the importance of using Multi-Factor Authentication (MFA).

    Help Net Security reports "Automation to Shape Cybersecurity Activities in 2021"

  • news

    Visible to the public "Web Application Attacks Increases 8x in H1 2020"

    According to a report from the cloud security provider CDNetworks, the number of Distributed Denial-of-Service (DDoS), web application, and botnet attacks increased significantly in the first half of 2020 compared to that of 2019. The "State of the Web Security for H1 2020" report revealed that web application attacks increased by 800%. More than 4 billion web application attacks were blocked in H1 2020, which is said to be eight times higher than the number blocked in H1 2019. There has been a 147.63% year-on-year increase in DDoS attacks. The use of Artificial Intelligence and Machine Learning to find and exploit new vulnerabilities contained by company networks and systems was also highlighted. The report also brings further attention to the shift in attacks towards media, public services, education, and other sites that are profiting under COVID-19. This article continues to discuss the increase in cyberattacks in the first half of 2020, the use of AI and ML in the execution of attacks, and the change in targets.

    CISO MAG reports "Web Application Attacks Increases 8x in H1 2020"

  • news

    Visible to the public "Up to 350,000 Spotify Accounts Hacked in Credential Stuffing Attacks"

    Researchers at vpnMetro have recently found an unsecured internet-facing database containing over 380 million individual records, including login credentials leveraged to break into 300,000 to 350,000 Spotify accounts. The exposed records were stored on an unsecured Elasticsearch server and included various sensitive information such as people's usernames and passwords, email addresses, and countries of residence. The exposed database belonged to a 3rd party that was using it to store Spotify login credentials. These credentials were most likely obtained illegally or potentially leaked from other sources that were repurposed for credential stuffing attacks against Spotify.

    WeLiveSecurity reports: "Up to 350,000 Spotify Accounts Hacked in Credential Stuffing Attacks"

  • news

    Visible to the public "85% of Cyber Espionage Is State-Affiliated, Only 4% Tied To Organized Crime"

    Verizon's 2020 Cyber Espionage Report pulls information from other annual reports, including seven years of the Verizon Data Breach Investigations Report (DBIR) and fourteen years of research from the Verizon Threat Research Advisory Center (VTRAC). According to the Cyber Espionage Report, 85% of cyber espionage incidents come from state-affiliated groups, while only 4% are from organized crime. The public sector (government agencies) remains the top target of cyber espionage, followed by manufacturing. Phishing and malware backdoors are also the most common point of entry for such activity. This article continues to discuss key findings shared by Verizon's 2020 Cyber Espionage Report in relation to threat actors, targets, common points of entry, discovery, time to discovery, and the difficulty in detecting patterns of cyber espionage.

    CPO Magazine reports "85% of Cyber Espionage Is State-Affiliated, Only 4% Tied To Organized Crime"

  • news

    Visible to the public "Baltimore County Schools Forced to Cancel Classes Following Ransomware Attack"

    A ransomware attack disabled the Baltimore County Public School system's entire network. The attack occurred on the network Tuesday night. The form of ransomware used was not disclosed, but some researchers believe it is Ryuk ransomware. The group behind the attack demanded a ransom payment, and classes were canceled on Wednesday due to the attack. State auditors had just recently conducted an audit of the Baltimore County Public School System and found that the network was not being adequately secured and that sensitive personal information was not properly safeguarded, among other issues.

    SiliconANGLE: "Baltimore County Schools Forced to Cancel Classes Following Ransomware Attack"

  • news

    Visible to the public "FBI Warns of Spoofed FBI-Related Domains"

    The Federal Bureau of Investigation (FBI) has issued an alert to the public about the registration of domains designed to spoof legitimate FBI-related websites. The agency also warns of the use of spoofed email accounts to trick victims into revealing sensitive information. Spoofed domains and email accounts can be used to spread misinformation and malware, as well as collect usernames, passwords, email addresses, and personally identifiable information. Users are encouraged to ensure that websites and email addresses are correctly spelled, keep their operating systems and applications up to date, and to use anti-malware software. The FBI also advises users to never enable macros on documents received via email unless the file has been scanned with an anti-virus application. This article continues to discuss the FBI's warning about the surge in spoofed FBI-related domains, how users can protect themselves, and the various reasons as to why adversaries spoof law enforcement or government websites.

    Security Week reports "FBI Warns of Spoofed FBI-Related Domains"

  • news

    Visible to the public "Around 18,000 Fraudulent Sites Are Created Daily"

    Researchers at Bolster have discovered that in Q2 of 2020, there was an alarming, rapid increase of new phishing and fraudulent sites being created. The researchers detected 1.7 million phishing and scam websites, which is a 13.3% increase from Q1 2020. Phishing and scam websites continued to increase in Q2 and peaked in June 2020 with a total of 745,000 sites detected. On average, there were more than 18,000 fraudulent sites created each day.

    Help Net Security reports: "Around 18,000 Fraudulent Sites Are Created Daily"

  • news

    Visible to the public "Security Researchers Sound Alarm on Smart Doorbells"

    Researchers from the security company NCC Group and the UK consumer organization Which? analyzed 11 video doorbells sold on Amazon and eBay and discovered high-risk vulnerabilities in all of the devices. One of the vulnerabilities shared among them was the practice of sending data, including Wi-Fi names, passwords, photos, email, video, and location information back to the manufacturer. Another security can allow an attacker to steal the network password, thus enabling them to hack into the doorbell, router, and other devices connected to the user's network. This article continues to discuss the vulnerabilities found in the 11 smart doorbells, what the exploitation of these vulnerabilities could allow attackers to do, and the growing threat posed by insecure Internet of Things (IoT) devices to Internet security.

    Dark Reading reports "Security Researchers Sound Alarm on Smart Doorbells"

  • news

    Visible to the public "Organizations Should Use Psychology to Promote Secure Behavior Among Staff"

    The Information Security Forum (ISF) encourages organizations to improve employees' security behavior through the use of psychology. The group's report titled Human-Centered Security: Positively Influencing Security Behavior guides organizations on the development of psychological techniques to get employees to engage in more secure behaviors. Human-centered security programs help organizations better understand employees and create initiatives aimed at changing behaviors that would lead to a decrease in security incidents relating to human errors and acts of negligence. As the shift to remote working during the COVID-19 pandemic has increased the risk of individual errors that result in security incidents, it is important to promote secure behavior. This article continues to discuss the ISF's report aimed at establishing more secure behaviors among employees.

    Infosecurity Magazine reports "Organizations Should Use Psychology to Promote Secure Behavior Among Staff"

  • news

    Visible to the public "Baidu Apps in Google Play Leak Sensitive Data"

    Researchers at Palo Alto Unit 42 discovered that multiple Android mobile apps found in Google Play, including Baidu Search Box and Baidu Maps, leak data that could be used to track users, even if they switch devices. The apps in question expose a range of information, including: Phone model; screen resolution; phone MAC address; wireless carrier; network (Wi-Fi, 2G, 3G, 4G, 5G); Android ID; International Mobile Subscriber Identity (IMSI); and International Mobile Equipment Identity (IMEI). Adversaries could use the information to track users across devices, disable phone service, or intercept messages and phone calls. The applications in question have each been downloaded millions of times.

    Threatpost reports: "Baidu Apps in Google Play Leak Sensitive Data"

  • news

    Visible to the public SoS Musings #43 - Crowdsourcing Security with Bug Bounty Programs

    SoS Musings #43 -

    Crowdsourcing Security with Bug Bounty Programs

  • news

    Visible to the public Cybersecurity Snapshots #12 - Open Source Code: Is It Secure?

    Cybersecurity Snapshots #12 -

    Open Source Code: Is It Secure?