News Items

  • news

    Visible to the public NSF 20-052 - Dear Colleague Letter on the Coronavirus Disease 2019 (COVID-19)

    Dear Colleague,

    In light of the emergence and spread of the coronavirus disease 2019 (COVID-19) in the United States and abroad, the National Science Foundation (NSF) is accepting proposals to conduct non-medical, non-clinical-care research that can be used immediately to explore how to model and understand the spread of COVID-19, to inform and educate about the science of virus transmission and prevention, and to encourage the development of processes and actions to address this global challenge.

  • news

    Visible to the public Call to Action to the Tech Community on New Machine Readable COVID-19 Dataset

    THE WHITE HOUSE
    Office of Science and Technology Policy

    FOR IMMEDIATE RELEASE
    March 16, 2020

    Today, researchers and leaders from the Allen Institute for AI, Chan Zuckerberg Initiative (CZI), Georgetown University's Center for Security and Emerging Technology (CSET), Microsoft, and the National Library of Medicine (NLM) at the National Institutes of Health released the COVID-19 Open Research Dataset (CORD-19) of scholarly literature about COVID-19, SARS-CoV-2, and the coronavirus group.

  • news

    Visible to the public Open for Nominations - Submission Period Extended!

    The 8th Annual Best Scientific Cybersecurity Paper Competition is now open for nominations. This year's nominating period runs through midnight on March 31, April 15, 2020. We look forward to receiving your nominations.

  • news

    Visible to the public NIST Releases Draft Security Feature Recommendations for IoT Devices

    NIST Releases Draft Security Feature Recommendations for IoT Devices

    "Core Baseline" guide offers practical advice for using everyday items that link to computer networks.

    August 01, 2019

  • news

    Visible to the public NSA-approved cybersecurity law and policy course now available online

    NSA-approved cybersecurity law and policy course now available online

    Cyber Scoop

    Shannon Vavra

    August 27th, 2019

    Anyone who is interested in cybersecurity law and policy can now take an online course that was partly shaped by National Security Agency.

  • news

    Visible to the public Verification Tool Competition

    ARCH brings together researchers and practitioners to establish a curated set of benchmarks for verification, testing and reachability, and evaluate them in a friendly competition. ARCH started in 2014 and has sustained a vibrant community since. Since 2017, ARCH has organized as a part of the workshop the International Competition on Verifying Continuous and Hybrid Systems (ARCH-COMP, https://cps-vo.org/group/ARCH/), now in its 3rd iteration.

  • news

    Visible to the public Game-theoretic Paper Wins Annual Paper Competition

    The winner of the 6th Annual Best Scientific Cybersecurity Paper Competition is How Shall We Play a Game? A Game-theoretical Model for Cyber-warfare Games by Tiffany Bao, Yan Shoshitaishvili, Ruoyu Wang, Christopher Kruegel, Giovanni Vigna, and David Brumley. These researchers are from Carnegie Mellon University and University of California, Santa Barbara. This paper was originally accepted at 30th IEEE Computer Security Foundations Symposium (CSF '17).

    To learn more visit the competition homepage: https://cps-vo.org/group/sos/papercompetition/pastcompetitions

  • news

    Visible to the public Secretary of Energy Rick Perry Announces $68.5 Million for Advanced Vehicle Technologies Research

    WASHINGTON, D.C. - Today, U.S. Secretary of Energy Rick Perry announced up to $68.5 million in available funding for early-stage research of advanced vehicle technologies that will enable more affordable mobility, strengthen domestic energy security, and enhance U.S. economic growth.

  • news

    Visible to the public 2018 NSF CPS Program Solicitation

    The 2018 Cyber-Physical Systems Program Solicitation has been released. The submission window for proposals is April 27, 2018 - May 8, 2018. Please see the full solicitation for additional details and the summary of program requirements: https://cps-vo.org/node/45729

  • news

    Visible to the public NSA SoS Lablet Call for Proposals is Open

    The National Security Agency has distributed its BAA (really a request for proposals) for its next generation of SoS Lablets. These lablets include lablets on the 5 Hard Problem areas in Science of Security, on the Science of Privacy and dealing with Cyber Physical Systems. Proposals are due August 21. While the SoS team is not the point of contact for the contracting process, we can aid in directing: https://cps-vo.org/group/SoS/contact

  • news

    Visible to the public U.S. Department of Transportation Launches Smart City Challenge to Create a City of the Future

    Smart City Challenge

  • news

    Visible to the public NEW 2016 NSF-USDA Solicitation: Innovations at the Nexus of Food, Energy, and Water Systems (INFEWS)

    Innovations at the Nexus of Food, Energy and Water Systems (INFEWS)


    Program Solicitation
    NSF 16-524

    National Science Foundation

  • news

    Visible to the public Sticky News Item

    This news item always appears at the top of the 'recent news' list because the 'pin to top of lists' box is checked under 'publishing options' below. News Items can also be set to show in the spotlight slideshow feature.

  • news

    Visible to the public Sticky News Item

    This news item always appears at the top of the 'recent news' list because the 'pin to top of lists' box is checked under 'publishing options' below. News Items can also be set to show in the spotlight slideshow feature.

  • news

    Visible to the public "Tel Aviv University and IDC Herzliya Researchers Thwart Large-Scale Cyberattack Threat"

    Researchers at Tel Aviv University and the Interdisciplinary Center (IDC) of Herzliya say that vulnerabilities in the Domain Name System (DNS) could have been used to execute a much more massive attack than that of the infamous Mirai botnet. A study conducted by the researchers shares new details about a technique called "NXNSAttack" (Non-Existent Name Server Attack), which abuses the vulnerabilities contained by commonly used DNS software. Malicious actors could have applied the threatening method to execute distributed denial-of-service (DDoS) attacks on a larger scale using a relatively small number of computers. Several makers of the DNS software, in addition to companies responsible for the Internet's infrastructure, including Google, Microsoft, Amazon, and Dyn, were notified about these findings, which led to software updates to address the problem. This article continues to discuss the Mirai botnet's impact in 2016, the NXNSAttack technique, and the research behind this method.

    EurekAlert! "Tel Aviv University and IDC Herzliya Researchers Thwart Large-Scale Cyberattack Threat"

  • news

    Visible to the public "NSA Warns About Sandworm APT Exploiting Exim Flaw"

    The NSA has warned in a security advisory published on Thursday that the Russian APT group Sandworm has been exploiting a critical Exim flaw (CVE-2019-10149) to compromise mail servers since August 2019. When this flaw is successfully exploited, threat actors can execute code of their choosing. When Sandworm exploited the flaw, the victim's machine subsequently downloads and executes a shell script from a Sandworm-controlled domain. The script then attempts to add privileged users, update SSH configuration to enable additional remote access, disable network security settings, and execute an additional script to enable follow-on exploitation.

    Help Net Security reports: "NSA Warns About Sandworm APT Exploiting Exim Flaw"

  • news

    Visible to the public "Vulnerability Disclosures Drop in Q1 for First Time in a Decade"

    An analysis recently published by Risk Based Security reveals a decrease in the number of vulnerabilities reported in the first quarter of 2020 by 20%. Although the decline in reported vulnerabilities occurred in the same quarter as the surge of remote workers resulting from the coronavirus pandemic, a clear connection still has not been determined as to why there are fewer vulnerabilities. Brian Martin, vice president of intelligence for Risk-Based Security, emphasized the emergence of outliers observed by security professionals because of COVID-19. One of the reasons behind the drop in vulnerabilities could be the disruption of security operations and the reduction of security workers due to the pandemic. This article continues to discuss the decline in the number of reported vulnerabilities in Q1 2020 and why this number could be lower due to COVID-19's impact.

    Dark Reading reports "Vulnerability Disclosures Drop in Q1 for First Time in a Decade"

  • news

    Visible to the public "External Attacks on Cloud Accounts Grew 630 Percent From January to April"

    In a new survey by Macafee, researchers found that overall enterprise adoption of cloud services spiked by 50 percent between January and April, including manufacturing and financial services that typically rely on legacy on-premises applications and networking and security more than others. The use of cloud collaboration tools increased by up to 600 percent. The education sector saw the most growth in the use of cloud collaboration tools since more students are required to adopt distance learning practices. Threat events against cloud services and collaboration tools from external actors increased by 630 percent between January and April. Most of these external attacks targeted collaboration services like Microsoft 365 and were large-scale attempts to access cloud accounts with stolen credentials.

    Help Net Security reports: "External Attacks on Cloud Accounts Grew 630 Percent From January to April"

  • news

    Visible to the public "External Threats Outpace Insider-Related Breaches in Healthcare"

    According to the latest Verizon Data Breach Investigations Report (DBIR), the healthcare sector faced an increase in attacks last year with external threats exceeding the number of incidents caused by insiders. Verizon's DBIR highlights findings from the analysis of 3,950 data breaches and 157,252 security incidents experienced by companies across 16 sectors in four different regions. The report revealed that 51% of healthcare data breaches were caused by external actors, while 48% were insider-related. However, healthcare organizations remain the most impacted by insider threats. The report also pointed out the top patterns behind healthcare data breaches in 2019, which include web application attacks, business email compromise, and the misdelivery of emails. This article continues to discuss the insider threats faced by the healthcare sector and how healthcare organizations can prevent insider-related breaches, along with healthcare's ransomware problem and the most common patterns observed with data breaches in 2019.

    HealthITSecurity reports "External Threats Outpace Insider-Related Breaches in Healthcare"

  • news

    Visible to the public "Qatar: 'Huge' Security Weakness in COVID-19 Contact-Tracing App"

    Amnesty International discovered critical vulnerabilities in Qatar's mandatory coronavirus contact-tracing app, which have now been fixed. The app is intended to help slow down the spread of COVID-19 by alerting users when they are near someone who has tested positive for the infectious disease. The discovery of serious weaknesses in Qatar's EHTERAZ contact-tracing app configuration, further emphasizes the need for governments to implement privacy safeguards for such apps. Findings from the investigation of the app conducted by Amnesty's Security Lab revealed a vulnerability that would have allowed attackers to gain access to highly sensitive information about more than one million users, such as names, health status, location, and more. This article continues to discuss the purpose of Qatar's contact-tracing app, Amnesty's discovery of vulnerabilities contained by the app, and the importance of incorporating privacy and data protection into the design of such apps.

    Amnesty reports "Qatar: 'Huge' Security Weakness in COVID-19 Contact-Tracing App"

  • news

    Visible to the public "Florida Tech Student Finds Privacy Flaws in Connected Security and Doorbell Cameras"

    Florida Tech computer science student Blake Janes discovered systematic design flaws in internet-connected doorbells and security cameras manufactured by Ring, Nest, SimpliSafe, and eight other manufacturers. Janes found that a shared account can still have access to a video feed despite it appearing to have been removed. The mechanism implemented for removing user accounts does not function as it should because it fails to remove active user accounts. Malicious actors could exploit this flaw to maintain access to a camera system for an unlimited time. They can use this time to record audio and video, posing a significant threat to users' privacy. This invasion of privacy can be achieved using the devices' companion applications, which eliminates the need for advanced hacking tools. The devices found to contain flaws include the Blink Camera, D-Link Camera, Canary Camera, and many more. This article continues to discuss the security flaws found in connected security and doorbell cameras, as well as how vendors have responded to this discovery.

    Florida Tech reports "Florida Tech Student Finds Privacy Flaws in Connected Security and Doorbell Cameras"

  • news

    Visible to the public "A New Android bug, Strandhogg 2.0, Lets Malware Pose as Real Apps and Steal User Data"

    Researchers at a security firm called Promon, have discovered a new vulnerability, called Strandhogg 2.0. This vulnerability affects all devices running Android 9.0 and earlier. This vulnerability lets malware imitate legitimate apps to steal app passwords and other sensitive data. The user would have to download a malicious app (disguised as a normal app) to exploit the Strandhogg 2.0 vulnerability.

    TechCrunch reports: "A New Android bug, Strandhogg 2.0, Lets Malware Pose as Real Apps and Steal User Data"

  • news

    Visible to the public "Android Security Vulnerabilities Differ by Country, Say Researchers"

    According to researchers at F-Secure, Android devices manufactured by Huawei, Samsung, Xiaomi, and others are being shipped and sold with significantly different levels of on-board security in different regions. The differences in Android security vulnerabilities by region emphasize the importance of increasing knowledge and understanding of Android device security globally. This discovery also highlights the value of vulnerability research. F-Secure's researchers have stressed the importance of raising awareness among device manufacturers in different countries about how problematic the growth of custom-Android builds can be in regard to security. This article continues to discuss the distribution of Android devices that offer different levels of security to users located in different regions, what different levels of on-board security by country indicate, and the security vulnerabilities contained by devices tested by F-Secure's researchers.

    Computer Weekly reports "Android Security Vulnerabilities Differ by Country, Say Researchers"

  • news

    Visible to the public "Malware Opens RDP Backdoor Into Windows Systems"

    Researchers at SentinelOne have discovered a new version of the Sarwent malware. Sarwent is a malware that started as a loader for other malware but has recently been updated with more functionalities. The new variant of Sarwent can open the Remote Desktop Protocol (RDP) port on Windows computers to ensure that the adversaries can find their way back into the system through the backdoor. The malware can also now execute commands via Windows Command Prompt and PowerShell. It can also create a new Windows user account, enable the RDP service for it, and make changes to the Windows firewall so that RDP access to the infected machine is allowed. Removing this malware from an infected computer will not automatically close the RDP "hole". Users will have to remove the user account set up by the malware and close the RDP access port in the firewall.

    Help Net Security reports: "Malware Opens RDP Backdoor Into Windows Systems"

  • news

    Visible to the public SoS Musings #37 - The Double-Edged Sword of AI and ML

    SoS Musings #37 -

    The Double-Edged Sword of AI and ML

  • news

    Visible to the public Cyber Scene #44 - Tracing Tracks: So Near Yet So Far Away

    Cyber Scene #44 -

    Tracing Tracks: So Near Yet So Far Away

  • news

    Visible to the public  Cybersecurity Snapshots #6 - Will Biometric Authentication Soon Replace Password Authentication?

    Cybersecurity Snapshots #6 -

    Will Biometric Authentication Soon Replace Password Authentication?

  • news

    Visible to the public Spotlight on Lablet Research #6 - Contextual Integrity for Computer Systems 

    Spotlight on Lablet Research #6 -

    Project: Contextual Integrity for Computer Systems

  • news

    Visible to the public "Hackers Can Target Rockwell Industrial Software With Malicious EDS Files"

    Rockwell Automation and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) published advisories about vulnerabilities associated with the Electronic Data Sheet (EDS) subsystem discovered by researchers at the industrial cybersecurity firm Claroty. An EDS file holds configuration data for a device. Network management tools use EDS files for identification and commissioning. According to the Claroty researchers, the security flaws they found could be exploited by hackers to launch denial-of-service (DoS) attacks and execute malicious SQL statements. These attacks can allow hackers to write or manipulate files. The vulnerabilities impact FactoryTalk Linx, RSLinx Classic, RSNetWorx, and Studio 5000 Logix Designer. This article continues to discuss the security holes that hackers can abuse to target Rockwell industrial software.

    Security Week reports "Hackers Can Target Rockwell Industrial Software With Malicious EDS Files"

  • news

    Visible to the public The Queens of Code

    The Queens of Code will be presenting four talks about NSA's Computing Women from the 60s, 70s, and 80s as part of the Cyber Center for Education & Innovation (CCEI) series on the NEPRIS platform. These computing pioneers contributed to early technology development and the national defense--a secret they've kept for over 50 years. The programs are free, NEPRIS registration is required. The talks are geared to middle and high school students, but all are welcomed.

  • news

    Visible to the public "70 Percent of Mobile, Desktop Apps Contain Open-Source Bugs"

    Researchers at Veracode analyzed 351,000 external libraries in 85,000 applications and found that open-source libraries are widespread. Many application developers use open-source libraries to help create their applications because it allows them to add basic functionality to their applications quickly. The researchers discovered that 70 percent of applications today have at least one security flaw stemming from the use of an open-source library. The four main libraries (PHP, Go, .NET, and Swift) represent most of the open-source bugs found in applications.

    Threatpost reports: "70 Percent of Mobile, Desktop Apps Contain Open-Source Bugs"

  • news

    Visible to the public "DOE Says Supercomputers Handling COVID-19 Data Are Hacker Targets"

    The Department of Energy (DOE) has observed a surge in cyberattacks against national laboratories and interest in U.S. coronavirus research from foreign nations. The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) are currently investigating attacks faced by U.S. organizations researching COVID-19. Government agencies and private experts have also brought further attention to the continued growth in cyberattacks during the coronavirus pandemic as more people work remotely because of stay-at-home restrictions. This article continues to discuss hackers' recent attempts to steal U.S. coronavirus-related research and the rise in cyberattacks during the pandemic.

    SIW reports "DOE Says Supercomputers Handling COVID-19 Data Are Hacker Targets"

  • news

    Visible to the public "The Dark Web is Flooded With Offers to Purchase Corporate Network Access"

    Researchers from Positive Technologies have found an increase in interest in accessing corporate networks on the dark web. In Q1 2020, the number of postings advertising access to these networks increased by 69 percent compared to the previous quarter. The researchers believe that this may pose a significant risk to corporate infrastructure, especially since many employees are working remotely. "Access for sale" on the dark web is a generic term, which usually refers to credentials, software, exploits, or anything else that allows illicitly controlling one or more remote computers. In Q4 2019, over 50 access points to the networks of major companies worldwide were publicly available for sale on the dark web. In Q1 2020, this number rose to 80. Adversaries usually sell access to industrial companies, finance, science and education, IT, and professional services companies.

    Help Net Security reports: "The Dark Web is Flooded With Offers to Purchase Corporate Network Access"

  • news

    Visible to the public "60% of Insider Threats Involve Employees Planning to Leave"

    New research shows that more than 80% of employees with plans to leave an organization take data with them before they go. According to the 2020 Securonix Insider Threat Report based on the analysis of over 300 confirmed incidents, these employees considered "flight-risk" were involved in about 60% of insider threats. Most insider threats involved the exfiltration of sensitive data, while others included privilege misuse, data aggregation, and infrastructure sabotage. Employees exhibit flight-risk behavior between two to eight weeks before they make their exit. The most common data exfiltration methods include moving sensitive information via email, uploading the information to cloud storage websites, using data downloads, storing data on unauthorized removable devices, and snooping for data through SharePoint. Shareth Ben, director of Insider Threat and Cyber Threat Analytics with Securonix calls on IT security operations teams to be on the lookout for red flags such as web browsing activities related to job searching and attempts to access administrative accounts. Another significant flag is the movement of sensitive information via email, collaboration tools, or USB devices. Depending on the industry in which the insider works, they may steal valuable intellectual property, banking data, or personally identifiable information. This article continues to discuss key findings from the 2020 Securonix Insider Threat Report related to flight-risk behavior, the most common techniques used by insiders to exfiltrate sensitive information, why IT security operations teams struggle to draw conclusions from insider threats, ways to detect flight-risk employees, and the variation of targeted data by industry.

    Dark Reading reports "60% of Insider Threats Involve Employees Planning to Leave"

  • news

    Visible to the public "Beware of Phishing Emails Urging For a LogMeIn Security Update"

    Researchers from Abnormal Security have discovered a new phishing campaign targeting LogMeIn users. The phishing email has been made to look like it is coming from LogMeIn and pertains to a security update. The company logo is featured prominently in the mail body, the sender's identity has been spoofed, and the phishing link looks like it might be legitimate. However, when a user clicks on the link, it takes them to a spoofed phishing page. If the user enters their login credentials, their login information will be sent directly to the adversary. Since LogMeIn has SSO with Lastpass as LogMeIn is the parent company, the attackers may be attempting to obtain access to the user's password manager.

    Help Net Security reports: "Beware of Phishing Emails Urging For a LogMeIn Security Update"

  • news

    Visible to the public "RUSI to Investigate Impact of Cyber Insurance on Secure Behaviours"

    The Royal United Services Institute (RUSI), an independent think tank engaged in defense and security studies, is partnering with the University of Kent (UoK) to conduct research on how cyber insurance impacts security behavior. The project, titled "Incentivising Cybersecurity through Cyber Insurance (ICCI)," will delve into the different factors that drive organizations, including small and medium-sized enterprises (SMEs), to implement adequate measures for managing cyber risk. The study will also explore why an enterprise may not feel compelled to introduce such measures to prevent cyberattacks. It will examine the use of cyber insurance to push enterprises toward better security behavior. RUSI and UoK researchers will work with practitioners and policymakers in government, industry, and academia during the project. This article continues to discuss the aim of this research.

    RUSI reports "RUSI to Investigate Impact of Cyber Insurance on Secure Behaviours"

  • news

    Visible to the public "Over Half of Security Leaders Still Rely on Spreadsheets"

    Panaseer conducted a survey to which more than 400 security leaders within large financial services companies responded. The results of the global survey reveal the many difficulties faced by security leaders in trying to understand their organization's cyber posture and the measures that should be taken to maintain security controls. These challenges are associated with processes, people, and technologies. The survey also highlights the continued use of spreadsheets by most security leaders to produce metrics for measuring their cyber posture. This article continues to discuss the biggest challenges faced by security leaders in financial services companies regarding security measurement and metrics.

    Help Net Security reports "Over Half of Security Leaders Still Rely on Spreadsheets"

  • news

    Visible to the public "The Dangers of Sharing Personal Information on Social Media"

    According to Joseph Turow, a Professor of Communication at the Annenberg School for Communication, sharing photos and other personal information on social media creates more opportunities for hackers to gain access to accounts. Photos posted on social media platforms, such as Facebook, can give hackers more insight into the context of a user and their relationships that may indicate their location. These kinds of posts increase users' vulnerability to hackers attempting to hijack online accounts. Scammers can scan social media posts for photo hashtags related to graduating in order to find the name of a user's high school and their graduation year, which are answers to two of the most common security questions for bank accounts, retirement funds, and other financial online accounts. The Better Business Bureau (BBB) has also expressed similar concerns about people posting personal information on social media about their vehicles, favorite athletes, favorite shows, and more as it could lead to greater success for online scams and hacks. This article continues to discuss the potential risks posed by sharing personal information on social media and what precautions users should take before engaging in social media trends involving such information.

    Penn Today reports "The Dangers of Sharing Personal Information on Social Media"

  • news

    Visible to the public "Fraudulent Unemployment, COVID-19 Relief Claims Earn BEC Gang Millions"


    An infamous business email compromise (BEC) gang called Scattered Canary has submitted hundreds of fraudulent claims with state-level U.S. unemployment websites and coronavirus relief funds. The cybercriminals may have made millions so far from the fraudulent activity. Scattered Canary is a highly organized Nigerian cyber gang that employs dozens of threat actors to target U.S. government institutions and enterprise organizations. Since April 29th, Scattered Canary has filed more than 200 fraudulent claims on the online unemployment websites of 8 U.S. states. They sent 174 fraudulent claims with the state of Washington, and 17 fraudulent claims with the state of Massachusetts. So far, the gang has targeted the unemployment websites of Florida, Oklahoma, North Carolina, Massachusetts, Rhode Island, Wyoming, and Washington. Recently, on May 17th, researchers discovered that Scattered Canary filed its first two unemployment claims on Hawaii's Department of Labor and Industrial Relations website. The researchers believe that the group is setting their sights on Hawaii as their next target of fraudulent unemployment claims. The threat group also filed at least 82 fraudulent claims for the Covid-19 relief fund between April 15 and April 29, using the Internal Revenue Service (IRS)-backed relief fund website to process claims from individuals who weren't required to file tax returns. Of these filed claims, at least 30 were accepted and paid out by the IRS so far.

    Threatpost reports: "Fraudulent Unemployment, COVID-19 Relief Claims Earn BEC Gang Millions"

  • news

    Visible to the public "Lend Me an Ear"

    The continued advancement of the Internet of Things will expand the use of biometrics. Fingerprint sensing, iris scanning, and facial recognition are biometrics commonly implemented in smartphones for authentication. Retina scanning, vein recognition, and palm print recognition are other forms of biometric authentication methods expected to grow in popularity. Research recently published in the Journal of Electronic Imaging proposes using ear recognition as an alternative biometric identification method to improve the security of smart homes via smartphones. Researchers at the University de Tunis El Manar propose an approach to ear recognition for smart home access that involves the combination of local and frequency domain features. Distinct ear features such as the helix, concha, intertragic notch, and more, can be fused into an identifying feature through a number of estimations and extractions. This article continues to discuss the most common forms of biometrics, the growing importance of incorporating biometrics into smart homes, the proposed use of the earprint as an alternative to other popular biometrics, the advantages of using the earprint, and the results from the recent study on ear recognition.

    SPIE reports "Lend Me an Ear"

  • news

    Visible to the public "Bluetooth Flaw Exposes Countless Devices to BIAS Attacks"

    Researchers discovered a new vulnerability in the Bluetooth wireless communication protocol that exposes a wide range of devices, such as smartphones, laptops, and smart-home devices, to the so-called Bluetooth Impersonation Attacks (BIAS). The attack is made possible by the flaws in the Bluetooth Classics specification. Any standard-compliant Bluetooth device can be expected to be vulnerable. The researchers tested the security weakness on a variety of devices with different versions of the Bluetooth protocol. The researchers conducted BIAS attacks on more than 28 unique Bluetooth chips. They were able to test chips from Apple, Intel, Samsung, Cypress, CSR, and Qualcomm. All the devices that were tested were vulnerable to the BIAS attack. The researchers disclosed their findings to the industry in December 2019. Some vendors might have implemented workarounds for the vulnerability on their devices. If your device was updated after December 2019, then the flaw might be fixed. If your device was not updated after December 2019, then it is likely still vulnerable to a BIAS attack.

    WeLiveSecurity reports: "Bluetooth Flaw Exposes Countless Devices to BIAS Attacks"

  • news

    Visible to the public "Hackers Target Air-Gapped Military Networks"

    Hackers believed to be operating in China are targeting air-gapped military networks located in Taiwan and the Philippines. The hacking group, known as Tropic Trooper or KeyBoy, has been active since 2011, targeting government, military, healthcare, transportation, and more, in Hong Kong, Taiwan, and the Philippines with spear-phishing emails. According to Trend Micro, the group has been using stealthy USB malware, called USBferry, since December 2014. The malware is being used to steal sensitive data from military/navy agencies, government institutions, military hospitals, and banks via USB storage. This article continues to discuss the history, targets, techniques, and operations of the Tropic Trooper hacking group.

    Security Week reports "Hackers Target Air-Gapped Military Networks"

  • news

    Visible to the public "NTT Report Demonstrates Changing Approaches of Cybercriminals"

    NTT's 2020 Global Threat Intelligence Report (GTIR) highlights advancements in cybercriminals' attack methods, which are presenting significant challenges for organizations. According to the global technology service company, remote code execution and injection were the most common methods used by malicious actors in 2019. These methods remain effective because of organizations' inadequate practices surrounding the configuration of networks, operating systems, and applications. Organizations' testing and maintenance of security controls are also lacking. This article continues to discuss key findings from the report in relation to the most common attack methods, the weaponization of Internet of Things (IoT) devices, the sector most targeted by cybercriminals, and the exploitation of the current global crisis in the launch of cyberattacks.

    Infosecurity Magazine reports "NTT Report Demonstrates Changing Approaches of Cybercriminals"

  • news

    Visible to the public "Money Is Still the Main Motivating Factor for Hackers, Verizon Report Finds"

    Verizon recently released its annual Data Breach Investigation Report, which is based on the assessment of 157,000 security incidents faced by Verizon clients across different industries. According to the report, financially motivated data breaches grew from 71% in 2018 to 86% in 2019. Attackers are continuing to re-use usernames and passwords, and launch phishing attacks in their efforts to generate revenue. Other findings shared in the report touch on the increase in errors such as cloud misconfigurations, the growth in organized criminal groups over state-affiliated hackers, and the state of vulnerability patching. This article continues to discuss the rise in financially motivated data breaches in 2019, the growing number of misconfiguration errors, the increased involvement of organized crime groups, and improvements in patching.

    CyberScoop reports "Money Is Still the Main Motivating Factor for Hackers, Verizon Report Finds"

  • news

    Visible to the public "Clever Phishing Attack Bypasses MFA to Nab Microsoft Office 365 Credentials"

    Researchers at Cofense have discovered a new phishing campaign that can bypass multi-factor authentication (MFA) on Office 365 to access victims' data stored on the cloud and use it to extort a Bitcoin ransom and to find new victims to target. The phishing campaign leverages the OAuth2 framework, and OpenID Connect (OIDC) protocol and uses a malicious SharePoint link to trick users into granting permissions to a rogue application.

    Threatpost reports: "Clever Phishing Attack Bypasses MFA to Nab Microsoft Office 365 Credentials"

  • news

    Visible to the public "EasyJet Hack: 9 Million Customers Hit And 2,000 Credit Cards Exposed"

    UK budget airline easyJet recently disclosed a massive data breach affecting 9 million of its customers. The airline did not disclose when the breach occurred or how it happened. The adversaries gained access to 9 million customers' email addresses and travel details. The adversaries were also able to obtain 2,209 credit card details.

    ZDNet reports: "EasyJet Hack: 9 Million Customers Hit And 2,000 Credit Cards Exposed"

  • news

    Visible to the public "API Attacks Increase During Lockdown"

    The Calfornia-based cybersecurity software company Cequence has published new threat research that reveals a recent surge in the targeting of API endpoints in cyberattacks during the COVID-19 lockdown. Cequence researchers observed an increase in malicious traffic by 40%, with 28 million events generated by several campaigns in the week of April 17. The volume of attacks has continued to grow since then. One of the more significant campaigns targeted a login API endpoint for the Android application. According to researchers, this particular API was highly targeted because an attack was successful at that endpoint. Attackers may have also assumed that the API endpoint is old and poorly monitored. This article continues to discuss the observed rise in malicious traffic and the significant growth in API attacks during the lockdown, as well as the importance of effectively separating malicious traffic from legitimate traffic as the use of residential IP addresses increases during the pandemic.

    Infosecurity Magazine reports "API Attacks Increase During Lockdown"

  • news

    Visible to the public "Open-Sourcing New COVID-19 Threat Intelligence"

    Cybercriminals have been taking advantage of the coronavirus pandemic to attack individuals and companies. Recent reports have highlighted the rise in ransomware and phishing attacks based on COVID-19 information. In response to the increased exploitation of the global threat in recent cyberattacks, Microsoft has decided to open-source its coronavirus threat intelligence to help businesses and security researchers develop better solutions for safeguarding, detecting, and defending against COVID-19 themed attacks. Microsoft's list of coronavirus-related attack indicators comes from trillions of signals processed each day. These signals are generated across cloud services, applications, emails, and more. Customers who use Microsoft Threat Protection (MTP) through Defender Advanced Threat Protection (ATP) and email with Office 365 ATP are already protected against threats identified by the indicators. The list of new indicators will still be made available to those not protected by MTP. This information is available in the Azure Sentinel GitHub and through the Microsoft Graph Security API. This article continues to discuss the importance of sharing threat information, Microsoft's open-sourcing of new COVID-19 threat intelligence, how this information can be accessed, and the use of such intelligence by the security community.

    Microsoft reports "Open-Sourcing New COVID-19 Threat Intelligence"

  • news

    Visible to the public Android Spyware Hidden in Apps for 4 Years: Report"

    Researchers at a security firm called Bitdefender discovered a sophisticated cyber-espionage campaign using spyware called Mandrake that has been targeting Android users for at least four years, with the malware hiding in apps available on the Google Play Store. Bitdefender found initially 7 applications on the Google Play Store that contained the Mandrake malware: Abfix, CoinCast, SnapTune Vid, Currency XE Converter, Office Scanner, Horoskope, and Car News. Each of these applications had hundreds or thousands of downloads before they were removed from the Google Play Store. After Google Play Store deleted the other applications, Bitdefender discovered new ones several days later and found that the new round of applications with Mandrake spyware generated over 5,000 new installations each in several days. Mandrake malware can be used to take near-total control of an infected device and can collect a range of data from targeted Android users. The malware can steal usernames and passwords from banking and social media accounts; take screenshots and capture recordings; collect and send SMS messages; track GPS location data, and can deploy a "kill switch" that wipes the malware from the device when the data collection is done.

    Bank Info Security reports: "Android Spyware Hidden in Apps for 4 Years: Report"