News Items

  • news

    Visible to the public "Cyberwarfare in Space: Satellites at Risk of Hacker Attacks"

    The London-based independent policy institute, Chatham House, recently released a research paper, titled Cybersecurity of NATO's Space-based Strategic Assets. The paper calls for the North Atlantic Treaty Organization (NATO) and its member countries to examine and make efforts to improve the cybersecurity of space-based satellite control systems as these systems have been discovered to be vulnerable to cyberattacks that pose a significant threat to global security. Since most modern military engagements depend on space systems, cyberattacks on such systems could lead to the distribution of false information to troops, redirection of movements, and more. This article continues to discuss key points made in the Chatham House paper in regard to the vulnerability of space-based satellite control systems to cyberattacks, the risk posed by cyberattacks on these systems, and how NATO countries should strengthen the cybersecurity of satellite systems.

    ZDNet reports "Cyberwarfare in Space: Satellites at Risk of Hacker Attacks"

  • news

    Visible to the public "Facebook Abused to Spread Remote Access Trojans Since 2014"

    In a new study, it was discovered that Facebook has been exploited to act as a distribution platform for a set of Remote Access Trojans (RATs) for years. The aim of the operation has been to spread RATs including Houdini, Remcos, and SpyNote. So far tens of thousands of victims from Libya, Europe, the US, and China are believed to have been compromised. The threat actor behind the campaign has used the political turmoil in Libya to their advantage. When someone interested in Libyan politics clicked on the URLs, they would instead be sent to malicious content.

    ZDNet reports: "Facebook Abused to Spread Remote Access Trojans Since 2014"

  • news

    Visible to the public HotSoS 2019 Paper Synopses

    HotSoS 2019 Paper Synopses


  • news

    Visible to the public "Personalized Medicine Software Vulnerability Uncovered by Sandia Researchers"

    Open source genome mapping software used in the personalization of medicine has been discovered by researchers at Sandia National Laboratories to be vulnerable to cyberattacks in which patients' genetic information can be altered. Personalized medicine refers to the customization of health care based on findings from the analysis of a patient's genetic information. Burrows-Wheeler Aligner (BWA) is a software package often used in the process of personalized medicine. According to Sandia researchers, BWA has a vulnerability that could be exploited by hackers to execute man-in-the-middle attacks. These attacks could lead to the modification of genetic information, thus leading to incorrect analyses and drug prescriptions. This article continues to discuss the process of personalized medicine and the vulnerability of a program used in this process, along with the research behind the discovery of this vulnerability.

    Phys.org reports "Personalized Medicine Software Vulnerability Uncovered by Sandia Researchers"

  • news

    Visible to the public "Keeping Children Safe in the ‘Internet of Things’ Age"

    Children need to be protected when they use programmable Internet computing devices such as the BBC micro:bit. The BBC micro:bit is a small easily-programmable device that could be used by children in the creation of digital technologies. Although such devices provide educational benefits to children, the security of these devices must be taken into consideration. Therefore, a team of scientists at Lancaster University developed new guidelines to help designers implement security into such devices in order to strengthen the protection of children in the digital world. The framework provided by scientists helps designers visualize the different ways in which their devices could be used by children and adopt approaches to mitigating the risks posed by these devices. This article continues to discuss the use of programmable IoT devices by children, the risks posed by these devices, and the framework developed by researchers to help designers address these risks.

    Lancaster University "Keeping Children Safe in the 'Internet of Things' Age"

  • news

    Visible to the public "Data Management Firm Exposed Client Info on Open Amazon S3 Buckets: Researchers"

    While a study was being conducted, it was discovered that data from Netflix, TD Bank, Ford and other companies was left exposed for an unknown period of time on publicly configured cloud storage buckets operated by data integration and management company Attunity. The three companies were publicly accessible using Amazon S3 buckets on 13 May. The oldest of the three companies, which contained the most sensitive information, was uploaded in September 2014; however, it is not clear if the data was publicly accessible since that time. Once Attunity was alerted, their personnel responded quickly to ensure that the data was secured.

    SC Magazine reports: "Data Management Firm Exposed Client Info on Open Amazon S3 Buckets: Researchers"

  • news

    Visible to the public "Avoid These Top Four Cybersecurity Mistakes"

    The Chief Security and Privacy Officer at Georgian Partners, Alex Manea, has pointed out four common mistakes made by CEOs in their approaches to mitigating the cybersecurity risks faced by their companies. According to Manea, CEOs often skip the performance of ethical hacking assessments, forget about establishing a good cybersecurity architecture, fail to think about the severity and likelihood of security risks, and more. This article continues to discuss the most common cybersecurity mistakes made by CEOs and how to avoid them.

    Chief Executive reports "Avoid These Top Four Cybersecurity Mistakes"

  • news

    Visible to the public "How Hackers Infiltrate Open Source Projects"

    Open source software included in most enterprises' critical applications is vulnerable to being infiltrated by hackers. According to security professionals, the nature of open source projects provides opportunities for hackers to insert malicious code, posing a threat to the security of enterprises. This article continues to discuss what makes open source projects vulnerable to hacking, why small open source projects are often targeted by malicious actors, the potential impact of such attacks, and what developers should do to increase code security.

    Dark Reading reports "How Hackers Infiltrate Open Source Projects"

  • news

    Visible to the public "Medtronic Recalls Vulnerable MiniMed Insulin Pumps"

    Medtronic is recalling its insulin pumps as a result of their vulnerability to being hijacked by hackers. The U.S. Food and Drug Administration (FDA) has warned of the danger of vulnerabilities in Medtronic's MiniMed insulin pumps, stating that the exploitation of these vulnerabilities could allow malicious actors to alter a pump's settings. According to the FDA, the tampering of insulin pumps could lead to extremely low or high blood sugar, posing a significant threat to the well-being of patients. This article continues to discuss the risks posed by vulnerable insulin pumps, the recall of these devices, and Medtronic's efforts to improve the security of their medical devices.

    Help Net Security reports "Medtronic Recalls Vulnerable MiniMed Insulin Pumps"

  • news

    Visible to the public "The History of Cellular Network Security Doesn’t Bode Well for 5G"

    The 5G mobile communication standard is expected to bring improvements to users. However, there are still concerns surrounding whether 5G will fix security flaws in cell networks or not. Security researchers have already uncovered critical security flaws in the 5G standard. A cell network security researcher, named Roger Piqueras Jover, recently published a blog post in which he discussed the history of cell network security research, flaws that have been uncovered in this research, and his views on 5G security. This article continues to discuss keys points made by Jover in regard to the acceleration of cell network security research, standardization efforts, and increased efforts by researchers to fix security flaws in cell networks.

    EFF reports "The History of Cellular Network Security Doesn't Bode Well for 5G"

  • news

    Visible to the public "Managing IoT Privacy, Cybersecurity Guidance Released by NIST"

    The National Institute of Standards and Technology (NIST) publication, NISTIR 8228, provides a guide that could be used by federal and private sector organizations in the management of IoT privacy and cybersecurity risks. The report is the first in a planned series of NIST publications aimed at helping organizations reduce IoT vulnerabilities. The report categorizes cybersecurity and privacy risks posed by IoT devices. These categories include device security, data security, and individuals' privacy. NIST recommends that organizations make changes to their policies and processes to mitigate challenges faced in managing IoT devices and vulnerabilities. This article continues to discuss the goal and key points made in the NIST guide in relation to the management of cybersecurity and privacy risks posed by IoT devices.

    HealthITSecurity reports "Managing IoT Privacy, Cybersecurity Guidance Released by NIST"

  • news

    Visible to the public "Disruptive by Design: Intelligence Fusion Inoculates Against Cyber Threats"

    Cyber intelligence fusion is needed to improve upon the identification of cyber threats and the speed at which risks are mitigated by organizations. The fusion of such intelligence can also help organizations learn from cyber incidents in a systematic manner. A converged organization that brings together experts from different domains is required to support cyber intelligence fusion. Cross-domain expertise would enhance analysis and increase understanding of the different ways in which an adversary might attack a target across multiple domains. For cyber intelligence fusion to be effective, experts must provide insight into how specific adversaries operate in regard to the tools and techniques they use. This article continues to discuss the components and benefits of cyber intelligence fusion.

    SIGNAL Magazine reports "Disruptive by Design: Intelligence Fusion Inoculates Against Cyber Threats"

  • news

    Visible to the public "Payment Fraud Linked to Terrorism and Trafficking"

    In a new study, it was discovered that payment card fraud is being used around the world to fund and launder the proceeds from organized crime, drug and human trafficking, terrorism and more. Payment fraud caused over 1 billion dollars in losses associated with those 274 cases that were studied. It was also discovered that in North America, most payment care fraud was linked to identity fraud (33%), organized crime (32.5%), human trafficking (17.5%) and drug trafficking (15%). In Europe payment card fraud was linked to, organized crime (62%), drug trafficking (41%) and money laundering (41%). Payment fraud is not just a fraud problem, it should no longer be viewed as a non-violent crime, mere annoyance, or unfortunate cost of doing business.

    Infosecurity reports: "Payment Fraud Linked to Terrorism and Trafficking"

  • news

    Visible to the public "Another Florida City Is Making a Ransomware Payment, Worth Nearly $500,000 This Time"

    Lake City suffered a ransomware attack that locked the city's phone and email systems. The city made the decision to give into the demands of the hackers by paying them 42 bitcoins, which is equivalent to $490,421. Many businesses often decide to pay ransomware attackers out of desperation. However, federal authorities advise victims to not succumb to hackers' demands for ransom payments. This article continues to discuss the ransomware attack on Lake City and the decision to pay the ransomware attackers, along with other ransomware attacks that have been experienced by other cities and the increase in such attacks against state and local governments.

    CyberScoop reports "Another Florida City Is Making a Ransomware Payment, Worth Nearly $500,000 This Time"

  • news

    Visible to the public "Hackers Favoring Shimmers Over Skimmers for ATM Attacks"

    Cybercriminals are now using shimmers more than skimmers in the execution of attacks against automated teller machines (ATMs). Skimmers are small devices that can be attached to an ATM's card reader to harvest data as users swipe their cards, which could allow for the cloning of cards. The implementation of the European Mastercard Visa (EMV) payment standard has prevented cybercriminals from using skimmers as the EMV method stores data on integrated circuits. As a result, there has been an increase in the use of shimmers, which differ from skimmers in regard to position, size, and more. This article continues to discuss how shimmers differ from skimmers, ATM security measures, and mitigation for ATM shimming attacks.

    Security Week reports "Hackers Favoring Shimmers Over Skimmers for ATM Attacks"

  • news

    Visible to the public "iOS Devices Compromised Again"

    The Media Trust Digital Security and Operations team has discovered a new steganography campaign that targets iOS devices. Steganography is a method that can be used by hackers to hide malicious data or malware in or by way of image files, video clips, audio files, and other unsuspecting mediums. The malware used in this campaign, called Stegoware-3PC, has been spread via publishers, demand-side vendors, and other adtech vendors. Stegoware-3PC was found to be hiding in PNG files, which are embedded in fake ads appearing to be from popular brands. These ads lead to the exfiltration of visitors' personal information by the malware. One of the procedures of the malware is to ensure that it is being executed on an iOS device. This article continues to discuss the delivery, techniques, and procedures of Stegoware-3PC.

    ISBuzz News report "iOS Devices Compromised Again"

  • news

    Visible to the public "1 in 10 Open Source Components Downloaded in 2018 had a Known Security Vulnerability"

    In a new study it was discovered that 1 in 10 open source components downloaded in 2018 had known security vulnerabilities. It was discovered that there was a 71% increase in open source related breaches over the past five years, and that 24% of organizations confirmed or suspected an OSS related breach. It is important as more people use and download software from open sources, that one does their research first to make sure that they are secure.

    Help Net Security reports: "1 in 10 Open Source Components Downloaded in 2018 had a Known Security Vulnerability"

  • news

    Visible to the public "Bill Advances to Create Vulnerability Disclosure for Federal Internet of Things"

    Under the Internet of Things Cybersecurity Improvement Act, a vulnerability disclosure process would be established for agencies that discover vulnerabilities in Internet of Things (IoT) devices. The bipartisan bill would also prohibit U.S. government agencies from purchasing IoT devices sold by companies that choose to not adopt the coordinated vulnerability disclosure policies. This article continues to discuss the Internet of Things Cybersecurity Improvement Act in relation to its status, purpose, and requirements.

    Nextgov reports "Bill Advances to Create Vulnerability Disclosure for Federal Internet of Things"

  • news

    Visible to the public "Top Roadblocks to Securing Web Applications"

    Data breaches have become a common occurrence. In Australia, the Australian Information Commissioner (OAIC) found that a data breach affected more than 10 million Australians. This data breach is just one of many that have recently been experienced by organizations across the world. According to Verizon's 2019 Data Breach Investigation Report (DBIR), web application attacks remain the most common attack vector for data breaches, which calls for all organizations to examine their application security practices. Organizations are encouraged to adopt new approaches to application security in which automation, artificial intelligence, and human intelligence is used. This article continues to discuss recent massive data breaches, findings of Verizon's 2019 DBIR, challenges faced by organizations in securing software, consequences of inadequate application security measures, and recommended approaches to software security.

    SDTimes report "Top Roadblocks to Securing Web Applications"

  • news

    Visible to the public "Report: Security of iOS and Android Mobile Apps 'Roughly Equivalent'"

    It is widely believed that iOS mobile apps are a lot safer than Android mobile apps. However, in a new study, it was discovered that actually the security of iOS and Android mobile apps are about the same, and that no company has more secure applications than the other. It was discovered that on both operating systems, that an alarming number of apps were critically insecure, and far less developer attention is being spent on solving the issue of the applications being insecure.

    ADTmag.com reports: "Report: Security of iOS and Android Mobile Apps 'Roughly Equivalent'"

  • news

    Visible to the public "Hackers Hit over a Dozen Mobile Carriers and Could Shut down Networks, Researchers Find"

    Security researchers with Cybereason have identified an advanced, persistent attack, which they have dubbed Operation Soft Cell. The attack is aimed at stealing sensitive data from telecommunications providers located in Europe, Asia, Africa, and the Middle East. Findings from the investigation of this attack revealed that it has been active since 2012. Operation Soft Cell has allowed hackers to gain access into multiple mobile carriers and steal a significant amount of customer data. Researchers have highlighted the severity of Operation Soft Cell, stating that it could lead to the shut down of phone networks as the attack gives hackers highly privileged access. This article continues to discuss the motive, operations, targets, and impacts of Operation Soft Cell, in addition to how mobile carriers should respond.

    CNET reports "Hackers Hit over a Dozen Mobile Carriers and Could Shut down Networks, Researchers Find"

  • news

    Visible to the public Cyber Scene #34 - Grid Lock, Here and There

    Cyber Scene #34
    Grid Lock, Here and There

  • news

    Visible to the public "You’d Better Change Your Birthday – Hackers may Know Your PIN"

    In a study it was discovered that 26 percent of individuals use the top 20 most used PIN numbers, which makes guessing of PIN numbers quite easy. Most individuals also use important dates when it comes to creating PIN numbers. It is important that the person that creates a PIN makes sure that the number that is used is not able to be found publicly, for example a birthday or wedding date. It is important that PIN numbers be at least 6 numbers in length, but the more numbers a PIN is made up of, the harder it will be to guess for the hackers.

    WeLiveSecurity reports: "You'd Better Change Your Birthday - Hackers may Know Your PIN"

  • news

    Visible to the public "Researchers Develop 'Vaccine' Against Attacks on Machine Learning"

    A significant breakthrough in machine learning (ML) research has been made by researchers from the Commonwealth Scientific and Industrial Research Organization's (CSIRO) Data61, an arm of Australia's national science agency specializing in data and digital technology. Researchers have developed techniques to prevent adversarial attacks on ML. Adversarial attacks on ML refer to attacks in which malicious data inputs are used to interfere with the functioning of ML models. The techniques developed by researchers to combat such attacks are similar to those used in the vaccination process. This article continues to discuss ML algorithms, the vulnerability of ML to adversarial attacks, and the new set of techniques developed to prevent these attacks.

    CSIRO reports "Researchers Develop 'Vaccine' Against Attacks on Machine Learning"

  • news

    Visible to the public "A Malware Can Bypass ‘2FA’ In ‘Android’ Phones, Researchers Found"

    Researchers have discovered the distribution of malware via the Google Play Store that can evade security firewalls. This discovery follows Google's confirmation that some low-end Android devices contain pre-installed malware. According to cybersecurity researchers from We Live Security by ESET, Google's new SMS restrictions can be circumvented by specific applications that can be downloaded from the Google Play Store. These malicious applications can bypass two-factor authentication (2FA). As a result of the evasion of 2FA, one-time passwords (OTPs) in SMS 2FA messages can be accessed. In addition, OTPs from emails can also be accessed by the malware. This article continues to discuss the capabilities and evolution of the malware.

    Z6 Magazine reports "A Malware Can Bypass '2FA' In 'Android' Phones, Researchers Found"

  • news

    Visible to the public Pub Crawl #28

  • news

    Visible to the public SoS Musings #27 - DNS Attacks

    SoS Musings #27
    DNS Attacks

  • news

    Visible to the public "LTE Flaws Let Hackers ‘Easily’ Spoof Presidential Alerts"

    Hackers can use off-the-shelf equipment and open source software to exploit security vulnerabilities in LTE that could allow them to spoof presidential alerts disseminated to mobile devices, which could lead to panic and chaos. The attack designed by researchers at the University of Colorado Boulder could allow alerts to be sent by malicious actors, to every phone in a 50,000-seat football stadium. This article continues to discuss the attack developed by researchers, the LTE vulnerabilities that make such attacks possible, and how these vulnerabilities could be fixed.

    TechCrunch reports "LTE Flaws Let Hackers 'Easily' Spoof Presidential Alerts"

  • news

    Visible to the public "New Research Reveals a Surprising World of IoT"

    A study has been done by researchers from Stanford University in which they examined user-initiated scans of 16 million homes and 83 million devices to further explore the use of Internet of Things (IoT) devices. From the analysis of scans and devices, researchers found that the security of older IoT devices such as printers, game consoles, and more, are often overlooked by consumers and the security research community. This article continues to discuss other findings of the study in relation to the varied use and security of IoT devices in different regions as well as the domination of IoT devices by a small group of vendors, the security of older IoT devices, and how privacy was ensured by researchers in the performance of this study.

    Security Boulevard reports "New Research Reveals a Surprising World of IoT"

  • news

    Visible to the public "Healthcare Overconfident in Privacy Maturity, As Breach Rate Rises"

    Integris researchers conducted a survey to which 258 top business executives and IT decision makers who work in medium-sized to large-sized healthcare organizations responded. Results of the survey reveal that most healthcare organizations are overly confident in their privacy policies despite the healthcare sector being one of the sectors with the most breaches in 2018. This article continues to discuss other findings of the survey in relation to healthcare organizations' overconfidence in their privacy maturity in addition to what drives privacy decisions.

    HealthITSecurity reports "Healthcare Overconfident in Privacy Maturity, As Breach Rate Rises"

  • news

    Visible to the public "Three Quarters of Mobile Apps Have This Security Vulnerability Which Could Put Your Personal Data at Risk"

    According to Positive Technologies' Vulnerabilities and Threats in Mobile Applications 2019 report, most iOS and Android applications contain vulnerabilities that could allow hackers to steal sensitive data. These vulnerabilities derive from insecure data storage, posing a threat to the security and privacy of users' sensitive information. This article continues to discuss key findings of the report in relation to the common vulnerabilities identified in the tested mobile applications and what the exploitation of these vulnerabilities could allow hackers to do, along with the importance of designing apps with security in mind and how users can protect themselves.

    ZDNet reports "Three Quarters of Mobile Apps Have This Security Vulnerability Which Could Put Your Personal Data at Risk"

  • news

    Visible to the public "Google Turns to Retro Cryptography to Keep Data Sets Private"

    An open source cryptographic tool, called Private Join and Compute, has been released by Google to bolster the privacy of confidential data sets. The multi-party computation (MPC) tool was designed to help organizations with confidential data sets collaborate for research purposes without exposing their raw data. Through the use of this tool, each party can encrypt their data before they share it with each other. Each party would only be able to see results that can be used to discover commonalities, not the raw data. Private Join and Compute uses updated methods that were developed in the 1970s and 1990s. This article continues to discuss the methods and purpose of Private Join and Compute.

    Wired reports "Google Turns to Retro Cryptography to Keep Data Sets Private"

  • news

    Visible to the public "Report on Cognitive Security Market, Trend, Segmentation and Forecast 2026"

    The growing frequency of cyberattacks has resulted in more interest in cognitive security. Cognitive security solutions are expected to help increase the speed at which risk patterns in internal and external sources are analyzed. The implementation of cognitive security can also help security analysts get a better understanding of business functions' different cognitive components to increase the effectiveness of those functions. A research report that explores the cognitive security market has been released. This article continues to discuss the contents of the report in relation to the cognitive security market and the growing demand for cognitive security solutions.

    Global Market Research reports "Report on Cognitive Security Market, Trend, Segmentation and Forecast 2026"

  • news

    Visible to the public "Facebook’s Libra: Cryptocurrencies in the Mainstream or a Hacker’s Paradise?"

    As Facebook's plans to introduce Libra, there are a few main questions. Does the introduction of cryptocurrency on Facebook signal cryptocurrencies entering the mainstream or will it be a hacker's paradise? Libra will allow people to buy things or send money instantly with nearly zero fees, and could be good for the reputation of cryptocurrencies. However it will still be important that Libra is totally secure, to protect it from hackers. Monetizing accounts and attention is going to lead to a spike in fraud, which could further reduce consumer trust in Facebooks platform.

    Information Age reports: "Facebook's Libra: Cryptocurrencies in the Mainstream or a Hacker's Paradise?"

  • news

    Visible to the public "These Wi-Fi Extenders Had Vulnerabilities That Gave Hackers Complete Control"

    According to security researchers from IBM, Wi-Fi extenders from the router company, TP-Link, contain a critical vulnerability that could allow attackers to take over them. Through the exploitation of this vulnerability, attackers could perform malicious activities such as add the extenders to a botnet, redirect people to malicious pages, and more. Wi-Fi extenders expand the coverage of Wi-Fi by amplifying the wireless signal from a router, enabling the connection of distant Internet of Things devices such as security cameras and doorbells. This article continues to discuss the critical vulnerability discovered in Wi-Fi extenders, the extenders affected by the vulnerability, and the potential attacks that could be executed as a result of this flaw.

    CNET reports "These Wi-Fi Extenders Had Vulnerabilities That Gave Hackers Complete Control"

  • news

    Visible to the public "SUTD Researchers Enhance Security In Proof Of Stake Blockchain Protocols"

    Blockchain technology has attracted much attention from banks, governments, and techno-corporations as the technology has the potential to improve upon security and privacy. Proof of Stake (PoS) is a consensus algorithm used in Blockchain technology to provide security. However, PoS Blockchain protocols have been discovered to be vulnerable to faults caused by validators, who are users that verify transactions within a blockchain by voting. Faults are caused when validators unintentionally or maliciously withhold their votes. Researchers from Singapore University of Technology and Design (SUTD) have designed an algorithm to protect against such faults. This article continues to discuss the increased interest in Blockchain technology, the protocols used by this technology to provide security, and the algorithm designed by researchers to improve the security of these protocols.

    Science Magazine reports "SUTD Researchers Enhance Security In Proof Of Stake Blockchain Protocols"

  • news

    Visible to the public "Research Shows Tesla Model 3 and Model S are Vulnerable to GPS Spoofing Attacks"

    During a study, researchers were able to remotely affect various aspects of the driving experience of the Tesla Model 3, including navigation, mapping, power calculations, and the suspension system, through GPS spoofing. During a test drive using Tesla's Navigate on Autopilot feature, a staged attack caused the car to suddenly slow down and unexpectedly veer off the main road. Even though the effect of GPS spoofing on Tesla cars is minimal when an individual is not using autopilot, it can be dangerous when autopilot is in use, and if the individual does not have control of the vehicle. Even in autopilot mode, users are expected to still be in control of the vehicle, which makes this attack not to much of a safety risk. This research shows how important it is for automobile companies to take security seriously as vehicles become more controlled by computers.

    HELP NET SECURITY reports: "Research Shows Tesla Model 3 and Model S are Vulnerable to GPS Spoofing Attacks"

  • news

    Visible to the public "Hack Your State Department Act Introduced in Senate"

    Senators, Cory Gardner (R-CO) and Ed Markey (D-MA), recently introduced the Hack Your State Department Act. The legislation would establish a process for the general public to properly disclose vulnerabilities that they find in the Department of State's internet-facing information technology. Under the legislation, a bug bounty program in which vulnerabilities contained by such technology are identified and reported by hackers would also be established. The senators emphasized that the participating hackers would be pre-screened and compensated for their discovery of vulnerabilities. This article continues to discuss the purpose and requirements of the Hack Your State Department Act.

    MeriTalk reports "Hack Your State Department Act Introduced in Senate"

  • news

    Visible to the public "Eliminating Infamous Security Threats"

    A new solution to speculative memory side-channel attacks such as Meltdown and Spectre has been proposed by researchers from Uppsala University, NTNU, and the University of Murcia. The security vulnerability used to execute speculative memory side-channel attacks derive from the prediction of future instructions by high-performance microprocessors. Misspeculations leave traces of information behind that could be exploited by such attacks to retrieve sensitive information. Unlike previous security solutions to these attacks, the new solution increases security without sacrificing the performance that users demand of their computer systems. This article continues to discuss speculative memory side-channel attacks and the new method to address these attacks.

    EurekAlert! reports "Eliminating Infamous Security Threats"

  • news

    Visible to the public "New Cyber Protection Technology Moves from the Lab to the Marketplace"

    The MIT Lincoln Laboratory developed technology aimed at providing protection for commodity software applications such as browsers, business tools, and document readers, from cyberattacks. The technology, called Timely Randomization Applied to Commodity Executables at Runtime (TRACER), protects such applications from sophisticated cyberattacks by re-randomizing the applications' sensitive internal data and layout each time an output is generated. The transition of TRACER to a commercially available product is supported by the Science and Technology Directorate's (S&T) Transition to Practice (TTP) program, which identifies promising federally developed cybersecurity technologies that could be accelerated into the marketplace and facilitates transition. This article continues to discuss TRACER and its move to the marketplace.

    MIT Lincoln Laboratory reports "New Cyber Protection Technology Moves from the Lab to the Marketplace"

  • news

    Visible to the public "Quantum – a Double-Edged Sword for Cryptography"

    Quantum computers are expected to lead to highly secure cryptography. However, these computers are also expected to break current encryption algorithms as a result of their quantum-mechanical properties that could allow them to calculate at a much faster rate than regular computers. Sensitive data can be exposed through the use of quantum computers, posing a significant threat to the privacy of data within the government, medical industry, financial industry, and more. This article continues to discuss how quantum computers pose a threat to the security of modern communications, the concept of quantum key distribution (QKD), and the improvement of quantum random-number generators.

    Homeland Security News Wire reports "Quantum - a Double-Edged Sword for Cryptography"

  • news

    Visible to the public "Researchers Develop app to Detect Twitter Bots in any Language"

    Language scholars and machine learning specialists collaborated to create a new application that can detect Twitter bots independent of the language used. Bots are non-personal and automated accounts that post content to online social networks. The popularity of Twitter as an instrument in public debate has led to a situation in which it has become an ideal target of spammers and automated scripts. Bots are being used to spread fake news.

    HELP NET SECURITY reports: "Researchers Develop app to Detect Twitter Bots in any Language"

  • news

    Visible to the public "Max-Severity Bug in Infusion Pump Gateway Puts Lives at Risk"

    The Alaris Gateway Workstation is widely used in hospitals for medical infusion pumps. Infusion pumps are powered, monitored, and controlled via Alaris Gateway Workstations. Attacks on infusion pumps pose a significant threat to safety as these devices are used to deliver doses of medicine directly to patients. Researchers at CyberMDX, a healthcare security firm, discovered two vulnerabilities in the workstation, one of which has been rated high in severity. These vulnerabilities could be exploited by hackers to perform malicious activities such as altering drug doses and stopping the administration of drugs. This article continues to discuss the exploitation and mitigation of vulnerabilities contained by the Alaris Gateway Workstation, as well as the challenges faced by hospitals in regard to securing connected medical devices.

    Threatpost reports "Max-Severity Bug in Infusion Pump Gateway Puts Lives at Risk"

  • news

    Visible to the public "Better Cybersecurity Research Requires More Data Sharing"

    Security researchers from the University of Tulsa gave a presentation at the annual Workshop on the Economics of Information Security (WEIS) conference in which they emphasized the importance of sharing datasets among researchers in order to improve cybersecurity research. The identification of cybersecurity trends rely on the analysis of data pertaining to security incidents, breaches, the techniques used by attackers, and more. According to researchers, this type of the data is often unavailable to the public or inadequate. This article continues to discuss the importance of data in cybersecurity research and the lack of data sharing within the research community.

    Dark Reading reports "Better Cybersecurity Research Requires More Data Sharing"

  • news

    Visible to the public "Human Error Still the Cause of Many Data Breaches"

    With the incidence of reported data breaches on the rise, it was discovered that 53 percent of C-suite executives, and nearly three in ten (28%) of small business owners who suffered a breach was caused by human error or accidental loss by an external vendor/source. Employee training is critical, in order to decrease the amount of breaches that occur, that are caused by human error.

    HELP NET SECURITY reports: "Human Error Still the Cause of Many Data Breaches"

  • news

    Visible to the public "Most US Mobile Banking Apps Have Security and Privacy Flaws, Researchers Say"

    A new study conducted by researchers at Zimperium has brought further attention to the insecurity of U.S. bank apps. According to findings of the study, most of the top banking apps have security and privacy issues. The vulnerabilities contained by these apps could lead to data leaks, posing a significant threat to the privacy and security of users' sensitive data and communications. Researchers have highlighted that these flaws derive from poor coding practices and the use of inadequately maintained open-source libraries. This article continues to discuss key findings of the study in relation to the security and privacy flaws contained by most U.S. mobile baking apps.

    TechCrunch reports "Most US Mobile Banking Apps Have Security and Privacy Flaws, Researchers Say"

  • news

    Visible to the public "How 5G Introduces New Security Vulnerabilities"

    The arrival of 5G networks is expected to introduce new security vulnerabilities. Enterprises are encouraged to think about the possibility of new security vulnerabilities in the implementation of 5G as this next-generation mobile communication standard comes with reduced latency and a boost in bandwidth, increasing the number of users and devices. This article continues to discuss findings revealed by Gartner about the deployment of 5G in 2020, what 5G requires of enterprises in regard to infrastructure, 5G authentication, the security challenges posed by 5G, and the multi-level approach that should be adopted by enterprises to secure the next-generation of mobile networks.

    Information Age reports "How 5G Introduces New Security Vulnerabilities"

  • news

    Visible to the public "Rowhammer Variant RAMBleed Allows Attackers to Steal Secrets from RAM"

    A new variant of the Rowhammer attack, called RAMBleed, has been detailed by a team of researchers. Rowhammer is a technique that causes electromagnetic leakage in memory and triggers bit flips, which leads to privilege escalation. Error-correcting code (ECC) memory can be used to mitigate Rowhammer attacks. The RAMBleed attack uses Rowhammer as read-side channel to read sensitive data stored in memory without the need to persistently flip bits in the memory space, allowing attackers to circumvent ECC protection. This article continues to discuss Rowhammer attacks and the research behind the new RAMBleed side-channel attack.

    Security Week reports "Rowhammer Variant RAMBleed Allows Attackers to Steal Secrets from RAM"

  • news

    Visible to the public "FIN8 Group Returns, Targeting PoS Devices With Malware"

    The financially-motivated hacking group, FIN8, has returned after a two-year hiatus. According to researchers from Morphisec, the FIN8 group is now mainly targeting point-of-sale (PoS) systems used within the hotel industry. Customized malware, called ShellTea, is being installed on PoS systems via a spear-phishing campaign in order to steal payment information and other financial data. Many of the PoS machines being used by companies in the hotel industry have been found to be using older versions of Microsoft Windows 7, which increases their vulnerability to such attacks. This article continues to discuss the FIN8 hacking group in relation to its techniques, targets, and connections to other groups.

    ISMG Network reports "FIN8 Group Returns, Targeting PoS Devices With Malware"

  • news

    Visible to the public "Hackers Have Carried out 12 Billion Attacks Against Gaming Web Sites in 17 Months"

    Findings shared by a new report released by Akamai indicate that the gaming industry is becoming one of the most favorable targets for hackers. According to the report, a significant number of credential stuffing attacks were launched against gaming websites over the last 17 months. Credential stuffing is a type of cyberattack in which usernames and passwords obtained from previous data breaches are used to gain access to accounts on other sites. This article continues to discuss the increased targeting of the gaming community by credential stuffing attacks and other key findings revealed by Akamai's new report in relation to other types of cyberattacks.

    VentureBeat "Hackers Have Carried out 12 Billion Attacks Against Gaming Web Sites in 17 Months"