News Items

  • news

    Visible to the public "Phishing Attacks at Highest Level in Three Years"

    In a news study, researchers found that the total number of phishing sites detected in July through September 2019 was 266,387. This was up 46 percent from the 182,465 seen in the second quarter of 2019, and almost double the 138,328 seen in Q4 2018. This is the worst period for phishing that the researchers have seen in three years, since the fourth quarter of 2016. In addition to the increase in phishing volume, the number of brands that were attacked by phishers in Q3 was also up. The researchers saw attacks against more than 400 different brands (companies) per month in Q3, versus an average of 313 per month in Q2. The top targeted industries are largely consistent with previous quarters. Webmail and SaaS sites remained the biggest targets of phishing.

    Help Net Security reports: "Phishing Attacks at Highest Level in Three Years"

  • news

    Visible to the public "Study Finds Companies May Be Wise to Share Cybersecurity Efforts"

    A study conducted by researchers at North Carolina State University found that companies are considered less attractive when they share a field with a company that has a faced a cybersecurity breach. Companies that are more transparent about how they manage cybersecurity risks perform better than those that do not disclose information about their cybersecurity practices. Studies on the contagion effect in the realm of cybersecurity breaches have found that organizations can take steps to reduce its impact. The researchers also studied the impact of another effect known as the competition effect in which investors consider a cybersecurity breach faced by one company as an advantage for the competitors of that company, thus making the competitors increasingly appealing to investors. This article continues to discuss key findings from studies on the contagion effect and the competition effect in regard to cybersecurity breaches experienced by companies, in addition to the importance of disclosing cybersecurity risk management efforts.

    TechXplore reports "Study Finds Companies May Be Wise to Share Cybersecurity Efforts"

  • news

    Visible to the public "Defenders Can Discover Phishing Sites Through Web Analytics IDs"

    There has been an increase in the use of web analytics services by phishing websites. The unique tracking IDs added to the code of phishing websites when these services are used can help defenders detect phishing attacks. Web analytics services help phishing kit developers get a better idea of how effective their campaigns are. The data collected via web analytics services can allow cybercriminals to measure the effectiveness of their phishing attacks and adjust their targeting accordingly. An analytics UID added to multiple phishing pages can be used to create a detection signature as well as a web firewall rule, which could help security vendors and enterprise security teams discover and block multiple phishing pages from the same campaign. This article continues to discuss the use of web analytics services by phishing kit developers, how defenders can use analytics UIDs to detect phishing websites, and two examples in which researchers were able to identity much larger campaigns through the use of these UIDs.

    CSO AU reports "Defenders Can Discover Phishing Sites Through Web Analytics IDs"

  • news

    Visible to the public "Cybersecurity Workforce Needs to Grow 145% to Close Skills Gap"

    Researchers during a new study concluded that there is a current shortage of skilled cybersecurity professionals. The researchers estimate that the current cybersecurity workforce at 2.8 million professionals, and estimates that 4.07 million professionals will be needed to close the skills gaps world wide. The 2019 (ISC)2 Cybersecurity Workforce Study also indicated a necessary cybersecurity workforce increase of 145%. In the U.S. market, the current cybersecurity workforce is estimated at 804,700 and the shortage of skilled professionals is 498,480, requiring an increase of just 62% to better defend U.S. organizations. The size of the current workforce still leaves a significant gap between the number of cybersecurity professionals working in the field and the number needed to keep organizations safe, this needs to be addressed in the future, in order to defend against the ever growing amount of cyberattacks that occur.

    Security Magazine reports: "Cybersecurity Workforce Needs to Grow 145% to Close Skills Gap"

  • news

    Visible to the public "Machine Learning: With Great Power Come New Security Vulnerabilities"

    There have been many advancements in machine learning (ML) as it has been applied in the operation of self-driving cars, speech recognition, biometric authentication, and more. However, ML models remain vulnerable to a variety of attacks that could lead to the production of incorrect output, posing a threat to safety and security. In order to bolster ML security we should conduct further research on the potential adversaries in ML attacks, the different factors that can influence attackers to target ML systems, and the different ways in which ML attacks can be executed. Using these factors, distinct ML attacks, including evasion, poisoning, and privacy attacks can be identified. This article continues to discuss the importance of understanding why and how ML attacks occur, as well as the structured approach to ML security.

    Security Intelligence reports "Machine Learning: With Great Power Come New Security Vulnerabilities"

  • news

    Visible to the public "Chinese Researchers Reveal Method to Bypass Biometric Fingerprint Scanners in Smartphones"

    Security researchers from X-Lab at Tencent gave a presentation at the GeekPwn 2019 conference in which they brought further attention to the possible circumvention of fingerprint security. The researchers claimed to have successfully bypassed biometric fingerprint scanners in Android and iOS devices through the use of fingerprint photos taken by a smartphone, recreated fingerprints, and an app that they developed. Using their method, they were able unlock three different phones, each of which contains scanning technologies with capacitive, optical, and ultrasonic sensors. This article continues to discuss the fingerprint hacking method and a security vulnerability discovered in the biometric fingerprint recognition function offered by the Samsung Galaxy S10 smartphone.

    Biometric Update reports "Chinese Researchers Reveal Method to Bypass Biometric Fingerprint Scanners in Smartphones"

  • news

    Visible to the public "Alexa, Siri, Google Assistant Smart Speakers – They're All Open to Remote Laser Attacks"

    In a new study conducted by researchers at the University of Electro-Communications in Tokyo and the University of Michigan, found a new way for hackers to affect smart devices. The new way to affect smart devices is through Light Commands. Light Commands is a vulnerability of MEMS microphones that allows attackers to remotely inject inaudible and invisible commands. Any device with MEMS (microelectromechanical systems) microphones, can be attacked using this method. These devices include: Google Assistant, Amazon Alexa, Facebook Portal, and Apple Siri. Given that many individuals use smart gadgets to control different devices in their houses, the MEMS mic vulnerability should be taken seriously. The vulnerability could allow an attacker to issue commands to do things like open a garage door, open doors protected by smart locks, or even unlock and start a Tesla that's connected to a Google account.

    ZDNet reports: "Alexa, Siri, Google Assistant Smart Speakers - They're All Open to Remote Laser Attacks"

  • news

    Visible to the public "Boeing’s Poor Information Security Posture Threatens Passenger Safety, National Security"

    Chris Kubecka, a security researcher and critical infrastructure expert, recently gave a presentation at the Aviation Cyber Security conference in London in which she discussed the threat posed by Boeing's inadequate information security practices to aviation safety and national security. According to Kubecka, one or more of Boeing's emails are infected with malware. These infected email servers are also believed to be used to obtain sensitive intellectual property such as software source code. Security failures include the public exposure of Boeing's test development network to the internet, a lack of a TLS certificate to allow encrypted web traffic via HTTPS on Boeing's official website, and more. This article continues to discuss the discoveries made surrounding Boeing's information security practices, the response to these discoveries, Boeing's vulnerability disclosure program, and aviation cybersecurity research.

    CSO Online reports "Boeing's Poor Information Security Posture Threatens Passenger Safety, National Security"

  • news

    Visible to the public "Cybersecurity: Under Half of Organizations Are Fully Prepared to Deal With Cyberattacks"

    FireEye's Cyber Trendscape 2020 report highlights thoughts from CISOs on the current cyber threat landscape. According to a study conducted by FireEye, a little under half of organizations claimed to be fully prepared to handle cyberattack or data breach, while a small number of organizations expressed that they are not ready to face such attacks at all. Efforts being made to improve the cybersecurity of organizations include the implementing security software, managing vulnerabilties, and providing security awareness training to employees. The report also emphasized that phishing remains a top threat faced by organizations as 20% of those that have experienced cyberattacks in the 12 months cited phishing as the method used in the attacks. In regard to concerns surrounding the source of attacks, a third of organizations have expressed their fear of hacking groups. This article continues to discuss key findings of the report in relation to organizations' readiness to respond to a cyberattack, in addition to security measures, top cyber threats, and the sources of cyberattacks.

    ZDNet reports "Cybersecurity: Under Half of Organizations Are Fully Prepared to Deal With Cyberattacks"

  • news

    Visible to the public "A Plan to Crowdsource Voting Machines’ Security Problems"

    The Information Technology-Information Sharing and Analysis Center (IT-ISAC), a northern Virginia infrastructure-threat clearinghouse, is exploring the possibility of creating a coordinated vulnerability disclosure (CVD) program, which would send alerts to voting system companies about security vulnerabilities in their machines. The IT-ISAC is reviewing responses from its request for information in relation to how comprehensive the CVD program should be in scope. The input touches on whether vulnerabilities should only be examined in voting machines or should there also be focus on security flaws contained by other election-related infrastructure. This article continues to discuss what is being considered in the creation of a CVD program to help voting-system manufacturers learn about vulnerabilities in their machines in addition to other efforts to improve election security.

    Defense One reports "A Plan to Crowdsource Voting Machines' Security Problems"

  • news

    Visible to the public "Are Researchers Helping Criminal Groups?"

    The tools and exploits developed and publicly released by penetration testers and security researchers are expected to continue helping adversaries launch attacks aimed at compromising targets. The public release of offensive tools used by penetration testers and security researchers are said to lead to the discovery of possible attacks and the development of mitigations that work against testers and adversaries. However, it has been found that many intrusion groups often leverage public security tools and exploits. In addition, if anyone can access public offensive tools on the Internet, attribution becomes more difficult. Penetration testers and security researchers are encouraged to provide information pertaining to detection, mitigation, and countermeasures when they release new tools and exploits to the public. This article continues to discuss the argument in support of public offensive tool releases, concerns about the negative impact that offensive research can have on enterprise security, and what should be shared in conjunction with security researchers' new offensive capabilities.

    Tech Radar reports "Are Researchers Helping Criminal Groups?"

  • news

    Visible to the public "Hackers Plead Guilty to Breach That Uber Covered up"

    The inviduals who were in charge of the the 2016 data breach of Uber, Brandon Charles Glover, 26, of Florida, and Vasile Mereacre, 23, of Toronto, pleaded guilty last week to stealing the companies' personal information that was stored on Amazon Web Services from October 2016 to January 2017 and then demanding money to destroy their copies of the data. The data of 57 million drivers and customers were stolen in the 2016 data breach. Uber not only kept the breach secret from the victims, but they also paid $100,000 in hush/delete-the-data money, as in, $50,000 to each of the two crooks. It wasn't until 10 months later, in November 2017, that Uber told riders and drivers that it had lost control of their personal information and that the data had been breached. The company not only hid the breach from those affected, but also from the Federal Trade Commission (FTC). Both the 2014 and the 2016 hacks were made possible by the same exact security fail: in both breaches, Uber's engineers left the keys of Amazon Web Services S3 cloud servers, sitting around, publicly available, on GitHub.

    Naked Security reports: "Hackers Plead Guilty to Breach That Uber Covered up"

  • news

    Visible to the public "Attackers Phish Office 365 Users With Fake Voicemail Messages"

    Hackers are switching it up in the execution of traditional phishing campaigns. Security researchers at McAfee Labs discovered the use of fake voicemails to trick unsuspecting users into revealing their credentials for Office 365 accounts to cybercriminals. Attackers have been sending phishing emails to mid-level managers and high-level managers in industries, including retail, healthcare, education, and transportation. These phishing emails contain Microsoft's logo and a malicious attachment that redirects victims to a phishing site at which they are told to login to access a voicemail message. The voicemail played to victims is said to sound legitimate. The McAfee researchers also found that these attacks are being executed through the use of three different phishing kits, available to cybercriminals via the dark web. This article continues to discuss how the new campaign works, the use of phishing kits to launch the attacks, why Office 365 users are attractive targets for phishers, and mitigation fake voicemail phishing.

    CSO Online reports "Attackers Phish Office 365 Users With Fake Voicemail Messages"

  • news

    Visible to the public "Researchers Create Quantum Chip 1,000 Times Smaller Than Current Setups"

    A tiny quantum communication chip has been developed by researchers at Nanyang Technological University, Singapore (NTU Singapore). The chip was designed to be smaller than existing quantum setups, while offering the same enhanced security expected of quantum technology. The chip offers the same superior security as other quantum setups in that it combines passwords with the delivered information to form a secure quantum key. The information and the quantum key that was integrated with it are destroyed after they have been received. As the chip requires significantly less space than current quantum communication setups, there is a possibility that more secure communication technologies can be implemented in smartphones, tablets, smart watches, and other compact devices. This article continues to discuss the size and security of the quantum communication chip as well as how quantum technology is expected to improve cybersecurity.

    Phys.org reports "Researchers Create Quantum Chip 1,000 Times Smaller Than Current Setups"

  • news

    Visible to the public  "Columbia Professor Develops a Detector That Stops Lateral Phishing Attacks"

    There has been increasing concern about the rise in lateral phishing attacks. In a lateral phishing scheme, attackers compromise legitimate email accounts inside an organization, which are then used to send phishing emails to employees within that organization. It is harder for existing email security systems to detect and stop internal phishing emails as these systems look at signals such as IP and domain reputation. According to the FBI, organizations have faced a total of more than $12 billion in losses between 2013 and 2018 because of such cyberattacks. To address this problem, Asaf Cidon and other members of the Data Science Institute at Columbia developed a machine-learning based detector to stop lateral phishing attacks. This article continues to discuss the concept and impact of lateral phishing attacks, as well as the detector developed by researchers to stop these targeted socially-engineered attacks.

    Science Daily reports "Columbia Professor Develops a Detector That Stops Lateral Phishing Attacks"

  • news

    Visible to the public "Ransomware: Average Ransom Payout Increases to $41,000"

    In a new study it has been found that in the third quarter of 2019, the average ransom amount paid was $41,198, an increase of 13 percent compared to the second quarter and a nearly six-fold increase from the third quarter of 2018. The five most-targeted industries in the third quarter were professional services, the public sector, healthcare, software services and retail. The researchers believe that the increase in ransomware payments is due to increased ransom demands being made by attackers who wield Ryuk, with the average demand increasing from $267,742 in Q2 to $377,026 in Q3. 51 percent of the intrusions in the third quarter traced to attackers accessing its network stolen remote desktop protocol credentials. Another 39 percent of ransomware outbreaks traced to phishing and 8 percent to a software vulnerability exploited by attackers.

    Bank Info Security reports: "Ransomware: Average Ransom Payout Increases to $41,000"

  • news

    Visible to the public "21 Million Stolen Fortune 500 Credentials For Sale on Dark Web"

    Geneva, Switzerland-based firm ImmuniWeb conducted a study on the availability of credentials belonging to global Fortune 500 organizations on the dark web. ImmuniWeb used its OSINT (Open Source Intelligence) technology to crawl the dark areas in which stolen credentials are being sold by cybercriminals. Machine learning models were also used to detect anomalies as well as identify fake leaks, duplicates, and more. The study revealed the availability of more than 21 million credentials from Fortune 500 companies on the dark web. A significant portion of the stolen passwords were very weak, which calls for companies to implement stronger password policies. This article continues to discuss the study and its findings on stolen credentials.

    Security Week reports "21 Million Stolen Fortune 500 Credentials For Sale on Dark Web"

  • news

    Visible to the public "Country of Georgia Suffers Widespread Cyberattack"

    Georgia, a small country at the intersection of Europe and Asia, was hit with a cyberattack that has taken down 2,000 websites and a national TV station. The coordinated attack resulted in the defacement of websites, replacing functional pages with an image of the former Georgian President, Mikheil Saakashvili. A local web-hosting provider, named Pro-Service, claimed to be responsible for this incident as one of its servers that run websites for state agencies, the private sector, and media organizations, was compromised. This article continues to discuss the cyberattack on the eastern European nation of Georgia in regard to how it took place, how Pro-Service responded to this incident, the possible motivation behind the attack, and the potential impact such attacks can have globally.

    Threatpost reports "Country of Georgia Suffers Widespread Cyberattack"

  • news

    Visible to the public "Report: 2020 is the Year Data Gets Weaponized"

    According to a report recently released by research firm Forrester, titled Predictions 2020: Cybersecurity, adversaries are expected to be ahead of security leaders in the application of artificial intelligence and machine learning technologies. Attackers will perform advanced techniques, using AI, ML, and large amounts of available data. In addition, the increased reliance on technology by companies and consumers will persuade governments to develop programs that will assist these entities in the event that they experience a significant cybersecurity incident. This article continues to discuss the threat posed by deep fakes, the estimated costs of deep fakes that will be incurred by businesses in 2020, the weaponization of data, the enhancement of attacker techniques through the use of AI and ML, as well as the expected increase in anti-surveillance technology.

    NextGov reports "Report: 2020 is the Year Data Gets Weaponized"

  • news

    Visible to the public "Two Data Leaks Expose Millions of Records"

    Two new security incidents have been discovered this past week. These security incidents, demonstrate yet again how easily millions of records can be exposed, leaving customers open to the potential of identity theft and other criminal activity. The fist incident discovered was, reported last Friday. Security researchers found an unsecured Adobe Creative Cloud database which left about 7.5 million customer records exposed for at least a week. The second incident was reported on Monday, and had affected a company called UniCredit. UniCredit is an Italian bank and financial services company. The incident involved a file generated in 2015 containing a defined set of approximately 3 million records. The two incidents exposed millions of names, email addresses as well as other information that could be used for identity theft, phishing attacks and more.

    Bank Info Security reports: "Two Data Leaks Expose Millions of Records"

  • news

    Visible to the public "Data Breach Causes 10 Percent of Small Businesses to Shutter"

    Data breaches have significantly impacted small businesses as some have been forced to file for bankruptcy or shut down. According to a report released by the National Cyber Security Alliance pertaining to a survey to which 1,008 small businesses with up to 500 employees responded, 10 percent of small businesses that have experienced a data breach went out of businesses, while 25 percent went bankrupt and 37 percent suffered a financial loss. Business leaders have expressed their awareness surrounding the possible targeting of their businesses by cybercriminals and the importance of improving their cybersecurity. However, the level of concern for cybersecurity dropped when it came to smaller businesses. This article continues to discuss key findings of the report in relation to the impact that data breaches have had on small businesses, the awareness surrounding cybersecurity among such businesses, and how prepared these businesses are to respond to data breaches or other cybersecurity incidents.

    SC Magazine reports "Data Breach Causes 10 Percent of Small Businesses to Shutter"

  • news

    Visible to the public "Cybercriminals Using Enterprise-Based Strategies For Phishing Kit Development And Deployment"

    Research conducted by Akamai Technologies found that cybercriminals are using enterprise-based development and deployment strategies to target some of the world's biggest tech brands, including Microsoft, PayPal, DHL, and Dropbox. The strategies being used by cybercriminals include phishing-as-a-Service (PaaS). The Akamai 2019 State of the Internet / Security Phishing: Baiting the Hook report highlights the advancement of phishing beyond email to social media and mobile devices, which produces a far-reaching impact on all industries. Phishing will continue to be a popular method among adversaries until personalized awareness training programs and layered defense techniques are implemented by companies. This article continues to discuss key findings of the report in regard to the evolution of phishing and the targeting of top global brands by cybercriminals in the launch of phishing attacks.

    PR Newswire reports "Cybercriminals Using Enterprise-Based Strategies For Phishing Kit Development And Deployment"

  • news

    Visible to the public "Collaboration Required to Improve Connected Medical Device Security"

    Booz Allen Hamilton and the eHealth Initiative Foundation calls for an increase in collaborative efforts to improve the security of medical devices. The Securing Medical Connected Medical Devices report done by Booz Allen and eHI emphasizes the importance of participation from all industry stakeholders in the security of the connected healthcare environment as connected medical devices have been shown to be vulnerable to cyberattacks. When cybersecurity risks are not addressed, the effectiveness of medical treatment and the well-being of patients may be impacted. This article continues to discuss key points made in the collaborative Securing Medical Connected Medical Devices report in relation to the insecurity of medical devices and how the industry can address cybersecurity challenges facing healthcare providers.

    Health IT Security reports "Collaboration Required to Improve Connected Medical Device Security"

  • news

    Visible to the public "Got an Early iPhone or iPad? Update now or Turn it Into a Paperweight"

    If you own an Apple iPhone 5, iPhone 4s or one of the early iPads with cellular connectivity, your device is about to be affected negatively by the GPS rollover problem. To avoid problems, one must update their device to iOS version 10.3.4 (iPhone 5) or version 9.3.6 (iPhone 4 and iPads), by November 3rd 2019. For users of IPads, the iPads affected are the cellular-enabled iPad mini, iPad 2, and the third-generation iPad. If the update is not completed, the phone will not be able to maintain accurate GPS location and will not be able to continue to use functions that rely on correct date and time including App Store, iCloud, email, and web browsing. Losing the GPS stops the time and date being set, which immediately causes internet synchronization problems affecting services that need to connect to remote servers.

    Naked Security reports: "Got an Early iPhone or iPad? Update now or Turn it Into a Paperweight"

  • news

    Visible to the public "Most Decision Makers Expect AI and 5G to Impact Their Cybersecurity Strategy"

    Information Risk Management (IRM) conducted a survey to which senior cybersecurity and risk management decision makers at 50 global companies within the automotive, communications, energy, finance/public sector, software/internet, transport and pharmaceuticals industry sectors responded. Findings of the survey reveal that most cybersecurity and risk management leaders expect developments in 5G wireless technology to introduce new security vulnerabilities and challenges. According to respondents, there are concerns surrounding the increased risk of attacks on Internet of Things (IoT) networks, a larger attack surface, and a lack of consideration for security in the design of 5G technology. The survey also found that most decision makers expect artificial intelligence (AI) to have a significant impact on their cybersecurity operations in the near future. This article continues to discuss the potential threat posed by 5G developments, the implementation of AI applications to improve enterprise security, why enterprises should work closely with their cybersecurity teams, and the importance of increasing cybersecurity awareness at the C-level.

    Help Net Security reports "Most Decision Makers Expect AI and 5G to Impact Their Cybersecurity Strategy"

  • news

    Visible to the public "This Old Trojan Malware Is Back With a New Trick to Help It Hide in Plain Sight"

    Researchers at Menlo Security have released details about a new variant of the Adwind remote access trojan (RAT), also known as AlienSpy and jRAT. Adwind was originally discovered in 2013 and can be accessed by cybercriminals via a malware-as-a-service platform. This malware has been used by cybercriminals to perform keylogging, unauthorized audio recording, and more. Researchers have discovered the distribution of Adwind through phishing emails, software downloads, and malicious websites. According to researchers, the latest version of Adwind is now being delivered by a JAR (Java Archive) file. In addition, it is targeting common Windows applications, including Internet Explorer and Outlook. The variant can be used to steal information such as bank credentials, business logins, and saved passwords in browsers. This article continues to discuss the Adwin RAT and its new variant's targets, delivery, and capabilities.

    ZDNet reports "This Old Trojan Malware Is Back With a New Trick to Help It Hide in Plain Sight"

  • news

    Visible to the public "Imagine the U.S. Was Just Hit With a Cyberattack. What Happens Next?"

    A panel of experts in cybersecurity and national security were given hypothetical cyberattack scenarios, including one in which unknown hackers have gained access to a gas pipeline company's computers, networks, and hardware. The experts were then asked to discuss what would happen next and the potential escalation of such incidents into a real cyberwar. According to panelists, whether an incident turns into a cyberwar depends on who is behind the launch of the attack, what their motives are, and how the U.S. responds to the attack. Panelists touched on topics, including attribution, cooperative relationships between various U.S. government agencies to find out where the attack might be executed, and the implementation of effective strategies to deter adversaries from attacking the U.S. in the cyber realm. This article continues to discuss the possibility of a cyberwar, the potential consequences of devastating cyberattacks, and responses from a panel discussion on what would be done in the event that the U.S. experiences a massive cyberattack.

    MIT Technology Review reports "Imagine the U.S. Was Just Hit With a Cyberattack. What Happens Next?"

  • news

    Visible to the public "Hackers Finding Ways to Exploit Automotive Software to Overtake Cars"

    Traditionally, cars have been considered too difficult for hackers to hack. It was also believed, that cars were not at a high risk of being hacked, because of the large amount of time and energy required for an adversary to hack a car. However, cars have recently added Wi-Fi, GPS, and other features, and the amount of attack surfaces have increased. The average car now includes thousands of pieces of hardware as well as millions of lines of code, giving cybercriminals ample opportunity to test their methods. It has been discovered that the most popular method attackers use, involves attacking a car's CAN protocol, which can give a hacker full access to all of the vehicle's functions.

    TechRepublic reports: "Hackers Finding Ways to Exploit Automotive Software to Overtake Cars"

  • news

    Visible to the public "Johannesburg Struggles to Recover From Ransomware Attack"

    It has been discovered that Johannesburg has been hit with a ransomware attack that is crippling municipal services. It was detected last Thursday and is still affecting them today. A group calling itself Shadow Kill Hackers demanded four bitcoins ($33,600) from the city by 5 p.m. on Monday, Oct. 28, threatening to post city data on the internet if the payment is not made. City Power, an electric utility owned by the city that was also hit by a similar attack in July. City Power provides electricity for Johannesburg. When attacked in July, the attack knocked out power to some residents, and many could not buy electricity from City Power, pay their utility bills or access other services.

    Bank Info Security reports: "Johannesburg Struggles to Recover From Ransomware Attack"

  • news

    Visible to the public "Browser Tool Aims to Help Researchers ID Malicious Websites, Code"

    An open-source tool, called VisibleV8, has been developed by researchers from North Carolina State University. VisibleV8 was designed to run in the Chrome browser and detect malicious Javascript programs that can circumvent malware detection systems without alerting the websites running these programs. The tool records how a Javascript program is executed in order to create a behavior profile for the site in which it is ran. The behavior profile in addition to other supporting data can then help researchers detect malicious websites as well as identity the different ways Javascript can be used to perform malicious activities. According to researchers, VisibleV8 is easy to update and can function without sacrificing browser performance. This article continues to discuss the capabilities of VisibleV8.

    EurekAlert! reports "Browser Tool Aims to Help Researchers ID Malicious Websites, Code"

  • news

    Visible to the public "Microsoft's New Plan to Defend the Code Deep Within PCs"

    Microsoft has announced a new hardware and system architecture feature, named secured-core PC. The feature for Windows will defend the foundational code, firmware, against hacking. Firmware provides instructions on how the device communicates with other computer hardware. This software has been an attractive target for hackers because it is usually written by hardware manufactures instead of operating system developers and it often lacks security. This article continues to discuss the role of firmware in computers, growing concerns surrounding the insecurity of firmware, known attacks in which firmware-hacking malware was used, the concept behind the secured-core PC feature, and what to consider in the implementation of this feature.

    Wired reports "Microsoft's New Plan to Defend the Code Deep Within PCs"

  • news

    Visible to the public "Using Physics to Keep Our Electrical Grid Safe"

    Computer security expert, Sean Peisert, and a team of researchers at Berkeley Lab are working to improve the security of the electrical grid, vehicles, manufacturing plants, and other cyberphysical systems in which physical components are merged with computing and networking. The researchers have worked with utilities and utility equipment companies on projects aimed at using the physical components of electrical grids and the physical laws that govern their function to prevent cyberattacks targeting the grids. In an interview, Peisert talked about the difference between a cyberphysical system and a computing system without a physical component, how the team uses the laws of physics to secure the electrical grid against cyberattacks, and the application of this approach to other types of computer-controlled physical systems. This article continues to discuss the team's approach to securing the electrical grid and the application of this approach beyond power grids.

    Berkeley Lab reports "Using Physics to Keep Our Electrical Grid Safe"

  • news

    Visible to the public "How Voice Assistants Follow Inaudible Commands"

    As the popularity of voice assistants continues to rise, concerns surrounding the security of speech recognition systems grow. Security researchers have discovered that it is possible for attackers to send malicious inaudible voice commands to speech recognition systems over the air. Thorsten Eisenhofer, an IT security researcher at Ruhr University of Bochum, supports the use of the MP3 principle as a countermeasure against such attacks. According to Eisenhofer, speech recognition systems should be combined with an MP3 encoder to delete any ranges that are inaudible to the human ear before they reach the systems. This method would not stop attackers from manipulating audio files, but it would prevent their attacks from being hidden. This article continues to discuss the attacks that have been demonstrated on speech recognition systems and how the security of these systems can be strengthened by using the MP3 principle.

    RUB reports "How Voice Assistants Follow Inaudible Commands"

  • news

    Visible to the public "New Tool Determines Threats to Networked 3D Printers"

    The rise in the use of industrial Internet of Things (IoT) devices has changed the way factories operate in that devices such as networked 3D printers now connect with other machines. In addition, operators can control them remotely, which increases efficiency. However, the increased connectivity of these devices has made them more vulnerable to being hacked. Hackers could execute cyberattacks against networked 3D printers to disrupt their operation or steal designs. Therefore, security researchers at Carnegie Mellon University developed a tool, named Connected 3D Printer Observer (C3PO), to identify vulnerabilities in networked 3D printers as well as the potential paths for attacks on these printers. This article continues to discuss the components of C3PO and how this new tool functions.

    CMU reports "New Tool Determines Threats to Networked 3D Printers"

  • news

    Visible to the public "Blacklisted Apps Increase 20%, Attackers Focus on Tax-Branded Key Terms"

    In a new study it has been found that in Q2 2019 there has been an increase of 20% in blacklisted apps, however the number of blacklisted apps in the Google Play Store decreased by a dramatic 59%. The percentage of blacklisted apps relative to the total number of apps known also increased jumping from 1.95% to 2.1%. 2,554,616 apps that were blacklisted were downloaded a nearly 11% increase in app downloads from Q1. Feral apps proved to be exceptionally dangerous, with a 51% blacklist rate. The research found 4,162,450 total apps matching tax-branded key terms in app stores around the world, with 30% of them, 1,221,070, blacklisted.

    Help Net Security reports: "Blacklisted Apps Increase 20%, Attackers Focus on Tax-Branded Key Terms"

  • news

    Visible to the public SoS Musings #30 - Improving Cybersecurity for Aviation

    SoS Musings #30
    Improving Cybersecurity for Aviation

  • news

    Visible to the public  "Mobile Users Targeted With Malware, Tracked by Advertisers"

    Mobile devices continue to be attractive targets for hackers as they are used everywhere. According to recent reports released by RiskIQ, Blackberry Cylance, and the Media Trust, there has been a significant rise in malicious apps being distributed via third-party app stores and in the tracking of users by advertisers. In addition, nation-state actors have enhanced their attacks on mobile devices. According to RiskIQ, the number of malicious apps that have been blacklisted by the cybersecurity company increased by 20%. Blackberry Cylance reported an advancement in the launch of Android and iOS malware by nation-state actors, including China, Iran, and North Korea. However, app stores have improved their efforts to detect malicious apps. This article continues to discuss key findings of recent reports in regard to the increase in malicious apps, nation-state attacks targeting mobile applications, tracking conducted by advertisers, and what improvements have been made in mobile security.

    Dark Reading reports "Mobile Users Targeted With Malware, Tracked by Advertisers"

  • news

    Visible to the public "Alexa and Google Home Phishing Apps Demonstrated by Researchers"

    SRL researchers built eight so-called "Smart Spies" and put them into app stores. SRL researchers were able to sneak in spyware into the applications, because third-party developers can extend the capabilities of Amazon Alexa - the voice assistant running in its Echo smart speakers - and Google Home through small voice apps, called Skills on Alexa and Actions on Google Home. Those apps they created currently create privacy issues, in that they can be abused to eavesdrop on users or to ask for their passwords. Some of the apps created kept the smart speaker listening after one thought it had gone deaf, and another app they created lied to users about there being an update they needed to install. The application would then vish (voice-phish) away the password the user supposedly needed to speak, so they can get that bogus install. Amazon and Google have been informed of the exploits and have since blocked the spying, phishing apps, and have fixed the exploits.

    Naked Security reports: "Alexa and Google Home Phishing Apps Demonstrated by Researchers"

  • news

    Visible to the public IPv6 Comes of Age Despite Growing Pains

    IPv6 Comes of Age Despite Growing Pains

    Internet Protocol Version 6 is slowly being adopted as the replacement for version 4. Touted as a more secure protocol with increased address space, portability, and greater privacy, research into this and other related protocols has increased, particularly in the context of smart grid, mobile communications, and cloud computing. For the Science of Security community, it is relevant to resiliency, composability, and policy-based governance. But despite improved features, adoption of IPv6 is proceeding at a snail's pace with the possibility it will not be universally deployed for several more decades. One must ask why the reluctance and delay?

  • news

    Visible to the public "New Alliance Aims to Scupper Cyber-attacks on Operational Technology"

    The Operational Technology Cyber Security Alliance (OTCSA) is a new global alliance aimed at improving the security of OT used in critical and industrial infrastructure. OT refers to the hardware and software used to detect or make changes by monitoring and controlling industrial devices. Cyberattacks on this technology could damage productivity, cause ecological disasters, and endanger public safety. The OTCSA will take on a multi-pronged approach to reducing the risk of cyberattacks, which includes bolstering the cyber-physical risk posture of OT environments, providing guidance to OT operators on how to maintain the security of their OT infrastructure, and supporting the implementation of critical infrastructure with a higher level of security. This article continues to discuss the OTCSA's mission, approach, and members.

    Infosecurity Magazine reports "New Alliance Aims to Scupper Cyber-attacks on Operational Technology"

  • news

    Visible to the public Cyber Scene #37 - Letting Justice Prevail Another 230 Years

    Cyber Scene #37
    Letting Justice Prevail Another 230 Years

  • news

    Visible to the public "UTSA Study Warns of Security Gaps in Smart Light Bulbs"

    Smart bulbs are expected to be among the most popular gifts this holiday season. However, smart bulbs could have security vulnerabilities that could be exploited by hackers to steal users' personal information. Therefore, researchers at the University of Texas at San Antonio conducted a study on the security vulnerabilities contained by popular smart light bulb brands. According to Murtuza Jadliwala, professor and director of the Science, Privacy, Trust and Ethics in Computing Research Lab in UTSA's Department of Computer Science, smart bulbs have infrared capabilities that could be abused by hackers steal data or spoof other Internet of Things (IoT) devices on the network to which the bulbs are connected. The infrared invisible light produced by the smart bulbs can be used by hackers to send commands that could result in the performance of these malicious activities. This article continues to discuss the increased popularity of smart bulbs, how hackers could use these bulbs to steal information, and recommendations for avoiding such attacks on smart bulbs.

    UTSA reports "UTSA Study Warns of Security Gaps in Smart Light Bulbs"

  • news

    Visible to the public "Facebook Shuts Misleading Accounts Ahead of 2020 Election"

    Facebook has announced that it has removed four networks from its platform. Three networks were connected to Iran and one from Russia. These accounts were found to be spreading misinformation related to the 2020 U.S. presidential election as well as other political events around the world. In addition to the U.S., these four networks were also targeting Facebook users in parts of North Africa as well as Latin America. The Iranian operations were relatively small and exhibited links to previous operations Facebook had already removed. The operations frequently repurposed Iranian state media content and tailored their content for particular countries they targeted around the world. The Russian operation appeared to be better funded and had links to Russia's Internet Research Agency, which has been tied by several investigations to interference in the 2016 U.S. presidential election.

    BankInfoSecurity reports: "Facebook Shuts Misleading Accounts Ahead of 2020 Election"

  • news

    Visible to the public "New Cybersecurity Bills Promote CISOs and Privacy"

    Two new cybersecurity bills, the Cybersecurity Disclosure Act of 2019 and the Mind Your Own Business Act (MYOB) of 2019, are expected to change the U.S. cybersecurity landscape if they become laws. The Cybersecurity Disclosure Act of 2019, proposed by Senator Jack Reed (D-RI), would require companies to disclose whether their board of directors has an adequate amount of cybersecurity expertise. The purpose of the Mind Your Own Business Act of 2019, introduced by Senator Ron Wyden (D-OR), is to strengthen the privacy of consumers by giving them more control over how their data is handled by organizations. The MYOB bill supports the sentencing of executives to prison for misusing Americans' data and lying about such practices to the government. This article continues to discuss the goals and requirements of the new cybersecurity bills, in addition to how the MYOB bill is stronger or weaker than the California Consumer Protection Act (CCPA).

    Security Week reports "New Cybersecurity Bills Promote CISOs and Privacy"

  • news

    Visible to the public "Stripe Targeted by Phishing Campaign"

    There has been a new phishing campaign discovered, targeting a global online payment system called Stripe. The adversaries performed the attack using an email, which resembles an official Stripe email, and sent the email out to Stripe users. The email would say that the "Details associated with account are invalid," and that urgent user intervention is required. The hackers even masked their URL so that even the more careful users would get tricked. When a victim clicked on the link the user was then taken to three websites that look almost identical to the real Stripe page. Each has a data form: one for the email and password, one for bank data and phone number, and the third one is again for username and password. Once the information is entered onto the third data form, the victim will get a "wrong username/password" message and would be redirected to the legitimate site. That way, the user wouldn't suspect a thing.

    ITProPortal reports: "Stripe Targeted by Phishing Campaign"

  • news

    Visible to the public "New Research Center Aims to Make Electronics More Secure"

    The Center for Hardware and Embedded Systems Security and Trust is the National Science Foundation's new research center aimed at protecting electronics and networked systems from being hacked, damaged, and spied on, which will be led by the University of Cincinnati (UC). The National Science Foundation, the U.S. Department of Defense, and industry leaders will work with the center to do research focused on strengthening the security of products against cyberattacks. The center's academic partners include the University of Virginia, the University of Connecticut, the University of Texas at Dallas, the University of California, and Northeastern University. This article continues to discuss the mission, support, and partners of the Center for Hardware and Embedded Systems Security and Trust.

    TechXplore reports "New Research Center Aims to Make Electronics More Secure"

  • news

    Visible to the public "Preventing Cyber Security Attacks Lies in Strategic, Third-Party Investments"

    Findings of a study conducted by Jay Simon and Ayman Omar at the American University's Kogod School of Business suggest that companies are more likely to underinvest in cybersecurity measures when they experience a data breach caused by a third-party supplier. Target, T-Mobile, and the IRS are some examples of entities that have experienced major third-party data breaches. Simon and Ayman call for companies to examine every entity that handles their data. Even if a company has implemented strong cybersecurity practices, the company is still at risk of a data breach due to third-party vendors that have weak security. This article continues to discuss key findings of the study in relation to the investment in cybersecurity measures by companies and the mitigation of risks.

    Science Daily reports "Preventing Cyber Security Attacks Lies in Strategic, Third-Party Investments"

  • news

    Visible to the public "Microsoft Launches Election Security Bug Bounty Program"

    Microsoft launched a bug bounty program for its open-source election software, called ElectionGuard, which is intended to improve the security, transparency, and accessibility of voting. The ElectionGuard is available as a software development kit (SDK). According to Jarek Stanley, a senior program manager at the Microsoft Security Response Center, the program invites security researchers, including full-time cybersecurity professionals, part-time hobbyists, and students, to find high impact vulnerabilities in the ElectionGuard SDK. Researchers are to share newly discovered vulnerabilities with Microsoft under the principle of Coordinated Vulnerability Disclosure. Microsoft's bug bounty program offers rewards, ranging from $500 to $15,000. This article continues to discuss the goals and scope of the ElectionGuard SDK and the bug bounty program launched for this product.

    MeriTalk reports "Microsoft Launches Election Security Bug Bounty Program"

  • news

    Visible to the public "Security Researchers Expose New Alexa and Google Home Vulnerability"

    Security researchers at SRLabs discovered a new vulnerability that impacts Amazon Alexa and Google Home. The exploitation of this vulnerability could allow hackers to secretly listen in on users and execute phishing attacks in which users are asked for their Google account passwords. Researchers developed malicious Alexa skills and Google Home actions that posed as apps for checking horoscopes. According to researchers, there is a flaw in both voice assistants that can allow them to continue listening to users after they have performed their initial commands. Security experts call on Google and Amazon to strengthen their security-vetting processes for third-party apps as hackers can hide malicious code in their software. This article continues to discuss the vulnerability and how researchers demonstrated its exploitation, along with Amazon's response to this discovery.

    The Verge reports "Security Researchers Expose New Alexa and Google Home Vulnerability"

  • news

    Visible to the public "Prevention Better Than Cure at Keeping Young Users From Getting Involved in Cybercrime"

    A new study conducted by researchers from the University of Cambridge and the University of Strathclyde explored the different ways in which law enforcement attempts to prevent young people from engaging in cybercrime to see how effective these methods are. According to the findings of this study, the removal of infrastructure and the launch of highly-targeted messaging campaigns by law enforcement are effective at reducing cyberattacks over a longer period of time as opposed to high-profile arrests and convictions of cybercriminals. Booter services refer to services offered by cybercriminals to those seeking to easily execute denial-of-service (DoS) attacks. These services are often used by gaming site users to attack each other. Researchers looked at how certain law enforcement interventions impacted the volume of DoS attacks. This article continues to discuss how the study was performed by researchers and what the results of this study suggest.

    The University of Cambridge reports "Prevention Better Than Cure at Keeping Young Users From Getting Involved in Cybercrime"