News Items

  • news

    Visible to the public "Is Your Smart Watch Sharing Your Data?"

    Users may be unaware of the exchange of data that household Internet of Things (IoT) devices, such as the Ring doorbell, Peloton exercise bike, and Nest thermostat conduct with other devices and systems over the network. These devices store various types of information about a user that could be considered highly private such as their height, weight, and schedule. IoT manufacturers use data to improve their future products. However, users want to be assured about the security of their private information. Missouri S&T researchers propose the improvement of the Machine Learning (ML) technique, federated learning, to maintain the accuracy of IoT-collected data, while protecting the data from attacks or invasions of privacy. They are designing new federated learning algorithms with data privacy and accuracy in mind. This article continues to discuss companies' use of IoT-collected data to improve their products, the importance of securing this data, the concept of federated learning, and the development of new federated learning algorithms to preserve the accuracy, privacy, and security of IoT data.

    Missouri S&T reports "Is Your Smart Watch Sharing Your Data?"

  • news

    Visible to the public "Exposed Database Reveals 100K+ Compromised Facebook Accounts"

    Researchers have discovered an exposed ElasticSearch database used by cybercriminals that revealed a global attack that compromised Facebook accounts. The unsecured database was used by fraudsters to store the usernames and passwords of at least 100,000 victims. The adversaries behind the scam were tricking Facebook victims into providing their account login credentials by using a tool that pretended to reveal who was visiting their profiles. The adversaries then used the stolen login credentials to share spam comments on Facebook posts via the victim's hacked account, directing people to their network of scam websites. These fake websites all eventually led to a fake Bitcoin trading platform.

    Threatpost reports: "Exposed Database Reveals 100K+ Compromised Facebook Accounts"

  • news

    Visible to the public "DoD Must Expand Its Mission-Critical Cybersecurity Focus to Include Connected Weapons"

    The 2020 Association of the United States Army (AUSA) Annual Meeting and Exposition presented various systems that will be available to the nation's military, many of which will be smart, connected weapons. The expected battlefield advantages offered by these systems are accompanied by cybersecurity risks. According to a report released by the Government Accountability Office (GAO) about two years ago, security researchers at the Department of Defense (DoD) were able to gain access to almost all major weapons systems currently in use or development. The results from this analysis call on the Pentagon and the private sector to enhance security for connected weapons. This article continues to discuss the issues highlighted by the GAO's 2018 report, gaps in the security of connected weapons, and the importance of protecting our modern defense system from cyberattacks.

    NextGov reports "DoD Must Expand Its Mission-Critical Cybersecurity Focus to Include Connected Weapons"

  • news

    Visible to the public "Ransomware Incidents in Manufacturing Grow as Transparency, and Attack Options, Increase"

    According to the industrial security company Dragos, the number of documented ransomware incidents experienced by organizations in the manufacturing sector has increased significantly in 2020. Attackers continue to discover new ways to disrupt operations at facilities through IT networks and software. Dragos' findings reveal that ransomware incidents have more than tripled this year compared to last year. The increased transparency in incident reporting and the rise in opportunities among criminals who know how to take organizations down are two factors that contribute to these findings. In June, a ransomware attack faced by Honda highlighted a trend in the use of ransomware with code capable of disrupting software behind industrial processes. This article continues to discuss the growth in ransomware incidents at manufacturing organizations, the impact of such attacks, and state-linked hacking groups' interest in the manufacturing sector as grounds for testing their offensive tools.

    CyberScoop reports "Ransomware Incidents in Manufacturing Grow as Transparency, and Attack Options, Increase"

  • news

    Visible to the public Black Friday and Cyber Monday Scams

    Black Friday and Cyber Monday scams

    When you're shopping for a good deal this Black Friday and Cyber Monday be on alert for scammers as well. Hackers are looking to cash in on the rise in online holiday shoppers by sending out a swarm of phishing emails that look enough like the ones from legitimate stores to cause a lot of confusion. Consumers be wary of links in emails that could send you to a scam site.

    #ScienceofSecurity #cybersecurity #BlackFriday

    https://threatpost.com/scams-black-friday-cybercriminal-craze/161239/

  • news

    Visible to the public "Encryption Vulnerabilities Allow Hackers to Take Control of Schneider Electric PLCs"

    Schneider Electric has released advisories about four vulnerabilities found in Modicon M221 Programmable Logic Controllers (PLCs). These vulnerabilities were discovered by researchers at Claroty and Trustwave. According to blog posts published by the cybersecurity firms, three of the security holes are rated high in severity and are associated with encryption and authentication. The exploitation of the vulnerabilities requires the attacker to have already established a foothold on the Operational Technology (OT) network. The circumvention of authentication protections and manipulation of the PLC can allow attackers to take over PLC actions, potentially resulting in control system failures or the compromise of systems' safety. This article continues to discuss the vulnerabilities discovered in Schneider Electric PLCs regarding their exploitation and potential impact.

    Security Week reports "Encryption Vulnerabilities Allow Hackers to Take Control of Schneider Electric PLCs"

  • news

    Visible to the public "ML Tool Identifies Domains Created to Promote Fake News"

    Researchers at UCL and other institutions have collaborated to develop a machine learning tool that identifies new domains created to promote false information so that they can be stopped before fake news can be spread through social media and online channels. In a new study, the machine-learning model was applied to domain registration data and allowed the tool to correctly identify 92 percent of the false information domains and 96.2 percent of the non-false information domains set up in relation to the 2016 US election before they started operations.

    Help Net Security reports: "ML Tool Identifies Domains Created to Promote Fake News"

  • news

    Visible to the public "Honour Among Thieves: The Study of a Cybercrime Marketplace in Action"

    Researchers at the Cambridge Cybercrime Center conducted a study on an underground cybercrime forum. They collected and examined data on illicit trades from HackForums, the largest and most popular online cybercrime community. Online underground forums such as HackForums are used to trade illicit material and share knowledge. These forums support various cybercrimes as they allow members to engage in criminal activities such as performing Denial-of-Service (DoS) attacks, distributing malware, and more. The study of HackForums provides insight into the contracts made in these forums to prevent trades from being abused and to ensure that members are not being scammed. The researchers are continuing the study to see how the marketplace evolves during the second COVID-19 lockdown in the UK. This article continues to discuss the discoveries made from the analysis of illicit trades on HackForums.

    The University of Cambridge reports "Honour Among Thieves: The Study of a Cybercrime Marketplace in Action"

  • news

    Visible to the public "Cyber Skills Gap Shrinks, but Lack of Talent Remains Major Risk Factor"

    According to the International Information System Security Certification Consortium ((ISC)2), there has been a year-over-year reduction in the global cybersecurity workforce gap. The gap has shrunk from 4 million to 3.1 million. The (ISC)2 annual Cybersecurity Workforce Study shows an improvement in the U.S. cybersecurity workforce, with the number of open jobs decreasing from 498,000 to 359,236, and the number of actively employed cyber professionals being 879,157. However, CyberSeek recently reported a widening of the U.S. cybersecurity skills gap from 508,000 unfilled positions and 922,720 employed professionals between June 2019 and May 2020 to 521,617 available jobs and 941,904 employed professionals between October 2019 and September 2020. Despite the difference in methodologies used to measure the cyber skills gap, it is agreed that the shortage in cyber professionals remains significant, leaving digital privacy and infrastructure security at risk. This article continues to discuss recent findings surrounding the cybersecurity talent gap, the different methods used to measure this gap, and the importance of addressing the cyber talent shortage.

    SC Media reports "Cyber Skills Gap Shrinks, but Lack of Talent Remains Major Risk Factor"

  • news

    Visible to the public "Microsoft Advises Users to Stop Using SMS- And Voice-Based MFA"

    Multi-factor authentication (MFA) is better than relying just on a password for security. The rate of compromise of accounts using any type of MFA was less than 0.1% last year. Researchers at Microsoft are advising people to avoid using authentication factors being delivered via SMS and voice calls and state that there are safer and more reliable ways to get additional authentication factors. The researchers stated that SMSes and phone calls were designed without encryption and can be intercepted by adversaries. The researchers also stated that support agents at companies operating publicly switched telephone networks can be tricked, bribed, or coerced by attackers to provide access to the victims' SMS or voice channel.

    Help Net Security reports: "Microsoft Advises Users to Stop Using SMS- And Voice-Based MFA"

  • news

    Visible to the public "Cybercriminal Offers Email Implant Software That Dodges Traditional Security Platforms"

    The cybersecurity firm Gemini Advisory recently released information about a tool called the Email Appender advertised by a hacker on a dark web forum. According to Gemini Advisory, this tool raises the success rate of malware attacks as it allows cybercriminals to implant malicious emails instead of sending them. The Email Appender software can enable malicious emails to circumvent security platforms implemented to inspect messages as they travel to their destination server. Cybercriminals can use this software to increase the sophistication of phishing and Business Email Compromise (BEC) campaigns. Gemini Advisory's director of research suggests enabling multi-factor authentication on email accounts to render Email Appender ineffective. This article continues to discuss the Email Appender tool regarding its advertisement and operation, as well as how users can protect themselves against this malicious software.

    CyberScoop reports "Cybercriminal Offers Email Implant Software That Dodges Traditional Security Platforms"

  • news

    Visible to the public "Double Patterns Could Advance Android Device Security"

    Researchers at George Washington University have discovered that the security of Android devices can be significantly enhanced using two unlock patterns rather than the current single-pattern method. According to the researchers, using multiple patterns to unlock an Android phone may provide more security than the 4- and 6- digit PIN unlocking method used for Apple devices. More than 600 mobile device users participated in a survey in which they were asked to evaluate the usability and security of double patterns. The researchers found that double pattern entry speeds were similar to single pattern entry speeds. The study also found that double patterns were as easy to recall as the single pattern. In addition, establishing blocklists to prohibit the use of easy-to-guess patterns would also improve security. This article continues to discuss the implementation of double patterns to improve Android device security and the research behind this suggested approach.

    The George Washington University reports "Double Patterns Could Advance Android Device Security"

  • news

    Visible to the public "PLATYPUS Reveals New Vulnerabilities Discovered in Intel Processors"

    A team of security researchers is conducting a project called PLATYPUS. They are presenting a new method for enabling power-side channel attacks. These attacks exploit power fluctuations to gain access to cryptographic keys and other sensitive data. The researchers have demonstrated a method for executing such attacks without the need for physical access to the target devices. Their method can be used on desktop PCs, laptops, as well as cloud computing servers from Intel and AMD. PLATYPUS attacks show that power side channels pose a threat not only to small, embedded devices but also to processors in laptops and servers. The team combined two techniques in their attacks. The first technique involves using the Running Average Power Limit (RAPL) interface built into Intel and AMD CPUs to monitor devices' energy consumption. The second involves the misuse of Intel's security function Software Guard Extensions (SGX). This article continues to discuss the approaches behind the team's PLATYPUS attacks and the security solutions developed to address those attacks.

    The University of Birmingham reports "PLATYPUS Reveals New Vulnerabilities Discovered in Intel Processors"

  • news

    Visible to the public "Minecraft Apps on Google Play Fleece Players Out of Big Money"

    Researchers at Avast have discovered, 7 mobile apps on Google Play that are meant to fool users into spending hundreds of dollars per month by offering skins, wallpapers, and game mods for Minecraft and other games at super-premium prices. The apps start with a free trial but then automatically and quietly start charging up to $30 per week. The charges are added to the phone bill. The researchers state that fraudsters expect the user to forget about the installed application and its short trial or hope that the victim overlooks the real subscription cost. Scams of this nature also take advantage of those who do not read the fine print details when downloading an application. In this case, young children are particularly at risk because they may think they are innocently downloading a Minecraft accessory. Avast reported the seven apps to Google, but they are still active at the moment. Five of the applications had more than a million downloads each, and the other two have more than 100,000 installs.

    Threatpost reports: "Minecraft Apps on Google Play Fleece Players Out of Big Money"

  • news

    Visible to the public "Ragnar Locker Ransomware Gang Takes Out Facebook Ads in Key New Tactic"

    Researchers have discovered that following a ransomware attack against Italian liquor conglomerate Campari on November 3rd, the Ragnar Locker group has created Facebook ads threatening to release stolen data to add additional pressure on its latest high-profile victim to pay the ransom. The Campari Group is behind many global brands, including SKYY, Grand Marnier, and Wild Turkey. The Facebook ads threaten to release the 2TB of sensitive data stolen during the ransomware attack unless the $15 million ransom is paid in Bitcoin. This is a new spin on the double-extortion ransomware tactic.

    Threatpost reports: "Ragnar Locker Ransomware Gang Takes Out Facebook Ads in Key New Tactic"

  • news

    Visible to the public The science on password security vs usability

    Researchers at Carnegie Mellon University's CyLab Security and Privacy Institute have developed a science-based policy for creating passwords that balances security and usability.

  • news

    Visible to the public Vanderbilt Digital Nights

    Vanderbilt Digital Nights is a series of free hands-on workshops organized by the CTLI at Vanderbilt where participants will create fun computer programs. The event is targeted at high school students who want to explore what computer science is all about, but interested teachers and parents are also welcome.

  • news

    Visible to the public Introducing the first issue of the NSF CISE Newsletter

    On November 10, 2020 the National Science Foundation released the first Computer & Information Science and Engineering (CISE) newsletter.

  • news

    Visible to the public "New Tool Can Check for Data Leakage From AI Systems"

    Artificial Intelligence (AI) helps companies power many applications, such as those used to improve marketing strategies, recommendation services, and health services. Although AI offers many benefits, security and privacy researchers have discovered the vulnerability of AI models to inference attacks that allow hackers to extract sensitive information about the original training dataset. Inference attacks are performed by repeatedly making the AI service generate information and then analyzing the patterns in the data that can be used to infer if a specific type of data was used to train the AI program. Hackers can reconstruct the original dataset used to train the AI service by performing such attacks. Assistant Professor Reza Shokri and his team at the National University of Singapore developed an open-source tool called the Machine Learning Privacy Meter (ML Privacy Meter) that organizations can use to determine if their AI services are vulnerable to inference attacks. This article continues to discuss the performance of inference attacks against AI models and the ML Privacy Meter developed to assess the risk of these attacks.

    NUS reports "New Tool Can Check for Data Leakage From AI Systems"

  • news

    Visible to the public "Cadbury Social Media Scammers Take Chocoholics for a Ride"

    A fake Facebook Group has been discovered and is being used to trick social media users into divulging their personal and financial details to win free Cadbury chocolate. Various posts from the group claim that the chocolate-maker, now owned by multinational Mondelez, is sending a hamper to everyone who replies before midnight as part of a celebration of its 126 years in business. In reality, the company is 196 years old, having been founded in 1824. Victims are urged to click through, where they will be taken to a Cadbury-branded phishing page to enter a name, home address, phone number, email address, and bank card details. The campaign seems to have been launched over the weekend and already has hundreds of comments and nearly 2000 likes.

    Infosecurity reports: "Cadbury Social Media Scammers Take Chocoholics for a Ride"

  • news

    Visible to the public 

    Researchers at Zscaler analyzed 6.6 billion security threats in a new study and discovered that there had been a 260% increase in the use of encrypted traffic to "hide" attacks during the first nine months of 2020. They also found that the use of ransomware increased by 500%. The most prominent malware variants found were FileCrypt/FileCoder, followed by Sodinokibi, Maze, and Ryuk.

    Infosecurity reports: "Malicious Use of SSL Increases as Attackers Deploy Hidden Attacks"

  • news

    Visible to the public "Insecure APIs a Growing Risk for Organizations"

    Application Programming Interfaces (APIs) face the same vulnerabilities as regular web applications. According to Forrester Research, as APIs enable direct external access to transaction updates and mass data, they are subjected to more threats than regular web applications. In a report discussing the security issues associated with API use, the analyst firm emphasized the growing frequency of API breaches. Originally, most organizations used APIs in a secure private network or accessed them via secure communications channels. However, organizations are increasingly using APIs to enable partners, suppliers, customers, and others, to access internal applications and data. This article continues to discuss the concept of APIs, the most common use cases for APIs, the root of many of the security issues surrounding them, and measures that organizations can take to improve API security.

    Dark Reading reports "Insecure APIs a Growing Risk for Organizations"

  • news

    Visible to the public "Vulnerabilities Affect 100,000 Sites Using WordPress Plugin"

    Three critical privilege-escalation vulnerabilities were discovered in a WordPress plugin, impacting 100,000 websites. Wordfence's Threat Intelligence Team detected the flaws in Ultimate Member, which is a free user profile WordPress plugin that supports the creation of online communities and membership sites as it allows site owners to set custom roles and manage site members' privileges. The flaws found in this plugin could allow an attacker to elevate their privileges to perform administrative tasks, thus allowing them to take full control of a WordPress site. With this administrative access, the attacker can take the site offline, infect the site with malware, and more. Businesses are encouraged to be more aware of the risks posed by third-party WordPress plugins, as well as to implement web application firewalls to secure their websites and apply client-side visibility solutions to uncover malicious code on their sites. This article continues to discuss the abuse and impact of the privilege-escalation vulnerabilities found in the WordPress Ultimate Member plugin, and what organizations should do to protect their websites.

    Infosecurity Magazine reports "Vulnerabilities Affect 100,000 Sites Using WordPress Plugin"

  • news

    Visible to the public $100 million ‘Destination Vanderbilt’ initiative launched to recruit top faculty, address essential challenges

    Sep. 23, 2020, 10:00 AM

    Vanderbilt University today launched Destination Vanderbilt, a $100 million university excellence initiative to recruit new faculty. Over the next two to four years, the university will leverage the investment to recruit approximately 60 faculty who are leaders and rising stars in their fields.

    Chancellor Daniel Diermeier (John Russell/Vanderbilt)

  • news

    Visible to the public "New Tool Detects Unsafe Security Practices in Android Apps"

    Computer scientists at the Columbia University developed a new tool called CRYLOGGER to detect when an Android app is misusing cryptography. The tool detects whether an Android app violates guidelines set by expert cryptographers and organizations such as the National Institute of Standards and Technology (NIST) and the Internet Engineering Task Force (IETF) in which security standards are defined to secure sensitive data. Android apps are supposed to use cryptographic algorithms to make users' sensitive data, such as credit card numbers, passwords unintelligible, thus maintaining their security. However, app and library developers can misuse the Application Programming Interfaces (APIs) of cryptographic algorithms through parameter misconfiguration as well as the use of weak passwords and constant keys. CRYLOGGER can analyze closed-source apps without modifying an app's code, examine the actual parameters used by an app, detect when two apps are communicating insecurely, and more. This article continues to discuss the development, capabilities, and testing of CRYLOGGER.

    Columbia Engineering reports "New Tool Detects Unsafe Security Practices in Android Apps"

  • news

    Visible to the public "Apple Releases Patches for 3 iOS Zero-Days That Hackers Used for Targeted Attacks"

    Apple has released patches for three critical vulnerabilities discovered in its software used for iPhones, iPads, and iPods. Two of the critical bugs impact the core of the device's operating system called the kernel, responsible for handling interactions between hardware and software. According to Google's team of security researchers, known as Project Zero, attackers have actively exploited these vulnerabilities to infiltrate a device's operating system and steal data. Apple users are urged to update their software immediately. This article continues to discuss the impact and exploitation of critical bugs found in Apple's software, the company's efforts to improve the security of its devices, and Project Zero's previous discoveries of significant iOS vulnerabilities.

    CyberScoop reports "Apple Releases Patches for 3 iOS Zero-Days That Hackers Used for Targeted Attacks"

  • news

    Visible to the public "SwRI Hacks Electric Vehicle Charging to Demonstrate Cybersecurity Vulnerabilities"

    Engineers at Southwest Research Institute simulated an attack on the charging process of an electric vehicle (EV) to bring further attention to the cybersecurity vulnerabilities associated with EV charging. They reverse-engineered the signals and circuits on an EV and a J1772 charger. Using a spoofing device developed with inexpensive hardware and software, the SwRI team were able to disrupt EV charging. The man-in-the-middle (MITM) device can spoof signals between a vehicle and a charger. The team demonstrated the possibility of limiting the rate at which an EV is charged, blocking battery charging, and overcharging. The purpose of this project is to identify potential threats facing common EV charging hardware as the adoption of EVs continues to grow. This article continues to discuss the SwRI team's demonstrated hacks on the EV charging process, the MITM device used to perform these hacks, the future of this research, the expected growth in vehicle electrification, and the importance of unveiling the cybersecurity-related issues of charging infrastructure.

    The Southwest Research Institute reports "SwRI Hacks Electric Vehicle Charging to Demonstrate Cybersecurity Vulnerabilities"

  • news

    Visible to the public "Millions of Hotel Guests Worldwide Caught Up in Mass Data Leak"

    A widely used hotel reservation platform called Cloud Hospitality has exposed 10 million files related to guests at various hotels worldwide, thanks to a misconfigured Amazon Web Services S3 bucket. Cloud Hospitality is used by hotels to integrate their reservation systems with online booking websites. The incident has affected 24.4 GB worth of data in total. The number of people exposed is likely well over 10 million, researchers said. The records included full names, email addresses, national ID numbers of hotel guests, phone numbers of hotel guests, card numbers, cardholder names, CVV, expiration dates, and reservation details. The exposure affects many platforms, with data related to reservations made through Amadeus, Booking.com, Expedia, Hotels.com, Hotelbeds, Omnibees, Sabre, and more.

    Threatpost reports: "Millions of Hotel Guests Worldwide Caught Up in Mass Data Leak"

  • news

    Visible to the public New Compliance Audit Readiness Assment for cybersecurity

    New Cybersecurity Assessment tool

    KnowBe4 provides a free cybersecurity compliance tool called CARA--the Compliance Audit Readiness Assessment tool. The assessment is in line with the Cybersecurity Maturity Model Certification.

    https://www.infosecurity-magazine.com/news/knowbe4-launch-free-compliance-tool/

    #cybersecurity #ScienceofSecurity

  • news

    Visible to the public "New Cyber Technologies Protect Utility Energy Delivery Systems"

    Researchers from the Pacific Northwest National Laboratory (PNNL) worked with utility advisors and companies specializing in vulnerability identification to develop two new web-based tools aimed at mitigating cybersecurity vulnerabilities in operational technologies. The first tool, called Mitigation of Externally Exposed Energy Delivery Systems (MEEDS), helps utilities monitor and quickly identify internet-connected control system devices and their known vulnerabilities. PNNL's second tool, called Safe, Secure Autonomous Scanning Solutions for Energy Delivery Systems (SSASS-E), identifies vulnerabilities contained by energy delivery systems that can emerge within a utility's firewall. This article continues to discuss the capabilities of MEEDS and SSASS-E.

    PNNL reports "New Cyber Technologies Protect Utility Energy Delivery Systems"

  • news

    Visible to the public "Ransomware Attack Toys With Mattel Systems, Data"

    Mattel, one of the largest toy manufacturers in the world, recently fell victim to a ransomware attack in July on its information technology systems. The attack temporarily impacted its business functions. However, no data regarding business operations, retail customers, suppliers, consumers, or employees was stolen by the operators behind the attack. As the holiday season approaches, the number of ransomware campaigns are expected to increase. Adversaries will see retailers' reliance on online business as an opportunity to execute more attacks. If attackers can disrupt shopping-related events such as Black Friday and Cyber Monday, organizations would be more willing to pay demanded ransoms. This article continues to discuss the ransomware attack on Mattel's systems and the expected rise in ransomware attacks against organizations during the holiday shopping season.

    SC Media reports "Ransomware Attack Toys With Mattel Systems, Data"

  • news

    Visible to the public "1 in 4 Cyberattacks Handled by U.K.'s NCSC Were Related to COVID-19"

    The United Kingdom's National Cyber Security Center's (NCSC) annual threat report revealed that U.K. organizations experienced an average of 60 cyberattacks per month from September 2019 to August 2020. The NCSC's defense system stopped more than 15,000 COVID-19 related malicious campaigns. According to the report, one in four security incidents handled by the NCSC involved the exploitation of the pandemic. This article continues to discuss the COVID-19 related cyberattacks handled by the U.K.'s NCSC and the organization's work to help frontline healthcare providers defeat cyber threats.

    CISOMAG reports "1 in 4 Cyberattacks Handled by U.K.'s NCSC Were Related to COVID-19"

  • news

    Visible to the public "In Q2 2020, There Was an Average of 419 New Threats Per Minute"

    In a new report released by McAfee researchers examining cybercriminal activity related to malware and the evolution of cyber threats in Q2 2020. The researchers found there was an average of 419 new threats per minute as overall new malware samples grew by 11.5%. The researchers also found that in Q2, there was a 605 percent increase in COVID-19 related attack detections compared to Q1. The researchers also found that Donoff played a critical role in driving the 689 percent surge in PowerShell malware in Q1 2020.

    Help Net Security reports: "In Q2 2020, There Was an Average of 419 New Threats Per Minute"

  • news

    Visible to the public "A Hacker Is Threatening to Leak Patients' Therapy Notes"

    There has been a rise in ransomware attacks against large companies and critical organizations such as those that provide medical care. A hacker is currently threatening to publicly release data stolen from Finland's health care and mental health services provider Vastaamo. The data contains sensitive information, including therapy notes. The investigation of this situation revealed that Vastaamo had at least one unsecured database containing patient information, which was breached in November 2018 and possibly in mid-March 2019. Although the number of affected patients remains unknown, the National Bureau of Investigation said that tens of thousands might be impacted. The hacker behind the extortion campaign has demanded around $530,000 worth of Bitcoin from Vastaamo. This article continues to discuss the extortion campaign targeting Finland's Vastaamo mental health services provider, the response to this incident, the different forms of data extortion attacks, and other examples of patient data being used in extortion schemes.

    Wired reports "A Hacker Is Threatening to Leak Patients' Therapy Notes"

  • news

    Visible to the public "World's Fastest Open-Source Intrusion Detection Is Here"

    Researchers in Carnegie Mellon University's CyLab have developed the fastest open-source intrusion detection system. The system achieves speeds of 100 gigabits per second using a single server with five processor cores. The success behind the performance of the CMU team's intrusion detection system is attributed to a Field-Programmable Gate Array (FPGA), which is a flexibly programmable integrated circuit. CMU researchers programmed the FPGA specifically for intrusion detection and wrote significantly fast algorithms that cannot run on traditional processors. The FPGA processes an average of 95 percent of data packets by itself when placed in the network, while the central processing units take on the other five percent when the FPGA becomes overwhelmed. As a result, the intrusion detection system saves more energy as it uses 38 times less power by using an FPGA than 100-700 processor cores would to perform the same tasks. This article continues to discuss the development, efficiency, and availability of the CMU team's intrusion detection system.

    CyLab reports "World's Fastest Open-Source Intrusion Detection Is Here"

  • news

    Visible to the public "Google Forms Abused to Phish AT&T Credentials"

    Security researchers have discovered that adversaries are using phishing attacks that leverage Google Forms as a landing page to collect victims' credentials. The forms masquerade as login pages from more than 25 different companies, brands, and government agencies. So far, the researchers have discovered 265 different Google Forms used in these attacks, which are likely sent to victims via email (using social engineering tactics). More than 70 percent of these forms purported to be from AT&T. However, there are other big brands, including Citibank, Capital One, Microsoft OneDrive, Outlook, and Internal Revenue Service (IRS). The forms were not detected as phishing using most common industry techniques since it used a high-reputation domain established several years ago and used a valid SSL certificate. Google forms state automatically at the base of each form to "never submit passwords via Google forms." However, the researchers stated that many victims evidentially ignore the warning.

    Threatpost reports: "Google Forms Abused to Phish AT&T Credentials"

  • news

    Visible to the public "Paying a Ransom to Prevent Leaking of Stolen Data is a Risky Gamble"

    Researchers at Coveware found that recently ransomware groups are targeting larger enterprises more frequently. The average payment for ransomware attacks has increased by 31 percent in Q3 2020 (reaching $233,817). The researchers suggest that organizations never pay the ransom. The researchers also found that improperly secured Remote Desktop Protocol (RDP) connections and compromised RDP credentials are the most prevalent way for ransomware gangs to get into an organization's system, followed by email phishing and software vulnerabilities.

    Help Net Security reports: "Paying a Ransom to Prevent Leaking of Stolen Data is a Risky Gamble"

  • news

    Visible to the public "Ransom Payment No Guarantee Against Doxxing"

    According to Coveware's analysis of ransomware attack data during the third quarter of the year, organizations that paid threat actors' demanded ransom were often doxxed and ordered to pay more. Doxxing refers to the public broadcasting of private or identifying information belonging to an individual or organization. For example, victims of the Sodinokobi ransomware group were hit with additional demands for more money, weeks after paying to prevent the release of the same dataset. The operators behind Netwalker and Mespinoza ransomware posted data from companies that had paid a ransom so that the data would not be released to the public. This article continues to discuss incidents in which organizations are doxxed by attackers despite paying the demanded ransom, the expected growth in cyber extortion, and the increase in attacks targeting big organizations.

    Dark Reading reports "Ransom Payment No Guarantee Against Doxxing"

  • news

    Visible to the public "Researchers Recover 75,000 'Deleted' Files From Pre-Owned USB Drives"

    During a study on the risks posed by selling Universal Serial Bus (USB) drives on the internet, cybersecurity researchers from Abertay University were able to retrieve 75,000 deleted files from pre-owned USB drives purchased on a popular online auction site. Many of the files recovered from the drives are highly sensitive in that they include passwords, contracts, bank statements, tax returns, images with embedded location data, and more. A malicious buyer could easily retrieve files from used USB drives with publicly available forensic tools. They can perform harmful activities using recovered information, such as stealing money from bank accounts or extortion. This article continues to discuss the researchers' recovery of deleted files from used USB drives, how malicious actors could use the information retrieved from these drives, and the importance of permanently wiping USB devices before selling or discarding them.

    Abertay University reports "Researchers Recover 75,000 'Deleted' Files From Pre-Owned USB Drives"

  • news

    Visible to the public "34M Records From 17 Companies Up For Sale In Cybercrime Forum"

    Researchers have recently discovered 34 million user records on an underground sales forum, which the cybercriminals claim are from 17 different corporate data breaches. The records came up for sale last week, and the theft appears to be the work of a single person or group. The affected companies are a widely diverse set of targets and are from around the world. The affected companies include Apps-builder.com, Athletico, Cermati, Clip, Coupontools.com, Eatigo, Everything5pounds.com, Fantasy Crunche, Game24h, Geekie, Invideo, Katapult, RedMart, Toddycafe, W3layouts, Wedmegood, and Wongnai.

    Threatpost reports: "34M Records From 17 Companies Up For Sale In Cybercrime Forum"

  • news

    Visible to the public "Creating a National Network of Cybersecurity Institutes"

    The Critical Infrastructure Resilience Institute (CIRI) has been awarded $2 million by the Department of Homeland Security (DHS) Science and Technology Directorate (S&T) and the Cybersecurity and Infrastructure Security Agency (CISA). CIRI is one of the DHS S&T Centers of Excellence (COEs) led by the University of Illinois at Urbana-Champaign (UIUC). Through this funding, CIRI will develop a plan for CISA to build a national network of cybersecurity institutes. These institutes will educate and train cybersecurity professionals to help reduce the cybersecurity workforce gap. CIRI will collaborate with Auburn University, Purdue University, and the University of Tulsa to develop the plan, based on an academic hub-and-spoke model, for building this network of cybersecurity institutes. This article continues to discuss the growing cybersecurity workforce shortage and the award given to CIRI to develop a plan to create a national network of institutes to cultivate the skills of cybersecurity professionals.

    Homeland Security News Wire reports "Creating a National Network of Cybersecurity Institutes"

  • news

    Visible to the public "Election Day Was Hack Free, but Cybersecurity Officials Are Still Bracing for Attacks"

    Officials from the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) revealed that no cyberattacks were detected on Election Day. According to officials from CISA and the NSA, cyberattack attempts were significantly quieter on the 2020 Election Day than that of 2016 and 2018. However, concerns remain as hackers could still attempt to undermine the credibility of the voting process over the next several days as votes continue to be counted. Cybersecurity officials are still bracing for disinformation campaigns or attacks on social media platforms aimed at undermining the process. Although CISA can monitor cybersecurity via sensors and reports from local election officials, controlling disinformation is a different challenge. This article continues to discuss the lack of an apparent cyberattack on Election Day, the shift in the attack surface from the voting process, how CISA is addressing disinformation, and major incidents that have ignited the importance of election security.

    CNET reports "Election Day Was Hack Free, but Cybersecurity Officials Are Still Bracing for Attacks"

  • news

    Visible to the public "Ransomware Alert as Emotet Detections Surge 1200%"

    Researchers at HP Inc. have discovered attacks using the Emotet Trojan soared by over 1200 percent from Q2 to Q3 of this year. Emotet is often used as a loader, providing access to third-party threat groups to deploy secondary TrickBot and QakBot infections as well as human-operated ransomware. According to current patterns, a senior malware analyst is warning that Emotet will likely appear in weekly spam runs until early 2021.

    Info Security reports: "Ransomware Alert as Emotet Detections Surge 1200%"

  • news

    Visible to the public HotSoS 2020 Summary Report

    Hot Topics in the Science of Security (HotSoS) 2020


  • news

    Visible to the public "Cyber-Criminals Target Zoom Users"

    The Bitdefender Antispam Antispam Lab has detected a new cyber-extortion campaign targeting those using the video-conferencing Zoom while undressed. A quarter of a million people have received an email claiming to have footage of them in compromising positions while using Zoom. The email threatened victims to pay a $2,000 ransom in Bitcoin within three days to prevent the exposure of their footage to the public. The extortionist claims to have exploited a zero-day security vulnerability in the Zoom app to access the victim's camera and private data. This article continues to discuss the new sextortion scam launched by cybercriminals against Zoom users for Bitcoin payments.

    Infosecurity Magazine reports "Cyber-Criminals Target Zoom Users"

  • news

    Visible to the public "60% of Organizations Have Accelerated Their Zero Trust Projects"

    Researchers at Pulse Secure surveyed more than 250 technology professionals and found that the coronavirus pandemic did not impact the adoption of zero trust technology globally. They found that 60 percent of organizations accelerated zero trust implementation during the pandemic. The organizations that had dedicated budgets and formal initiatives (69%) were far more likely to continue accelerating those projects throughout the pandemic.

    Help Net Security reports: "60% of Organizations Have Accelerated Their Zero Trust Projects"

  • news

    Visible to the public "U.S. Says Iranian Hackers Accessed Voter Information"

    According to an alert issued by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI), an Iranian threat actor has accessed voter registration data. This alert follows another warning released by the United States one week ago about Democratic voters in multiple states being targeted by the same adversary with malicious emails aimed at getting them to vote for President Donald Trump. The new alert says an Iran-based adversary used open-source queries to access PDF documents from state voter sites and conducted research to find specific information that could be leveraged in exploitation attempts. Organizations are encouraged to update their applications and systems, identify and fix known vulnerabilities, implement firewalls, and apply two-factor authentication (2FA). This article continues to discuss the recent warning about the compromise of voter information by an Iranian threat actor, previous alerts about the targeting of voters by the same adversary, and what organizations should do to stay protected.

    Security Week reports "U.S. Says Iranian Hackers Accessed Voter Information"

  • news

    Visible to the public "CERT/CC Launches Twitter Bot to Give Security Bugs Random Names"

    The Computer Emergency Response Team Coordination Center (CERT/CC) at the Carnegie Mellon University launched a Twitter bot named Vulnonym to assign random names to security bugs that receive a CVE identifier. The idea is to give neural names to security vulnerabilities as names assigned to bugs by companies and researchers increasingly enter the area of fearmongering and attention-seeking. Names given to vulnerabilities have resulted in severe flaws being played down or unexploitable bugs being overhyped. The Vulnonym bot will provide each newly-assigned CVE ID a two-word codename in an adjective-noun format. This article continues to discuss the problem with vulnerability names and how the Vulnonym bot addresses this problem.

    ZDNet reports "CERT/CC Launches Twitter Bot to Give Security Bugs Random Names"

  • news

    Visible to the public "An Attacker Can Steal Sensitive User Data Over the Phone Using Smart Speakers"

    The use of Siri, Amazon Alexa, Google Assistant, and other voice assistants continues to grow in popularity worldwide. These Artificial Intelligence (AI) agents have been adopted by many to help perform tasks in their everyday lives, such as searching for information, sending emails, playing songs, and more. Though there are benefits to using voice assistants, there are many concerns surrounding the privacy and security of these agents as they can be used to collect data for targeted advertising and information from users. Researchers at the Georgia Institute of Technology further highlighted the potential abuse of voice assistants to access users' personal information by demonstrating an attack that exploits the vulnerabilities in these conversational agents. This article continues to discuss the growing use of voice assistants and the attack devised to unveil the vulnerabilities of these agents.

    The Tech and Science Post reports "An Attacker Can Steal Sensitive User Data Over the Phone Using Smart Speakers"