News Items

  • news

    Visible to the public "Microsoft Wants More Security Researchers to Hack Into Its Cloud"

    Microsoft seeks to improve the security of its cloud computing service, Azure, as the company is encouraging security researchers to probe the cloud service for vulnerabilities. White Hat hackers are being asked to find flaws in Azure for Microsoft to fix before they are exploited by malicious hackers. Bolstering the security of this cloud computing service is important as the adoption of cloud services is expected to grow, along with the introduction of opportunities and challenges. Efforts are being made by Microsoft to ensure that security researchers are legally safe to report vulnerabilities. This article continues to discuss what is being done by Microsoft to improve the security of its cloud service.

    Bloomberg reports "Microsoft Wants More Security Researchers to Hack Into Its Cloud"

  • news

    Visible to the public "Is there a weak link in blockchain security?"

    Recent research revealed that blockchain is set to become ubiquitous by 2025. Blockchain technology is set to provide greater transparency, traceability and immutability, allowing people and organizations to share data without having to be concerned about security. Although, blockchain helps with sharing of data safely, it is only as strong as its weakest link. There are still risks surrounding it that organizations must be aware of, and mitigate, prior to implementation.

    HELP NET SECURITY reports: "Is there a weak link in blockchain security?"

  • news

    Visible to the public "What’s the Best Approach to Patching Vulnerabilities?"

    A team of researchers from Cyentia, Virginia Tech, and RAND Corporation recently presented a paper, titled Improving Vulnerability Remediation Through Better Exploit Prediction, in which they discuss their study on strategies for the prioritization of vulnerabilities. The strategies examined in this research include using the CVSS (Common Vulnerability Scoring System) score, patching bugs with known exploits, and patching bugs with specific tags. A machine learning model was created for each strategy in order to compare the performance of the strategies against rules-based approaches. This article continues to discuss the study in relation to how it was conducted and its findings.

    Naked Security reports "What's the Best Approach to Patching Vulnerabilities?"

  • news

    Visible to the public "UTSA Develops First Cyber Agility Framework to Measure Network Protection over Time"

    Researchers at the University of Texas at San Antonio developed a quantifiable framework that can be used to measure the agility of cyber attackers and defenders. Through the use of this framework, cyberattacks such as those launched by the major cyber crime group, GozNym, can quickly be discovered and addressed. The cyber agility framework will help cyber professionals as it allows responses to cyberattacks to be tested. Government and industry organizations will be able to better visualize the effectiveness of their defense techniques against cyberattacks. The Army Research Office funded the development of this framework. This article continues to discuss the importance of quantifying cybersecurity as well as the concept, research, development, and support behind the cyber agility framework.

    UTSA reports "UTSA Develops First Cyber Agility Framework to Measure Network Protection over Time"

  • news

    Visible to the public "DiMe: Calling All Who Serve in Digital Medicine"

    The growing connectivity of medical devices increases security risks. Collaboration among professionals in different fields is important in the strengthening of medical device security. Technologists, data scientists, clinicians, security researchers, and more, should work together to bring more secure medical devices to the market. A professional organization, called Digital Medicine Society (DiMe) has been launched in support of this collaboration. This article continues to discuss the importance of interdisciplinary collaboration and efforts to improve the security of connected medical devices.

    STAT reports "DiMe: Calling All Who Serve in Digital Medicine"

  • news

    Visible to the public "Will Biometrics Replace Passwords For Online Payment Authentication?"

    In a study it was discovered that over half of consumers in the UK (53 percent) are worried that the shift to biometrics to authenticate online payments will dramatically increase the amount of identity fraud. The study also discovered that, two thirds (68 percent) of consumers worry about being able to pay for goods or services without being asked for a password, and only 40 percent believe that biometrics are more secure than other authentication methods.

    HELP NET SECURITY reports: "Will Biometrics Replace Passwords For Online Payment Authentication?"]

  • news

    Visible to the public "Malboard: New Computer Attack Mimics User’s Keystroke Characteristics, and Evades Detection"

    Researchers from Ben-Gurion University of the Negev's (BGU) Malware Lab developed a new user keystroke impersonation attack, called Malboard, to demonstrate the possibility of users' keystrokes being mimicked by attackers and the prevention of detecting malicious keystrokes. Malboard is capable of circumventing detection mechanisms used for the verification of user identities based on behavioral patterns with respect to keystrokes. The behavioral authentication systems that this attack was tested against include KeyTrac, TypingDNA, and DuckHunt. The keyboards used to demonstrate this attack are developed by Microsoft, Lenovo, and Dell. This article continues to discuss the concept and research behind the Malboard attack, as well as the new detection modules proposed by researchers and the expansion of this study.

    BGU reports "Malboard: New Computer Attack Mimics User's Keystroke Characteristics, and Evades Detection"

  • news

    Visible to the public "2018 in Numbers: Data Breaches Cost $654 Billion, Expose 2.8 Billion Data Records in the U.S."

    According to ForgeRock's U.S. Consumer Data Breach Report, 2.8 billion consumer data records were exposed in 2018, which costs U.S. organizations more than $654 billion. Although investments in information security products and services have increased, organizations continue to face cyberattacks in which cybercriminals seek to gain access to sensitive data. The report highlights that personally identifiable information was the most targeted type of data in 2018. Healthcare, financial services, and government were also cited as the most impacted sectors by cyberattacks between January 1, 2018 and March 31, 2019. This article continues to discuss key findings of the report in relation to the types of data exposed in recent breaches, the most frequent attack methods, and the most impacted sectors, along with what organizations can do to protect consumer data.

    Help Net Security reports "2018 in Numbers: Data Breaches Cost $654 Billion, Expose 2.8 Billion Data Records in the U.S."

  • news

    Visible to the public "What the Baltimore Ransomware Attack Means for Incident Response Communications"

    Baltimore has yet to recover from a ransomware attack, which has disrupted resident activities such as paying utility bills, obtaining business licenses, selling homes, and more. Government email accounts and city business functions are still not able to be used and conducted by city workers. A lesson to be learned from the Baltimore ransomware attack is the importance of establishing alternative secure means for communication in order to coordinate incident response during a cyberattack. This article continues to discuss the impact of the ransomware attack on Baltimore, the lack of communication during the ransomware attack, the increased launch of ransomware attacks on cities, and the importance of having secure communications channels in the process of responding to cyber incidents.

    Security Boulevard reports "What the Baltimore Ransomware Attack Means for Incident Response Communications"

  • news

    Visible to the public "Organizations Still Struggle to Manage Vulnerability Patches, Report"

    The results of a survey conducted by Tripwire to which 340 information security professionals responded, further highlight that many companies still fall short in the management of vulnerability patches. In addition, there is an insufficient visibility into the attack surface. While the majority of respondents said that their organizations run vulnerability scans, the performance of such scans was found to be infrequent. If vulnerability scans are not frequently performed, new vulnerabilities will be overlooked and assets connected to an organization's network may be inadequately managed. Half of the respondents also stated that their organizations only have enough bandwidth to focus on vulnerabilities considered to be highly severe. This article continues to discuss key findings of the survey in relation to vulnerability management trends.

    SC Media reports "Organizations Still Struggle to Manage Vulnerability Patches, Report"

  • news

    Visible to the public Adware Hidden in Android Apps Downloaded More Than 440 Million Times

    In a study, it was discovered that 238 applications in Google Play hid BeiTaAd, a well-obfuscated ad plugin that could display ads on the device's lock screen, trigger video and audio advertisements while the phone is asleep, and display ads outside the app that interfered with the user experience in other applications. The 238 different applications were downloaded more than 440 million times. The research report states that as of May 23, 2019, all affected apps had been either removed from Google Play or updated to versions that do not contain BeiTaAd.

    Dark Reading reports: "Adware Hidden in Android Apps Downloaded More Than 440 Million Times"

  • news

    Visible to the public "Email Still a Major Attack Vector: Security Research"

    Email remains one of the main attack vectors used by cybercriminals. Key findings from different research reports, including those released by Mimecast, Proofpoint, Rapid7, Vade Secure, and more, have been highlighted by eSecurityPlanet. According to Mimecast's State of Email Security report, impersonation attacks performed via email have increased as 73 percent of organizations have stated that they have experienced loss as a result of such attacks. Rapid7's first quarter 2019 threat report has also brought further attention to the increased use of fake login pages for Microsoft Office 365, Exchange, and Onedrive, which victims have been redirected to via phishing attacks. This article continues to discuss recent key findings shared by multiple reports in relation to email security.

    eSecurityPlanet reports "Email Still a Major Attack Vector: Security Research"

  • news

    Visible to the public "ARCHANGEL: Securing National Archives with AI and Blockchain"

    Researchers at the University of Surrey have developed state-of-the-art artificial intelligence (AI) technologies and a blockchain aimed at bolstering security for digital government records of national archives. The system, called ARCHANGEL, combines AI and blockchain technologies to help the U.K., Australia, the U.S., and more, protect their digital public archives against accidental modifications or tampering. ARCHANGEL uses blockchain technology and neural networks to create a fingerprint for each archived document, allowing the authenticity of such records to be verified. This article continues to discuss the concept, development, and research behind ARCHANGEL.

    Homeland Security News Wire reports "ARCHANGEL: Securing National Archives with AI and Blockchain"

  • news

    Visible to the public "The Growing Importance of Bio-Cybersecurity"

    Healthcare systems are offering DNA sequencing as a result of the increased demand for genetic screening by patients. However, as the performance of DNA sequencing grows, the security of patients' genetic data needs to be taken more seriously by healthcare cybersecurity professionals. National security threats of biological warfare and mass surveillance programs call for the strengthening of security in regard to patients' genetic information. Hackers may steal DNA data to perform malicious activities such as blackmail and identity theft. Researchers from the University of Washington found that the DNA data process pipelines of widely used open-source programs by DNA test companies are highly vulnerable to being hacked. The use of blockchain technology has been cited as a way in which such data can be secured. This article continues to discuss the importance of bio-cybersecurity and how blockchain technology can help to protect genetic data.

    CPO Magazine reports "The Growing Importance of Bio-Cybersecurity"

  • news

    Visible to the public "Is AI fundamental to the future of cybersecurity?"

    Most security professionals agree that AI Solutions must be implemented to keep an organization safe of cyberattacks. In a study conducted, it was discovered that 69 percent of security professionals are looking to implement AI security solutions in the next five years, with 44 percent of security professionals planning to invest in AI/ML defense in the immediate future. Seventy-six percent of respondents agreed that AI has the capacity to improve the efficiency of their day-to-day jobs. Eighty-one percent said that AI will be able to improve the security posture of their organizations. Even though most security professionals think AI solutions are important the adoption of AI solutions is a slow 4 percent. The reason for the slow adoption, is due to AI's marketing hype as a barrier, and professionals have also been hesitant to adopt it simply on the basis they haven't used AI before.

    HELP NET SECURITY reports: "Is AI fundamental to the future of cybersecurity?"

  • news

    Visible to the public "93% of Companies Are Overconfident of Their Ability to Stop Data Breaches"

    A report released by Certify and Techvangelism shows that most companies have great confidence in their ability to defeat data breaches. However, almost 80% of these companies lack approaches to combatting privileged access management (PAM) cyberattacks. Findings of the report emphasize that it is important for organizations to continue their efforts to increase the security of their critical infrastructure and data. Organizations must adopt privileged access management of higher maturity in order to handle threats involving privileged credentials. This article continues to discuss findings shared in the report in pertinence to companies' overconfidence in their ability to stop data breaches, along with their security measures against data breaches and questionable privileged access controls.

    Infosecurity Magazine reports "93% of Companies Are Overconfident of Their Ability to Stop Data Breaches"

  • news

    Visible to the public "ForeScout: Without Visibility and Control, OT Security Remains at Severe Risk"

    Further attention is being brought to the cybersecurity of operational technology (OT). Physical infrastructure is a way in which cybercriminals can infiltrate an enterprise network. OT systems are now more connected to the internet and joined with IT networks, increasing their vulnerability to cyberattacks. OT assets are also highly vulnerable as the technology in OT systems such as programmable logic controllers (PLC) were not designed and developed with security in mind. Old OT lacks encryption and authentication. This article continues to discuss the vulnerability of OT to cyberattacks, what organizations should do to secure their physical infrastructure, and efforts made by ForeScout to improve OT security.

    CBR Online reports "Forescout: Without Visibility and Control, OT Security Remains at Severe Risk"

  • news

    Visible to the public "Vulnerability of Cloud Service Hardware Uncovered"

    Scientists at Karlsruhe Institute of Technology (KIT) have discovered that field-programmable gate arrays (FPGAs) are vulnerable to side-channel attacks. FPGAs are often considered for use in the development of new systems because of the modifiable nature of these devices. As a result, FPGAs are used in a variety of different technologies such as smartphones, vehicle electronics, medical engineering equipment, and more. The vulnerability of an FPGA to side-channel attacks stems from the simultaneous use of the chip by multiple users and the versatility of this technology. According to scientists, side-channel attacks on FPGAs could allow cloud service customers to spy on each other as FPGA chips are often used in cloud computing applications. This article continues to discuss the concept and use of FPGAs, as well as the vulnerability of these chips to side-channel attacks.

    Technology Networks report "Vulnerability of Cloud Service Hardware Uncovered"

  • news

    Visible to the public "APPLE JUST PATCHED A MODEM BUG THAT'S BEEN IN MACS SINCE 1999"

    A modem configuration bug has been discovered, that's been in Apple operating systems since 1999. The flaw could have potentially been exploited by an attacker to get persistent, remote root access to any Mac. Only certain generations of OS X and macOS were susceptible of the flaw, and Apple has added protections from an attack like this, since 2016's macOS Sierra that made the bug prohibitively difficult (though still not technically impossible) to exploit in practice. Apple finally patched the modem configuration bug in April.

    WIRED reports: "APPLE JUST PATCHED A MODEM BUG THAT'S BEEN IN MACS SINCE 1999"

  • news

    Visible to the public Prerelease version 3.0.1 now available

    We are bringing the newest version of CAT Vehicle Testbed simulator that is compatible with ROS Melodic and Ubuntu 18.04. It works seamlessly with Gazebo 9.0. Check out the latest version on our GitHub page https://github.com/jmscslgroup/catvehicle

    If you find this work useful please give credits to the authors and developers by citing:

    bibtex:

  • news

    Visible to the public "Unsecured Database Exposes 85GB in Security Logs of Major Hotel Chains"

    Researchers at vpnMentor discovered an unsecured database that exposed 85.4GB of major hotel chains' security logs. The exposure of security audit logs could lead to the exposure of cybersecurity weaknesses contained by major hotels, including Marriott. The unsecured server in which the database was discovered is connected to a hotel and resort management company, called Pyramid Hotel Group. According to researchers, sensitive information such as API keys, passwords, malware alerts, device names, IP addresses of incoming connections, and more, was exposed. This article continues to discuss the discoveries made by researchers in relation to the unsecured database that exposed data from security systems belonging to major hotels.

    ZDNet reports "Unsecured Database Exposes 85GB in Security Logs of Major Hotel Chains"

  • news

    Visible to the public "Unknowingly Loading Malicious Content from 'Trusted' Sites"

    Findings from a study conducted by researchers from CSIRO's Data61, an arm of Australia's national science agency specializing in data and digital technology, reveals that about half of the Internet's most visited websites are vulnerable to being used for malicious activities. The vulnerability of these websites stem from the reliance on ad providers, content distribution networks, tracking services, analytics services, and other third parties used to load content. A dependency chain is created when such third parties load resources from other domains. As the original site trusts these domains and the dependency chain grows, the risk of malicious activity increases. This article continues to discuss the dependence of popular websites on third parties to import external resources and how dependency chains pose a threat to security and privacy.

    Homeland Security News Wire reports "Unknowingly Loading Malicious Content from 'Trusted' Sites"

  • news

    Visible to the public "Checkers, Rally's Burger Joints Hit By POS Malware"

    Checkers Drive-In Restaurants, which also runs Rally's, had 102 of its 900 U.S. locations affected with a point-of-sale malware, with one California restaurant infected over more than two years, starting in December 2015. The point-of-sale malware harvested data stored on a payment card's magnetic stripe, including name, card number, card verification code and expiry data. Checkers, which was acquired by private equity firm Oak Hill Capital Partners in 2017, says it "recently" became aware of the malware and is taking steps to remove it.

    Bank Info Security reports: "Checkers, Rally's Burger Joints Hit By POS Malware"

  • news

    Visible to the public "Secure Metropolitan Quantum Networks Move a Step Closer"

    A team of Chinese researchers have made an advancement in quantum communication in which they performed continuous-variable quantum key distribution (CV-QKD) over commercial fiber networks at a significantly longer transmission distance than previously demonstrated. A longer transmission distance over commercial fiber networks indicates that CV-QKD has the potential to be performed in metropolitan areas via current technologies. CV-QKD can enhance the security of people's data such as passwords, email, and more. This article continues to discuss the recent advancement in CV-QKD, previous demonstrations of long-distance CV-QKD, and challenges associated with bringing a practical CV-QKD system to the real world.

    Phys.org reports "Secure Metropolitan Quantum Networks Move a Step Closer"

  • news

    Visible to the public "From Viruses to Social Bots, Researchers Unearth the Structure of Attacked Networks"

    Researchers are looking at how viruses interact with proteins and genes in the human body in order to further understand how to combat cyberattacks on computer networks as well as other adversarial attacks in fields such as ecology, social science, neuroscience, and more. A machine learning model of the protein interaction network has been developed by researchers to explore how viruses operate. This research can be applied to different types of attacks and network models across different fields, including network security. The capacity to determine how trolls and bots influence users on social media platforms has also been explored through this research. This article continues to discuss the machine learning model of the protein interaction network and the application of this research to different fields.

    Science Daily reports "From Viruses to Social Bots, Researchers Unearth the Structure of Attacked Networks"

  • news

    Visible to the public "CSL Researchers Add ‘Time-Travel’ Feature to Solid State Drives to Fight Ransomware Attacks"

    In a paper, titled Project Almanac: A Time-Traveling Solid State Drive, researchers from the Coordinated Science Laboratory at the University of Illinois describe a tool that can allow victims to save their files in the event that they experience a ransomware attack, without having to succumb to the demands for ransom payments. The tool discussed in the paper can be used to enable solid-state drives, which are used in most computers as a component of the storage system, to save old versions of files instead of get rid of them when the files are modified. Through the use of this tool, ransomware attacks can be prevented. This article continues to discuss how the tool can help thwart ransomware attacks, the trade-off associated with this tool, how this trade-off can be managed, and the expected advancement of the tool.

    CSL reports "CSL Researchers Add 'Time-Travel' Feature to Solid State Drives to Fight Ransomware Attacks"

  • news

    Visible to the public "Chinese database exposes 42.5 million records compiled from multiple dating apps"

    Tens of millions of records about users of different dating apps have been discovered on a single database which does not require a password to access. Most of the records discovered had information about American users,the data included IP addresses, geolocation information, age of users, location of users, and account names. It does not include financial information. It is not known if the developers of the applications had bad intent, however the developers of the applications are going through great lengths to cover their identity, and state there location is a subway stop in China, and use a phone number that has been disconnected, which makes it suspicious. The database of individuals information is still online at the moment.

    Cyberscoop reports: "Chinese database exposes 42.5 million records compiled from multiple dating apps"

  • news

    Visible to the public "Texas Passes First Grid Protection Bills to Boost Cybersecurity Monitoring and Best Practices"

    Two grid protection bills, Senate Bill 475 and Senate Bill 936, were recently passed by Texas lawmakers. These bills are in support of improving upon the sharing and implementation of best security practices and creating a framework for collaboration in cybersecurity monitoring for the protection of the power grid against cyberattacks. Under SB 475, The Texas Electric Grid Security Council will develop grid security standards, prepare for threats targeting the power grid, and more. SB 936 calls for the development of strategies for better cybersecurity monitoring of the energy grid. This article continues to discuss the possible disruption to the U.S. power grid as a result of cyberattacks, along with the purpose and goals of SB 475 and SB 936.

    Utility Dive reports "Texas Passes First Grid Protection Bills to Boost Cybersecurity Monitoring and Best Practices"

  • news

    Visible to the public "Web App Vulnerabilities Flying Under Your Radar"

    Shandon Lewis, a senior Web application penetration tester at Backward Logic gave a presentation, titled Vulnerabilities in Web Applications That Are Often Overlooked, in which he highlighted the importance of concentrating on small Web application vulnerabilities as they are more likely to be used by attackers to infiltrate targets than zero-day vulnerabilities. Web application bugs that are considered to be of low severity can have a significant impact on businesses. According to Lewis, the infiltration into targets is often successful because of phishing attacks, physical intrusion, and the use of weak credentials. This article continues to discuss the importance of looking at low-severity Web application bugs, the components of weak credentials, user enumeration, and rate limiting.

    Dark Reading reports "Web App Vulnerabilities Flying Under Your Radar"

  • news

    Visible to the public "General Data Protection Regulation (GDPR): What You Need to Know to Stay Compliant"

    The General Data Protection Regulation (GDPR) aims to protect the personal data and privacy of EU residents. This regulation is extensive as any company that stores or processes data belonging to EU residents are expected to comply with it. In compliance with the GDPR, companies are required to protect different types of privacy data such as personally identifiable information (PII), web data, biometric data, political opinions, data in relation to sexual orientation, and more. This article continues to discuss the concept, purpose, and far-reaching impact of the GDPR, as well as the roles defined by the GDPR and what companies should do to comply with this regulation.

    CSO Online reports "General Data Protection Regulation (GDPR): What You Need to Know to Stay Compliant"

  • news

    Visible to the public "When it comes to email-based threats, Emotet dominates"

    Emotet has displaced credential stealers, stand-alone downloaders and RATs and has become the most prominent threat delivered via email. During a study of Q1 2019, it was found that 61 percent of all malicious payloads distributed via email were Emotet. Emotet started its life as a banking Trojan, but has since been morphed over time and has become a malware multi-tool, capable of downloading additional malware, stealing passwords, performing brute-force attacks against accounts, sending out spam, and sending out malicious emails.

    HELPNETSECURITY reports: "When it comes to email-based threats, Emotet dominates"

  • news

    Visible to the public "One Million Devices Open to Wormable Microsoft BlueKeep Flaw"

    Security researchers discovered a critical remote code-execution Microsoft flaw, called BlueKeep, that could be as impactful as WannaCry and NotPetya. Although the flaw has been fixed, researchers have warned that one million public internet-connected devices are still vulnerable to the Microsoft bug. Remote Desktop Services contain this flaw and older versions of Windows, including Windows 7, Server 2008, and more, are impacted. A significant increase in scans for vulnerable systems has also been observed by researchers. This article continues to discuss the RDP BlueKeep (CVE-2019-0708) vulnerability, the devices vulnerable to this flaw, and the increase in scans for vulnerable devices by threat actors.

    Threatpost reports "One Million Devices Open to Wormable Microsoft BlueKeep Flaw"

  • news

    Visible to the public "The Pentagon is Trying to Secure Its Networks Against Quantum Codebreakers"

    Quantum computers are expected to be capable of breaking current encryption systems, including those used by the government. Therefore, it is essential that new encryption techniques are further explored and developed. The Defense Information Systems Agency is making efforts towards safeguarding the Pentagon's IT infrastructure from quantum computer attacks. Security researchers are being asked to generate ideas for new encryption algorithms that would be resistant to such attacks. This article continues to discuss the expected advancement of quantum computing, the threat posed by quantum computing to data security, and the need to strengthen the Pentagon's network security against quantum computers.

    Defense One reports "The Pentagon is Trying to Secure Its Networks Against Quantum Codebreakers"

  • news

    Visible to the public "Attackers Could Use Mobile Device Sensors to Generate Unique Device Fingerprint: Research"

    According to researchers at Cambridge University, unique device fingerprints could be generated by attackers through the use of motion sensors built into mobile devices, allowing users to be tracked across the internet via their iOS and Android devices. Access to these sensors does not require special permissions or the escalation of permissions. An individual device's fingerprint can be generated by analyzing sensor output and mathematically inferring details pertaining to the calibration of sensors. Researchers developed an app that is capable of quickly extracting a mobile device's fingerprint. This research focuses on gyroscope and magnetometer sensors on iOS devices. However, researchers expects that the fingerprint attack can also target other embedded sensors to generate fingerprints. This article continues to discuss the use of device fingerprinting, efforts made to limit fingerprinting, the use of motion sensors built into mobile devices to generate fingerprints, and researchers' recommendations for mitigating the fingerprinting attack.

    Security Week reports "Attackers Could Use Mobile Device Sensors to Generate Unique Device Fingerprint: Research"

  • news

    Visible to the public Pub Crawl #27

  • news

    Visible to the public "Solving the network visibility problem with NaaS"

    Network visibility is important to an organization. In order to achieve network visibility one should do the following things. First, one should clearly map out their network and network endpoints. Secondly, one should conduct a survey of all the different types of Infrastructure-as-a-Service (IaaS), software services, business applications, data centers and local networks their organization utilizes. And thirdly, one should map out the levels that should be associated with each of these corporate resources. Once mapping of an organizations network and compliance standards have occurred, then one will want to build a security strategy and mitigation plan. Once a security mitigation plan is created, and implemented, one should try to utilizing a flexible Network-as-a-Service (NaaS) that will allow an individual to customize and segment network access, as well as provide granular network visibility. If all these steps are conducted, then it will help an organization achieve network visibility while keeping the network safe.

    HELPNETSECURITY reports: "Solving the network visibility problem with NaaS"

  • news

    Visible to the public SoS Musings #26 - Social Engineering Attacks

    SoS Musings #26
    Social Engineering Attacks

  • news

    Visible to the public Cyber Scene #33 - Huawei, Encore et Toujours

    Cyber Scene #33
    Huawei, Encore et Toujours

  • news

    Visible to the public "As Bitcoin Surges, Hackers Rush to Spread Cryptocurrency Malware on Google Play"

    There has been a revival in cryptocurrency malware in response the increased price of Bitcoin. ESET security researchers found two fake cryptocurrency apps on Google Play, called Trezor Mobile Wallet and Coin Wallet. According to researchers, these apps were designed to steal users' cryptocurrency. Both Trezor Mobile Wallet and Coin Wallet apps were developed through the use of templates, which can be sourced online at a low cost. The intent of behind these templates is to develop a generic cryptocurrency wallet. However, this recent discovery of fake cryptocurrency wallet apps have brought further attention to the possibility of attackers modifying templates to reroute users' coins for their own gain. This article continues to discuss the spread of cryptocurrency malware on Google Play, findings from the analysis on the two fake cryptocurrency apps, the modification of templates to perform malicious activities, and the discovery of cryptocurrency scamming apps on Google Play in 2018.

    TNW reports "As Bitcoin Surges, Hackers Rush to Spread Cryptocurrency Malware on Google Play"

  • news

    Visible to the public "If you haven’t yet patched the BlueKeep RDP vulnerability, do so now"


    There is still no public, working exploit code for CVE-2019-0708. The BlueKeep RDP vulnerability is a flaw that could allow an unauthenticated remote attacker to execute remote code on a vulnerable target running Remote Desktop Protocol (RDP). Microsoft has created a patch, to fix the problem. One should implement the patch as soon as possible to protect their computers. If one cannot install the new patches, then the following should be completed to help protect from the flaw. One can Disable RDP services if they are not required, also one can block port 3389 (standard RDP port) at the enterprise perimeter firewall or configure RDP to be only accessible via a VPN or via devices on the LAN, ThDeploy IDS/IPS rules to detect the exploit. One should also enable Network Level Authentication (NLA) - this is a partial mitigation, as affected systems are still vulnerable to RCE exploitation if the attacker can authenticate with valid credentials.

    HELPNETSECURITY reports: "If you haven't yet patched the BlueKeep RDP vulnerability, do so now"

  • news

    Visible to the public "Crowdsourced Security Gaining Ground for IoT and Enterprise"

    Crowdsourced security testing platforms (CSTP) are becoming more popular among enterprises to identify vulnerabilities in IoT products before they are exploited by cybercriminals. The approach of crowdsourced security involves the use of white-hat hackers to discover vulnerabilities contained by applications or devices. Bug bounty programs are a part of crowdsourced security. This article continues to discuss the increased interest in crowdsourced security, the concept of this technique, the advantages that this technique has over traditional penetration testing, incentives for bug bounty hunters, and IoT security.

    IoT World Today reports "Crowdsourced Security Gaining Ground for IoT and Enterprise"

  • news

    Visible to the public "New All-Fiber Device Simplifies Free-Space Based Quantum Key Distribution"

    As the era of fully developed quantum computers approaches, post-quantum cryptographic methods must continue to be explored as this advanced technology is expected to render current encryption algorithms obsolete. The secure communication method, quantum key distribution (QKD), uses particles of light known as photons to encode data in quantum bits, which are transmitted to a sender and receiver in the form of an encryption key. Researchers from the University of Padova in Italy have developed an all-fiber device, called POGNAC (POlarization SaGNAC), which improves QKD by generating the states required for this secure method to work. This article continues to discuss the concept of QKD, the development of a satellite-based quantum communication network, and the new polarization encoder developed by researchers.

    Science Daily reports "New All-Fiber Device Simplifies Free-Space Based Quantum Key Distribution"

  • news

    Visible to the public "Consumer IoT Devices Are Compromising Enterprise Networks"

    The number of consumer Internet of Things (IoT) devices connected to enterprise networks has increased significantly. According to the 2019 IoT Threats Report, which highlights findings of a study conducted by researchers at Zscaler ThreatLabZ, many IoT data transactions conducted within the enterprise network are poorly encrypted. The top four IoT devices found in these business environments include set-up boxes, smart TVs, smart watches, and media players. This study brings further attention to the security challenges associated with a BYOD (bring your own device) environment. This article continues to discuss findings of the study in relation to the connection of consumer-grade IoT devices to enterprise networks, the security risks posed by this connection, and security challenges faced by organizations with BYOD environments.

    Dark Reading reports "Consumer IoT Devices Are Compromising Enterprise Networks"

  • news

    Visible to the public "Ransomware Not Gone but More Targeted, Report Says"

    According to the Q1 Global Threat Landscape Report recently released by Fortinet, the launch of ransomware has decreased. However, this form of malware has become more targeted. Ransomware is being tailored more for high-profile targets that could allow attackers to gain access to entire networks. The recent ransomware attack on the Norwegian aluminum company, Norse Hydro ASA, and two U.S.-based chemical companies, Hexion and Momentive, known as LockerGoga is an example of targeted ransomware. This article continues to discuss recent observations surrounding ransomware as well as the tools used to execute cyberattacks and the trend of shared infrastructure between threats.

    Infosecurity Magazine reports "Ransomware Not Gone but More Targeted, Report Says"

  • news

    Visible to the public "Middle East-Linked Hacking Group Is Working Hard to Mask Its Moves"

    Researchers from Cisco's Talos have discovered that the hacking group supposedly linked to the Middle East, called BlackWater, is trying to mask its activities by circumventing host-based signatures and Yara signatures. According to researchers, these hackers have been successful at evading detection systems through the use of PowerShell stager attacks and a Visual Basic for Applications (VBA) script in addition to a separate command and control server. The actors behind BlackWater and the Iranian threat group, MuddyWater, are believed to be related as the code used by the two groups is the same and their targets are similar. This article continues to discuss the BlackWater hacking group in relation to its obfuscating tactics, tools, targets, and supposed links.

    CyberScoop reports "Middle East-Linked Hacking Group Is Working Hard to Mask Its Moves"

  • news

    Visible to the public "Database May Have Exposed Instagram Data for 49 Million"

    It has been identified, that there has been a potential leak of personally identifiable information from Instagram. There was an online database discovered which contained 49 million Instagram users private information, including their email addresses and phone numbers. It was discovered during the investigation, that Chrtbox, a social media company, had stored the information onto the database. Chrtbox is located in India. The database, which was hosted on Amazon Web Services, was left open without password protection on the internet. Chrtbox has since pulled the database offline.

    BankInfoSecurity reports: "Database May Have Exposed Instagram Data for 49 Million"

  • news

    Visible to the public "Google Research: Most Hacker-For-Hire Services Are Frauds"

    According to new research conducted by Google and academics at the University of California, San Diego, most hacker-for-hire services offered online are fraudulent and unsuccessful. The research conducted behind this discovery involved engaging with 27 account hacking service providers and setting up honey pot Gmail accounts. Out of the 27 hacking services, only five executed attacks against the honey pot Gmail accounts. These attacks were performed using social engineering tactics. This article continues to discuss the study in relation to how it was conducted by researchers, along with key observations pertaining to hacking services' techniques, pricing, and responses to inquiries.

    ZDNet reports "Google Research: Most Hacker-For-Hire Services Are Frauds"

  • news

    Visible to the public "Industrial Robotics - Are You Increasing Your Cybersecurity Risk?"

    Industrial robots have been used to support product manufacturing, productivity, and safety. Though there has not been a wave of cyberattacks against industrial robots that we know of, such robots are expected to become a more attractive target for hackers as the costs of such technology decrease and number of robots increases. Researchers have already demonstrated proof-of-concept (POC) attacks on well-known robots in which ransomware was executed. As cyberattacks on robots in industrial environments can impact the operation of businesses and the physical safety of workers, it is important that the security of such technology is improved through further research and developments. This article continues to discuss the growing use of robots in industrial environments, challenges associated with industrial robots, the cybersecurity risks raised by these robots, and the importance of designing robots with security in mind.

    Security Week reports "Industrial Robotics - Are You Increasing Your Cybersecurity Risk?"

  • news

    Visible to the public "Researchers: Aircraft Landing Systems Vulnerable"

    Researchers from Khoury College of Computer Sciences at Northeastern University in Boston have demonstrated the vulnerability of aircraft landing systems to spoofing attacks, which could be launched by attackers to misguide planes into missing runways. The possibility of spoofing wireless signals to critical aircraft landing systems have been demonstrated by researchers through the use of inexpensive software-defined radios (SDRs). It has been emphasized that most wireless systems used by aviation technology are vulnerable to cyber-physical attacks. The research is detailed in a paper, titled Wireless Attacks on Aircraft Instrument Landing Systems. This article continues to discuss how this study was conducted by researchers, the guidance systems used by modern airplanes, the attacks demonstrated against these navigation tools, and the need for more research in regard to building more secure aircraft landing systems.

    ISMG Network reports "Researchers: Aircraft Landing Systems Vulnerable"

  • news

    Visible to the public "How effective are login challenges at preventing Google account takeovers?"

    Despite the increased use of implementation of bugs that might affect the security of physical security keys, Google argues that physical security keys are still the strongest protection against phishing currently available. On-device prompts and SMS codes are also extremely successful at blocking account hijacking attacks that are caused by automated bots and bulk phishing attacks. On-device prompts and SMS codes still can be bypassed by attackers with some level of skill that focus on targeting specific users. Knowledge-based challenges (recovery phone number, last sign-in location, etc.) are fantastic at stopping bots, but are not very good at preventing bulk phishing and targeted attacks. In the event of a suspicious sign-in attempt, Google's risk analysis engine selects the strongest challenge that an account's legitimate owner should ideally be able to solve. Google's research has shown that simply adding a recovery phone number to one's Google Account can block up to 100% of automated bots, 99% of bulk phishing attacks, and 66% of targeted attacks. Google is urging medium to low risk users to choose strong and unique passwords, set up a recovery phone number or email address and to set up two-factor authentication to decrease likelihood of successful attacks. Google has also urged high-risk users to start using Advanced Protection Program, which requires the use of a physical keys, and limits full access to users' Gmail and Drive to specific apps, and also adds extra steps to the account recovery process. If these procedures are followed, then attacks will be much less likely to be successful.

    HELPNETSECURITY reports: "How effective are login challenges at preventing Google account takeovers?"