News Items

  • news

    Visible to the public "F5, CISA Warn of Critical BIG-IP and BIG-IQ RCE Bugs"

    F5 Networks is warning users to patch four critical remote command execution (RCE) flaws in its BIG-IP and BIG-IQ enterprise networking infrastructure. If exploited, the flaws could allow attackers to take full control over a vulnerable system. The company released an advisory on seven bugs in total, with two others rated as high risk and one rated as medium risk, respectively. F5 provides enterprise networking to some of the largest tech companies globally, including Facebook, Microsoft, Oracle, and a trove of Fortune 500 companies, including some of the world's most prominent financial institutions and ISPs. The U.S. Cybersecurity and Infrastructure Agency (CISA) also urged companies using BIG-IP and BIG-IQ to fix two of the critical vulnerabilities, which are being tracked as CVE-2021-22986 and CVE-2021-22987. CVE-2021-22986 has a CVSS rating of 9.8 and is an unauthenticated, remote command execution vulnerability in the iControl REST interface. CVE-2021-22987 has a CVSS rating of 9.9 and affects the infrastructure's Traffic Management User Interface (TMUI), also referred to as the Configuration utility. When running in Appliance mode, the TMUI has an authenticated RCE vulnerability. The two other critically rated vulnerabilities are being tracked as CVE-2021-22991 and CVE-2021-22992. CVE-2021-22991 has a CVSS score of 9.0 and is a buffer overflow vulnerability that can be triggered when undisclosed requests to a virtual server may be incorrectly handled by the Traffic Management Microkernel (TMM) URI normalization. This can result in a denial-of-service (DoS) attack that, in some situations, may theoretically allow the bypass of URL-based access control or remote code execution (RCE). CVE-2021-22992 is also a buffer overflow bug with a CVSS rating of 9. This flaw can be triggered by "a malicious HTTP response to an Advanced WAF/BIG-IP ASM virtual server with Login Page configured in its policy," according to F5. It also may allow for RCE and "complete system compromise" in some situations, the company warned. The other three non-critical bugs being patched in F5's update this week are CVE-2021-22988, CVE-2021-22989 and CVE-2021-22990.

    Threatpost reports: "F5, CISA Warn of Critical BIG-IP and BIG-IQ RCE Bugs"

  • news

    Visible to the public "MORPHEUS Chip Foils Attacks From 500 Cybersecurity Experts"

    A new chip, called "MORPHEUS," developed by researchers at the University of Michigan (U-M), was able to thwart sustained attacks from more than 500 cybersecurity experts as part of the Defense Advanced Research Agency's (DARPA) 'Finding Exploits to Thwart Tampering' (FETT) bug bounty program. The bug bounty program was organized jointly by DARPA, the Defense Digital Service (DDS), and the crowdsourced security platform Synack. According to the U-M researchers, MORPHEUS rapidly randomizes elements of code and data, which makes it more difficult for hackers to compromise chips as they need such components to take over the hardware. The team has been able to make the chip's code churn once every 50 milliseconds, allowing it to foil hacking attempts from the most sophisticated automated tools significantly faster than required. Through the use of this chip, the information needed to exploit a discovered vulnerability disappears almost immediately. MORPHEUS' capabilities had previously been demonstrated in a lab environment, but the FETT program was the first time that a group of external cybersecurity experts explored the chip. The researchers are adapting the chip to safeguard medical data, genomic data, biometrics, financial credentials, and other sensitive information in the cloud. DARPA has given an A rating: 'Approved for Public Release, Distribution Unlimited' to the MORPHEUS chip for its success at foiling every attack launched against it. This article continues to discuss the techniques and successful demonstration of the MORPHEUS chip.

    Computing reports "MORPHEUS Chip Foils Attacks From 500 Cybersecurity Experts"

  • news

    Visible to the public "American Companies Not Taking Cybersecurity Seriously"

    In February, a tech company called Lynx software surveyed 1,000 Americans employed during the pandemic about their employer's cybersecurity approach since the outbreak of COVID-19. Of those surveyed, 51% said that their companies have not been taking cybersecurity seriously. Nearly half (48%) said that they were not aware of their company's implementing any strict IT security policies since the novel coronavirus took hold. Just under two-thirds (60%) stated that they had not been prohibited from using specific tools or apps that fell short of high-security standards. The survey also revealed that companies had been relaxed regarding device use, with 65% of survey respondents saying that their company allows them to use their work computer to access personal services. Three-quarters (76%) said they use a personal device for work at least sometimes. Fewer than half (49%) of respondents said that their organization's cybersecurity had been strengthened since the pandemic began. When participants were asked to name their biggest cybersecurity concern, 54% of respondents said their main worry was that their personal data would be compromised. More than half of the participants believe that their companies could have done more to increase cybersecurity during the global health pandemic.

    Infosecurity reports: "American Companies Not Taking Cybersecurity Seriously"

  • news

    Visible to the public "Debunking Three Myths about Hardware Security"

    It is suggested that government agencies consider hardware-enabled approaches in addition to software-based solutions to bolstering security against cybercriminals. The number of shipments for hardware supporting digital authentication and embedded security in 2024 will double that of 2019, as it is expected to reach 5.3 billion. The market for hardware security modules will exceed $2 billion by 2027, an increase from nearly $828.3 million two years ago. However, these advancements have primarily been considered for uses such as protecting classified networks through cross-domain solutions. However, state-sponsored attacks target more than just classified networks, which calls for more powerful tactics to combat them. Hardware-enabled security alternatives can help significantly, but there are myths that hinder the widespread adoption of hardware security. The myths are that hardware security is too niche, difficult, and expensive. This article discusses the myths associated with hardware security and the need for government agencies to pursue alternative security solutions to counter rapid advancements in attack methods.

    NextGov reports "Debunking Three Myths about Hardware Security"

  • news

    Visible to the public "Phishing Attack Uses Fake Google reCAPTCHA"

    A new report by the security firm Zscaler reveals the use of a fake Google reCAPTCHA system in a Microsoft-themed phishing campaign aimed at stealing credentials mainly from senior-level employees in the banking sector. The company said that it has blocked over 2,500 phishing emails tied to the campaign. According to Zscaler's threat research team, ThreatLabZ, the campaign has been active since December 2020. The phishing emails appear to be automated emails sent from a unified communications system used for facilitating corporate communication. These emails contain malicious HTML attachments that redirect victims to a phishing domain disguised as a legitimate Google reCAPTCHA page. Once the reCAPTCHA is verified, victims are sent to a fake Microsoft login phishing page to enter their login credentials. This article continues to discuss findings surrounding the phishing attacks involving the use of a fake Google reCAPTCHA system.

    Device Security reports "Phishing Attack Uses Fake Google reCAPTCHA"

  • news

    Visible to the public "Apple’s Device Location-Tracking System Could Expose User Identities"

    Researchers from the Technical University of Darmstadt have identified two vulnerabilities in a proprietary app introduced by Apple in 2019 for its iOS, macOS, and watchOS platforms called Offline Finding (OF). Offline Finding helps users find Apple devices even when they're offline. The vulnerabilities could expose the identity of users. The researchers stated that one flaw in the design of OF allows Apple to correlate different owners' locations if their locations are reported by the same finder, effectively allowing Apple to construct a social graph. This can violate user privacy. For the first flaw to be exploited, an owner would have to request their devices' location via the Find My application, the researchers noted. The second vulnerability discovered could allow someone to build "malicious macOS applications to retrieve and decrypt the OF location reports of the last seven days for all its users and for all of their devices.

    Threatpost reports: "Apple's Device Location-Tracking System Could Expose User Identities"

  • news

    Visible to the public "10 Google Play Apps Found Containing Banking Malware"

    Security researchers from Check Point have discovered a malware dropper hidden inside 10 Google Play apps, which could have put users at risk of remote access and banking malware. Clast82 dropper was found inside various applications on the official marketplace, including VPNs, QR readers, and music players. Clast82 drops the malware-as-a-service AlienBot Banker, which is designed to circumvent two-factor authentication codes on banking apps to give attackers access to users' accounts. The dropper is also capable of loading a mobile remote access trojan (MRAT) capable of remotely controlling the victim's phone with TeamViewer. It is designed to bypass Google Play Protect with two main tactics. The first is by using Google-owned Firebase for command-and-control (C&C) communications. Second, it downloads the payload from GitHub, creating a new developer user for Google Play for each application, alongside a repository on their GitHub account. Doing this enabled the attacker to distribute different payloads to devices infected by each malicious version of the app. After reporting its findings to Google on January 28, 2021, Check Point saw that all Clast82 apps were removed from Google Play on February 9.

    Infosecurity reports: "10 Google Play Apps Found Containing Banking Malware"

  • news

    Visible to the public "New Free Software Signing Service Aims to Strengthen Open-Source Ecosystem"

    The Linux Foundation has launched a new service called "sigstore." The service was developed in collaboration with Red Hat, Google, and Purdue University. Software developers can use this service to digitally sign their releases and other software artifacts, enhancing the security of the open-source software supply chain. All signatures will be stored in a public log that is tamper-resistant and monitored for potential abuse. Sigstore ties certificates to identities through the use of the OpenID authentication protocol. Therefore, a developer can sign their software using their email address or account with an existing OpenID identity provider. Traditional code signing requires obtaining a certificate from a certificate authority (CA) trusted by the maintainers of a specific software ecosystem. In order to obtain a traditional code signing certificate, special procedures must be performed, including identity verification or joining a developer program. This article continues to discuss how sigstore works, how its process is different from traditional code signing, and the importance of signing software releases.

    CSO Online reports "New Free Software Signing Service Aims to Strengthen Open-Source Ecosystem"

  • news

    Visible to the public "DARPA Ramps-Up FHE Encryption Project with Intel"

    The US Defense Advanced Research Projects Agency (DARPA) announced four new research teams, one of which is led by Intel. The goal of the groups is to make Fully Homomorphic Encryption (FHE) practical. FHE is an encryption scheme that would enable the computation and analysis of encrypted data without having to decrypt it, further enhancing data privacy and scientific discovery using such data. FHE has been considered impractical due to its significant drain on computing power and slow processing time. DARPA hopes to build a hardware accelerator as part of its Data Protection in Virtual Environments (DPRIVE) program to speed up FHE calculations drastically. The research teams selected for the DPRIVE program will be led by Intel Federal, Duality Technologies, Galois, and SRI International. Each team will create an FHE hardware accelerator and software stack capable of processing FHE calculations at a speed similar to that of unencrypted data operations. This article continues to discuss the concept of FHE, challenges associated with making FHE practical, and DARPA's efforts to accelerate the use of FHE.

    Infosecurity Magazine reports "DARPA Ramps-Up FHE Encryption Project with Intel"

  • news

    Visible to the public "European Banking Authority Compromised By Exchange Hackers"

    The European Banking Authority (EBA) had to take its email servers offline temporarily after discovering that it was compromised as part of an ongoing worldwide Microsoft Exchange hacking campaign. The agency is conducting a full investigation, which has not found any signs of sensitive data theft thus far. The malicious campaign exploits multiple zero-day vulnerabilities in Microsoft Exchange, for which Microsoft has issued emergency patches. Hackers have been using the flaws to launch wide-ranging attacks against organizations that have not patched their Microsoft Exchange servers yet. This article continues to discuss the compromise of the EBA by Microsoft Exchange hackers and other recent findings surrounding the ongoing hacking campaign.

    Silicon UK reports "European Banking Authority Compromised By Exchange Hackers"

  • news

    Visible to the public "Huge Rise in Hackers Submitting Vulnerabilities During #COVID19"

    Researchers at HackerOne surveyed hackers and discovered that the number of hackers submitting vulnerabilities went up by 63% in 2020. The number of cloud misconfiguration vulnerabilities submitted by hackers in 2020 rose by 310%, while submissions for both improper access control and privilege escalation went up by 53%. The researchers also found that hackers increasingly targeted different types of technologies in 2020. There was a 694% growth in hackers saying they spend time hacking APIs, a 663% rise in those hacking Android, and a 1000% increase in hackers focusing on IoT compared to 2019. The researchers also asked hackers about their motivation, finding that money is not the only factor; for instance, 85% cited learning, and 62% cited advancing their career. Hackers earned over $40m in bounties last year.

    Infosecurity reports: "Huge Rise in Hackers Submitting Vulnerabilities During #COVID19"

  • news

    Visible to the public  "A New and Non-Intrusive Method for Preventing Cyber Attacks on Android Devices"

    Android is the most targeted mobile operating system by malware. Researchers at the Singapore Management University (SMU) have discovered a new way to prevent cyberattacks on Android devices. The method is described as dynamic, intelligent, and non-intrusive in detecting malware on Android devices. The researchers are leveraging a side-channel for detecting sensitive and unusual behaviors on mobile apps. Their method is convenient as it does not require rooting or gaining privilege control from Android users. Android operating system upgrades do not affect the detection method. The method of detection also does not breach the Personal Data Protection Act of 2012 since it does not extract data in its performance. The research team designed the side-channel monitoring system by taking input from side-channel readings and using artificial intelligence and deep machine learning (ML) to train a deep neural network model to determine if sensitive or uncharacteristic behavior has been exhibited on mobile apps. This approach to monitoring and detection offers researchers a way to dynamically monitor apps' behaviors instead of statically analyzing each app's code. Using this method, stealthy attacks can be detected. Testing of the technique showed that it could detect sensitive behavior, with a 98.5 percent accuracy rate. This article continues to discuss the growing sophistication of cyberattacks, the heavy targeting of the Android operating system by hackers, challenges associated with designing a malware detection system for Android, and the side-channel monitoring solution designed by SMU researchers to protect Android devices from cyberattacks.

    SMU reports "A New and Non-Intrusive Method for Preventing Cyber Attacks on Android Devices"

  • news

    Visible to the public "Hackers Are Finding Ways to Hide Inside Apple's Walled Garden"

    Apple's walled garden refers to the company's tech ecosystem in which devices' features and security are tightly controlled. Most experts agree that the locked-down approach of iOS has solved some significant security problems. However, it has been discovered that this locked-down nature is a double-edged sword in that the most advanced hackers can use the higher barriers to avoid capture. Bill Marczak, a senior researcher at the cybersecurity watchdog Citizen Lab, points out that while Apple's walled garden makes it more difficult for a lot of less-skilled hackers to break iPhones, the 1 percent of hackers with the greatest skill and higher amount of resources who successfully infiltrates the iPhone can end up being protected by Apple's extraordinary defenses. According to Marczak, as Apple continues to improve iPhone's security by investing millions in raising the wall, the best hackers also purchase or develop zero-click exploits that allow them to secretly take over iPhones. These exploits allow attackers to access restricted areas of the phone without showing any sign to the target that they have been compromised. Marczak argues that the iPhone's security barriers can help hackers avoid detection by investigators and prevent further understanding of their malicious behavior. It is suggested that a framework be created to allow device owners or authorized individuals to have greater forensic abilities to see if a device has been compromised, but this approach could be undermined through social engineering. This article continues to discuss the concept of Apple's walled garden, how this approach can benefit the most sophisticated hackers, and why it is difficult to fix this problem.

    MIT Technology Review reports "Hackers Are Finding Ways to Hide Inside Apple's Walled Garden"

  • news

    Visible to the public "NVIDIA and Harvard Researchers Use AI to Make Genome Analysis Faster And Cheaper"

    Researchers from NVIDIA and Harvard have made an enormous breakthrough in genetic research by developing a deep-learning toolkit that can significantly reduce the time and cost needed to run rare and single-cell experiments. The AtacWorks toolkit can run inference on a whole genome, a process that generally takes a little over two days, in just half an hour. It's able to do so thanks to NVIDIA's Tensor Core GPUs. AtacWorks works with ATAC-seq, a well-established method designed to find open areas in the genome of healthy and diseased cells. These "open areas" are subsections of an individual's DNA used to determine and activate specific functions. This is the part of a person's genome that could give scientists indications on whether a person could have Alzheimer's, heart disease, or cancer. ATAC-seq usually requires the analysis of tens of thousands of cells, but AtacWorks can get the same results using only tens of cells. Researchers also applied AtacWorks to a dataset of stem cells that produce red and white blood cells, subtypes that typically can't be studied using traditional methods. But with AtacWorks, they were able to identify separate parts of the DNA associated with white blood cells and red blood cells, respectively. Researchers' ability to analyze the genome faster and cheaper will go a long way in identifying the specific mutations or biomarkers that could lead to certain diseases. It could even help drug discovery by assisting researchers to figure out how a disease works.

    Engadget reports: "NVIDIA and Harvard Researchers Use AI to Make Genome Analysis Faster And Cheaper"

  • news

    Visible to the public "MITRE Launches Ransomware Support Hub for Hospitals and Health Systems"

    MITRE recently revealed its new Ransomware Resource Center, which is aimed at helping healthcare organizations improve their resilience against ransomware attacks. The center offers tools and strategies for IT and infosec professionals to help combat the growing frequency and sophistication of such cyberattacks. The MITRE Ransomware Resource Center provides an array of resources tailored to specific roles within the healthcare sector, including business managers, technical managers, IT professionals, or cybersecurity practitioners. Its offerings are also tailored around the five stages of the National Institute of Standards and Technology (NIST) Cybersecurity Framework. These five stages are: identify, protect, detect, respond, and recover. MITRE has highlighted a recent report stating that 560 healthcare facilities were hit with ransomware attacks in 2020, along with another report that shows a 45 percent increase in exploitation attempts within the past four months. This article continues to discuss the launch of a ransomware support hub for hospitals and health systems by MITRE, as well as the growing threat of ransomware targeting healthcare and the public health sector.

    Healthcare IT News reports "MITRE Launches Ransomware Support Hub for Hospitals and Health Systems"

  • news

    Visible to the public "At Least 30,000 U.S. Organizations Newly Hacked Via Holes in Microsoft’s Email Software"

    At least 30,000 organizations across the United States, including a significant number of small businesses, towns, cities, and local governments, have been hacked by an unusually aggressive Chinese cyber-espionage unit over the past few days. The Chinese cyber-espionage unit is focused on stealing emails from victim organizations. The espionage group is exploiting four newly-discovered flaws in Microsoft Exchange Server email software and has seeded hundreds of thousands of victim organizations worldwide with tools that give the attackers total remote control over affected systems. On March 2, Microsoft released emergency security updates to plug four security holes in Exchange Server versions 2013 through 2019 that hackers were actively using to siphon email communications from internet-facing systems running Exchange. In the three days since then, security experts say the same Chinese cyber-espionage group has dramatically stepped up attacks on any vulnerable, unpatched Exchange servers worldwide. In each incident, the intruders have left behind a "web shell," an easy-to-use, password-protected hacking tool that can be accessed over the internet from any browser. The web shell gives the attackers administrative access to the victim's computer servers. Microsoft said the Exchange flaws are being targeted by a previously unidentified Chinese hacking crew it dubbed "Hafnium," and said the group had been conducting targeted attacks on email systems used by a range of industry sectors, including infectious disease researchers, law firms, higher education institutions, defense contractors, policy think tanks, and NGOs

    Krebs on Security reports: "At Least 30,000 U.S. Organizations Newly Hacked Via Holes in Microsoft's Email Software"

  • news

    Visible to the public International Women's Day and need for more diversity in Cyber Security Workforce

    The Rule of Steve is that in a physical or virtual room of cyber security professionals, there are more men named Steve than women. Does that still apply now that we're in 2021 on International Women's Day? Diversity has improved over the last several years, but still has a long way to go in this field. And with over 3.1 million jobs to be filled, we need all the people--including women and minorities to help fill these critical posit

  • news

    Visible to the public "Three New Malware Strains Linked to SolarWinds Hackers"

    Researchers at Microsoft and the cybersecurity firm FireEye have shared details about new pieces of malware believed to be linked to the threat actors behind the SolarWinds supply chain attack. Microsoft is tracking the threat actor behind the SolarWinds attack as "NOBELIUM." The company identified three new malware strains named GoldMax, GoldFinder, and Sibot, supposedly used by the group following the compromise of the targeted organization's network. According to Microsoft, these malware strains have been used to maintain persistence and perform other specific activities. GoldMax was written in the Go programming language and is designed to act as a command-and-control (C2) backdoor, creating scheduled tasks that impersonate system management software for persistence. GoldFinder is described as a custom HTTP tracer tool. Sibot has been described as a dual-purpose malware written in VBScript that allows attackers to download and execute payload from a remote server, and maintain persistence. This article continues to discuss recent findings surrounding the three new malware strains linked to the threat actors behind the SolarWinds attack, as well as the threat groups that have targeted the software company.

    Security Week reports "Three New Malware Strains Linked to SolarWinds Hackers"

  • news

    Visible to the public "US Warns of Fake Unemployment Benefit Websites"

    The United States Justice Department has warned that cyber-criminals are impersonating state workforce agencies (SWAs) to steal Americans' personal data. The fake websites are designed to trick consumers into thinking they are applying for unemployment benefits and disclosing personally identifiable information and other sensitive data. To trick victims into accessing these fake websites, the cyber-criminals have been sending spam text messages and emails purporting to be from an SWA. Contained in the communications is a link to a spoofed SWA website. As of February 2021, there were 10 million unemployed individuals in America. The department advised people not to click on a link in an unsolicited email or text message. The department asks anyone who has received a text message or email claiming to be from an SWA and containing a link or other contact information to report the communication to the National Center for Disaster Fraud (NCDF).

    Infosecurity reports: "US Warns of Fake Unemployment Benefit Websites"

  • news

    Visible to the public "NSA Pushes Zero Trust Principles to Help Prevent Sophisticated Hacks"

    The National Security Agency (NSA) strongly recommends the adoption of a Zero Trust security model for all critical networks within National Security Systems, the Department of Defense's critical networks, and Defense Industrial Base critical networks and systems. NSA recently released a guide that includes examples of how the implementation of Zero Trust could have prevented some of the methods used by attackers to compromise at least nine federal agencies and a hundred companies in the SolarWinds supply chain attack. The attackers' focus on evading detection indicates that such tactics will continue to grow in use and complexity, calling for the consideration of Zero Trust principles. Using a Zero Trust approach, devices themselves would be validated in addition to passwords. Therefore, if an attacker uses a stolen password but the device is unknown, the device will fail authentication and authorization checks, thus resulting in the denial of access and the logging of the malicious activity. The agency also recommends the use of strong multi-factor authentication. This article continues to discuss NSA's recommendation to embrace the Zero Trust security model and how the implementation of this model can help organizations prevent sophisticated hacks.

    NextGov reports "NSA Pushes Zero Trust Principles to Help Prevent Sophisticated Hacks"

  • news

    Visible to the public "Cutting off Stealthy Interlopers: A Framework for Secure Cyber-Physical Systems"

    Researchers from Daegu Gyeongbuk Institute of Science and Technology (DGIST) in Korea conducted a study in which they developed a framework for Cyber-Physical Systems (CPSs). The framework is resilient against a sophisticated type of cyberattack known as the pole-dynamics attack (PDA), which can make the physical system unstable. A PDA attack is performed by connecting to a node in the network of the CPS and then injecting false sensor data. If the sensors of the system's physical elements do not give proper readings, the control signals transmitted by the control algorithm to the physical actuators are incorrect, thus potentially causing them to malfunction and behave dangerously. The researchers adopted a technique called Software-Defined Networking (SDN) to address PDAs. The network of the CPS can be made more dynamic by distributing the relaying of signals via controllable SDN switches. The proposed approach also involves the use of a novel attack-detection algorithm embedded in the SDN switches to alarm the centralized network manager if false sensor data is being injected. This article continues to discuss the new framework developed to help CPSs detect and recover from sophisticated cyberattacks.

    Science Daily reports "Cutting off Stealthy Interlopers: A Framework for Secure Cyber-Physical Systems"

  • news

    Visible to the public "AI Enhanced Design to Counter Threats to Critical Infrastructure and Military Electronics"

    Dr. Basel Halak of the Cyber Security Research Group at the University of Southampton will improve the security of anti-tamper embedded devices in a new Royal Academy of Engineering Industrial Fellowship. Embedded systems have become popular targets for hacking, with smart devices vulnerable to being taken over and controlled by malicious actors. Dr. Halak emphasizes that the compromise of hardware products poses significant threats if they are used in critical infrastructure and military applications. The ever-evolving security threat landscape calls for effective and adaptive defense solutions. This fellowship aims to develop responsive and adaptive defense mechanisms to combat security threats to critical infrastructure and military electronics. The mechanism will be developed using Machine Mearning (ML) algorithms to rapidly detect malicious behaviors exhibited by embedded systems and increase the speed at which a potential attack is stopped. This article continues to discuss the Industrial Fellowship awarded to Dr. Halak to develop a mechanism that will strengthen the security of anti-tamper embedded devices.

    The University of Southampton reports "AI Enhanced Design to Counter Threats to Critical Infrastructure and Military Electronics"

  • news

    Visible to the public "Ransomware Attack on Arizona Optometrist"

    Cyber-criminals successfully hit Cochise Eye and Laser with ransomware in January, encrypting the office's patient scheduling and billing software. The company is located in Sierra Vista, Arizona, and the ransomware attack affects up to 100,000 patients. Patient data stored in the billing software included names, dates of birth, addresses, phone numbers, and in some cases, Social Security numbers. A spokesperson for the office stated that no signs had been found to indicate that any data theft or exfiltration had taken place. The optometrist's office said it planned to increase cybersecurity following the attack. Although no evidence has been found that data was taken, the incident is still considered a breach of protected health information. It has been reported to the HHS' Office for Civil Rights. The eye-care provider advised its patients to place a fraud alert on their credit file and to request and review their credit reports.

    Infosecurity reports: "Ransomware Attack on Arizona Optometrist"

  • news

    Visible to the public "Ransomware Attacks Soared 150% in 2020"

    Researchers at Group-IB have discovered that ransomware surged by 150% in 2020, with the average extortion amount doubling. The average ransom demand stood at $170,000 last year, but groups like Maze, DoppelPaymer, and RagnarLocker averaged between $1 million and $2 million. The average ransomware victim suffered 18 days of outages last year. Maze group (20%), Egregor group (15%), and Conti group (15%) accounted for most of the attacks analyzed by Group-IB. The Ransomware-as-a-Service (RaaS) model accounted for the majority (64%) of attacks studied, and 15 new affiliate programs appeared in 2020. Over half (52%) of attacks investigated by the researchers used publicly accessible RDP servers to gain initial access, followed by phishing (29%) and exploitation of public-facing applications (17%).

    Infosecurity reports: "Ransomware Attacks Soared 150% in 2020"

  • news

    Visible to the public "Researchers Discover That Privacy-Preserving Tools Leave Private Data Unprotected"

    Researchers at the NYU Tandon School of Engineering explored the machine-learning frameworks behind privacy preservation tools used for technologies such as facial expression recognition systems to see how effective such tools are at protecting private data. In a paper titled "Subverting Privacy-Preserving GANs: Hiding Secrets in Sanitized Images," the researchers looked into the possibility of recovering private data from images that had been sanitized by privacy-protecting Generative Adversarial Networks (PP-GANs) and that had passed empirical tests. The team discovered that PP-GAN designs could be subverted to pass privacy checks while enabling secret information to be obtained from sanitized images. The study presents the first comprehensive security analysis of PP-GANs and highlights the inadequacy of existing privacy checks at detecting sensitive information leakage. Using a new steganographic method, the researchers were able to modify an advanced PP-GAN to hide a secret, such as a user ID, from supposedly sanitized images. The adversarial PP-GAN can hide sensitive information in sanitized output images that can pass privacy checks, with a 100 percent rate at recovering secrets. This article continues to discuss findings from the study on the subversion of PP-GANs.

    The NYU Tandon School of Engineering reports "Researchers Discover That Privacy-Preserving Tools Leave Private Data Unprotected"

  • news

    Visible to the public "Telemarketing Biz Exposes 114,000 in Cloud Config Error"

    Security researchers at vpnMentor found an unsecured AWS S3 bucket on December 24 last year. The bucket was traced to Californian business CallX, whose analytics services are used by clients to improve their media buying and inbound marketing. The AWS S3 bucket leaked the personal details of potentially tens of thousands of consumers. The researchers found 114,000 files left publicly accessible in the leaky bucket. Most of the files were audio recordings of phone conversations between CallX clients and their customers. An additional 2000 transcripts of text chats were also viewable. Personally identifiable information (PII) contained in these files included full names, home addresses, phone numbers, and more. Unfortunately, the bucket remains open. VpnMentor has tried to contact CallX with no response. The research team first reached out to the firm on January 3, 2021, and then to AWS on January 6.

    Infosecurity reports: "Telemarketing Biz Exposes 114,000 in Cloud Config Error"

  • news

    Visible to the public "Free Cybersecurity Tool Aims to Help Smaller Businesses Stay Safer Online"

    The U.K.'s National Cyber Security Centre (NCSC) created the Cyber Action Plan tool to help small businesses improve their cybersecurity. The tool offers personalized cybersecurity advice to micro-businesses and sole traders. According to the U.K. government's most recent Cyber Security Breaches Survey, nearly half of micro and small businesses reported cybersecurity breaches or cyberattacks in 2020. Micro businesses and sole traders are invited to take a short questionnaire in order to get a personalized list of actions associated with Cyber Aware behaviors. Cybersecurity guidance for start-ups and other small businesses is more important than ever due to the COVID-19 pandemic. Small businesses have had to figure out how to get online and remain competitive during the pandemic, which has increased their vulnerability to cyber threats. This article continues to discuss how the NCSC's Cyber Action Plan tool will help small businesses strengthen their cybersecurity.

    ZDNet reports "Free Cybersecurity Tool Aims to Help Smaller Businesses Stay Safer Online"

  • news

    Visible to the public "Password Reuse at 60% as 1.5 Billion Combos Discovered Online"

    Researchers at SpyCloud found nearly 1.5 billion breached login combos circulating online last year and billions of records, including personal information (PII). The researchers also found that password reuse and weak hashing algorithms were widespread. In 2020 there were 854 breaches, up a third from 2019, and each data leak leaked on average 5.4 million records. SpyCloud found that 60% of credentials were reused across multiple accounts, exposing victims to credential stuffing and other brute force tactics. Of the 270,000 .gov emails recovered, the researchers found that password reuse was even higher, at 87%. Nearly two million passwords contained "2020," while almost 200,000 featured COVID-related keywords like "corona" and "pandemic." The most common password was "123456," followed by "123456789" and "12345678." "Password" and "111111" also appeared more than 1.2 million times each. The researchers also found that a third (32%) of breached passwords used the weak MD5 algorithm, and 22% used SHA1. Only 17% of passwords were salted.

    Infosecurity reports: "Password Reuse at 60% as 1.5 Billion Combos Discovered Online"

  • news

    Visible to the public "Ryuk Ransomware Updated With 'Worm-Like Capabilities'"

    A report recently released by CERT-FR, the French government's computer emergency readiness team, recently issued a report about a new Ryuk ransomware variant with worm-like capabilities that allow it to spread automatically within the networks it infects. According to CERT-FR, Ryuk now propagates itself from machine to machine within the Windows domain by using scheduled tasks. After the ransomware is launched, it spreads itself on every reachable machine on which Windows Remote Procedure Call (RPC) access is possible. The RPC service supports communication between Windows processes. The addition of worm-like capabilities to Ryuk ransomware indicates that its operators are attempting to improve the automation of their ability to rapidly spread malware from one infected system to multiple systems across a network in order to reduce the "intrusion to infection" time. This article continues to discuss the update of Ryuk ransomware with worm-like capabilities, as well as the history, prevalence, distribution, and human operation of Ryuk.

    BankInfoSecurity reports "Ryuk Ransomware Updated With 'Worm-Like Capabilities'"

  • news

    Visible to the public "Vendor Quickly Patches Serious Vulnerability in NATO-Approved Firewall"

    A patch was released for a critical vulnerability found in a firewall appliance made by Genua, a Germany-based cybersecurity company. The firewall called Genugate is said to be the only firewall in the world to receive a "highly resistant" rating by the German government. According to Genua, its Genugate firewall is also classified as "NATO Restricted." Genua's products have been used by industrial, government, military, and other critical infrastructure organizations. SEC Consult recently revealed that the Genugate firewall is impacted by a critical authentication bypass vulnerability contained by its administration interfaces. Once a threat actor has gained access to an organization's network, they can use the vulnerability to log in to the firewall's administration panel as any user. If an attacker has full admin/root access rights within the admin web interface, they can reconfigure the entire firewall, including the firewall ruleset, email filtering configuration, web application firewall settings, proxy settings, and more. Attackers could modify the firewall's configuration to access otherwise unreachable systems or redirect company traffic to an attacker-controlled proxy server by exploiting this vulnerability. The highly critical security vulnerability seems to affect all versions of the Genugate firewall. This article continues to discuss the use of the Genugate firewall by critical infrastructure organizations, the critical authentication bypass vulnerability affecting the firewall, and what the abuse of this flaw could allow attackers to do.

    Security Week reports "Vendor Quickly Patches Serious Vulnerability in NATO-Approved Firewall"

  • news

    Visible to the public "Did a Weak Password Result in SolarWinds Hack?"

    The investigation of the SolarWinds Orion software supply chain hacking attack continues. The attack on SolarWinds' Orion IT management platform impacted government agencies, critical infrastructure, and private-sector organizations. SolarWinds' top management is now blaming an intern for the use of a significantly weak password, which is believed to be the root cause of the SolarWinds hack. It has been suggested that the password was publicly accessible via a GitHub repository since June 2018, prior to it being addressed in November 2019 after a security researcher reported it. Sudhakar Ramakrishna, the CEO of SolarWinds, confirmed that the password, "solarwinds123," had been in use as early as 2017. This article continues to discuss the use of a weak password believed to be the main cause of the SolarWinds supply chain attack and other recent findings surrounding the hack in relation to its impact and the state-sponsored group behind its execution.

    CISO MAG reports "Did a Weak Password Result in SolarWinds Hack?"

  • news

    Visible to the public "Quarter of Healthcare Apps Contain High Severity Bugs"

    Researchers at Veracode have discovered that about 75% of healthcare applications contain some kind of vulnerability. A quarter of healthcare apps contain high severity flaws. The researchers also found that the healthcare sector fixes 70% of the vulnerabilities found within applications, putting it behind several other industries in terms of total volume addressed. However, the vulnerabilities that are fixed are usually fixed faster than any other sector on average except for retail. Veracode claimed that this is because healthcare apps are often smaller in size, relatively new, and have a lower density of bugs than software in verticals like tech, financial services, manufacturing, and government. Researchers also found that healthcare organizations do a better job than most at handling CRLF injection and cryptography-related bugs. However, the sector is still not scanning apps for issues regularly enough and is the least likely of any vertical to scan for flaws in open source components. The researchers argued that a failure to scan frequently for flaws means many are going unfixed and could be exploited in future attacks. Data breaches in healthcare cost more than any other sector and are estimated at over $7.1 million per incident.

    Infosecurity reports: "Quarter of Healthcare Apps Contain High Severity Bugs"

  • news

    Visible to the public "Flaws Fixed Incorrectly, as Secure Coding Education Lags"

    Research conducted by HackEDU, a provider of interactive cybersecurity training and secure code development courses for software engineers, attributes code fixing failures to a lack of formal training. Based on feedback mostly from security, development, and compliance leaders, more than 50 percent of developers are not trained in secure coding practices. The study involved data from assessments, lessons, challenges, and vulnerability reports from HackEDU customers and students. Vulnerabilities stemming from broken access control and broken object-level authorizations have been proven to be the most challenging to fix, while fixes for command injection and SQL injection vulnerabilities are often discovered to be incorrect. HackEDU emphasizes the importance of educating developers on secure coding practices as it would help ensure these flaws are reduced or eliminated. In order for developers to properly address harder-to-fix vulnerabilities, they must understand the fundamentals. Memorizing syntax or a framework and then applying it as a patch is not enough. This article continues to discuss HackEDU's findings on the lack of formal training in secure coding among developers, the types of vulnerabilities often fixed incorrectly, and the importance of improving education for developers on secure coding practices.

    SC Media reports "Flaws Fixed Incorrectly, as Secure Coding Education Lags"

  • news

    Visible to the public "Data is Most at Risk on Email, With 83% of Organizations Experiencing Email Data Breaches"

    Researchers from Egress conducted a news study where they interviewed 500 IT leaders and 3,000 remote-working employees in the US and UK across vertical sectors, including financial services, healthcare, and legal. The researchers found that 95% of IT leaders believe that company data is at risk on email and that 83 percent of organizations have suffered a data breach via this channel in the last 12 months. The researchers also found that human error was at the root of nearly one-quarter of incidents, with 24% caused by an employee sharing data in error. Most participants (85%) stated that they are sending more emails due to remote working, heightening the risk of an email data breach. Of the participants, 59% of the IT leaders reported an increase in email data leaks since implementing remote working due to the pandemic.

    Help Net Security reports: "Data is Most at Risk on Email, With 83% of Organizations Experiencing Email Data Breaches"

  • news

    Visible to the public "Privacy Issues and Security Risks in Alexa Skills"

    A new study from a team of researchers from Germany's Ruhr-Universitat Bochum, North Carolina State University, and Google suggests that Alexa Skills often have security weaknesses and data protection problems that attackers can exploit to perform malicious activities. These Skills are voice-driven Alexa capabilities. The researchers analyzed more than 90,000 Alexa Skills from the Amazon store across seven countries. They found problems with Skills that create security and privacy risks for users. This article continues to discuss the researchers' discovery of privacy issues and security risks in Alexa Skills, as well as the source of security gaps and data protection problems associated with these Skills.

    Ruhr-Universitat Bochum reports "Privacy Issues and Security Risks in Alexa Skills"

  • news

    Visible to the public "Cybersecurity Researchers Build a Better 'Canary Trap'"

    A canary trap in the performance of espionage is the spread of multiple versions of false documents to hide a secret. The canary trap technique can be used to detect information leaks or create distractions that conceal valuable information. A team of cybersecurity researchers developed a new data protection system called WE-FORGE that uses Artificial Intelligence (AI) to expand upon the canary trap method. The system protects intellectual property such as drug designs and military technologies by producing false documents. WE-FORGE improves upon the canary technique by using natural language processing to automatically generate multiple fake files that are sufficiently similar to the original ones to be believable but different enough to be incorrect. The system also adds randomness to prevent adversaries from identifying real documents. WE-FORGE can create many fake versions of any technical design document, thus making it significantly difficult for adversaries to determine which document is real once they have successfully hacked a system. The use of this technique causes adversaries to waste their time and resources, as well as have lower confidence. This article continues to discuss the concept of canary traps in espionage and how the WE-FORGE data protection system builds on this technique to better deceive would-be attackers.

    Dartmouth College reports "Cybersecurity Researchers Build a Better 'Canary Trap'"

  • news

    Visible to the public "Go Malware Detections Increase 2000%"

    Researchers at an Israeli security firm Intezer have found that new malware written in the Go programming language has spiked by 2000% over the past four years. Go programming language is sometimes referred to as Golang and was first used for malware around nine years ago. Many adversaries choose to use the Go language to create malware because it works across Windows, Linux, and Mac operating systems and is relatively challenging for researchers to reverse engineer. Go was used by Russian state-backed actors to target Eastern European countries with a variant of the Zebrocy malware last year. Kremlin hackers have also used the language to develop the WellMess malware, which targeted COVID-19 vaccine researchers in the UK, Canada, and the US. The researchers stated that traditional anti-virus programs have a hard time identifying Go malware.

    Infosecurity reports: "Go Malware Detections Increase 2000%"

  • news

    Visible to the public "Cyber Workforce Vital to Protecting National Security"

    The US Defense Department's cyber workforce is responsible for defending nearly every system that the government agency uses to safeguard national security. John Marx, the acting principal director for cyber modernization in the office of the undersecretary of defense for research and engineering, discussed the department's cyber missions and workforce talent during Engineers Week (February 21 to 27). According to Marx, the first goal of modernizing cyber capabilities in the Department of Defense (DoD) is to advance its ability to develop and deploy cyber-resilient systems. The second goal is to create a unique capability for highly integrated cyber and electromagnetic spectrum operations. The third goal is to develop an unrivaled cyber and electromagnetic spectrum expertise, supporting the first two goals. In addition to these missions, DoD provides support to critical civilian infrastructures in case of necessity when infrastructure owners request it under authorities such as the Defense Support to Civil Authorities. DoD collaborates closely with other federal agencies and local entities to provide this support. Marx highlighted DoD's continuous search for cyber talent and talent within its workforce. DoD is always seeking individuals who know how software drives complex systems. These individuals are typically computer engineers, software engineers, and electrical engineers. Mechanical, civil, chemical, aerospace, and biomedical engineers are also encouraged to have a strong understanding of the way in which their fields of practice rely on cyber systems. This article continues to discuss DoD's cyber capability modernization goals, the department's search for cyber talent, how engineers can gain more cybersecurity knowledge, and technologies that will improve cybersecurity.

    The Department of Defense reports "Cyber Workforce Vital to Protecting National Security"

  • news

    Visible to the public Russians targeting US Power Grid

    Russian hackers have targeted the US Power Grid for years and may have caused power blackouts

  • news

    Visible to the public "Ransomware Gang Hacks Ecuador's Largest Private Bank, Ministry of Finance"

    A hacking group called Hotarus Corp claims to have stolen internal data from Ecuador's Ministry of Finance and Banco Pichincha, the largest private bank in Ecuador. The ransomware gang used a PHP-based ransomware strain called Ronggolawe, also known as AwesomeWare. In the attack against Ecuador's Ministry of Finance, Ronggolawe was used to encrypt the contents of a site that hosts an online course. Following the attack, the threat actors shared a text file containing more than 6,500 login names and hashed password combinations on a hacker forum. The group claims that they stole sensitive ministry information, employee information, emails, and contracts. Banco Pichincha released an official statement confirming that Hotarus Corp hacked its marketing partner, not its internal systems. According to the bank, the attackers used the marketing partner to send phishing emails to customers to steal sensitive information and perform illegitimate transactions. However, the hacking group disputes the bank's statement. They say the attack on the marketing company allowed them to infiltrate the bank's internal systems. Once they gained access to the internal systems, the actors claim that they stole data and executed a ransomware attack. The hacking group claims to have stolen over 30 million customer records and more than 50 thousand sensitive system records. They shared images of the allegedly stolen data as proof of the attack. This article continues to discuss Hotarus Corp's ransomware attacks against two financial organizations and the alleged theft of data.

    Bleeping Computer reports "Ransomware Gang Hacks Ecuador's Largest Private Bank, Ministry of Finance"

  • news

    Visible to the public "USA Third Most Affected by Stalkerware"

    Researchers from the cybersecurity company Kaspersky have found that Russia, Brazil, and the United States of America were most affected by stalkerware last year. The researchers found that 53,870 Kaspersky users were affected globally by malicious surveillance software in 2020. The USA, which was the fourth most impacted country in 2019, moved up to third place in 2020 with 4,745 people affected by stalkerware. The total number of victims globally in 2020 fell by 13,630 compared to 2019. The researchers saw an increase in the number of victims in the second half of 2020 when lockdown restrictions were put in place due to COVID-19. Nidb was the most used stalkerware sample in 2020. This sample is used to sell several different stalkerware products such as iSpyoo, TheTruthSpy, and Copy9. The researchers warn that this malicious software, which enables a remote user to monitor activities on another user's device, "may facilitate intimate partner surveillance, harassment, abuse, stalking, and/or violence."

    Infosecurity reports: "USA Third Most Affected by Stalkerware"

  • news

    Visible to the public "When Cyber Gangs Disregard Ransomware Payments, Victims Can Be Hit Twice"

    The cybersecurity company Coveware released a report revealing that nearly half of the ransomware attacks that it had tracked in the third quarter included threats to leak unencrypted data. However, several of the gangs behind these attacks did not honor their agreement to delete victims' stolen data despite having received ransomware payments. For example, victims of Sodinokibi/REvil ransomware were hit again just a few weeks after paying the ransom for the same data. Such incidents pose the question as to whether victims should pay ransomware attackers. Victims are advised not to pay because there is no guarantee that they will receive a working decryption tool for their data if they give in to the attackers' demand for a ransom payment. Coveware's report also highlights that there is no way to verify whether attackers will delete stolen data. The U.S Department of Treasury's Office of Foreign Assets Control (OFAC) issued an advisory in October 2020, discussing potential sanctions risks associated with sending ransomware payments to cybercriminals. OFAC designated several malicious cyber actors responsible for the creation or distribution of ransomware. Payments to those actors encourage the launch of more ransomware attacks, potentially harming national security and foreign policy. Users and organizations are urged to focus on improving their ability to prevent ransomware infections. This article continues to discuss findings surrounding cyber gangs' dismissal of ransomware payments, the decision to pay ransomware attackers, and how ransomware infections can be prevented.

    Security Intelligence reports "When Cyber Gangs Disregard Ransomware Payments, Victims Can Be Hit Twice"

  • news

    Visible to the public "Mobile Phishing to Steal Government Credentials Increased 67% in 2020"

    According to a new report released by the mobile security firm Lookout, malicious hackers targeting devices belonging to government workers increasingly focused on stealing victims' login credentials instead of delivering malware in 2020. This shift in focus has led to the increased spread and persistence of attacks. The report revealed that more than 70 percent of phishing attacks faced by government organizations aimed to steal login credentials, a 67 percent increase from 2019. The data used to develop this report comes from almost 200 million devices and more than 135 million mobile apps used by the government agencies for which Lookout provides services. Lookout says the shift to remote work due to the COVID-19 pandemic has caused more government entities to consider implementing a "Bring Your Own Device" (BYOD) policy, thus increasing the attack surface for malicious actors. This article continues to discuss the increase in mobile phishing attacks aimed at stealing government credentials, the contributing factors behind this increase, and the different levels of exposure to phishing threats faced by federal, state, and local governments.

    NextGov reports "Mobile Phishing to Steal Government Credentials Increased 67% in 2020"

  • news

    Visible to the public "New 'LazyScripter' Hacking Group Targets Airlines"

    Researchers at the cybersecurity firm Malwarebytes have discovered a new Advanced Persistent Threat (APT) group dubbed LazyScripter. The hacking group targets airlines that use the BSPLink financial settlement software made by the International Air Transport (IATA). LazyScripter's most recent attacks used phishing emails that mimic the IATA ONE ID, a contactless passenger processing tool. According to the researchers, the threat remained unnoticed for about two years. One of the group's earliest attacks targeted individuals seeking to immigrate to Canada. The toolset used by the group for its attacks has evolved over time. Their toolset has included Octopus remote access Trojans (RATs), Remcos RATs, PowerShell Empire, and more. This article continues to discuss the LazyScripter hacking group's targets, methods, and tools.

    Security Week reports "New 'LazyScripter' Hacking Group Targets Airlines"

  • news

    Visible to the public "One Ransomware Victim Every 10 Seconds in 2020"

    Researchers at Check Point discovered that a new organization became a ransomware victim every 10 seconds in 2020, with remote workers experiencing a sharp uptick in threats. The researchers claim that double extortion ransomware, in particular was, on the rise. In Q3 2020, nearly half of all ransomware incidents involved data theft from the targeted organization. According to researchers at Check Point, only 5% of malware attacking global corporate networks was ransomware last year. The most popular was botnet traffic (28%), followed by crypto-miners (21%), information stealers (16%), mobile (15%), and banking malware (14%). Remote Desktop Protocol attacks (RDPs) were the most popular attack vector for ransomware in the first half of the year.

    Infosecurity reports: "One Ransomware Victim Every 10 Seconds in 2020"

  • news

    Visible to the public "The IoT Cybersecurity Improvement Act: A First Step in Bolstering Smart Technology Security"

    Every second, 127 new IoT devices are connected to the web, and experts predict that by 2025, that figure will equate to more than 75 billion connected devices overall. IoT devices are often riddled with security vulnerabilities impacting security and privacy both at a consumer and corporate level. The Internet of Things Cybersecurity Improvement Act of 2020 is the first-of-its-kind legislation that requires the creation of security standards and guidelines for IoT devices used in and purchased by the federal government. It encompasses issues such as secure development, identity management, patching processes, and configuration management. The IoT security bill also calls for guidelines in vulnerability reporting for IoT devices in government networks and those of federal contractors. The researchers stated that as the use of connected devices continues to grow exponentially over time, we must ask ourselves, "is it enough?" While intended for government parties, these new guidelines can provide manufacturers and security vendors with a general roadmap of how to bolster IoT security measures overall, which has been lacking in years past. The researchers stated that the opportunity to expand and enhance IoT security is still present and needed. The bill in its current state addresses only a portion of the larger problem at hand. The security regulations outlined in the statement only apply to IoT technologies used in federal environments, rather than being applicable across all relevant IoT-enabled devices. The researchers stated that providing secure IoT technologies is still the primary responsibility of manufacturers and that end-users must demand more security measures from the companies selling such devices. End-users demanding more security measures will create a ripple effect, sparking proactive action from manufacturers and security vendors to holistically address IoT security concerns from the start, with an all-encompassing set of guidelines required to secure IoT device manufacturing, distribution, and implementation. The researchers stated that only through this domino effect will IoT security move beyond the government and into one's own home and business environments.

    Security Magazine reports: "The IoT Cybersecurity Improvement Act: A First Step in Bolstering Smart Technology Security"

  • news

    Visible to the public SoS Musings #46 - The Battle Against Fileless Malware Attacks Continues

    SoS Musings #46 -

    The Battle Against Fileless Malware Attacks Continues

  • news

    Visible to the public Spotlight on Lablet Research #15 - Reasoning about Accidental and Malicious Misuse via Formal Methods

    Spotlight on Lablet Research #15 -

    Project: Reasoning about Accidental and Malicious Misuse via Formal Methods

  • news

    Visible to the public Cryptomining and Cryptojacking - What Are They?

    Cryptomining and Cryptojacking - What Are They?

  • news

    Visible to the public Cybersecurity Snapshots #15 - Attacks Against the Nation's Water Systems

    Cybersecurity Snapshots #15 -

    Attacks Against the Nation's Water Systems