News Items

  • news

    Visible to the public "A Powerful Spyware App Now Targets iPhone Owners"

    According to researchers at the mobile security firm, Lookout, the powerful surveillance app that was initially designed for Android devices, called Exodus, now targets iPhones. The developer of the malicious app was able to evade the Apple app store's checks by abusing Apple-issued enterprise certificates. Once the app is installed on an iPhone, it can perform malicious activities such as steal photos, grab real-time location data, eavesdrop on conversations, and more. This article continues to discuss other discoveries in relation to the spyware app targeting iPhone owners and the abuse of enterprise certificates by other app makers.

    TechCrunch reports "A Powerful Spyware App Now Targets iPhone Owners"

  • news

    Visible to the public "Watch SwRI Engineers Trick Object Detection System"

    Engineers at Southwest Research Institute have developed new adversarial learning techniques that can make objects invisible to object detection systems in which deep-learning algorithms are used. These techniques can also be used to deceive object detection systems into seeing another object or seeing objects in another location. The development of these adversarial learning techniques by researchers bring further attention to the vulnerabilities in deep learning algorithms and other ML algorithms. This article continues to discuss the use of deep learning algorithms by the automotive industry, the new adversarial techniques to trick object detection systems, and efforts to increase the security of deep learning algorithms.

    TRR reports "Watch SwRI Engineers Trick Object Detection System"

  • news

    Visible to the public "Tenable Discloses Verizon Fios Router Vulnerabilities"

    Any one with a Verizon Fios Quantum Gateway router, may be at risk of cyberattacks. Tenable was able to find multiple vulnerabilities in the Verizon Fios Quantum Gateway (G1000) router. The impact of the vulnerabilities found is that a remote attacker could potentially get un-authorized access to the router, and also to the user's entire network. Verizon is in the process of automatically updating the firmware used on the Fios Quantum Gateway.

    eWeek reports: "Tenable Discloses Verizon Fios Router Vulnerabilities"

  • news

    Visible to the public HotSoS 2019 Summary Report

    Hot Topics in the Science of Security: Symposium and Bootcamp (HotSoS) 2019


  • news

    Visible to the public "It’s Disturbingly Easy to Trick AI into Doing Something Deadly"

    Recent studies conducted by artificial intelligence (AI) researchers emphasize the major impacts that adversarial machine learning (ML) can have on safety. Researchers have performed adversarial attacks on machine learning systems to demonstrate how easy it is to alter the proper functioning of such systems and highlight the potential consequences of such manipulations by hackers. This article continues to discuss adversarial attacks on machine learning, how adversarial AI attacks can affect different fields that rely on AI, and a program recently launched by DARPA (Defense Advanced Research Projects Agency), called Guaranteeing AI Robustness against Deception (GARD), to defend against such attacks, along with other efforts to improve the security of ML systems.

    Vox reports "It's Disturbingly Easy to Trick AI into Doing Something Deadly"

  • news

    Visible to the public "Making Scalable On-Chip Security Pervasive"

    The growth of Internet of Things (IoT) is accompanied by the increase in accessible devices and the number of complex chip designs needed for their operation. The rapid growth of IoT devices calls for the advancement of chip-level security. According to the Defense Advanced Research Projects Agency (DARPA), there is a notable lack of common tools, methods, and solutions for the incorporation of security into chips. Therefore, DARPA developed the Automatic Implementation of Secure Silicon (AISS) program. AISS will address economic and technical challenges in regard to the implementation of security into the design of chips. This article continues to discuss the challenges associated with incorporating security into chips and the program developed by DARPA to address these challenges, which would make salable on-chip security pervasive.

    Homeland Security News Wire reports "Making Scalable On-Chip Security Pervasive"

  • news

    Visible to the public "Photons Trained for Optical Fiber Obstacle Course Will Deliver Stronger Cyber Security"

    The navigation of photons in networks of optical fibers will be improved through the use of a new technique demonstrated by researchers from the National University of Singapore (NUS) and Singtel, Asia's leading communications group. This new approach is expected to bolster cybersecurity as it improves quantum key distribution (QKD) over fiber networks. QKD is a secure communication method in which encryption keys are created through the detection of individual photons. This article continues to discuss the concept of QKD and the new approach to improving QKD over fiber networks.

    Science Daily reports "Photons Trained for Optical Fiber Obstacle Course Will Deliver Stronger Cyber Security"

  • news

    Visible to the public "TrickBot Trojan seeks out weak human links in business to profit from the tax season"

    During tax season, there is usually an increase of Phishing attacks that occur. Many Phishing attacks this year are focused on the business segment and deployment of the TrickBot Trojan. The phishing schemes are designed to trick victims into accepting malicious Microsoft Excel documents, which contain embedded, obfuscated macros by pretending to be accounting, tax, and payroll services companies. Once TrickBot is installed on a potentially vulnerable device and can reach other devices on the network, it with then spread and pivot throughout the network.

    ZDNET reports: "TrickBot Trojan seeks out weak human links in business to profit from the tax season"

  • news

    Visible to the public "Cybercriminals (Still) Using Facebook as a Black Market"

    Cisco's Talos security researchers have found that cybercriminals are using Facebook groups for the purpose of conducting illegal activities, including selling hacking services and sensitive information such as credit card numbers. Researchers were able to find such groups by searching for certain keywords in relation to the security code located on the back of credit cards. 74 Facebook groups have been found to be used to commit cybercrimes, some of which have remained on the social network for eight years. This article continues to discuss the use of Facebook groups by cybercriminals to commit various cybercrimes and efforts to address this problem.

    PCMag reports "Cybercriminals (Still) Using Facebook as a Black Market"

  • news

    Visible to the public "Researchers Uncover US-Based Malware Distribution Centre"

    Security researchers at Bromium have discovered the use of U.S.-based web servers to host and distribute 10 types of malware via large-scale phishing campaigns. According to researchers, these web servers are owned by FranTech Solutions, a bulletproof hosting provider that uses data centers in Las Vegas, Nevada. The 10 strains of malware being hosted and distributed on these servers include Dridex, Trickbot, Gandcrab, Fareit, IcedID, and more. This article continues to discuss the discovery of a U.S.-based malware distribution center by security researchers, the phishing campaigns used to distribute malware being hosted on U.S. web servers, and what other findings suggest.

    Computer Weekly reports "Researchers Uncover US-Based Malware Distribution Centre"

  • news

    Visible to the public "What Is Shadow Mining and Why Is It a Security Threat?"

    The results of a survey recently conducted by Exabeam to which 150 cybersecurity professionals responded, indicate that most organizations lack awareness surrounding the threat of shadow mining and cryptojacking. The performance of shadow mining refers to the illicit use of an organization's computing resources by a malicious insider to mine cryptocurrencies. Shadow mining is a form of shadow IT in which an organization's IT infrastructure is utilized by an employee in a secretive or unauthorized manner. According to the results of the survey, 65 percent of organizations are not familiar with shadow mining. This article continues to discuss the concept of shadow mining and key findings of the survey in relation to the lack of awareness for cryptojacking and shadow mining.

    Help Net Security reports "What Is Shadow Mining and Why Is It a Security Threat?"

  • news

    Visible to the public HoTSoS 2019 Best Paper and Poster Awards

    The Hot Topics in Science of Security (HoTSoS) Best Paper Award recognizes the paper that exhibits outstanding achievement in science. Papers are selected by the HoTSoS Program Committee. The winning paper is automatically nomination into the Annual Best Scientific Paper Competition.

    This year's winning paper was entitled "Integrated Data Space Randomization and Control Reconfiguration for Securing Cyber-Physical Systems" by Bradley Potteiger, Zhenkai Zhang and Xenofon Koutsoukos of Vanderbilt University

  • news

    Visible to the public "Xiaomi's Phones Had a Security Flaw Preinstalled on Millions of Devices"

    Smartphones made by Xiaomi, a Chinese technology company, were discovered by researchers from Check Point to contain a security vulnerability that could allow hackers to steal data, install tracking apps, and more. According to researchers, the vulnerability derives from a preinstalled security app, called Guard Provider. The app receives updates via an unsecured HTTP connection, thus allowing hackers to perform a man-in-the-middle attack in which malware is inserted into a user's smartphone through those updates once they are connected to the same Wi-Fi network as the attackers. This article continues to discuss the security flaw in Xiaomi phones and Xiaomi's response to the discovery of this vulnerability.

    CNET reports "Xiaomi's Phones Had a Security Flaw Preinstalled on Millions of Devices"

  • news

    Visible to the public "The war between cybersecurity and cybercrime will be fought by artificial intelligence"

    The battle between cybercrime and cybersecurity will soon be fought by artificial intelligence. AI is being used more and more to launch attacks using botnets by hackers, and also AI algorithms are helping cybersecurity experts in intrusion detection and prevention systems. The AI algorithms continuously learn from past intrusion attempts and get smarter about detecting and responding to botnet attacks. AI will be important to fight cybersecurity attacks in the near future.

    Biometricupdate.com reports: "The war between cybersecurity and cybercrime will be fought by artificial intelligence"

  • news

    Visible to the public "How Malevolent Machine Learning Could Derail AI"

    Dawn Song is a professor at UC Berkley whose focus is on the security risks associated with artificial intelligence (AI) and machine learning (ML). Song recently gave a presentation at EmTech Digital, an event created by MIT Technology Review, in which she emphasized the threat posed by the emergence of new techniques for probing and manipulating ML systems known as adversarial ML methods. Adversarial ML can reveal the information that an ML algorithm has been trained on, disrupt the proper functioning of an ML system, make an ML system produce specific types of outputs, and more. This article continues to discuss the concept behind adversarial ML, different projects in relation to adversarial ML, and the growing interest surrounding this area of ML.

    MIT Technology Review reports "How Malevolent Machine Learning Could Derail AI"

  • news

    Visible to the public "Healthcare’s Huge Cybersecurity Problem"

    Healthcare has increasingly become one of the most targeted industries for cyberattacks as indicated by recent reports of ransomware attacks and other attacks. Cyberattacks against the healthcare industry are on the rise on account of the lack of preparation by hospitals and physicians in the management of cybersecurity threats, and the increasing dependence on internet-connected technology to facilitate patient care. Many of these internet-connected technologies have been found to be vulnerable to cyberattacks in which patient data can be extracted, devices can be hijacked, and more. This article continues to discuss the vulnerability of the healthcare industry to cyberattacks, the potential impact of such attacks, notable incidents of cyberattacks on healthcare, and efforts to improve healthcare cybersecurity.

    The Verge reports "Healthcare's Huge Cybersecurity Problem"

  • news

    Visible to the public  "This New Malware Is Scanning the Internet for Systems Info on Valuable Targets"

    Researchers at AT&T Alien Labs have discovered a new form of malware, dubbed Xwo, which is believed to be linked to two other forms of malware, called MongoLock ransomware and X Bash. According to researchers, the main goal behind Xwo is to scan the internet for credentials and exposed web services. The gathering of this information could lead to the launch of a much larger cyberattack. Xwo has also been found to collect information pertaining to Default SVN, Git paths, PhP admin details, and more. This article continues to discuss the capabilities of Xwo and how this malware differs from MongoLock ransomware and X Bash, as well as how network owners can prevent Xwo and other scanning malware.

    ZDNet reports "This New Malware Is Scanning the Internet for Systems Info on Valuable Targets"

  • news

    Visible to the public "Hospital Viruses: Fake Cancerous Nodes in CT Scans, Created by Malware, Trick Radiologists"

    Security researchers at the Ben Gurion University Cyber Security Research Center in Israel have created malware that would enable attackers to alter CT or MRI scans, bringing further attention to the security vulnerabilities present in medical imaging equipment and networks. The malware created by researchers would allow attackers to add malignant-looking growths or remove real cancerous nodules from CT or MRI scans prior to their examination by radiologists and doctors. The modification of such scans can lead to the misdiagnosis of patients and the prevention of critical care. This article continues to discuss the study, possible consequences, and potential targets of this malware, as well as the vulnerabilities in hospital equipment and networks that would allow such attacks to succeed.

    The Washington Post reports "Hospital Viruses: Fake Cancerous Nodes in CT Scans, Created by Malware, Trick Radiologists"

  • news

    Visible to the public "Computer Program Developed to Find 'Leakage' in Quantum Computers"

    Researchers from the University of Warwick's Department of Physics have developed a quantum computer program to identify if information processed by a quantum computer is being leaked from the states, 0 and 1. The information gathered by this program would allow computer engineers and programmers to improve upon the building of systems that reduces quantum leakage and the creation of error correction techniques. This program will enable users of quantum computers to determine whether their computers are functioning correctly or not, even if they do not have any technical knowledge. This article continues to discuss the method, research, and goals behind the quantum computer program, along with the advantage that quantum computing has over conventional computing.

    Science Daily reports "Computer Program Developed to Find 'Leakage' in Quantum Computers"

  • news

    Visible to the public "Spear-phishing Is The Next Threat After A Data Breach"

    Data breaches are becoming more and more frequent. After a data breach, an immense quantity of data is leaked and exposed online. Usually this data includes personal and professional information. After a data breach, attackers will use a spear-phishing attack. These attacks are highly targeted and customized and are far more likely to succeed than traditional phishing attacks. Crooks typically use data exposed by a data breach to obtain more information about the victims and the organizations that are affected. In order to increase the success rate these kinds of attacks, the attackers will include a messages often contain urgent explanations on why they need sensitive information. The victims then are coaxed to open a malicious attachment or click on a link that takes them to a fake website where they are asked to provide sensitive information, such as passwords, account numbers, credit card numbers, access codes and personal information numbers (PINs).

    Cyberdefencemagaine reports: "Spear-phishing Is The Next Threat After A Data Breach"

  • news

    Visible to the public "Secure ‘Internet-of-Body’ Could Protect Medical Devices from DHS-Warned Cyberattacks"

    The U.S. Department of Homeland Security (DHS) recently issued warnings pertaining to the vulnerability of implantable defibrillators, made by Medtronic PLC, to being hacked. Medtronic devices are vulnerable to cyberattacks because of the poor encryption of signals emitted by these devices. A prototype device has been developed by researchers at Purdue University to prevent signals produced by medical devices from radiating outwards. This article continues to discuss the susceptibility of Medtronic devices to being hacked and the prototype device built by researchers to keep signals within the human body.

    Purdue University reports "Secure 'Internet-of-Body' Could Protect Medical Devices from DHS-Warned Cyberattacks"

  • news

    Visible to the public "Researchers Trick Tesla Autopilot into Steering into Oncoming Traffic"

    Researchers from Tecent's Keen Security Lab were able to deceive the Enhanced Autopilot feature of a Tesla Model S 75 into steering towards oncoming traffic by placing small stickers on the ground. Tesla's Enhanced Autopilot gathers information pertaining to obstacles, terrain, and lane changes through the use of cameras, ultrasonic sensors, and radar. This information is then fed to onboard computers, which use machine learning in order to form judgements. According to researchers, the strategic placement of stickers on the road can make the Autopilot steer into the wrong lane. This article continues to discuss the capabilities of Tesla's Enhanced Autopilot, how researchers fooled this feature, other vulnerabilities, and other research surrounding the manipulation of self-driving cars by altering the environment.

    Ars Technica reports "Researchers Trick Tesla Autopilot into Steering into Oncoming Traffic"

  • news

    Visible to the public "How the EverCrypt Library Creates Hacker-Proof Cryptography"

    A set of digital cryptography tools, called EverCrypt, has been released by a group of computer scientists with the goal of eliminating coding bugs that could be exploited by hackers to launch damaging hacking attacks. The cryptographic library, EverCrypt, has been proven by researchers to be impervious to many types of hacking attacks. According to researchers, EverCrypt does not contain coding errors such as buffer overruns, which could allow for the execution of hacking attacks. In addition, EverCrypt is consistent in the performance of correct computations. This article continues to discuss the concept behind EverCrypt, the security guarantees that EverCrypt provides, and the main challenge faced by researchers in the creation of this cryptographic library.

    Quanta Magazine reports "How the EverCrypt Library Creates Hacker-Proof Cryptography"

  • news

    Visible to the public "Analysis: Dark Web Arrests Also Led to Ransomware Disruption"

    Last week, Europol, the FBI and other law enforcement agencies made 61 arrests of individuals that were suspected of selling illegal goods on the dark web. The "Dream Market" dark web site was closed, and was considered a successor to the infamous Silk Road marketplace. The closure of Dream Market has disrupted ransomware attacks that used Dream Market as a platform, forcing attackers to use alternatives. Buyers and sellers of stolen data and ransomware will soon find another dark web marketplace to use. It is important to keep looking out for these dark web market places, and to close them as soon as enough evidence is collected to charge individuals that are using the web site.

    GOVINFO SECURITY reports: "Analysis: Dark Web Arrests Also Led to Ransomware Disruption"

  • news

    Visible to the public "A Guide to LockerGoga, the Ransomware Crippling Industrial Firms"

    LockerGoga is a devastating ransomware attack that is affecting industrial businesses. This malware is particularly disruptive, shutting down computers entirely, locking out their users, and rendering it difficult for victims to even pay the ransom. Industrail businesses cannot make any money, if their machines cannot work, which means that every miniute wasted by this ransomware, is money lost. The attackers usually leave a ransomeware note, which states to contact them with a specific email. The affected and hacker will then determine how much bitcoin is needed in order for the hacker to give the affected full access to their computers/machines.

    Wired.com reports: "A Guide to LockerGoga, the Ransomware Crippling Industrial Firms"

  • news

    Visible to the public "KAIST Team Used Fuzzing to Spot Newer LTE Protocol Vulnerabilities"

    36 vulnerabilities were found in 4G LTE wireless networks by researchers at the Korea Advanced Institute of Science and Technology (KAIST) through the use of a semi-automated fuzzing tool. The exploitation of these vulnerabilities could allow attackers to spoof SMS messages, manipulate user data traffic, and more. This article continues to discuss the vulnerabilities discovered in 4G LTE wireless networks and the technique used by researchers to find them.

    TechXplore reports "KAIST Team Used Fuzzing to Spot Newer LTE Protocol Vulnerabilities"

  • news

    Visible to the public "Critical Magento SQL Injection Flaw Could Be Targeted by Hackers Soon"

    Security patches have been released by Magento to fix vulnerabilities in its content management system, which is widely-used by online shops. These security patches address 37 issues associated with the commercial and open-source versions of the Magento platform. One flaw that raises the most concern is the SQL injection flaw as it can be exploited without authentication. This article continues to discuss the vulnerabilities contained by the Magento platform, the release of patches for these flaws, and why this platform is a popular target for hackers.

    CSO Online reports "Critical Magento SQL Injection Flaw Could Be Targeted by Hackers Soon"

  • news

    Visible to the public "Personal Health Details of More Than 350,000 Oregonians Potentially Exposed in HIPAA Breach"

    The Oregon Department of Human Services (DHS) recently faced a phishing attack that resulted in the exposure of protected health information (PHI) belonging to more than 350,000 Oregonians. The information exposed in this attack include names, addresses, Social Security numbers, and more. This article continues to discuss the exposure of over 350,000 Oregonians' protected health information (PHI) as a result of a phishing attack experienced by DHS, other recent HIPAA breaches, and how security professional can help safegaurd personal data from phishing attacks.

    Security Intelligence reports "Personal Health Details of More Than 350,000 Oregonians Potentially Exposed in HIPAA Breach"

  • news

    Visible to the public "Russia Regularly Spoofs Regional GPS"

    A report published by the Center for Advanced Defense (C4ADS) highlights findings of an analysis of global positioning data. A key finding is the spoofing and blocking of satellite navigation signals by Russia. According to the report, at least 9,883 incidents in which satellite navigation signals were spoofed have occurred in the past three years, bringing further attention to the vulnerability of satellite navigation systems. This article continues to discuss the Russian spoofing of the global navigation satellite system and the significance of such attacks.

    Dark Reading reports "Russia Regularly Spoofs Regional GPS"

  • news

    Visible to the public "Apple Secures iOS and macOS With New Updates"

    Apple updated its iOS mobile operating system to version 12.2 and its macOS Mojave desktop operating system to version 10.14.4. This update has fixed numerous vulnerabilities that could have potentially exposed users to risk. Among the risks were flaws that could enable privilege escalation, information disclosure, and arbitrary code execution.

    eWeek reports: "Apple Secures iOS and macOS With New Updates"

  • news

    Visible to the public "HTTPS Isn't Always as Secure as It Seems"

    Hypertext Transfer Protocol Secure (HTTPS) is the secure version of HTTP that has become widely used by websites. HTTPS uses the Transport Layer Security (TLS) protocol to secure connections between browsers and web servers in order to prevent the eavesdropping of users' private information such as passwords, web searches, and more. Findings of an analysis of the top 10,000 HTTPS sites, conducted by researchers at Ca' Foscari University of Venice and Tu Wien, reveal that 5.5 percent of these sites contained TLS vulnerabilities that could be exploited by attackers. Researchers have placed these vulnerabilities into three categories that they have developed. This article continues to discuss the widespread adoption of HTTPS, the TLS vulnerabilities discovered to be contained by 5.5 percent of analyzed HTTPS sites, and the significance of these findings.

    Wired reports "HTTPS Isn't Always as Secure as It Seems"

  • news

    Visible to the public "Ransomware Forces Two Chemical Companies to Order 'Hundreds of New Computers'"

    Following the LockerGoga ransomware attack on the Norwegian aluminium company, Norsk Hydro ASA, two U.S.-based chemical companies, Hexion and Momentive, were also hit with the same ransomware. It was discovered that the language used in the ransom message received by Momentive was very similar to the language in ransom notes associated with known LockerGoga attacks. These attacks have resulted in the takedown of hundreds of computers. This article continues to discuss the LockerGoga ransomware attacks on Hexion and Momentive, along with how LockerGoga differs from other popular ransomware.

    Motherboard reports "Ransomware Forces Two Chemical Companies to Order 'Hundreds of New Computers'"

  • news

    Visible to the public "DHS Warns of Vulnerabilities in Implanted Defibrillators"

    The U.S. Department of Homeland Security (DHS) has issued warnings pertaining to the vulnerability of heart devices made by Medtronic PLC to being hacked. According to DHS, 16 different models of Medtronic implantable defibrillators contain two kinds of vulnerabilities that could be exploited by attackers to perform potentially harmful activities such as modify data, change device settings, and more. This article continues to discuss the two types of vulnerabilities discovered in implantable defibrillators made by Medtronic, the likelihood of these vulnerabilities being exploited by hackers, and the types of defibrillators that are affected by these vulnerabilities.

    Government Technology reports "DHS Warns of Vulnerabilities in Implanted Defibrillators"

  • news

    Visible to the public "Spotting Hacks Automatically, Before the Hackers Do"

    Computer scientists at TU Kaiserslautern, Germany, together with researchers from Stanford University in California have led a team that developed a new approach to finding flaws in new chip designs prior to the chips being manufactured. The novel approach developed by researchers involves the use of an algorithm, called Unique Program Execution Checking (UPEC), a form of automated security verification. Through the use of UPEC, designers of the new chips will be alerted of potential flaws contained by the chips before they are produced on a large scale. This article continues to discuss the significance of Spectre and Meltdown vulnerabilities, the need to find flaws in chips before hackers do, and the use of UPEC to discover potential covert channel vulnerabilities in future chip designs.

    EurekAlert! reports "Spotting Hacks Automatically, Before the Hackers Do"

  • news

    Visible to the public "Asus Confirms Attack Against Update Tool That Exposed Users to Risk"

    Hackers were able to obtain access to Asus' servers, the attackers took aim at the Asus Live Update tool, which is used to deliver driver and firmware updates to customers. The attackers were able to inject Trojan code into the Asus Live Update tool and were able to deploy malware to users of Asus computers. The updates appeared to be authentic to end users, as they were signed with legitimate Asus digital certificates. Symantec found that at least 13,000 computers received the malicious Trojanized updates from the Asus. 20 percent of infections affected organizations and 80 percent affected consumers. The potential impact of the Asus update tool is large, a pool of 600 MAC addresses were specifically targeted by Operation ShadowHammer.

    eWeek reports: "Asus Confirms Attack Against Update Tool That Exposed Users to Risk"

  • news

    Visible to the public "Mega European Project on Cybersecurity and Data Protection"

    The objective of the European Commission's project, CyberSec4Europe, is to establish international standards pertaining to cybersecurity as well as strengthen Europe's security capabilities. CyberSec4Europe is one of four pilot projects of Horizon 2020, which is the largest European Research and Innovation program. Structures, including Trust in Digital Life (TDL), the European Cyber Security Organization (ECSO) and the Council of European Informatics Societies (CEPIS), will be expanded by CyberSec4Europe. The project will gather experts from different disciplines to collaborate. This article continues to discuss the goals and significance of CyberSec4Europe, the support behind CyberSec4Europe, and what concerns are to be addressed by this project.

    Homeland Security News Wire reports "Mega European Project on Cybersecurity and Data Protection"

  • news

    Visible to the public "Family tracking app spilled pics, names and real-time location data"

    The Family Locator app has an insecure MongoDB database, hosted in a cloud, stored real-time, unencrypted location data about all registered members. The Family Locator app had a FollowMe feature which allowed individuals to get up-to-date status on all family members. The app was able to track the real-time location of anyone registered on it. Because of the insecure MongoDB database, anyone who searched for the database via a search engine could see not only the user's of the apps real-time location, but also their profile photo, name, email address, and password. Attackers could also see the name of the places that were georeferenced according to their account. Microsoft was notified and has taken the sensitive information offline.

    Nakedsecurity reports: "Family tracking app spilled pics, names and real-time location data"

  • news

    Visible to the public SoS Musings #24 - Credential Stuffing Attacks

    SoS Musings #24

    Credential Stuffing Attacks

  • news

    Visible to the public Cyber Scene #31 - We're Number One!

    Cyber Scene #31

    We're Number One!

  • news

    Visible to the public "Security Researchers Hack and Take Home Tesla Model 3"

    Tesla rewarded a team of security researchers with a Tesla Model 3 in addition to a cash prize for their discovery and exploitation of a security vulnerability in the vehicle's system at the 2019 Pwn2Own hacking competition. Through the exploitation of a JIT bug in the Tesla vehicle's internet browser, researchers were able to display a message via its entertainment system. This article continues to discuss the exposure of a vulnerability contained by a Tesla vehicle at Pwn2Own and Tesla's response to this discovery.

    E&T Magazine reports "Security Researchers Hack and Take Home Tesla Model 3"

  • news

    Visible to the public "Firefox and Edge Fall to Hackers on Day Two of Pwn2Own"

    White hat hackers were able to take down web browsers, Mozilla Firefox and Microsoft Edge, at the Pwn2Own 2019 hacking competition. It was discovered that code could be launched at the system level of a PC through the exploitation of a JIT bug contained by Firefox. This article continues to discuss the takedown of Mozilla Firefox and Microsoft Edge by white hat hackers at Pwn2Own.

    Threatpost reports "Firefox and Edge Fall to Hackers on Day Two of Pwn2Own"

  • news

    Visible to the public "Researchers Take Aim at Hackers Trying to Attack High-Value AI Models"

    Researchers at Penn State University are working to develop technical counter-measures against attacks targeting high-value machine learning (ML) models such as those used by soldiers in the guiding of military weapon systems, economists in the monitoring of markets, and more. These technical counter-measures are expected to help trap hackers in order to measure and observe their activities. From there, actions could then be taken to defend against hacks. This article continues to discuss the vulnerability of ML programs, the targeting of high-value ML models by hackers, and the development of a defense against attacks on such models.

    Penn State University reports "Researchers Take Aim at Hackers Trying to Attack High-Value AI Models"

  • news

    Visible to the public "Incident Of The Week: Facebook Fails To Secure Passwords"

    An investigation against Facebook indicates between 200 million and 600 million users may have had their account passwords stored in plain text. The passwords were able to be seen and searched for by 20,000 employees. The issue with storing passwords in plain text and not encrypted is that it leaves the passwords wide open to cyber attacks or potential employee abuse.

    CyberSecurityHub reports: "Incident Of The Week: Facebook Fails To Secure Passwords"

  • news

    Visible to the public "Ransomware Attack Cripples Production at Aluminum Maker Norsk Hydro"

    Norwegian aluminium company, Norsk Hydro ASA, recently experienced a ransomware attack that resulted in the disruption of operations. The ransomware that Norsk Hydro ASA was hit with is called LockerGoga and it was also used in an attack against Altran Technologies SA, a French engineering firm. This article continues to discuss the ransomware attack on Norsk Hydro ASA and how LockerGoga differs from other forms of ransomware.

    SiliconANGLE reports "Ransomware Attack Cripples Production at Aluminum Maker Norsk Hydro"

  • news

    Visible to the public "Cyber Toolkit for Criminal Investigations"

    Cybersecurity experts at Purdue University have developed a cyber toolkit that can help criminal investigators solve cybercrimes. The toolkit, called FileStar, unifies the top open source investigative tools used by digital forensic law enforcement teams to capture data flows, selectively reconstruct data types, and more. This article continues to discuss the rise in cybercrimes and the capabilities of FileStar.

    Homeland Security News Wire reports "Cyber Toolkit for Criminal Investigations"

  • news

    Visible to the public "First Reputation-Based Blockchain Guarantees Security Against 51 Percent Attacks"

    A team of researchers has developed a blockchain system that is resilient against attackers who can control most of the system's computing power. The secure blockchain system, called RepuCoin, applies the concept of reputation to defend against attackers. This article continues to discuss the weakness of blockchain-based systems and how RepuCoin addresses this weakness.

    EurekAlert! reports "First Reputation-Based Blockchain Guarantees Security Against 51 Percent Attacks"

  • news

    Visible to the public "Scanning for Active IPv6 Hosts with UPnP"

    A technique for identifying IPv6 hosts has been developed by researchers from Cisco Talos. The technique involves the use of the Universal Plug and Play (UPnP) protocol. It essential that tools have the capability to scan for IPv6 hosts as the adoption of IPv6 increases. Enterprise defenders need to be aware of which IPv6 hosts, connected to their networks, are directly accessible from the Internet. This article continues to discuss why it is important for mapping tools to be capable of finding IPv6 hosts and the technique developed by researchers to find these hosts.

    Decipher reports "Scanning for Active IPv6 Hosts with UPnP"

  • news

    Visible to the public "Hackers Bypass MFA on Cloud Accounts via IMAP Protocol"

    Proofpoint researchers conducted a study in which they discovered that a significant portion of Microsoft Office 365 and G Suite accounts have been hit with IMAP-based password-spraying attacks. Attackers perform password-spraying by combining multiple usernames with a single password. The exposure of commonly used usernames and passwords by recent credential dumps has increased the success of such attacks. This article continues to discuss findings of the study in relation to the performance, sources, and targets of IMAP-based password-spraying attacks.

    Security Week reports "Hackers Bypass MFA on Cloud Accounts via IMAP Protocol"

  • news

    Visible to the public "Average DDoS attack sizes decrease 85% due to FBI’s shutdown of DDoS-for-hire websites"

    The FBI shutdown 15 of the largest distributed denial-of-service (DDoS) for hire vendors (booters). Since the 15 vendors have been shut down, it has reduced the overall number of attacks worldwide by nearly 11 percent compared to the same period last year. The Average size decreased by 85 percent as did the maximum attack size by 24 percent, showing that the crackdown that the FBI has done has helped in reducing the global impact of DDoS attacks.

    HELPNETSECURITY reports: "Average DDoS attack sizes decrease 85% due to FBI's shutdown of DDoS-for-hire websites"

  • news

    Visible to the public "New Mirai Variant Targets Business Presentation and Display Devices"

    Researchers at Palo Alto Networks have discovered a new variant of the Mirai botnet, which targets WePresent WiPG-1000 Wireless Presentation systems and LG Supersign TVs. These technologies are mostly used by enterprises, indicating the increased targeting of businesses by Mirai. This article continues to discuss the new Mirai variant, other new versions of Mirai, the strengthening of password management, and the creation of incident response teams to improve the security of IoT devices.

    Security Intelligence reports "New Mirai Variant Targets Business Presentation and Display Devices"