News Items

  • news

    Visible to the public Open for Nominations - Submission Period Extended!

    The 8th Annual Best Scientific Cybersecurity Paper Competition is now open for nominations. This year's nominating period runs through midnight on March 31, April 15, 2020. We look forward to receiving your nominations.

  • news

    Visible to the public NIST Releases Draft Security Feature Recommendations for IoT Devices

    NIST Releases Draft Security Feature Recommendations for IoT Devices

    "Core Baseline" guide offers practical advice for using everyday items that link to computer networks.

    August 01, 2019

  • news

    Visible to the public Game-theoretic Paper Wins Annual Paper Competition

    The winner of the 6th Annual Best Scientific Cybersecurity Paper Competition is How Shall We Play a Game? A Game-theoretical Model for Cyber-warfare Games by Tiffany Bao, Yan Shoshitaishvili, Ruoyu Wang, Christopher Kruegel, Giovanni Vigna, and David Brumley. These researchers are from Carnegie Mellon University and University of California, Santa Barbara. This paper was originally accepted at 30th IEEE Computer Security Foundations Symposium (CSF '17).

    To learn more visit the competition homepage: https://cps-vo.org/group/sos/papercompetition/pastcompetitions

  • news

    Visible to the public NSA SoS Lablet Call for Proposals is Open

    The National Security Agency has distributed its BAA (really a request for proposals) for its next generation of SoS Lablets. These lablets include lablets on the 5 Hard Problem areas in Science of Security, on the Science of Privacy and dealing with Cyber Physical Systems. Proposals are due August 21. While the SoS team is not the point of contact for the contracting process, we can aid in directing: https://cps-vo.org/group/SoS/contact

  • news

    Visible to the public "New, Rapidly Evolving IoT Botnet Dark Nexus Targets Wide Variety of Devices"

    Security researchers at Bitdefender, have been following a bot called Dark Nexus since December. It is currently at version 4. In the three months that it was researched, the researchers observed over 30 iterations to the bot. The developer of the bot made improvements to add features such as customizable DDoS attack techniques, improved scanning and infection routines, and a persistence mechanism. The bot client is cross-compiled for 12-CPU architectures, which means Dark Nexus can infect a wide variety of devices such as digital video recorders, routers, and surveillance cameras. The botnet is currently small and only consists of around 1,400 devices spread around the world. Because of the rapid pace in the development of this botnet, and since the creator of this botnet has a lot of experience, this botnet could be a severe threat in the future.

    CSO reports: "New, Rapidly Evolving IoT Botnet Dark Nexus Targets Wide Variety of Devices"

  • news

    Visible to the public "Microsoft: How One Emotet Infection Took out This Organization's Entire Network"

    An entire business network was taken down by the infamous Emotet banking Trojan. Microsoft released details of the incident, which revealed that the attack was launched when an employee opened a phishing email containing the Emotet Trojan. It was reported that the Emotet infection caused the targeted company's computers and critical systems to shut down. The malware also used compromised computers to execute a distributed denial-of-service (DDoS) attack and flood the company's network with traffic. This incident highlights why it is important for organizations to filter internal emails and enable multi-factor authentication. This article continues to discuss the shutdown of a business network by an Emotet attack, what Microsoft's DART team did to respond to the incident, and the importance of internal email filters and multi-factor authentication.

    ZDNet reports "Microsoft: How One Emotet Infection Took out This Organization's Entire Network"

  • news

    Visible to the public "More Attackers Have Begun Using Zero-Day Exploits"

    Research conducted by FireEye revealed that cyberattackers exploited more zero-day vulnerabilities in 2019 than in previous years. While sophisticated advanced persistent threat groups made up a large portion of zero-day attacks, other groups were discovered exploiting zero-day vulnerabilities. According to FireEye researchers, there has been a significant increase in zero-day exploit activity by international governments, law enforcement agencies, and those that purchase offensive cyber weapons. Vendors of offensive cyber threat tools such as the Hacking Team of Italy, NSO Group, and Gamma International, have played a major part in the increased diversity of threat actors using zero-days. This article continues to discuss the increased use of zero-day exploits, the wider range of threat actors using these exploits, examples of zero-day attacks, and what enterprises must do in response to the growing access to zero-days.

    Dark Reading reports "More Attackers Have Begun Using Zero-Day Exploits"

  • news

    Visible to the public "WhatsApp Introduces New Limit on Message Forwards to Fight Spread of Misinformation"

    WhatsApp has been used by many adversaries to spread misinformation. WhatsApp imposed a rule last year that limited the users from forwarding a message to more than five users at once. This rule reduced the volume of message forwards globally by 25 percent. WhatsApp is putting more rules into place to help fight the misinformation spread. If a message has been forwarded five or more times, the new rule will prevent a user from forwarding it to more than one chat/contact at a time. Facebook, who owns WhatsApp, hopes this new rule will help lessen the amount of misinformation that is spread to the 2 billion users that use WhatsApp.

    Techcrunch reports: "WhatsApp Introduces New Limit on Message Forwards to Fight Spread of Misinformation"

  • news

    Visible to the public "Zoom: Every Security Issue Uncovered in the Video Chat App"

    Social distancing orders to help fight the COVID-19 outbreak has forced millions of people to work from home, causing a significant surge in the use of the video-conferencing platform Zoom. The increased use of this platform has drawn further attention to Zoom's privacy risks and security practices. CNET has provided a timeline that highlights the privacy and security issues surrounding the Zoom platform. An investigation conducted by Motherboard revealed that Zoom's iOS app was sending user data to Facebook. Users have reported incidents of Zoombomings in which hackers hijack meetings and display inappropriate content. Security researchers discovered flaws in Zoom that could be exploited by hackers to take over a user's microphone or webcam, allow users' email addresses to be leaked to strangers, and more. It was also discovered that cybercriminals are sharing links to a collection of compromised Zoom accounts, containing email addresses, passwords, meeting IDs, names, and other personal information. This article continues to discuss the increased use of Zoom, the platform's privacy and security problems that have recently emerged, and actions that have been taken to address these problems.

    CNET reports "Zoom: Every Security Issue Uncovered in the Video Chat App"

  • news

    Visible to the public "Threat Group Lures Victims with Teddy Bears"

    The financially-motivated hacking group, FIN7, also known as the Navigator Group and the Carbanak Group, is performing a new physical phishing campaign involving the use of gift cards, teddy bears, and the U.S. Postal Service. Following the discovery of the cybercriminal group's new scam, the FBI issued an alert to businesses. According to the FBI, FIN7 is mailing teddy bears with gift cards, malicious USB drives, and letters under the guise of Best Buy to those working in human resources, information technology, or executive management for target companies. This article continues to discuss FIN7's physical phishing scam in regard to its targets and the tools used in its performance, as well as other similar attacks and the history of the FIN7 group.

    Infosecurity Magazine reports "Threat Group Lures Victims with Teddy Bears"

  • news

    Visible to the public "Small Business Owners Applying For COVID-19 Relief May Have Had PII Exposed, Agency Says"

    Individuals who filled out the application to receive an Economic Injury Disaster Loan may have had personal identifiable information exposed to other applicants on the loan application website. Once this was discovered, the impacted portion of the website was immediately disabled. The issue has been since fixed, and the application portal is back up and running. It is not clear the cause of the data exposure, and how long it occurred.

    Cyberscoop reports: "Small Business Owners Applying For COVID-19 Relief May Have Had PII Exposed, Agency Says"

  • news

    Visible to the public "COVID-19 Contact Tracing Apps: 8 Privacy Questions Governments Should Ask"

    Governments, research institutions, and industry are developing contact tracing apps in efforts to slow down the spread of coronavirus. A contract tracing app records when its users have shared the same space. If one of the users is then diagnosed with COVID-19, other users that were in the area as them would be alerted. Contact tracing apps require the collection of sensitive information, including location data, Bluetooth-enabled proximity information, and whether an individual has tested positive for the coronavirus. Dr. Yves-Alexandre de Montjoye at Imperial College London released a new white people in which he outlines eight questions that governments, citizens, and app developers should consider regarding the privacy of COVID-19 contact tracing apps. These questions touch on the limitation of personal data gathered by app developers, protecting the anonymity of users, the potential exploitation of the app by external parties to expose the infected users' identities, and more. This article continues to discuss the concept of contact tracing apps, the collection of sensitive information by such apps, the questions created to help evaluate the privacy of these apps, as well as the importance of keeping confidentiality in mind as contact tracing apps are developed and adopted around the world.

    Imperial College London reports "COVID-19 Contact Tracing Apps: 8 Privacy Questions Governments Should Ask"

  • news

    Visible to the public "Safari Bug Let Hackers Access Cameras on iPhones and Macs"

    A security researcher has released details about their discovery of security flaws in the Safari browser. According to the researcher, these flaws could have been exploited by hackers to take control of the camera and microphone on iOS and macOS devices, allowing them to eavesdrop on users. Hackers could create malicious sites that appear to be trusted websites such as Skype, Zoom, and other video-conferencing websites. When these fraudulent websites are viewed on iPhones, iPads, and Mac devices via Apple's Safari browser, they can let hackers invade users' privacy as Apple allows security settings to be permanently saved by users per website. A user is most likely going to grant permission for a website to access their camera if the site is presented as a trusted video-conferencing website. Apple released patches for the vulnerabilities in January and March. These types of security flaws pose a significant threat to the security and confidentiality of the businesses, especially during the COVID-19 outbreak, when more people are working remotely. Hackers can abuse these flaws to eavesdrop on meetings and steal sensitive information. This article continues to discuss the security flaws discovered in the Safari browser, what attacks can be executed through the abuse of these flaws, and what organizations and individuals should do to avoid such attacks.

    ITPro reports "Safari Bug Let Hackers Access Cameras on iPhones and Macs"

  • news

    Visible to the public "Saving the IoT From Botnets"

    Researchers at the Department of Information Engineering at the University of L'Aquila, Italy, have shared their research on IoT (Internet of Things) insecurity with a focus on the execution of botnet attacks on these devices. A botnet is a network of computers or other devices compromised by malicious actors to control and execute attacks, such as distributed denial-of-service (DDoS) attacks. The research team looked at how botnet DDoS attacks can be detected and stopped, using deep learning techniques. This article continues to discuss botnets, DDoS attacks, the recruitment of IoT devices by botnets, and the researchers' deep learning method aimed at detecting botnet attacks.

    TechXplore reports "Saving the IoT From Botnets"

  • news

    Visible to the public Wiper Malware Called “Coronavirus” Spreads Among Windows Victims"

    Researchers have discovered a new Windows wiper malware, which has been called Coronavirus. The malware can be delivered through malicious email attachments, file downloads, and fake applications. This malware is also a destructive trojan. The malware overwrites the computer's Master Boot Record (MBR). Users that are affected by the Coronavirus trojan will find a gray screen and a blinking cursor with a message that reads, "Your computer has been trashed."


    Threatpost reports: "Wiper Malware Called "Coronavirus" Spreads Among Windows Victims"

  • news

    Visible to the public "Ransomware Strikes Biotech Firm Researching Possible COVID-19 Treatments"

    10x Genomics Inc., a California-based biotechnology company, recently revealed in a financial disclosure form filed to the U.S. Securities and Exchange Commission that it was targeted by an attempted ransomware attack that also resulted in the theft of data. The company is a part of the global effort to learn more about the coronavirus to develop possible treatments for the disease. According to the security firm, Under the Breach, attackers had used ransomware known as REvil/Sodinokibi to steal one terabyte from 10x Genomics, consisting of company usernames, internal password policies, domain information, and an employee database. The hackers posted a sample file containing this information to prove their legitimacy. This article continues to discuss the attempted ransomware attack on 10x Genomics, the type of data compromised in the attack, past ransomware attacks on healthcare organizations, and how cybersecurity practitioners are helping the healthcare sector during the COVID-19 crisis.

    Cyber Scoop reports "Ransomware Strikes Biotech Firm Researching Possible COVID-19 Treatments"

  • news

    Visible to the public "Hackers Are Taking Over Twitter Accounts to Advertise Face Masks"

    Many Twitter accounts were recently hacked to advertise a website, called "Masks 2 U", claiming to sell face masks, toilet paper, respirators, and thermometers, further highlighting the different ways in which hackers and scammers are leveraging the COVID-19 crisis. In addition to posting tweets advertising the sketchy website through the compromised accounts, direct messages containing a link to the site were sent to victims' followers. Further investigation revealed similar sites hosted on the same IP address as the Masks 2 U website, some of which were created a few days earlier. This article continues to discuss the compromise of Twitter accounts by hackers to advertise a suspicious website, findings surrounding the creation of the site, and Twitter's response to this incident.

    Motherboard reports "Hackers Are Taking Over Twitter Accounts to Advertise Face Masks"

  • news

    Visible to the public "Online Credit Card Skimmers Are Thriving During the Pandemic"

    The coronavirus outbreak has caused a surge in online shopping, and digital skimmers will take advantage of it. According to researchers at RiskIQ, web-based card-skimming attacks increased by 20% in March. Web skimming refers to the injection of malicious code into online merchant sites to steal payment card data. The performance of these attacks involves the injection of malicious scripts into checkout pages where users enter their payment card information. Researchers have highlighted that e-commerce crime often escalates during times when people are forced or enticed to do more online shopping. Before the COVID-19 crisis, researchers observed a spike in cybercrime during the holiday season, particularly around Black Friday. This article continues to discuss the increased performance of web-skimming attacks during the coronavirus pandemic and what organizations and consumers can do to avoid such attacks.

    Wired reports "Online Credit Card Skimmers Are Thriving During the Pandemic"

  • news

    Visible to the public "Zoom Phishers Register 2000 Domains in a Month"

    Researchers from BrandShield have found 2000 new phishing domains that have been set up over the past month, because of the surging demand for Zoom so that employees can work from home. Since the beginning of the year, 3300 new domains have been registered with the word "Zoom" in them. 67 percent of these domains were created in March, as the COVID-19 pandemic was causing lockdowns in Europe and the United States. 30 percent of the new "Zoom" websites have activated an email server, which the researchers believe proves that these domains are being used to facilitate phishing attacks.

    Info Security reports: "Zoom Phishers Register 2000 Domains in a Month"

  • news

    Visible to the public "FBI Warns of Ongoing Kwampirs Attacks Targeting Global Industries"

    The FBI warns of a malware campaign targeting healthcare organizations and other organizations across industries, including engineering, energy, and finance. A Remote Access Trojan (RAT) known as Kwampirs has been used in attacks against major transnational healthcare companies and local hospital organizations. Kwampirs is said to have been active since 2016. Research has found that the Kwampirs RAT is similar to that of the data destruction malware, Shamoon, in regard to code. However, it does not contain destructive elements or a wiper. According to the FBI's alert, the perpetrators behind these attacks infected software supply chain vendors and hardware products to gain access to global hospitals. Affected organizations have been advised to work with their cybersecurity vendor and coordinate efforts with the FBI to mitigate Kwampirs attacks. This article continues to discuss the history of the Kwampirs RAT, attacks against healthcare entities using this malware, the phases of a Kwampirs attack, the targeting of companies in other industries, and what the FBI has advised infected organizations to do.

    Security Week reports "FBI Warns of Ongoing Kwampirs Attacks Targeting Global Industries"

  • news

    Visible to the public "Researchers Develop Faster Way to Replace Bad Data With Accurate Information"

    Researchers from North Carolina State University and the Army Research Office developed a new model to show how old or inaccurate information is disseminated in online social networks and the Internet of Things (IoT). The circulation of competing information, e.g., malware v.s. security patches, can lead to problems in threat intelligence sharing and security research. Through the use of the Susceptible-Infectious-Cured (SIC) propagation model proposed by researchers, the speed at which undesired information dies is quantified. Researchers' analysis revealed that a network's size affects how quickly accurate information can displace false information. Findings from this study can help determine which parts of a network should be used to inject and quickly spread new data. This article continues to discuss the research and its findings pertaining to the dissemination of data in a network, and the model developed to help replace bad data with accurate information.

    NC State University reports "Researchers Develop Faster Way to Replace Bad Data With Accurate Information"

  • news

    Visible to the public "The SOC Emergency Room Faces Malware Pandemic"

    Security professionals can learn from countries that have responded rapidly and firmly to the spread of COVID-19 to develop new ways to protect their organizations from hacking. As the coronavirus pandemic continues, security operation center (SOC) and information technology (IT) teams are getting overwhelmed like the doctors and nurses in severely affected areas due to understaffing. Now that there is a higher volume of remote workers because of the outbreak, it has become harder for organizations to identify unusual remote logins and devices on their networks. In addition, many employees lack cybersecurity awareness, thus putting themselves and their organizations at a higher risk of falling victim to attacks, such as spear phishing and credential theft. Security teams are encouraged to adopt a similar approach to that of countries that have successfully taken on COVID-19, which includes implementing strategies to prevent problems before they get worse, conducting centralized security monitoring over distributed environments, focussing on sensitive assets, isolating infecting hosts early, and more. This article continues to discuss what security professionals can learn from the healthcare industry's response to the pandemic, security challenges presented by the increase in remote workers, the steps that security teams should take to protect their organizations, and the use of Artificial Intelligence (AI) to assist in security monitoring.

    Dark Reading reports "The SOC Emergency Room Faces Malware Pandemic"

  • news

    Visible to the public "Millions of Guests Impacted in Marriott Data Breach, Again"

    Marriott hotels, for the second time in two years, has suffered a significant data breach. This current breach affects approximately 5.2 million of their guests. The attack was carried out by adversaries through a third-party software that Marriott's hotel properties use to provide guest services. The adversaries were able to obtain the login credentials for this third-party software, used by two employees at a franchise property. Once the adversaries gained the login credentials, they were able to access a lot of information about guests. The stolen data includes full contact details of guests (names, mailing addresses, email addresses, and phone numbers), and other personal data like company, gender, and birthdays. The adversaries were also able to obtain guests' account numbers and point balance of the Marriott's loyalty program (not password or PINs), linked airline loyalty programs and numbers, guest preferences such as stay/room preferences, and language preferences. No payment card information, passport information, national IDs, or driver's license numbers were obtained during the breach. The breach began in mid-January and continued for about a month and a half. Once it was discovered, Marriott disabled the compromised logins and started the investigation.

    Threatpost reports: "Millions of Guests Impacted in Marriott Data Breach, Again"

  • news

    Visible to the public "21% of SMBs Do Not Have a Data Backup or Disaster Recovery Solution in Place"

    A survey conducted by Infrascale to which more than 500 C-level executives responded, reveals that 21% of small and medium-sized businesses (SMBs) do not have solutions in place to protect the data they store and handle. Cyberattacks remain a significant data protection concern among SMB leaders, with nearly half of the survey respondents highlighting hacking as a threat to their data. Micro disasters, including hard drive data corruption and malware infection, follow behind hacking as a common concern. SMBs need to have data protection solutions in place as they rely on data and the continuous functioning of operations for survival, especially during crises such as the coronavirus pandemic during which cybercriminals exploit fear to launch more cyberattacks. This article continues to discuss the results from the survey regarding different interpretations of data protection, the variation of opinions about data protection by industry, common data protection concerns among SMB leaders, and the importance of having solutions in place to secure SMB data.

    Help Net Security reports "21% of SMBs Do Not Have a Data Backup or Disaster Recovery Solution in Place"

  • news

    Visible to the public "Preventing Quantum Cyberattacks"

    Cryptographic security is essential across many realms in which sensitive data is exchanged, including defense, healthcare, social networking, and banking, as cyberattacks continue to grow in frequency and sophistication. Scientists working with the European Union's Future and Emerging Technologies Flagship on Quantum Technologies (QT) have developed a new technology that uses quantum encryption protocols to support secure data transmissions via the internet. The QT Flagship is behind a number of projects aimed at improving data security, including the Continuous Variable Quantum Communications (CiViQ) project, where the scientists use Quantum Key Distribution (QKD). QKD is a secure communication method in which encryption keys are created through the detection of individual light particles known as photons. Studies have proven QKD to be a secure method in that its encryption cannot be intercepted or manipulated. CiViQ's QKD technology is expected to be widely used and integrated with modern telecommunication networks. Other projects supported by the QT Flagship focus on the development of quantum random number generators and miniaturization of QKD. This article continues to discuss the CiViQ project, the concept of QKD, the new QKD technology developed through this project, and other projects supported by the QT Flagship to bolster data security.

    Homeland Security News Wire reports "Preventing Quantum Cyberattacks"

  • news

    Visible to the public "Backdoor Secrets Leave Mobile Apps Vulnerable to Hacking"

    Cybersecurity researchers at Ohio State University found that a significant number of mobile apps have hidden behaviors that leave them vulnerable to hacking. The research team assessed 150,000 apps, 100,000 of which are the top apps downloaded from the Google Play Store. The other apps evaluated in this study come from an alternative market or are pre-installed apps on Android smartphones. Researchers discovered that 12,706 of the apps contain backdoor secrets or hidden behaviors. Attackers can reverse engineer these mobile apps to discover their backdoor secrets, which could allow them to steal private data. More than 4,000 mobile apps were also found to be capable of blocking content based on specific keywords without the users' knowledge. This article continues to discuss the performance and important findings of the study regarding some mobile apps' hidden behaviors, where these behaviors derive from, and the exploitation of backdoor secrets contained by apps, as well as the InputScope tool developed by researchers to help developers understand the vulnerabilities in their apps.

    Ohio State University reports "Backdoor Secrets Leave Mobile Apps Vulnerable to Hacking"

  • news

    Visible to the public "Facebook, YouTube Warn Of More Mistakes As Machines Replace Moderators"

    Facebook, YouTube, and Twitter have sent most of their tech workers to work from home, as the coronavirus spreads. Since most workers are working from home, this means that social media companies are relying more heavily on automated systems to flag content that violates their rules. Tech companies have been saying for years that they want computers to take on more of the work of keeping misinformation, violence, and other objectionable content off their platforms. However, social media automated systems were not ready for the challenge of being relied on as much as they are at the moment. Human reviewers are still needed to look for posts that violate social media companies' rules because their automated systems are not as accurate. This abrupt shift in using mostly just automated systems to go through posts has made it so that the automated systems are making mistakes. Some posts or videos that should be taken down are staying up, and others that should stay up are being incorrectly removed. The World Health Organization is calling the situation an infodemic, where too much true and false information is being shared, which makes it hard for users of social media platforms to find trustworthy information.

    NPR reports: "Facebook, YouTube Warn Of More Mistakes As Machines Replace Moderators"

  • news

    Visible to the public SoS Musings #35 - Better Secure Those Satellites

    SoS Musings #35 -
    Better Secure Those Satellites

  • news

    Visible to the public Cyber Scene #42 - Cyber Surge

    Cyber Scene #42 -
    Cyber Surge

  • news

    Visible to the public Spotlight on Lablet Research #4 - Characterizing User Behavior and Anticipating its Effects on Computer Security with a Security Behavior Observatory

    Spotlight on Lablet Research #4

    Project: Characterizing User Behavior and Anticipating its Effects on Computer Security with a Security Behavior Observatory

  • news

    Visible to the public Cybersecurity Snapshots #4 - Cybercriminals Are Capitalizing on Coronavirus Panic

    Cybersecurity Snapshots #4

    Cybercriminals Are Capitalizing on Coronavirus Panic

  • news

    Visible to the public "Apple’s iOS 13.4 Hit By VPN Bypass Vulnerability"

    Researchers from ProtonVPN have found that apple's new update iOS 13.4 that was released last week, has a bug that puts at risk the privacy of Virtual Private Network (VPN) connections. The flaw is a bypass flaw that is caused by iOS not closing existing connections as it establishes a VPN tunnel. Apple was informed about the flaw and is working on creating a patch for the flaw. Researchers at ProtonVPN have found a workaround to this flaw that users can use before the patch comes out. To get around the flaw, users need to turn airplane mode on and off to reset all connections. Turning on the airplane mode will kill all internet connections and temporarily disconnect the VPN. Then once the airplane mode is turned off, the VPN will reconnect, and other connections should also connect inside the VPN tunnel. The researchers have stated that this is not guaranteed to work 100 percent of the time.

    Naked Security reports: "Apple's iOS 13.4 Hit By VPN Bypass Vulnerability"

  • news

    Visible to the public "Hackers Target Mobile Users in Italy and Spain, Taking Advantage of Coronavirus Hot Spots"

    Coronavirus-themed cyberattacks increase as the pandemic continues, showing that cybercriminals will exploit any crisis for their own advantage. Security researchers at ESET have now discovered attempts made by hackers to deliver malware via fake mobile apps to steal data or compromise mobile phones. The primary targets of these attacks are residents in Italy and Spain, two countries with the highest coronavirus death tolls. This article continues to discuss recent mobile attacks on Italian and Spanish residents, as well as other ways in which hackers are exploiting the COVID-19 pandemic.

    CyberScoop reports "Hackers Target Mobile Users in Italy and Spain, Taking Advantage of Coronavirus Hot Spots"

  • news

    Visible to the public "Three-Quarters of Large Firms Suffered Security Breach Last Year"

    According to the 2019 Cyber Security Breaches Survey to which UK firms responded, there has an increase in the number of cybersecurity incidents reported by businesses. However, the report claims that companies are getting better at dealing with such events. Based on the survey, organizations are getting hit with more phishing attacks while experiencing fewer malware attacks. This article continues to discuss key findings from the 2019 Cyber Security Breaches Survey conducted by the UK government about the overall increase in incident reports by businesses, the frequency of incidents, common threats, and improvements in incident response.

    "Three-Quarters of Large Firms Suffered Security Breach Last Year"

  • news

    Visible to the public "Researchers Use AI And Create Early Warning System to Identify Disinformation Online"

    Researchers at the University of Notre Dame are using artificial intelligence to develop an early warning system that will be able to identify deepfake videos, manipulated images, and disinformation online. The researchers are taking on this project to help combat the rise of coordinated social media campaigns to sew discord, incite violence, and threaten the integrity of democratic elections. The automated system uses content-based image retrieval and applies computer vision-based techniques to root out political memes from multiple social networks. The researchers collected more than 2 million images and content from various sources on Twitter and Instagram to test the system they were creating.

    Help Net Security reports: "Researchers Use AI And Create Early Warning System to Identify Disinformation Online"

  • news

    Visible to the public "Strengthening Cybersecurity in Sports Stadiums"

    During the February 2018 school shooting in Parkland, Florida, an alarm was pulled, which caused students to move into the hallways towards danger. Nate Evans is the cybersecurity program lead at the U.S. Department of Energy's (DOE) Argonne National Laboratory who helps minimize the cybersecurity risks faced by sports stadiums and concert arenas. Evans has expressed concern about the use of cyberattacks to cause physical damage or put people in more danger, similar to that of pulling a fire alarm during a shooting. Systems used in stadiums, such as those that support fire alarms and ventilation, are digitally connected, making them more vulnerable to cyberthreats. Therefore, Evans and his colleagues created an online survey to be used as an assessment tool for team and stadium owners. The survey will help stadium owners address cyber vulnerabilities and obtain credentials for the Department of Homeland Security's SAFETY Act program. This article continues to discuss the shift in cyberattacks to cause physical damage, the assessment tool aimed at helping stadium owners fix vulnerabilities, the SAFETY Act program, and the steps that should be taken by teams and stadium owners to combat cyber threats.

    Homeland Security News Wire reports "Strengthening Cybersecurity in Sports Stadiums"

  • news

    Visible to the public "4G Networks Vulnerable to Denial of Service Attacks, Subscriber Tracking"

    Researchers at Positive Technologies published a report focussed on the Diameter protocol used to exchange authentication, authorization, and accounting (AAA) information in LTE networks. The report highlights findings from the analysis of 28 telecommunication operators' networks in Europe, Asia, Africa, and South America between 2018 and 2019. It was discovered that every 4G network is vulnerable to denial-of-service (DoS) attacks due to the architectural flaws contained by the Diameter protocol. According to researchers, attackers can modify sources and execute these DoS attacks because many networks do not authenticate a subscriber's location using GSMA signaling or check the origin network from which a subscriber receives signaling messages. Other forms of attacks, involving the circumvention of restrictions implemented by operators, SMS interception, and more, were also proven successful against 4G networks. The researchers pointed out that security weaknesses will continue in the 5G era as 5G networks are built based on the existing architecture and Diameter protocol. This article continues to discuss the vulnerability of 4G networks to DoS attacks, subscriber location tracking, and information theft.

    ZDNet reports "4G Networks Vulnerable to Denial of Service Attacks, Subscriber Tracking"

  • news

    Visible to the public "Hackers Hijack Routers to Spread Malware Via Coronavirus Apps"

    Cybercriminals are starting to get more creative in how they are leveraging the coronavirus pandemic. Researchers at Bitdefender have found that cybercriminals are hijacking routers and changing Domain Name System (DNS) settings so that the victim is redirected to the attacker's controlled website. On the attacker's controlled website, the attackers promote fake coronavirus information applications. The site also displays a message pretending to be from the World Health Organization (WHO) and tells the users to install an app offering further coronavirus information via a download button. If an individual download one of these applications, the individual is then infected with information-stealing Oski malware. These hacks began on March 18th, and at least 1,193 victims have been affected by this cyberattack. Victims are from the United States, Germany, and France. The adversaries target routers by brute forcing remote management credentials. The adversaries are targeting Linksys routers, and also D-Link routers.

    Threatpost reports: "Hackers Hijack Routers to Spread Malware Via Coronavirus Apps"

  • news

    Visible to the public "Hackers Launch Phishing Attack on World Health Organization"

    The World Health Organization (WHO) was targeted in a sophisticated phishing attack suspected to have been launched by a threat group from Southeast Asia known as DarkHotel. The hacking attempt occurred as the agency battles to contain the COVID-19 pandemic. The attempted phishing attack was first discovered by Alexander Urbelis, a cybersecurity expert and attorney with the New York-based Blackstone Law Group, that monitors questionable internet domain registration activity. WHO published a notification warning of malicious sites that mimick their internal email system as well as other ways in which hackers can perform scams. This article continues to discuss the suspected threat group behind the attempted phishing attack on WHO and the vulnerability of connected medical devices to cyberthreats.

    CISOMAG reports "Hackers Launch Phishing Attack on World Health Organization"

  • news

    Visible to the public "Mobile Malware Bypasses Banks' 2-Factor Authentication"

    IBM X-Force researchers have released details about a variant of the TrickBot Trojan, dubbed "TrickMo," which was first discovered by the federal computer emergency response team of German (CERT-Bund) in September 2019. The malware has mainly targeted banking customers in Germany but is likely to be distributed in other countries. TrickMo is delivered via a fake security app and is designed only to be downloaded to an Android mobile device. Once the malware is installed, attackers can steal device information, lock the device, record targeted applications for one-time passwords, and more. Information collected through the execution of TrickMo can allow attackers to generate an infected Android phone's digital fingerprint. Attackers can sell this device fingerprint on the dark web or authorize fraudulent bank transactions. This article continues to discuss the discovery, distribution, and capabilities of TrickMo, as well as the TrickBot Trojan's evolution into a cybercrime-as-a-service model.

    BankInfoSecurity reports "Mobile Malware Bypasses Banks' 2-Factor Authentication"

  • news

    Visible to the public NCSU Lablet PI Wins 2020 ACM/SIGAI Autonomous Agents Research Award

    Professor Munindar Singh was recognized with the 2020 ACM/SIGAI Autonomous Agents Research Award. This award acknowledges the contributions of outstanding researchers in the field of autonomous agents, and is granted each year to one individual whose work is influencing and setting the direction for the field.

    For more information about the award: http://sigai.acm.org/awards/autonomous_agents_award.html NCSU News Story: https://www.csc.ncsu.edu/news/2313

  • news

    Visible to the public "China Borrowing Russian Tactics to Spread Coronavirus Disinformation"

    China's state-backed information operations are starting to follow Russia's playbook for spreading disinformation. The Chinese state-backed information operations usually run disinformation operations aimed at controlling a narrative. However, now they are mirroring Russian state-backed information operations behavior of spreading disinformation. Russia usually spreads disinformation to cause chaos and confusion. The disinformation China is spreading is where the coronavirus first originated. On Sunday, a state-backed Chinese outlet propagated fake news, that COVID-19 started spreading through Italy first before it was detected in China.

    Cyberscoop reports: "China Borrowing Russian Tactics to Spread Coronavirus Disinformation"

  • news

    Visible to the public "Vulnerability in Windows is Already Being Used in 'Limited Targeted Attacks'"

    Microsoft recently reported a security vulnerability, which has been rated high in severity. The vulnerability affects millions of Windows users as it is found in Windows 10, 8, 7, and other recent versions of the operating system. According to Microsoft's security team, the bug is contained by the Adobe Type Manager Library. The exploitation of this flaw allows the execution of malicious code upon opening or previewing a document infected with malware. The company believes the vulnerability is already being exploited in the launch of limited, targeted attacks. Microsoft has not yet released a patch for the vulnerability. However, they have recommended strategies for mitigating the flaw, such as disabling the WebClient service, disabling preview panes in Windows Explorer, and more. This article continues to discuss where the critical Windows vulnerability derives from, how an attacker could exploit the vulnerability, and the steps recommended by Microsoft to mitigate the flaw.

    Gizmodo reports "Vulnerability in Windows is Already Being Used in 'Limited Targeted Attacks'"

  • news

    Visible to the public "New Mirai Variant Exploits NAS Device Vulnerability"

    A new variant of the infamous Mirai IoT botnet, called Mukashi, is exploiting vulnerabilities contained by Zyxel network-attached storage (NAS) devices to execute distributed denial-of-service (DoS) attacks. The flaw exploited by the Mukashi botnet is said to be a pre-authentication command injection vulnerability. The abuse of this security flaw allowed unauthenticated attackers to launch arbitrary code on a vulnerable device. According to Palo Alto Network's threat intelligence team, known as Unit 42, Zyxel NAS products running firmware versions up to 5.21 are affected by the flaw. Zyxel has released a patch to address the flaw designated as CVE-2020-9054. This article continues to discuss the vulnerability abused by the Mukashi botnet, the building of this new botnet, and the impact of the Mirai botnet.

    GovInfoSecurity reports "New Mirai Variant Exploits NAS Device Vulnerability"

  • news

    Visible to the public "Widely Available ICS Attack Tools Lower the Barrier for Attackers"

    As the number of publicly available ICS-specific intrusion and attack tools increases, the possibility of successful attacks against ICS grows. FireEye researchers have pointed out that specialized skills are often needed to execute attacks against such systems. However, ICS attack tools are often developed by those that are highly knowledgable about ICS, allowing threat actors to use these tools to launch attacks without having much experience. Researchers found that most publicly available ICS-specific cyber operation tools have been developed in the last ten years, are vendor agnostic, and were created to target solutions widely used by the largest ICS original equipment manufacturers. It essential for organizations to be aware of the increasing availability of ICS cyber operation tools so that they can continue to bolster or develop new cybersecurity defense mechanisms. This article continues to discuss the growing availability of ICS attacks tools, what researchers have discovered about publicly available ICS-specific cyber operation tools, and the importance of raising awareness about the proliferation of these tools.

    Help Net Security reports "Widely Available ICS Attack Tools Lower the Barrier for Attackers"

  • news

    Visible to the public "Google's Security Measures Failed to Find Android Malware in Play Store"

    Google has recently introduced many new security measures to prevent malicious apps from appearing on the Play Store. After these measures were put into place, researchers from Check Point found malware lurking within 56 apps that had been downloaded almost one million times worldwide. The malware that the researchers found was called Tekya, which tries to imitate user's actions to click on ads and banners from apps such as AppLovin', AdMob, Facebook, and Unity. The apps that were found to be affected by this malware include cooking apps, calculators, and apps aimed at kids such as puzzles and racing games. The reason why Google was not able to detect the malware in these applications on its Play Store, is because Tekya is hidden in Android's native code. Native code is the code that is designed to run only on Android processors. Since malware was found on applications on the Play Store, it shows that Google's new security measures are not airtight.

    Engadget reports: "Google's Security Measures Failed to Find Android Malware in Play Store"

  • news

    Visible to the public "Pwn2Own Hackers Go Remote, Then Crack macOS and Oracle Machines Anyway"

    Pwn2Own is a hacking contest in which ethical hackers can earn rewards for discovering vulnerabilities in different programs. Global technology firms are now using the competition as a way to recruit bug hunters who can help improve the security of their products. This year's Spring 2020 edition of the hacking contest was held online due to the coronavirus pandemic. However, participants were still able to remotely demonstrate the exploitation of flaws in macOS and Oracle machines. A team, called Fluoroacetate, won $90,000 by showing how Microsoft Windows and Adobe Reader could be cracked using local privilege escalation techniques. Another team from the Georgia Tech Systems Software and Security Lab won $70,000 for accessing root privileges to a macOS machine through the use of its calculator app. This article continues to discuss the purpose of the Pwn2Own hacking contest, the recent winners of the competition, and the flaws that they reported.

    CyberScoop reports "Pwn2Own Hackers Go Remote, Then Crack macOS and Oracle Machines Anyway"

  • news

    Visible to the public CMU is the NSA Featured School of the Quarter

    Each quarter, The National Security Agency recognizes the agency's engagement with an academic institution. This quarter, the school is Carnegie Mellon University in Pittsburgh, PA. CMU has many relationships with the NSA including hosting an SoS Lablet.

    To learn more about the CMU / NSA relationship, visit NSA.gov: https://www.nsa.gov/News-Features/News-Stories/Article-View/Article/2111365/nsa-and-carnegie-mellon-university-partnering-on-cybersecurity-research-fo...

  • news

    Visible to the public "Data Privacy and Security in the Travel Industry"

    The COVID-19 outbreak has had a significant impact on the travel industry, temporarily forcing operations to shut down. The cruise, airline, and hotel sectors could take this time to examine and improve the privacy and security of the personally identifiable passenger information they collect. Carnival's cruise lines, Princess Cruises and Holland America suffered data breaches in 2019 that resulted in the compromise of names, addresses, Social Security numbers, government ID numbers, financial account information, and more. British Airways was hit with a PS183 million fine for its breach of 380,000 passengers' personal and financial details in 2018. Similarly, Marriott, one of the largest hotel chains, faced a $123 million fine for the exposure of 383 million customers' booking information. This article continues to discuss notable data breaches experienced by different entities within the travel industry.

    Security Boulevard reports "Data Privacy and Security in the Travel Industry"