News Items

  • news

    Visible to the public NIST Releases Draft Security Feature Recommendations for IoT Devices

    NIST Releases Draft Security Feature Recommendations for IoT Devices

    "Core Baseline" guide offers practical advice for using everyday items that link to computer networks.

    August 01, 2019

  • news

    Visible to the public Game-theoretic Paper Wins Annual Paper Competition

    The winner of the 6th Annual Best Scientific Cybersecurity Paper Competition is How Shall We Play a Game? A Game-theoretical Model for Cyber-warfare Games by Tiffany Bao, Yan Shoshitaishvili, Ruoyu Wang, Christopher Kruegel, Giovanni Vigna, and David Brumley. These researchers are from Carnegie Mellon University and University of California, Santa Barbara. This paper was originally accepted at 30th IEEE Computer Security Foundations Symposium (CSF '17).

    To learn more visit the competition homepage: https://cps-vo.org/group/sos/papercompetition/pastcompetitions

  • news

    Visible to the public NSA SoS Lablet Call for Proposals is Open

    The National Security Agency has distributed its BAA (really a request for proposals) for its next generation of SoS Lablets. These lablets include lablets on the 5 Hard Problem areas in Science of Security, on the Science of Privacy and dealing with Cyber Physical Systems. Proposals are due August 21. While the SoS team is not the point of contact for the contracting process, we can aid in directing: https://cps-vo.org/group/SoS/contact

  • news

    Visible to the public "Fatality After Hospital Hacked"

    A cyberattack on a hospital led to the death of a woman in need of urgent medical treatment. Attackers caused IT systems at the Dusseldorf University Clinic (DUC) to crash, resulting in a woman seeking medical care at the hospital having to be transported to another hospital. The 20-mile travel to a hospital in another city delayed her treatment by an hour. In addition, operations at DUC were postponed, and other emergency patients had to be redirected to alternative healthcare providers following the attack. An investigation of the cyberattack experienced by DUC revealed that threat actors exploited a vulnerability contained by widely-used commercial add-on software. This article continues to discuss how a cyberattack on DUC impacted patient care as well as the investigation of this incident.

    Infosecurity Magazine reports "Fatality After Hospital Hacked"

  • news

    Visible to the public "Maze Ransomware Adopts Ragnar Locker Virtual-Machine Approach"

    The operators of Maze ransomware have started distributing ransomware payloads via virtual machines (VM). Researchers at Sophos Managed Threat Response believe that the adversaries distribute the ransomware using virtual machines because it should help the ransomware get around endpoint defenses. The maze malware is being distributed in the form of a VirtualBox virtual disk image (a VDI file).

    Threatpost reports: "Maze Ransomware Adopts Ragnar Locker Virtual-Machine Approach"

  • news

    Visible to the public "National Guard Cybersecurity Units Ready to Protect Election"

    As the US 2020 election draws closer, some states are calling on the National Gaurd to help protect the election process against various threats, ranging from nation-state actors to garage hackers. The National Gaurd will conduct network intrusion analysis and cyberthreat hunting to bolster electoral systems in prepation for the November election. Particular areas of concern and focus include attempts to hack voter rolls and the performance of integrity attacks that would result in the digital disenfranchisement of citizens. Ten states have committed to using their Army or Air Force National Guard cybersecurity units to help protect their election process from online attacks and interference. Another 30 states are considering bringing in Guard members for election security efforts. This article continues to discuss the National Gaurd's efforts towards strengthening election security.

    BankInfoSecurity reports "National Guard Cybersecurity Units Ready to Protect Election"

  • news

    Visible to the public "Ransomware Hacking Groups Post Data from 5 Healthcare Entities"

    NetWalker, REvil, SunCrypt, and Pysa (also known as Mespinoza) ransomware hacking groups posted data on the dark web, allegedly stolen from Assured Imaging, University Hospital New Jersey, National Western Life, The College of Nurses of Ontario, and Nonin Medical. These hacking groups are taking advantage of the double extortion ransomware tactic, made popular by the Maze hacking group. In this tactic, threat actors try to maximize their chance of making a profit through threats of selling or auctioning stolen data to increase pressure on their victims to pay the demanded ransom. Pysa hackers claim that they stole data from Assured Imaging, potentially impacting more than 240,000 patients. The same group also claims to have stolen 1.55 GB of files, including data such as budget calculations, payment orders, current settlements, and more, from Nonin Medical. Other sensitive information allegedly stolen by hackers include patients' health status, images of scanned IDs, signatures, and passports. This article continues to discuss the alleged theft of data from five separate healthcare entities by different ransomware hacking groups in recent weeks and the response to these incidents.

    HealthITSecurity reports "Ransomware Hacking Groups Post Data from 5 Healthcare Entities"

  • news

    Visible to the public "QR Codes Serve Up a Menu of Security Concerns"

    Quick Response (QR) codes are booming in popularity due to the coronavirus. Since more people are using QR codes, hackers are flocking to exploit the trend. In a new study, researchers found that many people are unaware that adversaries can easily use QR codes to launch digital attacks. MobileIron found that 71 percent of the survey respondents could not distinguish between a legitimate and a malicious QR code. QR code security should gain more attention from researchers in the future. Especially since 53 percent of the respondents said they would like to see QR codes used more broadly in the future. Almost half of the surveyed participants indicated that they trusted QR codes enough to use QR codes that they received in the mail to vote.

    Threatpost reports: "QR Codes Serve Up a Menu of Security Concerns"

  • news

    Visible to the public "California Elementary Kids Kicked Off Online Learning by Ransomware"

    Adversaries have carried out a new ransomware attack against a California school district. The attack closed down remote learning for 6,000 elementary school students. The cyberattack against the Newhall School district in Valencia affected all distance learning across ten different grade schools. The adversaries carried out the ransomware attack Sunday night and into Monday morning. The adversaries have not sent an extortion demand yet.

    Threatpost reports: "California Elementary Kids Kicked Off Online Learning by Ransomware"

  • news

    Visible to the public "The Phish Scale: NIST’s New Tool Helps IT Staff See Why Users Click on Fraudulent Emails"

    Researchers at the National Institute of Standards and Technology (NIST) developed a new tool called the "Phish Scale." This tool aims at helping organizations improve their training of employees to prevent them from falling victim to phishing attacks. According to estimates from the 2020 Official Annual Cybercrime Report by Cybersecurity Ventures, global cybercrime damages will cost $6 trillion annually by 2021, doubling the estimated cost from 2015. Phishing remains one of the most common types of cybercrime. The Phish Scale uses a rating system to help Chief Information Security Officers (CISOs) understand whether a particular phishing training email is easier or harder for a specific target audience to detect. CISOs can use this tool to better understand why their organization's phishing email click rates are high or low. This article continues to discuss the goal, structure, and development of the Phish Scale.

    NIST reports "The Phish Scale: NIST's New Tool Helps IT Staff See Why Users Click on Fraudulent Emails"

  • news

    Visible to the public "Your Contacts Aren't Safe With Popular Messaging Apps, Warn Researchers"

    A team of researchers at the Technical University of Darmstadt and the University of Wurzburg conducted a study on the privacy of popular mobile messengers, including WhatsApp, Signal, and Telegram. They were able to perform practical crawling attacks on these apps using very few resources, posing a significant threat to the privacy of billions of users. Personal (meta) data stored in messengers' user profiles, such as profile pictures, status texts, and nicknames, could be gathered by querying contact discovery services for random numbers. This article continues to discuss the crawling attacks demonstrated by researchers to collect sensitive data from top mobile messengers, as well as the development of accurate behavior models using this data and the impact of this research on service providers.

    TN reports "Your Contacts Aren't Safe With Popular Messaging Apps, Warn Researchers"

  • news

    Visible to the public "DDoS Attacks Skyrocket as Pandemic Bites"

    Researchers have discovered that the first half of 2020 saw a significant increase in the number of distributed denial-of-service (DDoS) attacks compared to the same period last year. Neustar's Security Operations Center (SOC) saw a 151 percent increase in DDoS activity. Neustar also experienced one of the largest and longest attacks it has ever mitigated. The attack came in at 1.17 terabits-per-second (Tbps) and lasted five days and 18 hours.

    Threatpost reports: "DDoS Attacks Skyrocket as Pandemic Bites"

  • news

    Visible to the public "Researchers Identify the Departments and Industries Most Susceptible to Email-Based Cyber-Attacks"

    Keepnet Labs, a cybersecurity awareness and anti-phishing company, released a report that reveals the business sectors and departments most vulnerable to email-based cyberattacks. Based on the analysis of data collected from simulated phishing emails sent to more than 410,000 target users, employees in departments including Quality Management and Health, Administrative Affairs, Research and Development, and Human Resources had the highest rates of opening malicious emails, interacting with content within the emails, and submitting sensitive information back to attackers. Sectors such as Consulting, Banking, Telecommunications, and Transportation were found to have the highest chances of experiencing phishing scams. This article continues to discuss key findings from Keepnet Labs' 2020 Phishing Trends Report.

    Security Boulevard reports "Researchers Identify the Departments and Industries Most Susceptible to Email-Based Cyber-Attacks"

  • news

    Visible to the public "Are Your Devices Spying on You? Australia's Very Small Step to Make the Internet of Things Safer"

    The growing number and use of Internet of Things (IoT) devices increase users' vulnerability to attacks as these devices commonly contain security flaws. Hackers could abuse these vulnerabilities to perform malicious activities such as hijacking devices, stealing personal information, changing data, and spying on users. The Australian government is trying to reduce these risks by introducing a new code of practice to encourage IoT device manufacturers to improve the security of their devices. The code provides guidance that covers secure passwords, security patches, vulnerability reporting, the protection of consumers' personal data, and more. However, the code is voluntary. This article continues to discuss the insecurity of IoT devices, the contributing factors to poor IoT security, Australia's voluntary code of practice to make these devices more secure, other proposed IoT security guidelines, and the suggested co-regulatory approach.

    UNSW reports "Are Your Devices Spying on You? Australia's Very Small Step to Make the Internet of Things Safer"

  • news

    Visible to the public "Security Solution Traps Cybercriminals in a Virtual Network"

    Researchers at the University of Strathclyde's Center for Intelligent and Dynamic Communications are developing a new cybersecurity deception solution. Their solution, called "Lupovis," applies Artificial Intelligence (AI) to lure attackers away from sensitive assets once they have penetrated a network. Lupovis uses AI to create scenarios that lead attackers into believing they are successfully accessing assets and moving through a system when they are actually being observed by the company's Security Operations Center (SOC). According to researchers, Lupovis learns and grows more accurate as the system collects more data. This article continues to discuss how Lupovis works and how this system differs from other cybersecurity deception systems.

    Homeland Security News Wire reports "Security Solution Traps Cybercriminals in a Virtual Network"

  • news

    Visible to the public "Are Your Domain Controllers Safe From Zerologon Attacks?"

    Several proof-of-concept (POC) exploits were released for "Zerologon," a critical elevation of privilege vulnerability found in Microsoft's Netlogon Remote Protocol. The vulnerability, discovered by Secura researchers, impacts all supported Windows Server versions, but it poses the most danger to servers functioning as Active Directory domain controllers. This vulnerability derives from a flaw in a cryptographic authentication scheme used by the protocol. According to the researchers, an attacker on the local network can use the flaw to completely compromise the Windows domain. This article continues to discuss the privilege flaw found in Microsoft's Netlgon in relation to its origin, potential exploitation by attackers, and remediation.

    Help Net Security reports "Are Your Domain Controllers Safe From Zerologon Attacks?"

  • news

    Visible to the public "MFA Bypass Bugs Opened Microsoft 365 to Attack"

    Researchers have found bugs in the multi-factor authentication system used by Microsoft's cloud-based office productivity platform, Microsoft 365. The flaws exist in the implementation of what is called the WS-Trust specification in cloud environments where WS-Trust is enabled and used with Microsoft 365. Researchers say that WS-Trust is an "inherently insecure protocol." Microsoft's implementation of the standard gives attackers a number of ways to bypass multi-factor authentication and access cloud services. The flaws could allow adversaries to carry out various attacks, such as real-time phishing and channel hijacking.

    Threatpost reports: "MFA Bypass Bugs Opened Microsoft 365 to Attack"

  • news

    Visible to the public "FBI Says Credential Stuffing Attacks Are Behind Some Recent Bank Hacks"

    The FBI recently issued a private security alert to the US financial sector warning organizations of the rise in credential stuffing attacks against their networks as well as an increase in breaches and significant financial losses resulting from such attacks. Credential stuffing refers to an attack in which usernames and passwords leaked in previous data breaches are used to gain access to accounts at other online services. These attacks rely on automation to enter many username and password combinations into login pages of various online services, emphasizing the importance of not reusing the same login credentials for multiple services. According to the FBI, credential stuffing has become a major problem, particularly for banks, financial service providers, insurance companies, and investment firms. This article continues to discuss the FBI's alert about credential stuffing attacks targeting US financial institutions, which highlight the victims, impact, recent incidents, detection, and mitigation of these attacks.

    ZDNet reports "FBI Says Credential Stuffing Attacks Are Behind Some Recent Bank Hacks"

  • news

    Visible to the public "University Project Tracks Ransomware Attacks on Critical Infrastructure"

    A team of researchers at Temple University in Philadelphia has been tracking ransomware attacks on critical infrastructure. The collection of data on these attacks can be requested by anyone, including educators, grad students, government representatives, and other researchers, for class projects, dissertation literature reviews, Industrial Control System (ICS) training classes, assessing internal responses, comparing data, and more. Their work is described as a repository of critical infrastructure ransomware attacks (CIRWA). As of August 2020, the dataset contained more than 680 records of ransomware attacks documented since November 2013. This article continues to discuss the goal and potential uses of this database, as well as what is currently shown by the analysis of the data.

    Security Week reports "University Project Tracks Ransomware Attacks on Critical Infrastructure"

  • news

    Visible to the public "Virginia's Largest School System Hit With Ransomware"

    Fairfax County Public Schools (FCPS), Virginia's largest school system, recently faced a ransomware attack on its technology systems. The Maze hacking group claimed to have been behind the attack. This ransomware attack disrupted distance learning for some students and staff in that those who were affected had to switch to asynchronous learning activities during the incident. The Maze ransomware group claimed responsibility for the attack and said they stole private information from FCPS. They also published some of the data online to prove their involvement in the attack. This article continues to discuss the ransomware attack experienced by FCPS regarding its impact on learning for some students, how the Virginia school system has responded, and the group behind its launch.

    Dark Reading reports "Virginia's Largest School System Hit With Ransomware"

  • news

    Visible to the public "Telehealth is Healthcare Industry’s Biggest Cybersecurity Risk"

    Due to the coronavirus, the number of telehealth primary care visits has increased exponentially. In a new study, researchers reviewed the 148 most-used telehealth vendors. The researchers found that telehealth providers have experienced a massive increase in targeted attacks since its popularity has skyrocketed. The telehealth providers experienced a 117% increase in IP reputation security alerts.

    Help Net Security reports: "Telehealth is Healthcare Industry's Biggest Cybersecurity Risk"

  • news

    Visible to the public "Razer Gaming Fans Caught Up in Data Leak"

    A security consultant discovered a misconfigured Elasticsearch cloud cluster that exposed a segment of Razer's infrastructure to the public internet, where anyone could access the information. Razer is a company that sells gaming gear. It is not yet known if any people with malicious intent accessed the information. The information in the misconfigured cloud cluster included full names, emails, phone numbers, customer internal IDs, order numbers, order details, billing addresses, and shipping addresses. The cloud cluster included data from over 100,000 customers. The security consultant found the open cloud cluster on August 18th and alerted Razer on August 19th. It took Razer 3 weeks to fix the misconfigured cloud cluster.

    Threatpost reports: "Razer Gaming Fans Caught Up in Data Leak"

  • news

    Visible to the public "Ransomware Accounted for 41% of All Cyber Insurance Claims in H1 2020"

    A report recently published by Coalition, one of the leading providers of cyber insurance and security, revealed that ransomware incidents made up 41% of cyber insurance claims filed in the first half of 2020. The high number of claims confirms cybersecurity firms' reports that ransomware is still one of the most common threats. Coalition has also observed a rise in ransomware attacks against nearly every industry it serves. In addition to the increased frequency of ransomware attacks, the average ransom demand has risen by 47%. The cyber insurer listed Maze and DoppelPaymer as two of the most aggressive ransomware gangs. This article continues to discuss the rise in ransomware incidents as indicated by cyber insurance claims made in H1 2020, the increase in the average ransom demanded from victims, the most destructive ransomware gangs, and the spike in the number of claims for funds transfer fraud attacks and Business Email Compromise (BEC) events.

    ZDNet reports "Ransomware Accounted for 41% of All Cyber Insurance Claims in H1 2020"

  • news

    Visible to the public "Bluetooth Bug Opens Devices to Man-in-the-Middle Attacks"

    Researchers at Purdue University have discovered a flaw they are calling "BLURtooth." The high-severity Bluetooth vulnerability exists in the pairing process for Bluetooth 4.0 through 5.0 implementations. The vulnerability could allow an unauthenticated adversary within wireless range (330 feet for Bluetooth 4.0 devices, and 800 feet for Bluetooth 5.0) to eavesdrop or alter communications between paired devices.

    Threatpost reports: "Bluetooth Bug Opens Devices to Man-in-the-Middle Attacks"

  • news

    Visible to the public "Hackers Use Cloud Monitoring Tool to Install Cryptominers"

    Reports from Microsoft and Intezer reveal the weaponization of a legitimate cloud monitoring tool, called Weave Scope, to install cryptominers in cloud environments. TeamTNT is the hacking group discovered to be using the tool to perform this malicious activity. The group, initially discovered in May, used botnets to install cryptomining malware on unprotected Kubernetes and Docker systems running on top of Amazon Web Services (AWS) servers to steal AWS credentials. Weave Scope is an open-source visualization and monitoring tool from Weave Works that integrates with Docker, Kubernetes, and AWS Elastic Compute Cloud (ECS). It is now being used by the group to gain access to these cloud platforms and install cryptomining malware. This article continues to discuss TeamTNT's use of the Weave Scope tool to target cloud platforms and other recent findings of cryptomining campaigns targeting cloud platforms and containers.

    BankInfoSecurity reports "Hackers Use Cloud Monitoring Tool to Install Cryptominers"

  • news

    Visible to the public "Third-Party Components Putting Operational Hardware and Software Technologies at Risk"

    Six critical vulnerabilities have been discovered by Claroty researchers in a third-party software component used by top Industrial Control System (ICS) software vendors such as Rockwell Automation and Siemens. These vulnerabilities were found in Wibu-Systems' CodeMeter third-party license management component, which increases Operational Technology (OT) environments' exposure to exploits through phishing campaigns or direct cyberattacks. The exploitation of the vulnerabilities could allow attackers to modify existing software licenses, inject malicious ones, cause processes to crash, and more. Researchers also discovered encryption implementation issues that could be used by bad actors to execute code remotely and move laterally on OT networks. This article continues to discuss the flaws found in CodeMeter and how these vulnerabilities put OT environments at risk.

    Security Magazine reports "Third-Party Components Putting Operational Hardware and Software Technologies at Risk"

  • news

    Visible to the public "COVID-19 Sites Plagued with Third-Party Tracking, Posing Privacy Risk"

    According to a new study published in JAMA, almost all websites designed to provide information to people regarding COVID-19 symptoms, testing, and prevention contain code that transfers data to third parties, posing a threat to users' privacy. Researchers from the University of Pennsylvania Perelman School of Medicine and Carnegie Mellon University's School of Computer Science found that 95% of the 538 analyzed COVID-19-related websites included a data request from a third-party domain, and 89% had a third-party cookie. This article continues to discuss the study of third-party tracking on sites related to the pandemic, the limitations of this study, and the insufficient privacy and security of most government COVID-19 contact tracing apps across the world.

    HealthITSecurity reports "COVID-19 Sites Plagued with Third-Party Tracking, Posing Privacy Risk"

  • news

    Visible to the public "Digital Point's Unsecured Database Exposed Records of Over 800,000 Users"

    An Elasticsearch database belonging to Digital Point, the world's largest webmaster forum and marketplace for web services, was discovered to be left online without password protection. The unprotected database contained more than 62 million records belonging to over 800,000 Digital Point users. These records included emails, names, internal ID numbers, user posts, and more. According to the researchers who made the discovery, an attacker could have edited, downloaded, or deleted this data without administrative credentials. A recent study conducted by Comparitech found that cybercriminals attacked unsecured databases 18 times in a single day. These findings further highlight the importance of securing databases. This article continues to discuss the discovery of Digital Point's unprotected database and the risks associated with unsecured databases.

    CISO MAG reports "Digital Point's Unsecured Database Exposed Records of Over 800,000 Users"

  • news

    Visible to the public "Spyware Labeled ‘TikTok Pro’ Exploits Fears of US Ban"

    Researchers have discovered a malicious app called TikTok Pro. Threat actors are urging users via SMS and Whatsapp messages to download the latest version of Tiktok from a specific web address. The fake TikTok Pro app contains malware that can take over basic device functions, including capturing photos, reading and sending SMS messages, making calls, and launching apps. The malicious application can also steal victims' Facebook credentials. Once the application is downloaded, the spyware launches a fake notification, which then disappears along with the app's icon. The adversaries use the fake notification tactic to redirect the user's attention as the app hides and to make them believe the app is faulty.

    Threatpost reports: "Spyware Labeled 'TikTok Pro' Exploits Fears of US Ban"

  • news

    Visible to the public "More IT Security in Port Terminals"

    Ports are critical infrastructures and require improved security, as attacks resulting in disruptions could significantly impact the economy. Digitalized container terminal operations, in particular, face various potential security risks. The movement of transporters between ships, trucks, and trains during loading and unloading will be automated in the future, making them cyber-physical systems capable of reacting to the environment using sensors, tracking their location at terminals using actuators, and automatically processing transportation orders. These cyber-physical systems will be exposed to hacking, physical tampering, and other risks. Therefore, research scientists at the Fraunhofer Institute for Factory Operation and Automation IFF and its industry partners have developed a new technique and toolset to increase cyber-physical systems' security against attacks and to help improve supply chain security. Their solution involves using digital twins to increase critical infrastructures' resilience and applying a three-stage plan to identify, localize, and rectify malfunctions. This article continues to discuss the growing automation of container terminal operations, threats facing port operators, and the scientists' solution for protecting port terminals from cyberattacks.

    Fraunhofer reports "More IT Security in Port Terminals"

  • news

    Visible to the public Popular Android Apps Are Rife With Cryptographic Vulnerabilities"

    Researchers at Columbia University have recently released Crylogger, an open source dynamic analysis tool that shows which Android apps contain cryptographic vulnerabilities. The researchers used the tool to test 1780 popular Android apps from the Google Play Store. All of the Android applications tested broke at least one of the 26 crypto rules. Many of the applications (1775) use an unsafe pseudorandom number generator (PRNG), and 1076 of the applications use the CBC operation mode, which is vulnerable to padding oracle attacks in client-server scenarios. Most of the applications (1764) use a broken hash function (SHA1, MD2, MD5, etc.), and 820 of the applications use a static symmetric encryption key (hardcoded).

    Help Net Security reports: "Popular Android Apps Are Rife With Cryptographic Vulnerabilities"

  • news

    Visible to the public "Verizon Engineers Work to Secure the 5G Network"

    Verizon recently released details about its efforts to secure the 5G network. According to Verizon, its network security engineers are developing an Artificial Intelligence (AI) and Machine Learning (ML) security framework to detect security anomalies and analyze cell towers' performance. They are also experimenting with network accelerators, storing data fingerprints in the blockchain, and the security of connected vehicles. This article continues to discuss what 5G network security solutions that Verizon is testing and the launch of the 5G network in 35 cities across the US.

    CNET reports "Verizon Engineers Work to Secure the 5G Network"

  • news

    Visible to the public "Post-COVID-19 Cybersecurity Spending Update"

    Earlier reports have suggested that the uncertainty of the COVID-19 pandemic interrupted security budgets and spending. Organizations have held back on spending while they gain a more in-depth insight into the economic environment, as indicated by reports from practitioners of pauses in projects and hiring worldwide. However, recent findings show that those initial spending freezes may now be thawing out as organizations realize the importance of spending more to secure a remote workforce in the long run. They also recognize the need to spend more to reduce risks associated with accelerating digital transformation strategies required to support new consumer and business-to-business circumstances. This article continues to discuss findings from recent studies on the continued growth in security spending, the top cybersecurity investments since the beginning of the pandemic, and staffing increases.

    Dark Reading reports "Post-COVID-19 Cybersecurity Spending Update"

  • news

    Visible to the public "Lockdown Sees Increase in Girls Applying for GCHQ Cyber Courses"

    According to the Government Communications Headquarters (GCHQ), a British intelligence agency, there has been a significant increase in the number of young people, especially girls, applying for online cybersecurity skills courses offered by its CyberFirst program during the COVID-19 pandemic. More girls have taken part in this year's CyberFirst summer courses than last year, as indicated by the 60% increase in girls' applications. The number of girls who applied this year increased to 1,492 from 930 in 2019, and boys' applications grew to 2,398 this year from 1,824 last year. The CyberFirst courses teach young people, between the ages of 14 and 17, skills in digital forensics, ethical hacking, cryptography, and digital problem-solving. The cybersecurity skills of young girls must continue to be cultivated to increase the number of skilled security professionals and to diversify the cybersecurity workforce. This article continues to discuss the increased participation of girls in cyber courses during the pandemic, what is offered by the CybeFirst program, and the importance of addressing the cybersecurity skills gap.

    Computer Weekly reports "Lockdown Sees Increase in Girls Applying for GCHQ Cyber Courses"

  • news

    Visible to the public "CISA Pushes Vulnerability Disclosure Policies"

    The U.S. Homeland Security Department's Cybersecurity & Infrastructure Security Agency (CISA) has issued a binding operational directive (BOD) ordering federal executive branch departments and agencies to develop and publish vulnerability disclosure policies (VDPs). A BOD is a compulsory direction in support of safeguarding federal information and information systems. BOD 20-01 requires most executive branch agencies to publish a VDP as a public web page within 180 calendar days after this directive's issuance. The VDP must include which systems are in scope, what types of testing are allowed, a description of how to submit vulnerability reports, and more. This article continues to discuss the finalization, requirements, and importance of the new directive.

    Infosecurity Magazine reports "CISA Pushes Vulnerability Disclosure Policies"

  • news

    Visible to the public "Facebook Announces New Details on How It Will Disclose Bugs Found in Third-Party Products"

    Facebook has announced its first formal policy that addresses how it will disclose vulnerabilities found in third-party products by security researchers. This policy also covers how long Facebook will give the third-parties to respond, fix, and distribute a patch for discovered security bugs. According to Nathaniel Gleicher, the purpose of sharing the policy is to help everyone understand what is expected in the reporting or disclosure of bugs. This article continues to discuss what is covered by Facebook's new policy.

    SC Media reports "Facebook Announces New Details on How It Will Disclose Bugs Found in Third-Party Products"

  • news

    Visible to the public "Helping Companies Prioritize Their Cybersecurity Investments"

    One of the reasons as to why cyberattacks continue to grow in frequency and sophistication is because there is a lack of information shared about how these attacks occur. Companies that experience cybersecurity incidents often refrain from reporting them because they fear that their reputation will be damaged, and their competitors will gain insight into their security flaws. Companies should be able to use data gathered from cyberattacks to develop quantitative measurements of their security risk in order to prevent such attacks from happening again. Many organizations do not know which types of attacks would result in significant financial losses. Therefore, they do not know how to use limited security resources efficiently. MIT's Computer Science and Artificial Intelligence Laboratory (CSAIL) developed a new data aggregation platform called "SCRAM," which stands for "Secure Cyber Risk Aggregation and Measurement." This platform aims to help companies quantify their security level, understand how their security compares to other organizations, evaluate whether they are correctly investing in security, and more, without requiring them to disclose sensitive system data. This article continues to discuss the application, development, and goals of the SCRAM system.

    MIT reports "Helping Companies Prioritize Their Cybersecurity Investments"

  • news

    Visible to the public "Attackers Can Exploit Critical Cisco Jabber Flaw With One Message"

    Researchers with Watchcom have discovered a critical remote code-execution (RCE) flaw in the Windows version of Cisco Jabber, a video-conferencing and instant messaging application. According to these researchers, the flaw could be exploited without the need for user interaction. Its abuse involves sending specially crafted Extensible Messaging and Presence Protocol (XMPP) messages to vulnerable end-user systems running Cisco Jabber for Windows. The flaw has been given a CVSS score of 9.9 out of 10. As these types of applications have grown in use during the COVID-19 pandemic, they have become increasingly attractive targets for attackers seeking to gather sensitive information. This article continues to discuss the RCE flaw found in the Windows version of Cisco Jabber in relation to where it stems from and its potential exploitation by attackers, as well as other vulnerabilities discovered in Cisco Jabber.

    Threatpost reports "Attackers Can Exploit Critical Cisco Jabber Flaw With One Message"

  • news

    Visible to the public "Revolutionary Quantum Breakthrough Paves Way for Safer Online Communication"

    A team of international scientists led by the University of Bristol has made a significant breakthrough in the field of quantum communication, bringing the world a step closer to having a quantum internet that could deliver impenetrable security for safe online communication. They created what is understood to be the largest-ever quantum network of its kind. Up to now, the construction of a quantum network has been expensive, time-consuming, and resource-intensive. Building a quantum network has also required a certain amount of compromise on security and this defeated the purpose of creating such a network. However, the team's solution is said to be scalable, relatively inexpensive, and invulnerable. This article continues to discuss the fully connected quantum communication network presented by the team in relation to its methods, features, and advancements over previous quantum systems.

    The University of Bristol reports "Revolutionary Quantum Breakthrough Paves Way for Safer Online Communication"

  • news

    Visible to the public "Microsoft Strengthens Deepfake Fight With New Authentication Tools"

    Microsoft has launched new deepfake-fighting tools. Deepfakes are videos, photos, and audio recordings that have been generated through the use of Artificial Intelligence (AI). One tool analyzes photos or videos and then provides a percentage chance or confidence score that a piece of the content has been artificially manipulated. Another new technology is said to detect manipulated content and assure people that the content they are viewing is real. Security researchers have stressed the importance of combatting the continued advancement of deepfakes as they could be used to decrease the effectiveness of facial recognition technologies as well as spread disinformation. This article continues to discuss Microsoft's new authentication technologies and the importance of fighting deepfakes.

    ZDNet reports "Microsoft Strengthens Deepfake Fight With New Authentication Tools"

  • news

    Visible to the public "Ransomware Attacks Demanding Larger Payouts from Local Governments"

    According to a report recently published by the cybersecurity firm BlueVoyant, hackers have increased the amount of money they demand from local governments in ransomware attacks. The average ransom demand has increased from $30,000 in 2017 to $380,000 in 2019, with several ransom demands exceeding $1 million last year. Cybersecurity experts say the demands for larger sums of money from local governments indicate a shift in hacker techniques. Other findings suggest that smaller municipalities are willing to give in to attackers' demands for ransom payments. This article continues to discuss the increase in the average ransom demanded of local governments in a ransomware attack, changes in tactics among hackers, municipalities' decision to pay demanded ransoms, and how local governments could protect themselves.

    NextGov reports "Ransomware Attacks Demanding Larger Payouts from Local Governments"

  • news

    Visible to the public "Companies Continue to Expose Unsafe Network Services to the Internet"

    Research conducted by RiskRecon found that 33% of organizations involved in the digital supply chain expose one or more unsafe network services such as data storage, remote access, and network administration to the internet. This discovery was made from the assessment of millions of internet-facing systems across 40,000 commercial and public institutions. The education sector was discovered to have the greatest tendency to expose unsafe network services on non-student systems. This article continues to discuss other key findings shared by RiskRecon on the exposure of unsafe network services.

    Help Net Security "Companies Continue to Expose Unsafe Network Services to the Internet"

  • news

    Visible to the public "Slack Patches Critical Desktop Vulnerability"

    A security engineer at Evolution Gaming discovered a critical remote-code execution (RCE) vulnerability in the popular Slack collaboration app, which has now been patched. The vulnerability could have allowed attackers to gain full remote control over the collaboration software's desktop version. Attackers could gain access to private keys, conversations, passwords, files, and other functions with a successful exploit. They could delve deeper into an internal network and explore the environment, depending on how Slack is configured on a targeted device. The RCE bug in the Slack desktop app could also be made wormable so that it reposts to all user workspaces. According to the researcher, an exploit was successfully tested on the latest versions of Slack for desktop on Mac, Windows, and Linux. This article continues to discuss the critical RCE vulnerability found in the Slack desktop app regarding where it stems from, what its exploitation could have allowed attackers to do, and Slack's response to this discovery.

    Dark Reading reports "Slack Patches Critical Desktop Vulnerability"

  • news

    Visible to the public "Securing The Internet"

    Assistant Professor of Information Systems at Singapore Management University (SMU), Wang Qiuhong, explored the connections and interdependencies among Autonomous Systems (ASes), which are Internet Service Providers' (ISP) networks. One of this study's focus areas was the peering relationship established by an AS with other member ASes on an Internet Exchange Point (IXP). The idea is that the attack surface expands when an organization connects into an IXP, and interconnection grows. Professor Wang's project aimed to identify the types of interconnections that can attract more attacks and the connections that can reduce security threats. The study also explored the sharing of hacking techniques online to understand its impact on cybersecurity threats and evaluated the policy implications associated with online knowledge sharing of such methods. This article continues to discuss Professor Wang's research on the attraction of more attacks through interconnection as well as the impact of online sharing of hacking techniques on cybersecurity.

    SMU reports "Securing The Internet"

  • news

    Visible to the public "Cyber-Criminals Mimicking Global Brand Domain Names to Launch Scams"

    According to a new study by Palo Alto Networks, cybercriminals are frequently impersonating global brands through the performance of cyber-squatting to execute phishing attacks and scams aimed at stealing credentials or money. Cyber-squatting refers to the unauthorized registration and use of Internet domain names that are identical or similar to existing brand domain names. The companies impersonated in the top 20 most abused domains in December 2019 include PayPal, Apple, Netflix, and Amazon. Palo Alto Networks' analysis of squatting domains revealed evidence of malware distribution, phishing attack performance, and more. Enterprises are encouraged to block and closely monitor their traffic. Customers should ensure that they type domain names correctly. This article continues to discuss the concept of cyber-squatting, Palo Alto Networks' findings on the continued use of this practice by cybercriminals in the performance of phishing attacks and other various scams, and how to prevent the threat of cyber-squatting.

    Infosecurity Magazine reports "Cyber-Criminals Mimicking Global Brand Domain Names to Launch Scams"

  • news

    Visible to the public "NCR Confirms Malware in Lab Environment, Says Clients Not at Risk"

    NCR Corporation, the popular point-of-sale and ATM software developer, has confirmed that computers in an isolated non-production lab have been infected with malware, potentially posing a supply-chain risk to customers. The malware was identified as Lethic, an old botnet initially discovered around 2008. Attackers can use Lethic for spam distribution, remote access, lateral movement, and downloading additional payloads. This article continues to discuss NCR's confirmation of the infection, the history and capabilities of the Lethic malware, the potential impact of this incident, as well as NCR's response to the compromise.

    SC Media reports "NCR Confirms Malware in Lab Environment, Says Clients Not at Risk"

  • news

    Visible to the public "Apple's Automated Notarization Process Mistakenly Approved Mac Malware"

    Security researchers Patrick Wardle and Peter Dantini discovered that Apple's macOS app notarization process inadvertently approved Mac malware disguised as a Flash player. The notarization would result in the circumvention of Apple's built-in Gatekeeper security function. According to the researchers, the malware's approved code has been used by the Shlayer adware, which is capable of intercepting web traffic, replacing ads with its own, and more. Apple has now revoked the malware's notarization. This article continues to discuss the failure of Apple's notarization process to detect a piece of Mac malware and the potential approval of new malicious payloads as malware continues to change.

    Apple Insider reports "Apple's Automated Notarization Process Mistakenly Approved Mac Malware"

  • news

    Visible to the public "Researchers Hijack 28,000 Printers to Show How Easily They Can Be Hacked"

    Researchers at CyberNews hacked 28,000 printers to highlight how easy it is to compromise them and the importance of improving security for such devices. They found that more than 800,000 printers could be accessed over the internet. Out of a sample of 50,000 exposed printers, 28,000 followed instructions from a script sent by the researchers to print a security guide, suggesting that hackers can take over 56% of exposed printers. Past research on the vulnerability of printers to hacking has shown that the flaws contained by these devices can result in crashes and the theft of sensitive information. This article continues to discuss new research demonstrating the vulnerability of printers to being hijacked and printer security issues discovered in other studies.

    Security Week reports "Researchers Hijack 28,000 Printers to Show How Easily They Can Be Hacked"

  • news

    Visible to the public "Research Finds Increase in Botnet and Exploit Activity in Q2 2020"

    Nuspire released a new report on cybercriminal activities, tactics, techniques, and procedures observed in the second quarter of 2020. According to the report, new challenges for security administrators are continuing to emerge as organizations settle into remote working conditions during the COVID-19 pandemic. Research has revealed an increase in botnets and exploit attempts in Q2 2020 by 29% and 13%. This article continues to discuss key findings from Nuspire's research regarding the rise in botnet and exploit activity, and changes in cybercriminal tactics.

    CISO MAG reports "Research Finds Increase in Botnet and Exploit Activity in Q2 2020"