News Items

  • news

    Visible to the public We're Surrounded by Billions of Internet-connected Devices. Can We Trust Them?

    BY ADAM PIORE ON 10/24/19 AT 12:24 PM EDT - NEWSWEEK MAGAZINE

    In 2009, just as consumers had begun to buy wifi-enabled thermostats and front-door cams and other early devices that now make up the "Internet of Things," computer scientist Ang Cui had gotten the idea to scan the Web for "trivially vulnerable" embedded devices.

  • news

    Visible to the public Winner of 7th Paper Competition is Evaluating Fuzz Testing

    The winning paper is Evaluating Fuzz Testing by George Klees, Andrew Ruef, Benji Cooper, Shiyi Wei, and Michael Hicks. This paper was presented at ACM SIGSAC Conference on Computer and Communications Security (CCS '18) in Toronto.

  • news

    Visible to the public NSA Launches Latest Codebreaker Challenge

    By Betsy Stein NSA/CSS Communications Officer

    FORT MEADE, MD, Sept. 20, 2019 --

    Are you a U.S. undergraduate or graduate student interested in attempting to crack a cyber-challenge similar to those that regularly threaten national security? Then sign up for the 2019 NSA Codebreaker Challenge!

  • news

    Visible to the public NIST Releases Draft Security Feature Recommendations for IoT Devices

    NIST Releases Draft Security Feature Recommendations for IoT Devices

    "Core Baseline" guide offers practical advice for using everyday items that link to computer networks.

    August 01, 2019

  • news

    Visible to the public NSA-approved cybersecurity law and policy course now available online

    NSA-approved cybersecurity law and policy course now available online

    Cyber Scoop

    Shannon Vavra

    August 27th, 2019

    Anyone who is interested in cybersecurity law and policy can now take an online course that was partly shaped by National Security Agency.

  • news

    Visible to the public Game-theoretic Paper Wins Annual Paper Competition

    The winner of the 6th Annual Best Scientific Cybersecurity Paper Competition is How Shall We Play a Game? A Game-theoretical Model for Cyber-warfare Games by Tiffany Bao, Yan Shoshitaishvili, Ruoyu Wang, Christopher Kruegel, Giovanni Vigna, and David Brumley. These researchers are from Carnegie Mellon University and University of California, Santa Barbara. This paper was originally accepted at 30th IEEE Computer Security Foundations Symposium (CSF '17).

    To learn more visit the competition homepage: https://cps-vo.org/group/sos/papercompetition/pastcompetitions

  • news

    Visible to the public NSA SoS Lablet Call for Proposals is Open

    The National Security Agency has distributed its BAA (really a request for proposals) for its next generation of SoS Lablets. These lablets include lablets on the 5 Hard Problem areas in Science of Security, on the Science of Privacy and dealing with Cyber Physical Systems. Proposals are due August 21. While the SoS team is not the point of contact for the contracting process, we can aid in directing: https://cps-vo.org/group/SoS/contact

  • news

    Visible to the public "Cookie Leak Allows White-Hat Researcher to Access HackerOne Vulnerability Reports"

    HackerOne, a company that hosts bug bounty programs for organizations, recently disclosed an incident in which a human error led to the access of company vulnerability reports by a white-hat hacker known as haxta4ok00. One of HackerOne's security analysts accidentally sent a session cookie to the white-hat researcher, which was then used to access the vulnerability reports. Following the disclosure and investigation of the incident, the researcher as rewarded $20,000 for their discovery. HackerOne then took steps to change its cookie policy and establish a process for responding to an event in which a hacker is suspected of accessing sensitive material. In addition, the company plans to re-examine and alter its security analyst permission model, as well as enhance education for employees and white-hat hackers. This article continues to discuss how the incident occurred, HackerOne's response to the incident, and the expected increase in attacks targeting crowd security testing platforms.

    SC Magazine reports "Cookie Leak Allows White-Hat Researcher to Access HackerOne Vulnerability Reports"

  • news

    Visible to the public "New Ransomware Attacks Target Your NAS Devices, Backup Storage"

    Security researchers have observed an increase in ransomware attacks targeting network-attached storage (NAS) and backup storage devices. Ransomware continues to be a major threat to enterprises, hospitals, and utilities. NAS systems are devices connected to a home or enterprise network that functions as a centralized location for authorized network users to store and recover data. According to security researchers, attackers can circumvent user authentication as a result of vulnerable integrated software in NAS systems, allowing the execution of ransomware attacks on these devices. This article continues to discuss the concept behind ransomware, the increase in ransomware attacks on NAS systems, and other recent findings pertaining to the use of ransomware by cybercriminals.

    ZDNet reports "New Ransomware Attacks Target Your NAS Devices, Backup Storage"

  • news

    Visible to the public "Hackers Find Ways Around a Years-Old Microsoft Outlook Fix"

    Email remains a weakness in security as highlighted by the ongoing exploitation of a flaw in Microsoft Outlook that was disclosed and patched in October 2017. The U.S. Cyber Command issued a warning about the exploitation of the vulnerability in July of this year. Security researchers discovered that the vulnerability has been abused by the Iranian government-linked hacking group, known as APT33, and another Iran linked- hacking group, APT34. The vulnerability derives from Outlook's Home Page feature, which can be used as a home screen and to load external content. If a hacker were to gain access to a user's account credentials, they could abuse the bug in the Home Page to upload malicious content, remotely execute exploit code, and take over a device's operating system. This article continues to discuss how hackers could be getting around the fix for the Microsoft Outlook bug.

    Wired reports "Hackers Find Ways Around a Years-Old Microsoft Outlook Fix"

  • news

    Visible to the public "Web Payment Card Skimmers Add Anti-Forensics Capabilities"

    Researchers from Visa's Payment Fraud Disruption (PFD) team have found a new JavaScript-based payment card skimmer, dubbed Pipka, which has affected 16 e-commerce websites. Web skimming refers to the injection of malicious scripts into online merchant sites to steal payment card information. Web skimming attacks are usually performed by inserting malicious scripts into checkout pages where users enter their payment card information. Pipka differs from another web skimmer, called Magecart, in that it is customizable, allowing attackers to set the skimmer's targeted form fields from which they want data to be stolen. In addition to other features that sets Pipka apart from Magecart, the new web skimmer is capable of deleting itself from a web page's source code after it has been executed. This article continues to discuss the concept of web skimming, known skimmers such as Magecart, the capabilities of Pipka, and suggested mitigation measures against this attack.

    CSO Online reports "Web Payment Card Skimmers Add Anti-Forensics Capabilities"

  • news

    Visible to the public "FBI Issues Smart TV Cybersecurity Warning"

    The FBI recently issued a warning to consumers about the threat posed by unsecured smart TVs to their security and privacy. According to a statement released by the Oregon branch of the FBI, cybercriminals can abuse an inadequately secured TV connected to the Internet to perform malicious activities such as alter volume settings, display inappropriate videos, and spy on users via the TV's camera or microphone. Shoppers are encouraged to learn how to properly change security settings on these devices before purchasing them. Users should also be aware of how to disable microphones, cameras, and the collection of personal data, as well as if it is possible to disable these features. This article continues to discuss the warning issued by the FBI on smart TV cybersecurity in relation to what attacks can be performed by abusing unsecured TVs and how consumers can protect themselves from such attacks.

    Infosecurity Magazine reports "FBI Issues Smart TV Cybersecurity Warning"

  • news

    Visible to the public "Hackers Could Disrupt Elections by Altering Websites"

    Florida's Secretary of State, Laurel Lee, recently discussed the insecurity of state and county elections websites with the governor's Cybersecurity Task Force. She stressed the importance of bolstering the security of these websites against hackers as their attacks could alter election results and erode the public's trust in the election process. According to Lee, the Florida Department of State is working to improve the security of those sites, stay up-to-date on cyber threats, and learn about security tactics. The Department of State established the Joint Election Security Initiative (JESI) in which 67 county elections offices are trained to identify vulnerabilities and recognize attacks such as phishing attacks, denial-of-service (DoS) attacks, and more, facing election infrastructure. Lee pointed out that these attacks are often executed through the exploitation of human behavior, further emphasizing the importance of security awareness training. This article continues to discuss the importance of securing election infrastructure and efforts that are being made to improve election security.

    GovTech reports "Hackers Could Disrupt Elections by Altering Websites"

  • news

    Visible to the public "Facebook and Twitter Warn of Malicious SDK Harvesting Personal Data From its Accounts"

    Researchers discovered that some third-party apps on Facebook and Twitter have quietly scraped personal information from people's accounts without their consent. Some third-party iOS and Android apps use "malicious" software development kits (SDKs). The "malicious" SDKs were designed to display ads. Experts noticed that once users of the social networks were logged into either service using one of these applications, the SDKs then silently accessed their profiles to collect information. The apps that includes the SDK code can collect user names, email addresses, and tweets via unspecified Android apps. Twitter and Facebook reported the incident to Google, Apple, and other industry partners, to have them take action to block the malicious SDK and apps that include its code.

    Cyber Defense Magazine reports: "Facebook and Twitter Warn of Malicious SDK Harvesting Personal Data From its Accounts"

  • news

    Visible to the public "How Smartphones Can Verify Your Identity"

    PXL Vision, a spin-off from the ETH Zurich, one of the leading international universities for technology and the natural sciences, offers a more secure and easier solution for verifying the identify of a person. Identity verification is essential in activities such as opening bank accounts or purchasing mobile phone subscriptions. However, current solutions for identity verification pose a risk to the privacy of users as they still need to interact with another person to verify themselves. In India, commercially available solutions still require users to interact with an employee via video chats to verify their identity. PXL Vision's automated technology, called Daego (digital alter ego) requires a user to scan their ID and take a selfie video via an app, which are then scanned and matched to prove their authenticity. The potential applications of Daego in the private realm include hiring babysitters and private tutors, as well as online dating. This article continues to discuss the secure digital identity verification solution offered by PXL Vision in regard to its process, security, application by companies, and response from customers, as well as how it is an improvement over human interaction-based verification.

    ETH Zurich reports "How Smartphones Can Verify Your Identity"

  • news

    Visible to the public "Microsoft Looks to Rust Language to Beat Memory Vulnerabilities"

    Microsoft has been working on a project called Project Verona. This project is an ambitious plan to stop common vulnerabilities hiding in old Windows code by using an implementation of the open-source Rust programming language. Traditionally Microsoft Windows software requiring fine control, such as device drivers, low-level OS functions such as storage and memory management, has been written in C or C++. Software requiring fine control comes at the expense of mistakes that lead to insecure code, particularly memory issues, which account for up to 70% of the vulnerabilities that Microsoft finds itself patching later. Rust has built-in protections against common memory problems such as use after free, type confusion, heap and stack corruption, and uninitialized use. Mozilla has already implemented Rust. However, Microsoft's Rust implementation is more complicated because the software needs more capabilities to work across a broader range of components. It is still not clear when Rust programing language might be implemented on Microsoft software used by customers, but it is starting to look inevitable at the current rate of progress.

    Naked Security reports: "Microsoft Looks to Rust Language to Beat Memory Vulnerabilities"

  • news

    Visible to the public "When Rogue Insiders Go to the Dark Web"

    Researchers who investigate the Dark Web are seeing an increase in the distribution of stolen company data by rogue employees. Researchers have seen rogue employees selling data stolen from the organizations at which they are employed as well as the access to this data in the underground markets. According to researchers, most of these rogue insiders work for financial and telecommunications companies. Telecommunications employees were found selling sensitive information such as text message logs and geolocation data from SIM cards, which could be used by attackers to harm VIPs or government employees. Rogue financial firm employees have been seen selling customer banking data and information that could be use for insider training. This article continues to discuss the growth in rogue employees inside the Dark Web, what type of stolen information they are selling, the processes of insider recruits in the underground markets, and the threat posed by rogue insiders.

    Dark Reading reports "When Rogue Insiders Go to the Dark Web"

  • news

    Visible to the public "Ethical Hacking: The Challenges Facing India"

    A security researcher, named Avinash Jain, found a vulnerability in India's state-run health portal, which is used by patients to book appointments at government hospitals online. The vulnerability allowed him to access sensitive details about a patient such as their full name, address, history of appointments made on the health portal, patient ID, unique biometric identification number, and recorded medical conditions. Following Jain's disclosure of the vulnerability to the Indian Computer Emergency Response Team (CERT-In), the flaw was patched. However, the responsible disclosure of critical vulnerabilities by researchers is not always appreciated by the Indian government. Although ethical hackers in India help to improve the security of data, they can still face legal consequences from the Indian government when they disclose vulnerabilities associated with government agency systems. This article continues to discuss the vulnerability discovered in India's ORS Patient Portal, other incidents in which the global healthcare industry has been targeted by cybercriminals, and the lack of legal protections for security researchers in India.

    BBC reports "Ethical Hacking: The Challenges Facing India"

  • news

    Visible to the public "Can Anyone Be Completely Anonymous?"

    Vasileios Chatzistefanou and Konstantinos Limniotis, researchers at the Open University of Cyprus, did a study on the security of five anonymous social media applications to find out if they allow third parties to access personal data or track users. The anonymization of personal data is supposed to ensure that users' privacy is protected from data mining and data publishing systems. However, user privacy is not guaranteed despite the removal of personal identifiers. Characteristics of the data can be used to create a unique fingerprint through the application of different techniques. This fingerprint can then be used to determine the identity of a user. This article continues to discuss the aim of data anonymization, the characteristics that can be used to identify users in a data set, and findings of personal data processing in anonymous applications.

    TechXplore reports "Can Anyone Be Completely Anonymous?"

  • news

    Visible to the public "Crooks Are Exploiting Unpatched Android Flaw to Drain Users’ Bank Accounts"

    A new Android vulnerability, called StrandHogg, could be exploited by attackers to steal mobile banking credentials and money from bank accounts. The discovery was made by the Norwegian app security company, Promon, after being informed by Wultra, an Eastern European security company, about the disappearance of money in customer bank accounts in Czech Republic. The investigation of StrandHogg revealed that it affects all versions of Android and puts the top 500 most downloaded Android apps at risk. This malware is said to be unique because it can be executed without having to root a device or get special permissions on the device. StrandHogg abuses a flaw in Android's multitasking system to launch attacks that would enable malicious apps to appear legitimate. This article continues to discuss the StrandHogg vulnerability in relation to its discovery and capabilities, as well as what Android users should lookout for.

    Help Net Security reports "Crooks Are Exploiting Unpatched Android Flaw to Drain Users' Bank Accounts"

  • news

    Visible to the public "A Bug in Microsoft’s Login System Put Users at Risk of Account Hijacks"

    Security researchers at CyberArk discovered a vulnerability in Microsoft's login system that could have allowed attackers to hijack users' accounts. According to researchers, attackers could have exploited the bug to steal account tokens, which are granted to users by websites and apps to enable them to access their accounts without having to re-enter their passwords. The researchers discovered the use of unregistered subdomains linked to some highly trusted apps developed by Microsoft to generate access tokens. Once an unsuspecting victim clicks on a malicious link contained by an email or website, their account token is stolen. This article continues to discuss the bug found in Microsoft's login system, what the exploitation of this bug could have allowed attackers to do, and how Microsoft responded to this discovery.

    TechCrunch reports "A Bug in Microsoft's Login System Put Users at Risk of Account Hijacks"

  • news

    Visible to the public "This Trojan Malware is Being Used to Steal Passwords and Spread Ransomware"

    There is a new hacking campaign happening right now, targeting healthcare and education organizations with custom-built, Python-based trojan malware. The malware gives attackers almost full control of Windows systems with the ability to monitor actions and steal sensitive data. The remote access trojan, dubbed PyXie RAT, can perform the following functions: keylogging, credential harvesting, video recording, cookie theft, the ability to perform man-in-the-middle attacks, and the capability to deploy other forms of malware onto infected systems. The malware also does it's best to clear evidence of the suspicious activity, to make it hard for an individual to detect the malware.

    ZDNet reports: "This Trojan Malware is Being Used to Steal Passwords and Spread Ransomware"

  • news

    Visible to the public "Cultural Differences Account for Global Gap in Online Regulation"

    A new study conducted by researchers at the University of Birmingham suggest the correlation between a country's cultural values and their commitment to cybersecurity regulation. The study suggests that web users in more competitive national cultures are more likely to be risk-takers, calling for stricter regulation, while web users in less competitive cultures take less risks, prompting lighter cybersecurity regulation. For example, China's culture is more competitive, thus creating more risk-taking web users and resulting in the enforcement of stricter cybersecurity regulation. Risky behavior in regard to cybersecurity, personal data, privacy, cybercrime, and negligence includes, but is not limited to using unsecured Wi-Fi connections, allowing web browsers to remember passwords, and visiting potentially harmful websites on devices that do not have anti-virus protection software installed. This article continues to discuss the study and its findings in relation to how cultures contribute to global differences in online regulation.

    EurekAlert! reports "Cultural Differences Account for Global Gap in Online Regulation"

  • news

    Visible to the public "Netflix Account Freeze – Don’t Click, It’s a Scam!"

    There is a new phishing email going around trying to trick Netflix users that their account was frozen, and specific information is needed to unlock the account. There are quite a few misspellings in the email, and when one clicks on the link, it doesn't bring one to the real Netflix website, but to a website that the adversary had created using a domain name that starts with a 32-character hexadecimal string. If one enters any information, it is then sent to the adversary, not to Netflix. If the user tried to log in on the bogus site, the crooks know their password. The user should then go to the official Netflix login page as soon as they can and change their password. If the user gave away their credit card details, the adversaries know those too. They should call their bank as soon as they can to cancel their card. It is essential to always do one's research before entering information.

    Naked Security reports: "Netflix Account Freeze - Don't Click, It's a Scam!"

  • news

    Visible to the public "Bad RCS Implementations Are Creating Big Vulnerabilities"

    There are multiple vulnerabilities associated with the way in which the new messaging standard aimed at replacing SMS (Short Message Service) is being implemented by carriers. In some instances, carriers' implementation of the communication protocol, RCS (Rich Communication Services), creates major vulnerabilities that could be exploited by attackers to track a user's location, intercept messages, spoof phone numbers, and more. In one case, a carrier's implementation of RCS allowed an app to download a user's RCS configuration file, which enabled the app to have access to voice calls and text messages. In another case, researchers discovered that the six-digit code used by a carrier for user identity verification could be guessed through the execution of a third-party brute-force attack. This article continues to discuss the aim of RCS, the vulnerabilities being created by the way carriers are implementing RCS, and GSMA's response to the RCS implementation issues discovered by researchers.

    The Verge reports "Bad RCS Implementations Are Creating Big Vulnerabilities"

  • news

    Visible to the public "Need to Safeguard Drones and Robotic Cars Against Cyber Attacks"

    Researchers at the University of British Columbia (UBC) demonstrated three different covert attacks on robotic vehicles, suggesting the vulnerability robotic vehicles such as Amazon delivery drones or Mars rovers to getting hacked. The attacks designed by the researchers were able to cause both real and simulated drones and rovers to crash, miss targets, or be delayed in the completion of a mission. These attacks were executed through the exploitation of major flaws in robotic vehicle software. According to researchers, these attacks could not be detected, using the most commonly used detection methods. This discovery emphasizes the need to increase the development and implementation of security mechanisms to protect drones and robotic cars from cyberattacks. This article continues to discuss the attacks developed by UBC researchers to bring further attention to the vulnerability of robotic vehicles to cyberattacks, suggested countermeasures, and the growing use of robotic vehicles.

    Science Daily reports "Need to Safeguard Drones and Robotic Cars Against Cyber Attacks"

  • news

    Visible to the public "CISA Wants a Vulnerability Disclosure Program At Every Agency"

    The U.S. Homeland Security Department's Cybersecurity & Infrastructure Security Agency (CISA) wants a vulnerability disclosure policy in place for every federal agency. Each federal agency would be required to create a formal process for security researchers to safely and legally disclose the vulnerabilities that they discover in the agency's public-facing websites, as well as security flaws found in other IT infrastructure. The implementation of vulnerability disclosure policies would alleviate concerns among public security researchers pertaining to the violation of laws when disclosing discovered security vulnerabilities to the government. The proposed directive would require agencies to create a web-based system for receiving information from researchers about potential vulnerabilities, develop a vulnerability disclosure policy, set clear limitations in regard to hacking methods, and more. This article continues to discuss the directive proposed by CISA and the importance of establishing vulnerability disclosure policies.

    NextGov reports "CISA Wants a Vulnerability Disclosure Program At Every Agency"

  • news

    Visible to the public "This Tool Predicts Cybercriminal Activity Even Before It Happens"

    Group-IB, a Singapore-based cybersecurity company, developed a new tool that can help analysts in security operations centers and computer emergency response teams prevent cyberattacks before they occur. The tool is also available to threat intelligence experts and forensic researchers. Clients will be able to use the internal tool for graph network analysis to find connections between scattered data, increasing the speed at which the malicious actor responsible for the launch of a cyberattack is identified. The tool could also be used to analyze and predict threats that could be faced by a specific organization or industry. In addition, the framework of attackers as well as the tactics they use can also be further examined through the use of this tool. This article continues to discuss the capabilities and design of Group-IB's graph network analysis tool.

    CISOMAG reports "This Tool Predicts Cybercriminal Activity Even Before It Happens"

  • news

    Visible to the public "Should Cybersecurity be Taught in Schools?"

    Human behavior is one of the biggest threats when it comes to cybersecurity. The education system teaches children not only with elementary competencies but also equips them with at least some of the skills that they'll need to navigate their daily lives successfully. In our technology-infused era, it is now argued that also basic cybersecurity skills are among the kinds of skills that help people thrive in life. At the moment, there is a program called Cybersecurity Education Training Assistance Program that is run by the US Department of Homeland Security.

  • news

    Visible to the public "APT33 Has Shifted Targeting to Industrial Control Systems Software, Microsoft Says"

    The Iranian government-linked hacking group, known as APT33, has shifted targets in that the group is now going after industrial control systems (ICS) instead of just probing IT networks. APT33 was previously known to have targeted defense, transportation, oil, and gas sector organizations in the U.S. and Saudi Arabia. If the group were to successfully infiltrate the critical infrastructure supply chain, they could execute a major cyberattack that could inflict damage and endanger public safety. This article continues to discuss the latest targets, operations, and possible motive of APT33.

    CyberScoop reports "APT33 Has Shifted Targeting to Industrial Control Systems Software, Microsoft Says"

  • news

    Visible to the public "Most Organizations Have Incomplete Vulnerability Information"

    According to a new report released by Risk Based Security, if a company only uses the Common Vulnerabilities and Exposures (CVE) system or National Vulnerability Database (NVD) to gain insight into vulnerabilities, they are vulnerable to a significant number of security issues as 33% of disclosed flaws are missing from the CVE/NVD. Researchers at Risk Based Security have identified 5,970 more vulnerabilities than what is included in the CVE/NVD. Researchers also found that many of the disclosed flaws that are not reported in the CVE/NVD are considered to be high risk or critical. As the CVE/NVD only lists flaws disclosed directly by security vendors and researchers, thousands of flaws that are reported in other ways are not getting included in these sources. This article continues to discuss the absence of major security flaws in the CVE/NVD, the reliance on these sources for vulnerability information, the different ways in which researchers disclose flaws, and the companies that disclosed the most flaws in their products last year.

    Dark Reading reports "Most Organizations Have Incomplete Vulnerability Information"

  • news

    Visible to the public "Attackers Demand $14 Million Ransom From IT Services Firm"

    On November 17th Virtual Care Provider Inc., which provides cloud hosting and other services to more than 110 healthcare entities, including nursing homes and assisted living facilities, had been affected by ransomware. The type of ransomware that was used is called Ryuk, and the TrickBot virus was used to spread the ransomware. The adversaries are demanding a 14 million dollar ransom. The attack has affected nearly all of VCPI's core offerings, including internet service, email, access to patient records, client billing, phone systems, and even the firm's payroll operations that serve nearly 150 company employees. Virtual Care Provider Inc., are trying to fix the servers that provide Active Directory access, email, eMAR (electronic medication administration records system), and electronic health records applications first. The reason for the high ransom demand is because the attacker believes that they have Virtual Care Provider Inc. in a situation where they have to pay, or they risk losing their business.

    BankInfoSecurity reports: "Attackers Demand $14 Million Ransom From IT Services Firm"

  • news

    Visible to the public "PoS Malware Exposes Customer Data of Catch Restaurants"

    Point-of-sale (PoS) systems used at popular NYC restaurants, including Catch NYC, Catch Roof and Catch Steak were found to contain malware that could allow attackers to search for track data read by PoS devices from payment cards. The data includes cardholder names, card numbers, expiration data, and internal verification code. The discovery emphasizes the importance of applying encryption on all connections. According to the Catch Hospitality Group, which owns the three restaurants, the malware was removed and additional security measures were implemented to improve the protection of payment-card data. PoS malware is expected to be a major concern for retailers during the holiday season. This article continues to discuss the credit card data scraping malware found on PoS systems in popular Catch restaurants, the response to the discovery of this malware, incidents of PoS malware infections faced by other large brands, and why PoS systems are an easy target for cybercriminals.

    Threatpost reports "PoS Malware Exposes Customer Data of Catch Restaurants"

  • news

    Visible to the public "Cyberattack Hit 10% of Louisiana's State Government Servers"

    Neal Underwood, Louisiana's deputy chief information officer, recently discussed the ransomware attack that impacted 10% of computer network servers used by the Louisiana state government to conduct operations. Although the ransomware attack did not result in the loss of data and a ransom payment to the perpetrators behind the attack, some agencies, including those at the Office of Motor Vehicles, were significantly affected by the attack. Technology staff are still working to get online systems and services functioning again. According to Underwood, some computer systems that were affected by the attack will have to be rebuilt, using backup and recovery systems. The source of the cyberattack is still unknown. This incident further emphasizes the importance of improving the security of state and local governments against ransomware attacks and other cyberattacks. This article continues to discuss the ransomware attack that hit Louisiana's state government servers in regard to its impact and response.

    Security Week reports "Cyberattack Hit 10% of Louisiana's State Government Servers"

  • news

    Visible to the public "A Model to Classify Cyberattacks Using Swarm Intelligence"

    A team of researchers at Glasgow Caledonian University and COMSATS University in Pakistan developed a new intrusion detection scheme to improve the security of information shared via the internet. The proposed scheme is based on the Artificial Bee Colony (ABC) algorithm and the Random Neural Network (RNN-ABC). The intrusion detection RNN-ABC scheme was trained on the NSL-KDD Train+ dataset, which is a dataset used in the training of algorithms to identify the performance of cyberattacks. According to researchers, their scheme has been successful at classifying novel cyberattacks with an accuracy of 91.65%. This article continues to discuss the intrusion detection RNN-ABC scheme in relation to its level of accuracy and how it compares with an existing intrusion detection system based on Hybrid Multilayer Perceptron (MLP), along with the security threat posed by the growth of Internet of Things (IoT) devices.

    TechXplore reports "A Model to Classify Cyberattacks Using Swarm Intelligence"

  • news

    Visible to the public "Cyberattackers Taking Auto Industry for a Ride, FBI Reportedly Warns"

    The FBI issued an alert to a select group of companies in the U.S. auto industry about the exploitation of network vulnerabilities as well as the execution of brute force attacks and phishing attacks to gain access into their networks. According to the FBI, there has been a significant increase in cyberattacks against the auto industry as indicated by recent ransomware attacks targeting car manufacturers, the compromise of systems used by these manufacturers, and the exfiltration of data such as employee email accounts. In addition to stealing sensitive information, malicious hackers have also been reported to be executing fraudulent wire transfers. The automotive attack surface is expected to expand as more autonomous, connected vehicle technology is implemented. This article continues to discuss the FBI alert issued to companies in the automotive sector about the advancement of cyberattacks on the auto industry and suggestions from security experts on how auto manufacturers can improve their security.

    SC Media reports "Cyberattackers Taking Auto Industry for a Ride, FBI Reportedly Warns"

  • news

    Visible to the public "Data Security and Automation top IT Projects for 2020, AI not a Priority"

    In a new study, researchers surveyed 1045 IT professionals worldwide to name their top five IT projects for the year 2020. The research concluded that 74 percent of the respondents identified data security as their top IT priority for 2020. 54% of respondents want to focus on automating manual tasks. 43% of organizations ranked data privacy among their top five priorities; 52% of them are subject to privacy regulations. 33% of organizations intend to focus on digital transformation, integrating their existing solutions, and performing cloud migrations. 20% of organizations are planning on addressing the IT skills shortage either through education of existing IT personnel or talent acquisition in 2020. And interestingly, AI was not chosen by many organizations to be one of their main focuses in 2020. Only 14 percent of large organizations (10,000-50,000 employees) stated that they were going to focus on deploying AI-based solutions in 2020.

    Help Net Security reports: "Data Security and Automation top IT Projects for 2020, AI not a Priority"

  • news

    Visible to the public SoS Musings #31 - Kid Hackers

    SoS Musings #31 -
    Kid Hackers

  • news

    Visible to the public SoS Research Profile: KU Leuven, Belgium

    SoS Research Profile: KU Leuven, Belgium

  • news

    Visible to the public "T-Mobile Reveals Data Breach Affecting Prepaid Customers"

    It has been discovered that telecommunications operator T-Mobile was victim of a data breach. The breach was reported to authorities on November 21st. This breach has affected an undisclosed number of customers. The number of individuals is said to be small, and the breach only impacted customers using T-Mobile's prepaid services. Users' financial data, social security numbers, and passwords were not compromised. The data that was accessed includes name, billing address, phone number, account number, rate plan, and added features. Anyone who is notified about being breached should change their password immediately.

    United States Cybersecurity Magazine reports: "T-Mobile Reveals Data Breach Affecting Prepaid Customers"

  • news

    Visible to the public Cyber Scene #38 - Back to the Future

    Cyber Scene #38 -
    Back to the Future

  • news

    Visible to the public "Your Holiday Guide to Safe Cybershopping"

    Security researchers are cautioning consumers about the spike in cybercrime that usually occurs during the holiday season when people do more online shopping. Consumers should be aware of the expected increase in cybercriminal activities such as the performance of phishing scams, creation of fake shopping sites, deployment of card skimming software, and more. Security experts have provided tips for consumers on how to avoid falling victim to these cybercrimes, which include keeping security software updated, using strong passwords, making sure browsers support SSL encryption, using virtual private networks, and avoiding phishing links. This article continues to discuss the different ways in which cybercriminals can take advantage of unsuspecting consumers and what consumers can do to protect themselves when shopping online.

    CSO Online reports "Your Holiday Guide to Safe Cybershopping"

  • news

    Visible to the public "Brand New Android Smartphones Shipped With 146 Security Flaws"

    In a new analysis, it was uncovered that brand new android phones come with 146 CVE-level flaws in devices from 29 smartphone makers. The defects found could perhaps allow the modification of system properties (28.1%), app installation (23.3%), command execution (20.5%), and wireless settings (17.8%). These Android smartphones made by Samsung, Xiaomi, and other manufacturers, have never been turned on, or have had a malicious app downloaded onto them. These phones are shipped with these flaws. The culprit of these flaws is a range of software specific to each manufacturer, installed in addition to Android itself or its Google applications. The only way to fix the flaws is for the smartphone maker to issue a fix.

    Naked Security reports: "Brand New Android Smartphones Shipped With 146 Security Flaws"

  • news

    Visible to the public "IBM Launches Open Technology to Speed Response to Cyber Threats Across Clouds"

    IBM has launched Cloud Pak for Security, a platform aimed addressing cybersecurity threats across multicloud and hybrid environments, and helping security teams increase the speed at which they respond to cyberattacks. The platform is said to be the first to use open-source technology developed by IBM to search and translate security data from different sources. Cloud Pak for Security has the capability to connect with any security tool, run in any environment, connect data sources to gain security insights without having to transfer data, and connect security workflows to a unified interface to speed up security teams' incident response times. As organizations are increasingly adopting new security technologies to keep up with the evolving cyber threat landscape, they are using disconnected tools that may not work well together all the time. This issue can be addressed by using open technologies and unified platforms such as IBM Cloud Pak for Security. This article continues to discuss the design and capabilities of this new platform.

    PR Newswire reports "IBM Launches Open Technology to Speed Response to Cyber Threats Across Clouds"

  • news

    Visible to the public "Exposed Database Left Terabyte of Travelers’ Data Open to the Public"

    Security researchers have discovered an unprotected database belonging to Gekko Group, which is one of Europe's largest hotel booking companies. According to the researchers, the exposed database contains sensitive data such as travelers' names, home addresses, lodging details, credit card numbers, and passwords stored in plain text. The information stored on the unprotected database belongs to 140,000 clients, each of which could be an individual, organization, or traveling group. The database was discovered during an online scan for servers with inadequate security protections. This discovery brings further attention to the risks associated with the increased use of cloud servers by companies to store data. This article continues to discuss the exposure of travelers' data by an unprotected database, the impact of this exposure, Gekko Group's response to this discovery, and other recent discoveries of exposed databases.

    CNET reports "Exposed Database Left Terabyte of Travelers' Data Open to the Public"

  • news

    Visible to the public "Only 11% of Organizations Can Detect Intruders in Under One Minute"

    In new study, 1,900 senior IT decision-makers and IT security pros in the U.S., Canada, U.K., Mexico, Middle East, Australia, Germany, Japan, France, India, and Singapore across major industry sectors were surveyed to see how fast they could detect intruders. The majority of respondents (80%) reported that in the past 12 months, they have been unable to prevent intruders on their networks from accessing their targeted data, with 44% of the participants pointing to being too slow to detect intruders as the cause. Currently, 95% of respondents surveyed, fell short of meeting the three-time standards of detecting intruders. Out of the individuals surveyed, only 11% of respondent organizations can detect intruders in under one minute, 9% can investigate an incident in 10 minutes, 33% can contain an incident in 60 minutes, and only 5% can do all three. The average time for an organization to detect an attack, investigate an attack, and contain an attack takes an average of 162 hours.

    Help Net Security reports: "Only 11% of Organizations Can Detect Intruders in Under One Minute"

  • news

    Visible to the public "Thousands of Hacked Disney+ Accounts Are Already for Sale on Hacking Forums"

    Shortly after the launch of the Disney+ video streaming service, hackers began hijacking user accounts. The Disney+ launch was accompanied by technical problems as many users complained about not being able to stream movies or shows. However, within the flood of reports pertaining to technical issues, there were complaints about the lost of access to accounts. A number of users reported that hackers were taking over their accounts by logging them out of all of their devices and changing emails as well as passwords for the accounts. Upon further investigation, researchers found that the hijacked Disney+ accounts were being sold on hacking forums for up to $11 per account. This article continues to discuss the technical problems with the Disney+ service, the hijacking of user accounts, the availability of these accounts for purchase on hacking forums, as well as the importance of multi-factor authentication and using unique passwords.

    ZDNet reports "Thousands of Hacked Disney+ Accounts Are Already for Sale on Hacking Forums"

  • news

    Visible to the public "GitHub Initiative Seeks to Secure Open Source Code"

    GitHub recently announced the launch of a new Security Lab. The purpose of the GitHub Security Lab is to improve upon the security of open source software. The new Security Lab will improve the coordination of efforts among researchers, developers, code maintainers, and organizations to address security vulnerabilities contained by open source software. The Security Lab has a dedicated team of security researchers that will work with peers from other organizations to detect security vulnerabilities in open source projects and report the bugs. In addition, developers and maintainers will collaborate in the development of patches for the disclosed flaws. This article continues to discuss the new Security Lab launched by GitHub and how this initiative will improve the security of open source software, along with the growing concern surrounding the vulnerabilities in such software.

    Dark Reading reports "GitHub Initiative Seeks to Secure Open Source Code"

  • news

    Visible to the public "Design Flaw Could Open Bluetooth Devices to Hacking"

    According to new research conducted at Ohio State University, Bluetooth devices contain an inherent design flaw that could allow them to be hacked. The vulnerability derives from the way in which Bluetooth Low Energy devices communicate with mobile apps that are used to control them. The exploitation of the design flaw can leave Bluetooth Low Energy devices vulnerable to being accessed by unauthorized entities as well as eavesdropping attacks. This article continues to discuss the fundamental flaw that leaves these devices vulnerable to being hacked, the potential exploitation of the flaw by hackers, and the development of an automated tool to help researchers examine all of the Bluetooth Low Energy apps available for download in the Google Play Store.

    Science Daily reports "Design Flaw Could Open Bluetooth Devices to Hacking"