• CybersecurityHyperion cyber security technology receives commercialization award

    The commercial licensing of a cybersecurity technology developed at the Department of Energy’s Oak Ridge National Laboratory has been recognized by the Federal Laboratory Consortium for Technology Transfer (FLC) as a good example of moving technology to the marketplace. Hyperion, which has the capability automatically to analyze executable programs and recognize behaviors that signal malicious intent and vulnerabilities, was licensed to Virginia-based R&K Cyber Solutions, LLC, in late 2014.

  • CybersecurityResearchers use advanced algorithms to identify six botnets

    Ben-Gurion University of the Negev (BGU) cyber security researchers have discovered and traced approximately six “botnets” by analyzing data collected from past cyberattacks. Botnets are networks of malicious, remotely updatable code that covertly lurk on infected computers.

  • CybersecurityIntel unveils new security-on-a-chip system

    Intel on Tuesday unveiled a new password security-on-a-chip system called Intel Authenticate. The new security system aims to thwart hackers who use fake e-mails to trick employees into revealing sensitive information like user names and passwords. Intel said that putting the authentication process on a chip makes the PC itself part of the security system.

  • CybersecurityOptical illusions which fool computer vision raise security concerns

    Computers are learning to recognize objects with near-human ability. But researchers have found that computers, like humans, can be fooled by optical illusions, which raises security concerns and opens new avenues for research in computer vision

  • Infrastructure protectionIranian hackers attacked New York dam

    In 2013, Iranian government hackers infiltrated the control system of Bowman Avenue Dam in Rye, New York, located twenty-five miles from New York City. Using a cellular modem, the hackers could have released larger volumes of upstream water without warning. As dams go, the Rye dam is small at about 20ft tall. There was some confusion initially, as DHS and DOE thought a similarly named dam in Oregon — the Arthur R. Bowman Dam – was the one hacked. The Oregon dam, at 245 feet, is much bigger, and hacking its control systems could have had much more serious consequences.

  • CybersecurityFollowing indictments, China’s military reduces its commercial cybeespionage against American companies

    The People’s Liberation Army (PLA) has reduced its cyberespionage activity targeting American companies since five PLA officers were indicted by the Department of Justice in May 2014. “The indictments had an amazing effect in China, more than we could have hoped for,” said one expert. In April, Obama signed an executive order calling for impose economic sanctions on individuals and entities that take part in or benefit from illicit cyber-activities such as commercial espionage. “If the indictments had the effect of getting the PLA to scale down, then sanctions likely will have a wider effect on other Chinese state-sponsored groups,” says another expert.

  • view counter
  • Encryption & terroristsTelegram IM app recalibrates policies after Paris attacks

    Pavel Durov, the creator of the popular instant messaging app Telegram, has said that following the Paris terrorist attacks, his company has blocked dozens of accounts associated with the jihadist Islamic State group. As is the case with other technology companies, Telegram is trying to negotiate the balance between privacy and security: the same privacy-enhancing technology which keeps customers’ communication private, also helps terrorists communicate with each other and plot attacks safe from monitoring and surveillance by intelligence agencies and law enforcement.

  • CybersecurityAutomated application whitelisting to prevent intrusions, malware

    Automated application whitelisting regulates what software can load onto an organization’s network. It is one of a number of techniques that can help prevent malware infections, and it complements other security technologies that are part of an enterprise’s defense-in-depth resources. The National Institute of Standards and Technology (NIST) has published a guide to deploying automated application whitelisting to help thwart malicious software from gaining access to organizations’ computer systems.

  • CybersecurityDHS S&T-funded technology protects devices from cyberattacks

    In 2011, a small group of university researchers working on securing embedded devices caught the attention of the Department of Homeland Security (DHS) Science and Technology Directorate (S&T). That effort has since evolved into a one-of-a-kind technology — called Symbiote — which Hewlett-Packard (HP) recently licensed from Red Balloon Security, to protect its printers from cyberattacks.

  • EncryptionStealing encryption keys on Amazon’s Cloud servers

    Cloud computing is a service that enables companies and organizations to store information and run computer applications without making their own investments in actual computer hardware or employing IT staff. Researchers have demonstrated that RSA encryption keys, which are used by thousands of companies and organizations to protect the data and processes they entrust to cloud-based services, can be obtained using a sophisticated side-channel attack — despite recent efforts by cloud service providers and cryptography software developers to eliminate such vulnerabilities.

  • Cyber legislationAmendment to CISA: U.S. courts could pursue foreigners for crimes abroad against other foreigners

    A controversial amendment to an already-controversial cybersecurity bill will allow U.S. courts to pursue, convict, and jail foreign nationals in cases in which these foreigners committed crimes against other foreigners on foreign soil. The amendment to the Cybersecurity Information Sharing Act (CISA) cleared a key Senate hurdle on Thursday. It aims to lower the barrier for prosecuting crimes committed abroad.

  • Cyber legislationEFF leads privacy advocates in opposing CISA

    Privacy advocates have intensified their campaign against the Cybersecurity Information Sharing Act (CISA), which the Senate will vote on sometime next week. The Electronic Frontier Foundation (EFF) says it vehemently opposes the bill, as well as amendments which would expand the Computer Fraud and Abuse Act. EFF says that CISA is fundamentally flawed. The bill’s broad immunity clauses, vague definitions, and what EFF describes as “aggressive spying powers” combine to “make the bill a surveillance bill in disguise.”

  • SurveillanceRuling shows Europe still vexed over NSA spying, leaving U.S. companies in legal limbo

    By Caren Morrison

    For over fifteen years, the Data Transfer Pact between the European Union and the United States, more commonly known as Safe Harbor, had ensured that companies with EU operations could transfer online data about their employees and customers back to the United States despite stark differences between U.S. and European privacy law. Earlier this month, U.S. companies operating in Europe got some unwelcome news: Safe Harbor had been ruled invalid. The European court’s ruling has serious implications for these companies’ business models and profitability, leaving many scrambling to find solutions. But it also exposes a fundamental cultural rift between the U.S. and Europe’s conceptions of privacy – one that a new agreement won’t be able to paper over.

  • CybersecurityCyberthreats, cyberattattacks will only increase over time: Experts

    The increasing dependency of a growing number of organizations on the Internet has served to increase the number of targets for hackers, particularly those organizations that have not given adequate attention to securing their network as they should. Even those networks not connected to the Internet are not immune from penetration by hackers. This is a threat that shows no sign of ever slowing down. More likely it will only increase over time, as cyber-capabilities are developed by more and more entities.

  • CybersecurityGuarding networks from “insider threats”

    Even the best-protected, most sensitive computer networks resemble castles: They have walls to ward off outside threats, but their interiors are full of weak points. This is why the “insider threat” — someone within a system who, out of malice or naiveté puts a system at risk - -is considered one of the most serious risks in the cybersecurity world. “The insider threat is clearly a challenge for organizations, because most countermeasures were developed for external attacks,” says one researcher.