-
Tackling cybersecurity incidents with recovery plan, playbook
“Defense! Defense!” may be the rallying cry from cybersecurity teams working to thwart cybersecurity attacks, but perhaps they should be shouting “Recover! Recover!” instead. Attackers are increasingly racking up points against their targets, so NIST has published the Guide for Cybersecurity Event Recovery (link is external) to help organizations develop a game plan to contain the opponent and get back on the field quickly.
-
-
$527K to develop a Web authentication middleware tool
Recent studies have documented many problem areas within the current certificate-based authentication system such as errors and issues with server certificates, invalid chains and subjects, self-signed certificates, and popular websites not properly using them. DHS S&T has awarded $527,112 to Brigham Young University (BYU) in Provo, Utah, to develop a Web authentication middleware tool that would significantly upgrade the current Internet website authentication process and improve online security.
-
-
Russian government hackers used same malware in hacking of DNC, Ukrainian military
The Russian government hackers who hacked the computer systems of the Democratic National Committee (DNC) and the Clinton campaign in order to help Donald Trump win the 2016 presidential election, have also been hacking Ukrainian artillery units in eastern Ukraine. The hacking is aimed to help the Russian military target these units in order to help pro-Russian rebels who have been fighting the Ukrainian military in eastern Ukraine. Cyber experts have discovered that in both cases, the Russian government hackers used a piece of malware known as X-Agent.
-
-
Russian hacking of 2016 U.S. elections threatens to “destroy democracy”: Sen. McCain
Senator John McCain (R-Arizona) said that Russia’s involvement in hacking U.S. political institutions and processes during the 2016 presidential election campaigns threatens to “destroy democracy” in its current form. The senator for Arizona warned there may soon be an “unraveling of the world order” and criticized the “absolute failure of the American leadership” to improve relations with Moscow. “There’s no doubt they were interfering and no doubt it was a cyber-attack. The question now is how much and what damage and what should the United States of America do? And so far, we’ve been totally paralyzed,” he said. “The truth is, they are hacking every single day.”
-
-
Health wearable devices pose new consumer and privacy risks
Watches, fitness bands, and so-called “smart” clothing, linked to apps and mobile devices, are part of a growing “connected-health” system in the U.S., promising to provide people with more efficient ways to manage their own health. These personal health wearable devices, which are used to monitor heart rates, sleep patterns, calories, and even stress levels, raise new privacy and security risks, according to a new report.
-
-
FBI agrees with CIA: Russia’s cyberattacks campaign aimed to help Trump win election
The U.S. intelligence and law enforcement communities are now united in their conclusion that Russian government hackers have actively intervened in the 2016 U.S. presidential elections to help Donald Trump win the presidency. FBI director James B. Comey and Director of National Intelligence James R. Clapper Jr. have strongly supported the CIA assessment, which reached the same conclusions. Trump has consistently praised Vladimir Putin and his policies – and has consistently rejected the U.S. intelligence community’s conclusions about Russian government hacking.
-
-
To Russia with love: Trump’s precarious path on hacking and intelligence
The key point in the debate over Russian hacking of the U.S. 2016 presidential election is that the CIA, the Director of National Intelligence, and the Secretary of Homeland Security have drawn identical conclusions about Russian motives for hacking and propaganda during the 2016 race – to support a Trump victory. The CIA has been blunt in its most recent statement of foreign criminal hacking calculations: “It is the assessment of the intelligence community that Russia’s goal here was to favor one candidate over the other, to help Trump get elected.” In response to the CIA and interconnected findings from several other sources, Trump has openly rejected this intelligence feedback. Despite the fluidity of what intelligence can and cannot do, the high confidence of the CIA should not be automatically ignored or discredited. The fact that Trump has continued to belittle the agency and its widely echoed findings indicates a president-elect who either does not pay attention to the intelligence product, or does not understand how intelligence operates.
-
-
“Nightmare scenario”: Nuclear power plants vulnerable to hacking by terrorists
Security experts fear Fukushima-like disaster as terrorists use new technology to attempt attacks. The frequency and scope of cyberattacks on nuclear plants have increased dramatically, and experts say that a successful hack is now all but inevitable. They say that nuclear plant operators should focus more on preparing to contain and limit the damage when it does occur.
-
-
DHS S&T transitions eighth cybersecurity technology to commercialization
DHS S&T has announced the eighth cybersecurity technology transitioning to commercialization as a part of its Cyber Security Division’s (CSD) Transition to Practice (TTP) program. ZeroPoint has spun off as a startup company called ZeroPoint Dynamics.
-
-
Cybersecurity’s next phase: Cyber-deterrence
From 2005 to 2015, federal agencies reported a 1,300 percent jump in cybersecurity incidents. Clearly, we need better ways of addressing this broad category of threats. Some of us in the cybersecurity field are asking whether cyber deterrence might help. Cyberspace will never be immune to attack – no more than our streets will be immune to crime. But with stronger cybersecurity, increased use of active cyber defenses, and international cyber norms, we can hope to at least keep a lid on the problem.
-
-
Trump absolves Russia, rejects U.S. intel. community evidence, over Russia’s DNC hacking
In an astonishing statement on Wednesday, Trump again absolved Russia from responsibility for the hacking of the DNC and the Clinton campaigns. Trump told Time magazine that the U.S. intelligence was accusing Russia of the hack because of politics and that he rejected their conclusion. Democrats in both houses of Congress are pressuring the administration to disclose more details about Russia’s role in disrupting the campaign of Hillary Clinton in order to help Donald Trump win the 2016 U.S. elections. Senator Lindsey Graham (R-South Carolina) said he would lead an inquiry into the Russian operation. Graham said he would pursue inquiries via subcommittees of which he is the chair.
-
-
Creating safer, less vulnerable software
We can create software with 100 times fewer vulnerabilities than we do today, according to computer scientists at the National Institute of Standards and Technology (NIST). To get there, they recommend that coders adopt the approaches they have compiled in a new publication.
-
-
Ben-Gurion University, PayPal join forces in cybersecurity research
Ben-Gurion University of the Negev (BGU) and PayPal announced a new partnership this morning in order to conduct joint research and development in the fields of big data, machine learning and cyber security. It is the first such collaboration between PayPal and an Israeli university. PayPal’s involvement in big-data and machine learning technology has been supported by its significant R&D activity in Israel, starting with the acquisition of Fraud Sciences in 2008 and the establishment of a global risk and data sciences R&D center in Tel-Aviv.
-
-
Protecting the Internet from weaknesses of many “connected” devices
As an increasing number of devices — from cars to light bulbs to kitchen appliances — connect with computer networks, experts are raising concerns about privacy and security. Just this fall, attackers used compromised home devices, including security cameras and DVRs, to bombard an Internet infrastructure company with traffic, slowing Internet access for much of the U.S. East Coast. to address these concerns, an organization of academics and industry leaders released a report that provides guidance on how to build security and privacy protections into the emerging Internet of things (IoT).
-
-
Declassify information related to Russia’s meddling in the U.S. election: Lawmakers
Senator Ron Wyden (D-Oregon) led seven members of the Senate Intelligence Committee on Wednesday in asking President Barack Obama to declassify information relating to the Russian government and the U.S. election. Russian government hackers – employed by two Russian government agencies — conducted a hacking and disinformation campaign in the run up to the election, aiming to undermine Hillary Clinton and help Donald Trump, but no evidence has emerged to suggest that the Russian government hackers interfered with the voting process itself.
-
More headlines
The long view
States Rush to Combat AI Threat to Elections
This year’s presidential election will be the first since generative AI became widely available. That’s raising fears that millions of voters could be deceived by a barrage of political deepfakes. Congress has done little to address the issue, but states are moving aggressively to respond — though questions remain about how effective any new measures to combat AI-created disinformation will be.
Ransomware Attacks: Death Threats, Endangered Patients and Millions of Dollars in Damages
A ransomware attack on Change Healthcare, a company that processes 15 billion health care transactions annually and deals with 1 in 3 patient records in the United States, is continuing to cause massive disruptions nearly three weeks later. The incident, which started on February 21, has been called the “most significant cyberattack on the U.S. health care system” by the American Hospital Association. It is just the latest example of an increasing trend.
Chinese Government Hackers Targeted Critics of China, U.S. Businesses and Politicians
An indictment was unsealed Monday charging seven nationals of the People’s Republic of China (PRC) with conspiracy to commit computer intrusions and conspiracy to commit wire fraud for their involvement in a PRC-based hacking group that spent approximately 14 years targeting U.S. and foreign critics, businesses, and political officials in furtherance of the PRC’s economic espionage and foreign intelligence objectives.
Autonomous Vehicle Technology Vulnerable to Road Object Spoofing and Vanishing Attacks
Researchers have demonstrated the potentially hazardous vulnerabilities associated with the technology called LiDAR, or Light Detection and Ranging, many autonomous vehicles use to navigate streets, roads and highways. The researchers have shown how to use lasers to fool LiDAR into “seeing” objects that are not present and missing those that are – deficiencies that can cause unwarranted and unsafe braking or collisions.
Tantalizing Method to Study Cyberdeterrence
Tantalus is unlike most war games because it is experimental instead of experiential — the immersive game differs by overlapping scientific rigor and quantitative assessment methods with the experimental sciences, and experimental war gaming provides insightful data for real-world cyberattacks.