-
More than 1 million Google accounts breached by Gooligan malware campaign
Check Point Research Team says that on Tuesday, hard work done by the company’s security research teams revealed a new and alarming malware campaign. The attack campaign, named Gooligan, breached the security of over one million Google accounts. The number continues to rise at an additional 13,000 breached devices each day. The company’s research exposes how the malware roots infected devices and steals authentication tokens that can be used to access data from Google Play, Gmail, Google Photos, Google Docs, G Suite, Google Drive, and more.
-
-
Advancing the science of cybersecurity
Cyberattacks on corporations, agencies, national infrastructure and individuals have exposed the fragility and vulnerability of the internet and networked systems. Achieving truly secure cyberspace requires addressing both the technical vulnerabilities in systems, as well as those that arise from human behaviors and choices. NSF awards $70 million to support interdisciplinary cybersecurity research.
-
-
Russian gov. hackers may disrupt Germany’s 2017 elections: Germany’s intel chief
The Russian government’s broad hacking campaign to undermine Hillary Clinton’s presidential bid and help Donald Trump become the U.S. next president may well be the template Russia is following in the run-up to next year’s German general election. Russia has actively – both overtly and covertly — supported right-wing, ethno-nationalist, populist, and proto-Fascist parties like Front National in France, Golden Dawn in Greece, Ataka in Bulgaria, and Jobbik in Hungary. These parties share not only anti-immigrant policies – but they are also fiercely anti-EU and want to distance their countries from NATO. One of the major themes in the public rallies – and political platform – of the German far-right, anti-Muslim, anti-immigrant Pegida movement is that the influence of President Vladimir Putin’s Russia in Germany would be a welcome alternative to the imperial designs of the United States and Brussels.
-
-
Restoring power to a grid facing a cyberattack
Currently, utility companies in North America have procedures and capacity to handle localized power outages caused by events such as extreme weather and high usage on hot days. However, there are not any tools available to resolve the type of widespread outages that can be caused using malware. Researchers from SRI International are leading a collaborative team to develop cutting-edge technology that can be used by utilities and cyber first responders to restore power to an electric grid that has come under a cyberattack.
-
-
How social media is energizing crisis response
Natural disasters, such as the recent Hurricane Matthew in the Caribbean, present a huge challenge for governments, non-governmental organizations, and of course the individuals and communities affected. But studies of the effectiveness or otherwise of the responses to these disasters typically focus on official activities, producing a top-down view of what unfolded. Researchers studying the 2011 Thailand flooding disaster – the world’s fourth most severe natural disaster at that time instead looked at how individuals on the ground used social media to share information and offer support, often in areas where the official response was lacking or ineffective.
-
-
Check Point identified a new, image-based method for malware dissemination
Check Point researchers identified a new attack vector, named ImageGate, which embeds malware in image and graphic files. Furthermore, the researchers have discovered the hackers’ method of executing the malicious code within these images through social media applications such as Facebook and LinkedIn.
-
-
Continuously scrambling code to limit chances of hacking success
As long as humans are writing software, there will be coding mistakes for malicious hackers to exploit. A single bug can open the door to attackers deleting files, copying credit card numbers or carrying out political mischief. A new program called Shuffler tries to preempt such attacks by allowing programs to continuously scramble their code as they run, effectively closing the window of opportunity for an attack.
-
-
Malware covertly turns PCs into eavesdropping devices
Researchers have demonstrated malware that can turn computers into perpetual eavesdropping devices, even without a microphone. Using SPEAKE(a)R, malware that can covertly transform headphones into a pair of microphones, the researchers show how commonly used technology can be exploited.
-
-
Protecting your laptop -- even when it is asleep
In the age of WikiLeaks, Russian hacks and increased government surveillance, many computer users are feeling increasingly worried about how best to protect their personal information — even if they aren’t guarding state secrets. Luckily, there is a solution: Hypnoguard, powerful new software developed by Concordia researchers to safeguard data even when computer is in sleep mode.
-
-
Army issues “Hack the Army” challenge
Army Secretary Eric Fanning announced plans to launch the federal government’s most ambitious “bug bounty” challenge, known as “Hack the Army.” Building off the Army’s previous “Hack the Pentagon” program earlier this year and similar initiatives advanced by private sector companies, the Army will offer cash rewards to hackers who find vulnerabilities in select, public-facing Army Web sites. unlike the Hack the Pentagon program, which offered hackers static Web sites that were not operationally significant as targets, Hack the Army will offer dynamic exchanges of personal identifiable information, sites considered critical to the Army’s recruiting mission.
-
-
Cybersecurity policy ideas for a new administration
A new report, Cybersecurity Policy Ideas for a New Presidency, published by the UC Berkeley Center for Long-Term Cybersecurity (CLTC), aims to help the Trump administration prepare to tackle the complex challenge of cybersecurity. “This brief brochure reviews ideas we hope the incoming Trump administration will consider as it develops a new cybersecurity agenda,” the authors write. “We lay out options and programs — some simple, some less so — that the president should consider at each step in his first term.”
-
-
Nation-state made “conscious effort to influence U.S. election” by leaking Clinton's e-mails: NSA chief
Hillary Clinton’s e-mails were leaked to WikiLeaks in a “conscious effort” by a nation state to influence the U.S. election, the director of the National Security Agency (NSA) has said. Admiral Michael Rogers, who also commander of the US Cyber Command, told a Wall Street Journal conference: “There should be no doubt in anybody’s mind, this was not something that was done casually, this was not something that was done by chance, this was not a target that was selected purely arbitrarily. This was a conscious effort by a nation state to attempt to achieve a specific effect.”
-
-
Alt-right racists to flood Twitter with “fake black people” posts
White supremacists associated with the alt-right movement said they were planning to retaliate against Twitter by inundating it with postings from fake accounts pretending to be black people. The alt-right extremists said the retaliation is in response to Twitter’s banning several accounts belonging to individuals and groups associated with the racist and anti-Semitic movement. Alt-right figure Andrew Anglin of the neo-Nazi Web site Daily Stormer instructed his followers: “When you have time, create a fake black person account,” he wrote. “Just go on black Twitter and see what they look like, copy that model. Start filling it with rap videos and booty-shaking or whatever else these blacks post.”
-
-
Twitter suspends accounts of alt-right individuals, organizations
Twitter has suspended the accounts of several individuals and groups linked to the alt-right. The alt-right movement embraces white supremacists, anti-Semites, and all manner of bigots in addition to conspiracy theorists and more “traditional” rabble-rousing populists and extremists. Steve Bannon, the publisher of the alt-right’s main organ, the Breitbart News Web site, was Trump campaign CEO, and is slated to become the strategic counselor to the Trump in the White House. Twitter said that company rules prohibit “violent threats, harassment, hateful conduct, and multiple account abuse, and we will take action on accounts violating those policies.” “The great purge is upon us. But Twitter could have purged the #AltRight BEFORE we memed a President into the White House. They didn’t because they never believed it was possible,” Pax Dickinson, founder of alt-right site WeSearchr; wrote. “Banning us now is too little & too late.”
-
-
DHS releases Strategic Principles for Securing the Internet of Things
DHS the other day issued a set of Strategic Principles for Securing the Internet of Things (IoT), Version 1.0. These principles highlight approaches and suggested practices to fortify the security of the IoT. They aim to equip stakeholders to make responsible and risk-based security decisions as they design, manufacture, and use internet-connected devices and systems.
-
More headlines
The long view
States Rush to Combat AI Threat to Elections
This year’s presidential election will be the first since generative AI became widely available. That’s raising fears that millions of voters could be deceived by a barrage of political deepfakes. Congress has done little to address the issue, but states are moving aggressively to respond — though questions remain about how effective any new measures to combat AI-created disinformation will be.
Ransomware Attacks: Death Threats, Endangered Patients and Millions of Dollars in Damages
A ransomware attack on Change Healthcare, a company that processes 15 billion health care transactions annually and deals with 1 in 3 patient records in the United States, is continuing to cause massive disruptions nearly three weeks later. The incident, which started on February 21, has been called the “most significant cyberattack on the U.S. health care system” by the American Hospital Association. It is just the latest example of an increasing trend.
Chinese Government Hackers Targeted Critics of China, U.S. Businesses and Politicians
An indictment was unsealed Monday charging seven nationals of the People’s Republic of China (PRC) with conspiracy to commit computer intrusions and conspiracy to commit wire fraud for their involvement in a PRC-based hacking group that spent approximately 14 years targeting U.S. and foreign critics, businesses, and political officials in furtherance of the PRC’s economic espionage and foreign intelligence objectives.
Autonomous Vehicle Technology Vulnerable to Road Object Spoofing and Vanishing Attacks
Researchers have demonstrated the potentially hazardous vulnerabilities associated with the technology called LiDAR, or Light Detection and Ranging, many autonomous vehicles use to navigate streets, roads and highways. The researchers have shown how to use lasers to fool LiDAR into “seeing” objects that are not present and missing those that are – deficiencies that can cause unwarranted and unsafe braking or collisions.
Tantalizing Method to Study Cyberdeterrence
Tantalus is unlike most war games because it is experimental instead of experiential — the immersive game differs by overlapping scientific rigor and quantitative assessment methods with the experimental sciences, and experimental war gaming provides insightful data for real-world cyberattacks.