-
Maritime vessels at risk of cyberattack because of outdated systems
Maritime vessels are under significant threat of cyber-attack because many are carrying outdated software and were not designed with cyber security in mind, according to new research. But operators could easily mitigate against such dangers by updating security systems, improving ship design and providing better training for crews.
-
-
Presidential campaigns spied on by foreign hackers with “a variety of motivations”
National Intelligence Director James Clapper said that the campaigns of all the candidates for president are being spied on by foreign hackers with “a variety of motivations.” Clapper said that the acts of espionage against the campaigns may only just be getting started. “As the campaigns intensify we’ll probably have more of it,” Clapper noted.
-
-
We know where you live
Researchers have shown that the location stamps on just a handful of Twitter posts — as few as eight over the course of a single day — can be enough to disclose the addresses of the poster’s home and workplace to a relatively low-tech snooper. The tweets themselves might be otherwise innocuous — the location information comes from geographic coordinates automatically associated with the tweets.
-
-
How Israel became a cybersecurity superpower
Israel’s rise as one of the world’s leaders in cybersecurity has been boosted by cooperation between the military, government, education, and private sectors, a level of partnership unmatched in the Western world. Israel’s cybersecurity sector is now worth half a billion dollars annually — second only to the United States.
-
-
Cybersecurity cracks the undergraduate curriculum
In a time when million-dollar security breaches of household name corporations regularly make headlines and complicate lives, computer science undergraduates at America’s universities remain surprisingly underexposed to basic cybersecurity tactics. the Software Assurance Marketplace (SWAMP), a national cybersecurity facility housed at the Morgridge Institute for Research in Madison, Wisconsin, has been working to address this skills gap by offering a suite of software security tools that Bowie State has been integrating into undergraduate coding courses, giving students a way to examine and rid their code of security weaknesses.
-
-
America is ‘dropping cyberbombs’ – but how do they work?
Recently, United States Deputy Defense Secretary Robert Work publicly confirmed that the Pentagon’s Cyber Command was “dropping cyberbombs,” taking its ongoing battle against the Islamic State group into the online world. Other American officials, including President Barack Obama, have discussed offensive cyber activities, too. Cyber weapons and the policies governing their use likely will remain shrouded in secrecy. However, the recent public mentions of cyber warfare by national leaders suggest that these capabilities are, and will remain, prominent and evolving ways to support intelligence and military operations when needed.
-
-
Italian police cannot unlock Bari terrorist iPhone
The Italian security services have been unable to unlock the Apple iPhone 6 plus of a suspect member of a terrorist ring in the city of Bari. Analysts say the development will likely result in another stand-off between Apple and a government fighting terrorism, similar to the stand-off between Apple and the U.S. government over the iPhone used by the San Bernardino terrorists.
-
-
Building security into cyber-physical systems
We are immersed in a cyber-physical world. Information technology is deeply embedded in traditionally non-IT systems, including automobiles, the electric grid and emergency response. But in many of these systems, security is largely incorporated as a last step, like a suit of armor over a vulnerable body. To help bake security into the very core, a new draft NIST publication recommends ways to incorporate time-tested security design principles and concepts into these systems at every step, from concept to implementation.
-
-
Security software can put computers at risk
Is the antivirus program running on your computer really making your computers safer to use, say, for online banking? Is the parental control software you bought to keep your 13-year-old off porn sites downgrading the overall safety of your computer? New research from Concordia shows security software might actually make online computing less safe.
-
-
Cybersecurity’s weakest link: humans
There is a common thread that connects many of the recent hacks which captured the headlines. They all employed generic – or what is now considered “old school” – phishing attacks which typically took the form of the infamous “Nigerian prince” type e-mails, trying to trick recipients into responding with some personal financial information. “Spearphishing” attacks are similar but far more vicious. They seek to persuade victims to click on a hyperlink or an attachment that usually deploys software (called “malware”) allowing attackers access to the user’s computer or even to an entire corporate network. Yes, people are the weakest links in cybersecurity. But they don’t have to be. With smarter, individualized training, we could convert many of these weak links into strong detectors – and in doing so, significantly strengthen cybersecurity.
-
-
“Internet of Things” increases threat to infrastructure
According to former Director of National Intelligence Dennis Blair, a simple Web search can reveal information from thousands of unsecured devices. Even the casual browser can access camera data from Sweden, video game server activity in Eastern Europe, or the output of American wind turbines. He said this information is as easily accessible to terrorists and other criminals. And more will become available as the “Internet of things” — the collection of physical systems and devices connected to the Internet — grows in size.
-
-
“Smart home” security flaws found in popular system
Cybersecurity researchers were able to hack into the leading “smart home” automation system and essentially get the PIN code to a home’s front door. Their “lock-pick malware app” was one of four attacks that the cybersecurity researchers leveled at an experimental set-up of Samsung’s SmartThings, a top-selling Internet of Things platform for consumers. The work is believed to be the first platform-wide study of a real-world connected home system. The researchers did not like what they saw.
-
-
Defending encrypted data from quantum computer threat
If an exotic quantum computer is invented that could break the codes we depend on to protect confidential electronic information, what will we do to maintain our security and privacy? This is the overarching question posed by a new report from the National Institute of Standards and Technology (NIST), whose cryptography specialists are beginning the long journey toward effective answers.
-
-
FBI does not know how the $1m iPhone hack works
The FBI does not know how the hack which was used to unlock the San Bernardino terrorist’s iPhone 5C works, even though the agency paid about $1 million for the technique. The identity of the hackers who sold the technique to the agency is a closely guarded secret, and the FBI director himself does not know who they are.
-
-
Argonne hosts Cyber Defense Competition
More than seventy-five aspiring cyber defenders from across Illinois and Iowa converged last Saturday on the U.S. Department of Energy’s (DOE’s) Argonne National Laboratory to take on the challenge of Argonne’s first Collegiate Cyber Defense Competition. The competition provided a strong challenge for eight teams from seven colleges, forcing them to defend simulated power utility networks from a variety of realistic attacks by a “Red Team” made up of cyber experts from Argonne and industrial partners.
-
More headlines
The long view
States Rush to Combat AI Threat to Elections
By Zachary Roth
This year’s presidential election will be the first since generative AI became widely available. That’s raising fears that millions of voters could be deceived by a barrage of political deepfakes. Congress has done little to address the issue, but states are moving aggressively to respond — though questions remain about how effective any new measures to combat AI-created disinformation will be.
Ransomware Attacks: Death Threats, Endangered Patients and Millions of Dollars in Damages
By Dino Jahic
A ransomware attack on Change Healthcare, a company that processes 15 billion health care transactions annually and deals with 1 in 3 patient records in the United States, is continuing to cause massive disruptions nearly three weeks later. The incident, which started on February 21, has been called the “most significant cyberattack on the U.S. health care system” by the American Hospital Association. It is just the latest example of an increasing trend.
Chinese Government Hackers Targeted Critics of China, U.S. Businesses and Politicians
An indictment was unsealed Monday charging seven nationals of the People’s Republic of China (PRC) with conspiracy to commit computer intrusions and conspiracy to commit wire fraud for their involvement in a PRC-based hacking group that spent approximately 14 years targeting U.S. and foreign critics, businesses, and political officials in furtherance of the PRC’s economic espionage and foreign intelligence objectives.
Autonomous Vehicle Technology Vulnerable to Road Object Spoofing and Vanishing Attacks
Researchers have demonstrated the potentially hazardous vulnerabilities associated with the technology called LiDAR, or Light Detection and Ranging, many autonomous vehicles use to navigate streets, roads and highways. The researchers have shown how to use lasers to fool LiDAR into “seeing” objects that are not present and missing those that are – deficiencies that can cause unwarranted and unsafe braking or collisions.
Tantalizing Method to Study Cyberdeterrence
By Trina West
Tantalus is unlike most war games because it is experimental instead of experiential — the immersive game differs by overlapping scientific rigor and quantitative assessment methods with the experimental sciences, and experimental war gaming provides insightful data for real-world cyberattacks.