• Automated voice imitation can defeat voice-recognition security

    Voice biometrics is based on the assumption that each person has a unique voice that depends not only on his or her physiological features of vocal cords but also on his or her entire body shape, and on the way sound is formed and articulated. Researchers have found that automated and human verification for voice-based user authentication systems are vulnerable to voice impersonation attacks. Using an off-the-shelf voice-morphing tool, the researchers developed a voice impersonation attack to attempt to penetrate automated and human verification systems.

  • Searching for malware hidden in shortened URLs on Twitter

    Cyber-criminals are taking advantage of real-world events with high volumes of traffic on Twitter in order to post links to websites which contain malware. To combat the threat, computer scientists have created an intelligent system to identify malicious links disguised in shortened URLs on Twitter. They will test the system in the European Football Championships next summer.

  • Protecting Navy ships from cyberattacks

    For most people, the term “cyber security” calls to mind stories of data theft like the recent hacks of the OPM database, or network spying like the 2012 breach of the Navy-Marine Corps Intranet. But in this networked world, hackers might also try to disable or take control of machines in our physical world — from large systems like electric power grids and industrial plants, to transportations assets like cars, trains, planes or even ships at sea.

  • DHS S&T awards UCSD $1.3million for cyber security research

    DHS S&T the other day awarded a contract to the University of California San Diego (UCSD) to create technology to defend against large and sophisticated Distributed Denial of Service (DDoS) attacks. The $1.3 million project, “Surveying Spoofing Susceptibility in Software Systems,” aims to measure and improve the use of source address validation (SAV) in the Internet. In many cases, an attacker can send Internet packets using a false source address. In other words, the attacker falsely reports the packets are coming from a company, organization, or government agency when in fact the packets are coming from the attacker.

  • A first: Anti-fraud system to use existing credit card readers

    From large-scale data breaches such as the 2013 Target case to local schemes that use skimming devices to steal data at the gas pump, credit card fraud is becoming commonplace. Because existing magnetic card readers use plain text to store confidential information, they are vulnerable to an untrusted card reader or skimming device. Analysts estimate that this vulnerability is adding up to $8 billion in incurred losses per year in the United States. For the first time, researchers have developed an inexpensive, secure method to prevent mass credit card fraud using existing magnetic card readers.

  • Improving cybersecurity, reducing online theft

    NIST the other day announced it will award nearly $3.7 million for three pilot projects designed to make online transactions more secure and privacy-enhancing for healthcare, government services, transportation, and the Internet of Things. The three recipients of the National Strategy for Trusted Identities in Cyberspace (NSTIC) grants will pilot solutions aimed at reducing tax refund theft, improving the security of medical information and providing secure online data storage.

  • Clearance of employees who repeatedly fall for phishing scams should be revoked: Experts

    People are one vital component in the 3P security system (the others being process and product). Some of the people who handle sensitive government information also continue to fall for human engineering techniques like phishing. The question is: should the individuals who repeatedly fall for these scams have their security clearance revoked? Absolutely they should, maintains DHS chief security officer (CIS) Paul Beckman.

  • Beyond data theft: Next phase of cyber intrusions will include destruction, manipulation of data

    James Clapper, director of U.S. intelligence, and other senior intelligence officers, have warned Congress that the next phase of escalating online data theft will likely involve the manipulation of digital information. Clapper on Wednesday told lawmakers on the House Intelligence Committee that a “cyber Armageddon,” in which a digitally triggered damage to physical infrastructure results in a series of catastrophic events, is less likely than “cyber operations that will change or manipulate data.” Leaders of the U.S. intelligence community told lawmakers that the manipulation or destruction of data would undermine confidence in data stored on or accessible through U.S. networks, engendering an uncertainty which could jeopardize U.S. military situational awareness and undermine business activity.

  • Smart watches allow hackers to harvest users’ data

    They are the latest rage in jewelry and gadgetry, but like all computer devices, smart watches are vulnerable to hackers. Using a homegrown app on a Samsung Gear Live smart watch, researchers were able to guess what a user was typing through data “leaks” produced by the motion sensors on smart watches. The project, called Motion Leaks through Smartwatch Sensors, or MoLe, has privacy implications, as an app that is camouflaged as a pedometer, for example, could gather data from emails, search queries and other confidential documents.

  • Securing and protecting the emerging Internet of Things

    The digital world once existed largely in non-material form. But with the rise of connected homes, smart grids and autonomous vehicles, the cyber and the physical are merging in new and exciting ways. These hybrid forms are often called cyber-physical systems (CPS), and are giving rise to a new Internet of Things. National Science Foundation and Intel Corporation team to improve the security and privacy of computing systems that interact with the physical world using a new cooperative research model.

  • Apple's encryption prevents it from complying with U.S. court order

    Apple said it could not comply with a court order to hand over texts sent using iMessage between two iPhones because the company’s encryption system makes it impossible to do so. The Justice Department persuaded the court to issue the order to facilitate an investigation involving guns and drugs. Legal experts say this is the first known direct face-off between the U.S. government and Apple over encryption. The FBI contends that such encryption puts the American public at risk because it makes it harder, if not impossible, to track and catch terrorists, pedophiles, and other criminals.

  • Strategic alliance to deliver behavioral analysis cybersecurity to market

    Ernst & Young LLP and Los Alamos National Laboratory have formed a strategic alliance to deliver what they describe as some of the most advanced behavioral cybersecurity tools available to the commercial market. The alliance comes at a watershed moment when increasingly sophisticated cyberattacks are inflicting significant economic, social, and even political damage to U.S. organizations. The tools developed by Los Alamos and delivered to the private sector by Ernst & Young LLP can help counter these threats by detecting them before they do deep and lasting damage.

  • Power safety in data centers

    Power and thermal management have become a critical priority in data centers, which can use as much electricity as a small town. Energy and power vulnerabilities pose serious security threats to data centers, but so far little has been done to address these issues. A DHS grant will allow researchers to investigate energy and power safety in data centers.

  • DHS S&T awards $10.4 million in mobile security research contracts

    The mobile technology industry has continuously expanded with new devices and apps, allowing people to simplify how and where business is conducted. While increasing the use of mobile technology can enhance productivity, improved security is needed to ensure that sensitive information is not at risk to current and emerging cyber threats. DHS S&T the other day announced $10.4 million in cybersecurity Mobile Technology Security (MTS) research and development (R&D) awards to enhance the security of mobile devices for the federal government.

  • DHS S&T awards U Oregon a 1.38M contract for DDoS research

    DDoS attacks are used to render key resources unavailable. A typical DDoS attack might disrupt an organization’s Web site and temporarily block a consumer’s ability to access the site. A more strategic attack could make a key resource inaccessible during a critical period. DHS S&T awarded a $1.38 million contract to the University of Oregon to create technology to defend against large and sophisticated Distributed Denial of Service (DDoS) attacks. The University of Oregon’s DrawBridge project will become part of the DHS S&T Cyber Security Division’s larger DDoSD program.