• Extremist groups use social media to lure recruits, find support

    In the past, extremist groups have used tools and forums which were available: Rallies, pamphleteering, and marching in parades were the primary means used for recruitment and spreading their message. Now, as is the case with many other individuals and groups, these efforts have adapted to more contemporary media to target college and university campuses, to gain new members or, at least, sympathy to their cause. They now use the Internet to conduct forums and publish newsletters, a method that exposes potentially millions to their message.

  • Questions raised about Kaspersky’s close ties to the Russian government

    Kaspersky Lab is a Moscow-based company which sells security software, including antivirus programs. The company has 400 million customers, and it ranks sixth in revenue among security-software makers. Since 2012, the company began to replace senior managers with people with close ties to Russia’s military or intelligence services. The company is also helping the FSB, the KGB’s successor, in investigating hacks – and people in the know say the company provides the FSB with the personal data of customers. The company’s actual or perceived alliances have made it a struggle to win U.S. federal contracts.

  • DHS S&T licenses third cybersecurity innovation for commercialization

    The Department of Homeland Security (DHS) Science and Technology Directorate (S&T) yesterday announced that another cybersecurity technology has been licensed for commercialization. This is S&T’s third technology that has successfully gone through the Transition to Practice (TTP) program and into the commercial market. The Network Mapping System (NeMS), developed by Lawrence Livermore National Laboratory, is a software-based tool that tells users what is connected to their network so that they know what needs to be protected.

  • Cyberjacking may be the new threat to air travel

    We accept lengthy queues in airport security as a small price to pay for a couple of weeks in the sun. Could the latest threat to air travel, however, be something that cannot be picked up by metal detectors and X-ray machines? Is cyberjacking — hacking into a plane’s computer systems — a possibility? Researchers warn that it is possible. There is no need to cancel that holiday just yet, however.

  • Teams chosen for the 2016 DARPA Cyber Grand Challenge final competition

    Seven teams from around the country have earned the right to play in the final competition of DARPA’s Cyber Grand Challenge (CGC), a first-of-its-kind tournament designed to speed the development of automated security systems able to defend against cyberattacks as fast as they are launched. The CGC winners will be handsomely rewarded, but DARPA says that more important than the prize money is the fact that it ignites the cybersecurity community’s belief that automated cybersecurity analysis and remediation are finally within reach.

  • Why organizations fight data breaches differently

    Since digitalization began, organizations have understood how valuable their information is. In the wake of recent high-profile security breaches at retail stores such as Target and Neiman Marcus, a new study seeks to determine why differences exist in the level of information security control resources among organizations.

  • Giving government special access to data poses major security risks

    In recent months, government officials in the United States, the United Kingdom, and other countries have made repeated calls for law-enforcement agencies to be able to access, upon due authorization, encrypted data to help them solve crimes. Beyond the ethical and political implications of such an approach, though, is a more practical question: If we want to maintain the security of user information, is this sort of access even technically possible? A report by cybersecurity and encryption experts says that whether “backdoor” or “front-door,” such mechanisms “pose far more grave security risks, imperil innovation on which the world’s economies depend, and raise more thorny policy issues than we could have imagined when the Internet was in its infancy.”

  • Privacy vs. security debate intensifies as more companies offer end-to-end-encryption

    A long running debate has now come to the fore with greater urgency. The tension between the privacy that encryption offers, and the need for law enforcement and national security agencies to have access to secured and encrypted e-mail, has become more acute in the last two years. The revelations of Edward Snowden about the post-9/11 reach and scope of surveillance by intelligence agencies and law enforcement, have caused some tech giants to offer encrypted services to their customers – encrypted services which enhance customers’ privacy protection, but which at the same time make it impossible for law enforcement and intelligence services to track and monitor terrorists and criminals. “Our job is to find needles in a nationwide haystack, needles that are increasingly invisible to us because of end-to-end encryption,” FBI director James Comey told lawmakers in recent hearing on the Hill.

  • Adobe deals with yet another flaw

    On the heels of the discovery of a zero-day defect, a vulnerability not known to the software developer, Adobe is scrambling to develop yet another patch for another vulnerability. The vulnerability, labeled CVE-2015-5119, causes a system to crash and allows a remote computer take control of the target machine. According to the United States Computer Emergency Readiness Team(US-CERT,) ActionScript 3 ByteArray class, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.

  • Countering extremist groups’ social media influence, persuasion

    Social media has become a vital channel for terrorist groups to share news and seduce new members. The recent, notable successes of ISIS in the United States and Europe have demonstrated that terror groups can successfully use this approach to further their agenda of violence. While it gets less attention, social media is equally important for groups that are sharing and communicating information to counter extremist discourse. The problem is, how can those looking to counter the violent ideology of groups like ISIS analyze all the conversations to determine what is a significant danger? How can groups countering violent extremism leverage social media to limit the diffusion of extremist ideology? New research aimed at helping to solve this puzzle.

  • Disinformation campaigns damage credibility of social media emergency alerts

    Disinformation campaigns, which populate sections of social media platforms such as Twitter, are making real emergency data and notifications harder to absorb, a cybersecurity analyst argues. The spreading of emergency-related hoaxes, including those which involve conspiracy-related topics, damages the credibility of sites that provide useful information in those circumstances.

  • Mercenary hackers get hacked

    In an ironic turn of events, a group of mercenary hackers were themselves hacked. The group of Italy-based hackers, known as Hacking Team, has been selling its software and services to government and corporate entities in order to test their security fitness. The hackers were able to gain access to the company’s client list, which shows that the company sold surveillance software to authoritarian regimes so they could spy on political dissidents.

  • Illinois’s cybersecurity talent to participate in USCC camp & competition

    Next week, Illinois’s top cybersecurity talent, including veterans, will gather at Moraine Valley Community College in Palos Hills, Illinois, to participate in the annual U.S. Cyber Challenge (USCC) Cyber Camp. Throughout the week-long camp, individuals will participate in a variety of classes that cover such subjects as packet crafting and pen testing, and compete in a virtual “Capture the Flag” competition to demonstrate their cybersecurity abilities in a free-form environment.

  • New encryption method emulates the way parents talk to their children

    Encrypting e-mails can be tedious, difficult, and very confusing. Even for those who have mastered the process, it is useless unless the intended recipient has the correct software to decode the message. A researcher has now created an easier method — one that sounds familiar to parents who try to outsmart their 8-year-old child. The new technique gets rid of the complicated, mathematically generated messages that are typical of encryption software. Instead, the method transforms specific e-mails into ones that are vague by leaving out key words.

  • New NCCoE building blocks for e-mail security and PIV credentials

    NIST’s National Cybersecurity Center of Excellence (NCCoE) has proposed two new building blocks, one to help organizations improve the security of e-mail, the other to enable mobile devices to provide security services based on personal identity verification (PIV) credentials. NIST invites the public to comment on the draft documents, and the comment period ends 14 August 2015.