• Disinformation campaigns damage credibility of social media emergency alerts

    Disinformation campaigns, which populate sections of social media platforms such as Twitter, are making real emergency data and notifications harder to absorb, a cybersecurity analyst argues. The spreading of emergency-related hoaxes, including those which involve conspiracy-related topics, damages the credibility of sites that provide useful information in those circumstances.

  • Mercenary hackers get hacked

    In an ironic turn of events, a group of mercenary hackers were themselves hacked. The group of Italy-based hackers, known as Hacking Team, has been selling its software and services to government and corporate entities in order to test their security fitness. The hackers were able to gain access to the company’s client list, which shows that the company sold surveillance software to authoritarian regimes so they could spy on political dissidents.

  • Illinois’s cybersecurity talent to participate in USCC camp & competition

    Next week, Illinois’s top cybersecurity talent, including veterans, will gather at Moraine Valley Community College in Palos Hills, Illinois, to participate in the annual U.S. Cyber Challenge (USCC) Cyber Camp. Throughout the week-long camp, individuals will participate in a variety of classes that cover such subjects as packet crafting and pen testing, and compete in a virtual “Capture the Flag” competition to demonstrate their cybersecurity abilities in a free-form environment.

  • New encryption method emulates the way parents talk to their children

    Encrypting e-mails can be tedious, difficult, and very confusing. Even for those who have mastered the process, it is useless unless the intended recipient has the correct software to decode the message. A researcher has now created an easier method — one that sounds familiar to parents who try to outsmart their 8-year-old child. The new technique gets rid of the complicated, mathematically generated messages that are typical of encryption software. Instead, the method transforms specific e-mails into ones that are vague by leaving out key words.

  • New NCCoE building blocks for e-mail security and PIV credentials

    NIST’s National Cybersecurity Center of Excellence (NCCoE) has proposed two new building blocks, one to help organizations improve the security of e-mail, the other to enable mobile devices to provide security services based on personal identity verification (PIV) credentials. NIST invites the public to comment on the draft documents, and the comment period ends 14 August 2015.

  • Studying terrorists' social-media recruiting power in order to negate it

    Last month a United Nations panel asked social-media companies such as Twitter and Facebook to respond to how terrorist groups use their networks to spread propaganda or recruit members with increasing success. As these terrorist groups, such as ISIS or al-Qaeda, evolve their social-media skills, the U.S. Department of Defense’s Minerva Project is funding a research project by a team of researchers who will be monitoring these groups’ advancements and trying to determine how their online actions can be negated.

  • Duqu 2.0: New, menacing programming concept

    In 2011, the security world was rocked by the announcement of a newly discovered virus named Stuxnet. This malware, unlike previous viruses, was targeted at one particular victim. That target was Iran’s nuclear program.Following on the heels of Stuxnet was a variant named Duqu.Duqu is different from Stuxnet, however, in that it was designed to gather information for future attacks, rather than perform the attack itself.There is evidence that the malware was used to gather information on the U.S. talks with Iran over the Iranian nuclear program.Since this worm is able to move laterally, and runs only in system memory, a given computer can be easily re-infected from elsewhere in the home network, without using any mechanisms that would provide persistence. Duqu 2.0 represents programming concepts never used before that make it extremely dangerous.

  • Internet facilitates radicalization of Westerners, even as reasons vary

    Since the early 2000s the Internet has become an important tool for the global jihadist movement. Nowhere has the Internet been more important in the movement’s development than in the West. A new study says that while dynamics differ from case to case, it is fair to state that almost all recent cases of radicalization in the West involve at least some digital footprint. Jihadism is a complex ideology that mixes religion and politics. The study confirms, however, the importance of its religious aspect for many of those who embrace violence — a fact some studies have dismissed.

  • Abu Dhabi’s power system to be used for critical infrastructure cybersecurity study

    Abu Dhabi, UAE-based Masdar Institute of Science and Technology and MIT will use Abu Dhabi’s power system as a case study for developing a knowledge map of the power system and its cybersecurity shortcomings. The project is due to run for two years. At the end of this two year period, the collaborating institutions hope that data from the analysis of Abu Dhabi’s power system could be compared against data from the projects running concurrently in New York and Singapore to develop a comprehensive knowledge map, capable of being applied to critical infrastructure worldwide.

  • U.S. Cyber Challenge Eastern Regional Competition announces winner

    On Friday, participants of the annual U.S. Cyber Challenge (USCC) Eastern Regional Cyber Camp competed in a “Capture-the-Flag” competition to demonstrate their knowledge and skill of cybersecurity and compete to win one of a limited number of (ISC)2 scholarships. Participants of Eastern Regional Cyber Camp were selected based in part on their scores from Cyber Quests, an online competition offered through USCC in April, which drew more than 1,300 registrants from over 600 schools nationwide.

  • Government credentials found on the open Web

    Somerville, Massachusetts-based Recorded Future has identified the possible exposures of login credentials for forty-seven U.S. government agencies across eighty-nine unique domains. Recorded Future says that as of early 2015, twelve of these agencies, including the Departments of State and Energy, allowed some of their users access to computer networks with no form of two-factor authentication.

  • State Department stays away from Chinese-owned Waldorf Astoria

    The U.S. State Department said American diplomats and State Department officials, for the first time in decades, would not be staying at New York’s Waldorf-Astoria hotel during this year’s UN general assembly. Worldwide last year sold the high-end Midtown hotel for $1.95 billion to the Chinese group Anbang Insurance Group. The sales contract allowed for “a major renovation” by the Chinese, and American security experts had no doubt as to the purpose of these “renovations”: As is the practice in China, the Chinese owners, working on behalf of China’s intelligence services, were going to plant listening devices in every room and ball room, and wire every phone, Wi-Fi hot spot, and restaurant table in order to eavesdrop on hotel guests.

  • Underwriters of cyberinsurance policies need better understanding of cyber risks

    Demand for insurance that covers an ever-increasing range of cyberattacks is growing and evolving rapidly, and a number of insurance companies are seeking advice through sponsored events that can gradually educate their work forces. At Standard & Poor’s Rating Services 2015 Insurance Conference last week, a panel of insurance experts stressed the importance of insurance underwriters gaining a better understanding of cyber risks in order to make better property and risk assessments.

  • Latest massive data breach highlights federal government cyber vulnerability

    The latest hacking of federal government records has resulted in the theft of personal files for as many as fourteen million people, and is yet another sign of systemic security breaches within government. The Office of Personnel Management (OPM) is an agency notorious for its lax cybersecurity, but experts say that the OPM incident is indicative of a greater need across the country to better defend governmental infrastructure with updated methodologies.

  • Snowden fallout: Revelations forced U.K. to pull out agents from “hostile countries”

    The British security services had to pull out agents from “hostile countries” as a result of information the Chinese and Russian intelligence services obtained when they gained access to the millions of top-secret NSA files Edward Snowed was carrying with him when he fled to Honk Kong and then to Russia. Snowden assured journalists who interviewed him that the Chinese and Russian intelligence services would not be able to access these files because he encrypted them with the highest encryption methods available. Security experts commented that he was either naïve or disingenuous – because he must have known, or should have known, that the cyber capabilities these two countries would make it relatively easy for them to crack the encrypted files he was carrying with him. We now know that these security experts were right.