-
Breakthrough: UCLA engineering devises new location-based cryptography method
Location-based security is ensured by using quantum mechanics; this type of cryptography could be useful in several settings — for example, one could communicate with a military base with a guarantee that only someone physically present at the base will have access to the information; furthermore, the location-based method eliminates the need for distributing and storing keys, one of the most difficult tasks in cryptography
-
-
First puzzle of U.K Cyber Security Challenge competition cracked
The United Kingdom suffers from a dearth of cybersecurity experts; several private and public organizations have launched the Cyber Security Challenge competition — a series of challenges and games that would test the talent and skills of people; the challenges is built around eight key skill areas which include digital forensics, network analysis and logical thinking; enthusiasts claim they have already solved he first test of the challenge
-
-
Black Hat opens Wednesday in Las Vegas, DefCon to follow Friday
Black Hat, one of the more important cybersecurity event, opens this Wednesday in Las Vegas; Black Hat gives way on Friday to DefCon, “Black Hat is a place where security researchers go to show off their work and get peer feedback,” said Jeff Moss, who founded and runs both gatherings; “DefCon is the fun stuff they don’t have time to do in their day jobs”; DefCon’s array of activities includes a lock picking village and a “capture the flag” contest to see who can break into a computer network and fend off rivals
-
-
New report: Apple software has the most vulnerabilities
The usual suspects lead the list of software makers whose software come with most vulnerabilities — Apple, Microsoft, Oracle, and Adobe; new vulnerabilities report offers support to the notion that a high market share correlates with a high number of vulnerabilities
-
-
Dell to replace server parts infected with virus
Dell says W32.Spybot worm was found in replacement motherboards, and that it will replace infected parts with clean motherboards; the company says it is unaware of any attacks as result of infections
-
-
Sector Report for Thursday, 22 July 2010: Cybersecurity
This report contains the following stories.
Plus 1 additional story.
-
-
Shortage of cyber workers in the U.S.
The United States is lacking an adequate number of individuals within the federal government and private sector with the technical skills necessary to secure cyberspace; there is an even greater shortage of cybersecurity experts that can design secure systems and networks, write nonvulnerable computer code and create the tools needed to prevent, detect and mitigate damage due to malicious acts
-
-
The worst database security breaches in the U.S., U.K.
On 6 February 2010 AvMed Health Plans announced that personal information of current and former subscribers have been compromised by the theft of two company laptops from its corporate offices in Gainesville, Florida; the information was comprehensive, including Social Security numbers and protected health information; attempts the thwart the theft have been unsuccessful, leaving the identity data of nearly 1,100,000 vulnerable; this is only one of many cases of database breaches — and the number of cases is growing
-
-
Cybersecurity solution detects cyber attacks as they happen
A winning entry in a cyber security competition gives analysts a way to look at computer network traffic and determine how a system was penetrated; it also supplies critical data that can be used to reduce system vulnerabilities and limit future attacks
-
-
House's homeland security bill doubles cybersecurity R&D budget
The 2010 Homeland Security Science and Technology Authorization Act would double the cybersecurity research and development budget to $75 million for each of the next two years and authorize another $500 million for a study to find ways to promote industry best practices through, for example, liability requirements that hold hardware and software vendors responsible for damages caused by a security breach
-
-
Dell warns of hardware trojan
Computer maker Dell is warning that some of its server motherboards have been delivered to customers carrying an unwanted extra: computer malware; it could be confirmation that the “hardware trojans” long posited by some security experts are indeed a real threat; the Pentagon is spending millions on research designed to ensure it can trust the microchips in critical systems, especially those made outside the United States
-
-
Digital retaliation: Turkish hackers steal personal information of 122,000 Israelis
A month ago Israel stopped several ships, sponsored by a Turkish fundamentalist Islamic organization, which tried to breach the Israeli blockade of the Gaza Strip; nine Turkish militants were killed after they had attacked Israeli soldiers; Turkish hackers launched a retaliatory attack on Israeli digital databases, stealing the e-mail addresses and credit card and PayPal account information of 122,000 Israelis; the hackers also attacked 2,100 Israeli Web sites; security expert advises affected Israelis to change passwords, and credit cards.
-
-
Malicious virus targets SCADA systems
Supervisory Control and Data Acquisition, or SCADA, stands for large-scale distributed remote processing systems that gather data in real time to control critical industrial, infrastructure, or facility processes and equipment; SCADA is used to control U.S. critical infrastructure — power plants, oil and gas refining, telecommunications, transportation, dams, water, waste control, and more; Siemens is warning customers of a new and highly sophisticated virus that targets SCADA systems; these systems are typically not connected to the Internet for security reasons, but this virus spreads when an infected USB stick is inserted into a computer
-
-
A first: 15 nations agree to start working together on cyber arms control
A group of nations — including the United States, China, and Russia — have for the first time showed a willingness to engage in reducing the threat of attacks on each others’ computer networks; when the group last met in 2005, they failed to find common ground. This time, by crafting a short text that left out controversial elements, they were able to reach a consensus; the Russians proposed a treaty in 1998 that would have banned the use of cyberspace for military purposes. The United States has not been willing to agree to that proposal, given that the difficulty in attributing attacks makes it hard to monitor compliance
-
-
UTSA's cyber security center moves into new home
The Institute for Cyber Security Center for Infrastructure Assurance and Security at the University of Texas at San Antonio is moving to a new home on campus; Congress, DHS, and the Defense departments have thrown their money behind UTSA, which the New York Times has named one of the best places to get training as a “cyber sleuth”
-
More headlines
The long view
States Rush to Combat AI Threat to Elections
By Zachary Roth
This year’s presidential election will be the first since generative AI became widely available. That’s raising fears that millions of voters could be deceived by a barrage of political deepfakes. Congress has done little to address the issue, but states are moving aggressively to respond — though questions remain about how effective any new measures to combat AI-created disinformation will be.
Ransomware Attacks: Death Threats, Endangered Patients and Millions of Dollars in Damages
By Dino Jahic
A ransomware attack on Change Healthcare, a company that processes 15 billion health care transactions annually and deals with 1 in 3 patient records in the United States, is continuing to cause massive disruptions nearly three weeks later. The incident, which started on February 21, has been called the “most significant cyberattack on the U.S. health care system” by the American Hospital Association. It is just the latest example of an increasing trend.
Chinese Government Hackers Targeted Critics of China, U.S. Businesses and Politicians
An indictment was unsealed Monday charging seven nationals of the People’s Republic of China (PRC) with conspiracy to commit computer intrusions and conspiracy to commit wire fraud for their involvement in a PRC-based hacking group that spent approximately 14 years targeting U.S. and foreign critics, businesses, and political officials in furtherance of the PRC’s economic espionage and foreign intelligence objectives.
Autonomous Vehicle Technology Vulnerable to Road Object Spoofing and Vanishing Attacks
Researchers have demonstrated the potentially hazardous vulnerabilities associated with the technology called LiDAR, or Light Detection and Ranging, many autonomous vehicles use to navigate streets, roads and highways. The researchers have shown how to use lasers to fool LiDAR into “seeing” objects that are not present and missing those that are – deficiencies that can cause unwarranted and unsafe braking or collisions.
Tantalizing Method to Study Cyberdeterrence
By Trina West
Tantalus is unlike most war games because it is experimental instead of experiential — the immersive game differs by overlapping scientific rigor and quantitative assessment methods with the experimental sciences, and experimental war gaming provides insightful data for real-world cyberattacks.