Cybersecurity

  • Is social media responsible for your safety during a disaster?

    Given the popularity of Facebook and Twitter, it is not surprising so many people use social media in crises such as floods, fires, and earthquakes. While social media can be a handy resource in crises, people must be careful not to take their access for granted during emergencies. Floods, fires, and earthquakes often disrupt the power and communications infrastructures that smartphones rely upon, as our access is constrained by the limitations of copper, fiber, hybrid, and cellular Internet technologies, and their vulnerability to the elements. Also, some questions about the features of tools such as Facebook’s Safety Check are yet to be answered persuasively. Still, such concerns notwithstanding, it is encouraging to see an organization such as Facebook taking responsibility for its users and entering the crisis communication space. A tool that helps family and friends during a crisis, and facilitates easy communication is a welcome development.

  • Mission Secure closes round of seed financing to commercialize cybersecurity technology

    Charlottesville, Virginia-based Mission Secure Inc. (MSi), a cyberdefense technology and solutions provider focusing on protecting physical systems and autonomous vehicles, last week announced it had recently closed its seed financing round led by Ballast Fund investors, a private equity firm and several high net worth angel investors.

  • FBI: Lawmakers should mandate surveillance “backdoors” in apps, operating systems

    FBI director James Comey said that the agency was pushing lawmakers to mandate surveillance functions in apps, operating systems, and networks, arguing that privacy and encryption prevent or disrupt some of the agency’s investigations. According to Comey, new privacy features implemented by Google and Apple in the wake of the Snowden revelations, automatically encrypt user communication and data, making it difficult for law enforcement to gather evidence and connect links among suspected criminals and terrorists.

  • Russian government hackers insert malware in U.S. critical infrastructure control software

    Investigators have uncovered a Trojan Horse named BlackEnergy in the software that runs much of the U.S. critical infrastructure. In a worst case scenario, the malware could shut down oil and gas pipelines, power transmission grids, water distribution and filtration systems, and wind turbines, causing an economic catastrophe. Some industry insiders learned of the intrusion last week via a DHS alert bulletin issued by the agency’s Industrial Control Systems Cyber Emergency Response Team(ICS-CERT). The BlackEnergy penetration had recently been detected by several companies. Experts say Russia has placed the malware in key U.S. systems as a threat or a deterrent to a U.S. cyberattack on Russian systems – mutual assured destruction from a cold war-era playbook.

  • New report urges policy overhaul, transparency in offensive cyber operations

    A newly released report, titled Joint Publication 3-12(R) and authored by the Joint Chiefs of Staff, has revealed that some top commanders are calling for a policy overhaul and more public transparency in offensive cyber operations, given the growing need for such operations. Some previous documents have been published on the topic, but there is no official U.S. military policy book for cyber operations.

  • Banks collaborate to thwart cybercrime

    The Financial Services Information Sharing and Analysis Center (FS-ISAC), a cybersecurity information sharing group, has teamed up with the Depository Trust & Clearing Corporation to form Soltra. Named after a series of fire signals that were used in Europe hundreds of years ago to warn against invaders, the organization alerts member banks of incoming or potential cyber threats.

  • Mobile phones’ applications offering voice communication security vulnerable to attack

    Researchers examined the vulnerabilities in security of video- and voice-over-Internet protocol, or VoIP, communications. The team developed attacks that uncovered these vulnerabilities in a currently used security scheme, and once those weaknesses were identified, the team suggested alternatives that may protect against potential attacks.

  • Head of U.K. surveillance agency: U.S. tech companies have become terrorists' “networks of choice”

    The new director of Government Communications Headquarters (GCHQ), the U.K. intelligence organization responsible for providing signals intelligence (SIGINT) and information assurance to the British government and armed forces, said that privacy has never been “an absolute right.” Robert Hannigan used his first public intervention since becoming head of Britain’s surveillance agency to charge U.S. technology companies of becoming “the command and control networks of choice” for terrorists.

  • Government tries better to define cybersecurity needs

    In a science advisory board meeting on 23 October at the White House Office of Science and Technology Policy (OSTP), officials attempted to glean just where the government cybersecurity workforce stood in terms of talent and hiring necessity. There is currently no government-wide federal job description in the cybersecurity field, and that has led to meetings similar to the October summit.

  • Security contractor USIS failed to notice months-long hacking of its computer systems

    A new report reveals that the cyberattack on security contractor USIS, similar to previous attacks by Chinese government hackers on U.S. firms, was infiltrating USIS computer systems for months before the company noticed. The breach, first revealed publicly by the company and the Office of Personnel Management(OPM) in August, compromised the records of at least 25,000 DHS employees.

  • Contactless cards fail to recognize foreign currency

    New research has highlighted a “glitch” in the Visa system which means their contactless cards will approve foreign currency transactions of up to 999,999.99 in any foreign currency. Side-stepping the £20 contactless limit, transactions can be carried out while the card is still in the victim’s pocket or bag. Transactions are carried out offline, avoiding any additional security checks by the bank, and although the current system requires the credit card to authenticate itself, there is currently no requirement for the POS (point of sale) terminal to do the same.

  • A major cyberattack causing widespread harm to national security is imminent: Experts

    A new report found that more than 60 percent of the roughly 1,600 computer and Internet experts surveyed on the future of cyberattacks believe a nationwide cyberattack is imminent. They did so in response to the question: “By 2025, will a major cyberattack have caused widespread harm to a nation’s security and capacity to defend itself and its people?” The experts also warn about the risks to privacy which will accompany a growing focus on cybersecurity.

  • Identifying ways to improve smartphone security

    What information is beaming from your mobile phone over various computer networks this very second without you being aware of it? Experts say your contact lists, e-mail messages, surfed Web pages, browsing histories, usage patterns, online purchase records and even password protected accounts may all be sharing data with intrusive and sometimes malicious applications, and you may have given permission. The apps downloaded to smartphones can potentially track a user’s locations, monitor his or her phone calls and even monitor the messages a user sends and receives — including authentication messages used by online banking and other sites, he says, explaining why unsecured digital data are such a big issue. Assigning risk scores to apps may slow down unwarranted access to personal information.

  • New report details Russia’s cyber-espionage activities

    Researchers at FireEye, a Silicon Valley-based computer security firm, are connecting the Russian government to cyber espionage efforts around the world. The researchers released a report on Tuesday which says that hackers working for the Russian government have, for seven years now, been hacking into computer networks used by the government of Georgia, other Eastern European governments, and some European security organizations.

  • Georgia Tech releases 2015 Emerging Cyber Threats Report

    In its latest Emerging Cyber Threats Report, Georgia Tech warns about loss of privacy; abuse of trust between users and machines; attacks against the mobile ecosystem; rogue insiders; and the increasing involvement of cyberspace in nation-state conflicts.