• Microsoft reveals Russian hacking attempts ahead of U.S. elections

    Microsoft says it has uncovered new Russian hacking attempts to target U.S. political groups ahead of the U.S. midterm elections in November. The company said a hacking group linked to Russia’s government had created fake Internet domains in order to mimic the websites of two conservative Washington-based think tanks that have been critical of the Kremlin — the Hudson Institute and the International Republican Institute. It said the Russian hackers also created three fake domains designed to look as if they belonged to the U.S. Senate.

  • Election security bill without paper records and risk limiting audits? No way.

    The Senate is working on a bill to secure election infrastructure against cybersecurity threats, but, unless amended, it will widely miss the mark. The current text of the Secure Elections Act omits the two most effective measures that could secure our elections: paper records and automatic risk limiting audits.

  • Lawmaker demands answers about Russian cyberattacks on electric utilities

    In July, the Wall Street Journal reported that in 2016 and 2017, hackers backed by the Russian government successfully penetrated the U.S. electric grid through hundreds of power companies and third-party vendors. Russian hackers gained access to control rooms, putting them in a position to disrupt U.S. power flow.

  • Dark shadow on computer security

    Researchers have uncovered Foreshadow, a new variant of the hardware vulnerability Meltdown announced earlier in the year, that can be exploited to bypass Intel Processors’ secure regions to access memory and data. The vulnerability affects Intel’s Software Guard Extension (SGX) technology, a new feature in modern Intel CPUs which allows computers to protect users’ data in a secure ‘fortress’ even if the entire system falls under an attacker’s control.

  • More efficient security for cloud-based machine learning

    A novel encryption method devised by MIT researchers secures data used in online neural networks, without dramatically slowing their runtimes. This approach, a combination based on two encryption techniques,  holds promise for using cloud-based neural networks for medical-image analysis and other applications that use sensitive data.

  • Making electronic documents more trustworthy

    Today, the expeditious delivery of electronic documents, messages, and other data is relied on for everything from communications to navigation. As the near instantaneous exchange of information has increased in volume, so has the variety of electronic data formats–from images and videos to text and maps. Verifying the trustworthiness and provenance of this mountain of electronic information is an exceedingly difficult task – especially since the software used to process electronic data is error-prone and vulnerable to exploitation through maliciously crafted data inputs, opening the technology and its underlying systems to compromise.

  • Why political scientists aren’t writing about Russian hackers

    Political scientists who study election mechanics — — campaign finance, what polling data have to do with voting, how different population groups vote, how effective political advertisements are — are yet to come to grips with the role Russian government agents played in the 2016 election. Clark University political scientists Robert Boatright writes that “We don’t have the ability to track exactly what went on over Twitter or Facebook in the election, which accounts were real and which were fake. And … we may not regain the sort of transparency that enabled us to study elections with the precision we once did. We don’t really have any precedent for studying what a foreign government might do to influence an American campaign in this way because it hasn’t been done before in the United States. Maybe we’ll get there in a few years, but for now, all we know is that our research is more likely than usual to be incomplete.”

  • 11-year old took 10 minutes to hack a replica of Florida's election reporting website

    DEFCON, the world’s largest hacking convention, took place in Las Vegas over the weekend. Emmett Brewer, one of about 40 children between the ages of 8 and 16 who were taking part in the event, took less than 10 minutes to hack into a replica of Florida’s election reporting website. An 11-year old girl also managed to break into the site, tripling the number of votes for one of the candidates. Several 8-year old kids managed to tamper with vote tallies and change candidates’ names.

  • Russian spy software in U.S. home and office routers

    The Russian government hackers known as APT 28 or Fancy Bear – the operatives who were behind information attacks against the Democratic National Committee and the Hillary Clinton Campaign, among others – have infiltrated hundreds of thousands of home and office routers worldwide. The presence of Russian malware on the routers could enable the Kremlin to steal individuals’ data or enlist their devices in a massive attack intended to disrupt global economic activity or target institutions.

  • Security gaps identified in internet protocol IPsec

    Researchers have demonstrated that the Internet protocol “IPsec” is vulnerable to attacks. The Internet Key Exchange protocol “IKEv1,” which is part of the protocol family, has vulnerabilities that enable potential attackers to interfere with the communication process and intercept specific information.

  • Intel processor vulnerability could expose millions of PCs at risk

    A newly discovered processor vulnerability could potentially put secure information at risk in any Intel-based PC manufactured since 2008. It could affect users who rely on a digital lockbox feature known as Intel Software Guard Extensions, or SGX, as well as those who utilize common cloud-based services, a new report says.

  • New bill to help protect security of U.S. elections

    On Friday, four members of the House Permanent Select Committee on Intelligence (HPSCI) introduced the Secure Elections Act, which would provide local communities and state governments with the resources needed to strengthen election systems against cyberattacks. “Hostile foreign actors have attempted and will continue to attempt to undermine the fundamentals of our democracy by attacking our electoral process,” said Representative Trey Gowdy (R-South Carolina), one of the bill’s sponsors. “It is our responsibility to take every precaution necessary to safeguard our elections and ensure no vote count is ever interfered with.

  • Fake news is not just bad news: It is bad for the bottom line, too

    Note to Mark Zuckerberg: Beware of misinformation. Research makes a case that misinformation is a business risk for social media platforms, and proposes informational methods to alleviate the phenomenon of “fake news.” The research also suggests that Facebook users who help expose falsehoods should be compensated.

  • Hacked satellite could launch microwave-like attacks

    The satellite communications which ships, planes, and the military use to connect to the internet are vulnerable to hackers which, in the worst-case scenario, could carry out “cyber-physical attacks,” turning satellite antennas into weapons which operate, in effect, like microwave ovens. An expert speaking at the Black Hat conference in Las Vegas, said that a number of popular satellite communication systems are vulnerable to such attacks, which could also leak information and hack connected devices.

  • Closing security hole in popular encryption software

    Cybersecurity researchers have helped close a security vulnerability that could have allowed hackers to steal encryption keys from a popular security package by briefly listening in on unintended “side channel” signals from smartphones.