• CybersecurityCyber Vulnerabilities Affecting Bluetooth-Based Medical Devices

    Internet-of-Things (IoT) such as smart home locks and medical devices, depend largely on Bluetooth low energy (BLE) technology to function and connect across other devices with reduced energy consumption. The Greyhound framework, named after the breed of dogs known for their hunting abilities, was designed to systematically sniff out security lapses in Wi-Fi and Bluetooth enabled devices.

  • Election securityForeign Actors Will Likely Spread Disinformation about 2020 Election Results: FBI, CISA

    In a testimony before Congress last week, FBI Director Christopher Wray warned lawmakers that Russia is not letting up in its efforts to sway the outcome of the November presidential election. He said that what worried him the most was “the steady drumbeat of misinformation and amplification” of false claims about the integrity on the American voting system and the spreading of lies about mail-in voting. The purpose is to sow doubt and confusion about the election results, thus readying the ground for a challenge to, or even a rejection of, the results. On Tuesday, the FBI and CISA issued a public service announcement about foreign actors and cybercriminals spreading disinformation about election results.

  • Election securityThwarting the Biggest Cybersecurity Threat to Voting in the 2020 Election

    While the controversy over the integrity of mail-in votes continues, in-person voting this time around faces potential security risks that could alter the outcome. As was the case in the 2016, Russia’s social media campaign to help its preferred candidate is already underway. For November 2020, however, Russia is planning to add another, more insidious and more threatening layer of election interference, which raises this question: Who protects the voting machines that most Americans use to submit their ballots on election day? According to Tulane University’s William “Bill” Rials, local governments, which oversee the protection of these machines and their respective databases, should be acting now to prevent cybersecurity attacks that can disrupt electronic voting.

  • CybersecurityThe Phish Scale: NIST’s New Tool Lets IT Staff See Why Users Click on Fraudulent Emails

    Researchers at the National Institute of Standards and Technology (NIST) have developed a new tool called the Phish Scale that could help organizations better train their employees to avoid a particularly dangerous form of cyberattack known as phishing.

  • PERSPECTIVE: Russia’s U.S. helpersRussia Is Back, Wilier Than Ever — and It’s Not Alone

    Moscow’s hacking and disinformation tactics have evolved since 2016, while Americans help spread doubts about the November election. Russian operatives are using a sneakier, more sophisticated version of their 2016 playbook to undermine the November election — and this time, Mark Scott writes, groups inside and outside the U.S. are furthering their goal of sowing chaos.

  • Election securityDefending the 2020 Election against Hacking: 5 Questions Answered

    By Douglas W. Jones

    Journalist Bob Woodward reports in his new book, Rage, that the NSA and CIA have classified evidence that the Russian intelligence services placed malware in the election registration systems of at least two Florida counties in 2016, and that the malware was sophisticated and could erase voters. This appears to confirm earlier reports. Meanwhile, Russian intelligence agents and other foreign players are already at work interfering in the 2020 presidential election. Douglas W. Jones, a computer science professor and author of Broken Ballots: Will Your Vote Count?, writes that the list of things keeping him awake at night about the November election is long – violence; refusal to accept results if the in-person and mail-in votes differ; machine malfunction; human error, and more – but when you “add in the possibility of hacked central tabulating software in key counties, and there’s plenty to lose sleep over.”

  • CybersecuritySecurity Solution Traps Cybercriminals in a Virtual Network

    Researchers are developing a new cyber-security deception solution that uses artificial intelligence to lure hackers away and prevent breaches of network systems. The “Lupovis” solution under development by the team at the University of Strathclyde’s Center for Intelligent and Dynamic Communications makes the hunter become the hunted.

  • Election securityRussian Government Hackers Targeted Political Consulting Firm Working for Biden

    Russia’s broad effort to help Donald Trump win reelection in November now extends to hacking political consulting firms. Reuters reports. Microsoft recently alerted Washington, D.C.-based SKDKnickerbocker, a campaign strategy and communications firm working with the Biden campaign, that Russian government hackers tried to hack the company. The hackers failed to gain access to the company’s networks, according to a source familiar with its response, Reuters said.

  • Election securityDHS Blocked Circulation of a July Intelligence Bulletin Detailing Russian Disinformation Attacks on Biden

    DHS, in early July, blocked publication of a departmental intelligence bulletin which warned intelligence and law enforcement agencies of a broad Russian effort to promote “allegations about the poor mental health” of former Vice President Joe Biden, according to internal emails and a draft of the document obtained by ABC News. Critics of DHS’s decision say that the perplexing decision would fuel fears that U.S. intelligence is being politicized. “By blocking information from being released that describes threats facing the nation,” said John Cohen, the former undersecretary for intelligence at DHS under President Barack Obama, “it undermines the ability of the public and state and local authorities to work with the federal government to counteract the threat.”

  • PERSPECTIVE: Unanswered questionsJustice Dept. Never Fully Examined Trump’s Ties to Russia, Ex-Officials Say

    As Donald Trump seeks re-election, major questions about his approach to Russia remain unanswered. He has repeatedly shown an unexplained solicitousness toward Russia and deference toward Vladimir Putin, even as Russia, on Putin’s orders, has been systematically trying to subvert American democracy – and the democratic systems of allies of the United States. He has refused to criticize or challenge the Kremlin’s increasing aggressions toward the West, or even raise with Putin the issue of Russia paying bounties to Afghans who kill American soldiers. Michael S. Schmidt writes that one reason we still do not have answers to questions about the scope of Trump’s ties to Russia, and how these ties have influenced his perplexing attitude toward Russia and Putin, is because Rod J. Rosenstein, the former deputy attorney general, maneuvered to keep investigators from completing an inquiry into whether the president’s personal and financial links to Russia posed a national security threat.

  • CybersecurityNew Technique to Prevent Medical Imaging Cyberthreats

    Complex medical devices such as CT (computed tomography), MRI (magnetic resonance imaging) and ultrasound machines are controlled by instructions sent from a host PC. Abnormal or anomalous instructions introduce many potentially harmful threats to patients, such as radiation overexposure, manipulation of device components or functional manipulation of medical images. Researchers at Ben-Gurion University of the Negev have developed a new artificial intelligence technique that will protect medical devices from malicious operating instructions in a cyberattack as well as other human and system errors.

  • Cryptocurrency miningThwarting Illicit Cryptocurrency Mining with Artificial Intelligence

    Cryptocurrencies, such as Bitcoin, are forms of digital money. Instead of minting it like coins or paper bills, cryptocurrency miners digitally dig for the currency by performing computationally intense calculations. A new artificial intelligence algorithm is designed to detect cryptocurrency miners in the act of stealing computing power from research supercomputers.

  • GridVulnerability of Solar Inverters

    Cyber-physical systems security researchers can disrupt the functioning of a power grid using about $50 worth of equipment tucked inside a disposable coffee cup. In a presentation delivered at the recent Usenix Security 2020 conference, the researchers revealed that the spoofing mechanism can generate a 32 percent change in output voltage, a 200 percent increase in low-frequency harmonics power and a 250 percent boost in real power from a solar inverter.

  • The Russia connection“We Must Do Better in 2020”: Bipartisan Senate Panel Releases Final Report on Russian 2016 Election Interference

    “The Russian government engaged in an aggressive, multi-faceted effort to influence” the “outcome of the 2016 presidential election.” This is the key, bipartisan finding of the fifth and final report of the Senate Intelligence Committee. The committee’s investigation into the massive intervention campaign waged by Russian government agencies and operatives on behalf of then-candidate Donald Trump was thorough, totaling more than three years of investigative activity, more than 200 witness interviews, and more than a million pages of reviewed documents. All five volumes total more than 1300 pages. “We must do better in 2020,” said Senator Marco Rubio (R-Florida) the committee’s chairman. “This cannot happen again,” said Senator Marc Warner (D-Virginia), the committee’s ranking member.

  • Perspective: Hack-and-leakHack-and-Leak Operations and U.S. Cyber Policy

    The On 27 November 2019, Jeremy Corbyn, then-leader of the U.K. Labour Party, held a press conference in which he held up a hefty, official-looking, heavily redacted document – it was a heavy tome of about 400 pages. the documents Crobyn held in his hand were purported to show the details of discussions between the U.K. and U.S. governments on a post-Brexit trade deal, including demands by U.S. representatives to open access to the United Kingdom’s National Health Service (NHS) for American companies — an inflammatory issue for many voters. James Shires writes that “This is one example of a hack-and-leak operation where malicious actors use cyber tools to gain access to sensitive or secret material and then release it in the public domain.” He argues that “hack-and-leak operations should be seen as the ‘simulation of scandal’: strategic attempts to direct public moral judgement against the operation’s target.”