• CybersecurityResearchers demonstrate how data can be stolen from isolated “air-gapped” computers

    Air-gapped computers are isolated — separated both logically and physically from public networks — ostensibly to prevent their being hacked over the Internet or within company networks. Researchers at the Ben-Gurion University of the Negev (BGU) have demonstrated that an unmodified USB connected to a computer with malicious code can be used to steal data from infected and even “air-gapped” computers.

  • CybersecurityA chip that checks for sabotage, flags defects

    With the outsourcing of microchip design and fabrication a worldwide, $350 billion business, bad actors along the supply chain have many opportunities to install malicious circuitry in chips. These Trojan horses look harmless but can allow attackers to sabotage healthcare devices; public infrastructure; and financial, military, or government electronics. Researchers are developing a unique solution: a chip with both an embedded module that proves that its calculations are correct and an external module that validates the first module’s proofs.

  • view counter
  • iOS vulnerabilityIsraeli tech company’s spyware turns UAE activist’s iPhone into a self-tracking device

    Two University of Toronto researchers have uncovered an iPhone-based attack on Ahmed Mansoor, a prominent United Arab Emirates human rights defender. The attack employed spyware produced by NSO Group — an Israeli technology company founded by former members of Unit 8200, the Israeli military’s electronic surveillance branch – which is sold to government for the purpose of spying on their citizens.

  • iOS vulnerabilityVulnerabilities found in iPhone, iPad operating system

    An international team of computer science researchers has identified serious security vulnerabilities in the iOS — the operating system used in Apple’s iPhone and iPad devices. The vulnerabilities make a variety of attacks possible. The researchers focused on the iOS’s “sandbox,” which serves as the interface between applications and the iOS. The iOS sandbox uses a set “profile” for every third-party app. This profile controls the information that the app has access to and governs which actions the app can execute.

  • Car-hackingResearchers look for ways to keep cars safe from hacking

    In 2015, two researchers remotely hacked a Jeep Cherokee being driven by a reporter who documented how the researchers controlled everything from the car’s radio and media console to its brakes and steering. For computer scientists at the University of Arkansas at Little Rock, the exercise demonstrated how vulnerable smart cars with GPS, Bluetooth, and Internet connections are to cyberattacks – and they decided to do something about it.

  • CybersecurityAfter the NSA hack: Cybersecurity in an even more vulnerable world

    By Nir Kshetri

    It is looking increasingly likely that computer hackers have in fact successfully attacked what had been the pinnacle of cybersecurity – the U.S. National Security Agency (NSA). Cyberweapons and their capabilities are becoming an increasing part of international relations, forming part of foreign policy decisions and even sparking what has been called a “cyber arms race.” The cyberattack on the NSA’s – specifically, the attack on the Equation Group, the NSA’s spying element – may be part of this global interplay. The attack is also further proof of the cybersecurity industry’s axiom about the highly asymmetric probabilities of successful attack and successful defense: Attackers need to succeed only once; defenders have to be perfect every time. As sophisticated as NSA’s highly secure network is, the agency cannot ever fully protect itself from cyberattackers.

  • CybersecurityPeople disregard security warnings on computers because these warnings come at bad times

    Software developers listen up: if you want people to pay attention to your security warnings on their computers or mobile devices, you need to make them pop up at better times. A new study finds the status quo of warning messages appearing haphazardly — while people are typing, watching a video, uploading files, etc. — results in up to 90 percent of users disregarding them.

  • CybersecurityNew hacking technique stealthily changes memory of virtual servers

    For the first time ever a team of Dutch hacking experts managed to alter the memory of virtual machines in the cloud without a software bug, using a new attack technique. With this technique an attacker can crack the keys of secured virtual machines or install malware without it being noticed.

  • CyberespionageSophisticated espionage platform covertly extracts encrypted government communications

    Kaspersky Lab announced the other day that its researchers have discovered what they described as a “nation-state threat actor” — named ProjectSauron — who was targeting state organizations. “The cost, complexity, persistence, and ultimate goal of the operation, stealing confidential and secret information from state-sensitive organizations, suggest the involvement or support of a nation state,” Kaspersky Lab says. ProjectSauron “gives the impression of being an experienced and traditional actor who has put considerable effort into learning from other extremely advanced actors,” and “ adopting some of their most innovative techniques and improving on their tactics in order to remain undiscovered.”

  • PrivacyAndroid apps can secretly track users’ whereabouts

    Three years ago, the FTC dimmed hopes for the Brightest Flashlight app for Android, slapping its developer with charges of consumer deception, because the app was transmitting users’ locations and device IDs to third parties without telling the users or getting their permission. Permissions, though, are only a small part of the Android-app privacy story. New research shows that Android apps can be manipulated to reach inside your mobile phone to track your whereabouts and traffic patterns, all without your knowledge or consent.

  • CybersecuritySerious security threat to many Internet users identified

    Researchers have identified a weakness in the Transmission Control Protocol (TCP) of all Linux operating systems since late 2012 that enables attackers to hijack users’ Internet communications completely remotely. Such a weakness could be used to launch targeted attacks that track users’ online activity, forcibly terminate a communication, hijack a conversation between hosts, or degrade the privacy guarantee by anonymity networks such as Tor.

  • DefCon 24Fake ATM spotted by DefCon attendees

    One of the curious features at the DefCon 24 even in Las Vegas is a fake ATM in the show’s venue. The fake ATM kiosk was placed in the lobby of the Riviera Hotel Casino sometime before the conference opened. As is appropriate at an event of sharp-eyed cybersecurity specialists and white hackers, the scam was uncovered when people noticed something wrong with the machine.

  • DefCon 24Hacking hotel magnetic-stripe based key cards is easy

    If you travel a lot for business or pleasure, and stay at hotels at the places you visit, you may not like the information presented at the DefCon 24 event in Las Vegas. A security expert will tell the attendees that the magnetic-stripe based key cards guests are given to enter their rooms have major weaknesses which could allow an attacker to modify these cards to enter guests rooms.

  • CybersecurityExploring automotive cybersecurity vulnerabilities at Def Con 24

    In 2015, more than 16.5 million vehicles were sold in the United States. The Car Hacking Village helps researchers interested in the safety and security of the more than one billion vehicles on the road around the world. The Car Hacking Village made its debut at the Def Con 23 Conference last year in Las Vegas. This year, the Village returns to Def Con 24 in Vegas on 4 August.

  • CybersecurityU.S. Cyber Challenge hacking competition announces winners

    Last Friday morning, seven teams competed in the U.S. Cyber Challenge (USCC) Capture-the-Flag (CTF) competition at Southern Utah University (SUU) in Cedar City, Utah. After four hours of hacking into systems and answering trivia questions, Team Dragon came out on top.