• HackingPresidential campaigns spied on by foreign hackers with “a variety of motivations”

    National Intelligence Director James Clapper said that the campaigns of all the candidates for president are being spied on by foreign hackers with “a variety of motivations.” Clapper said that the acts of espionage against the campaigns may only just be getting started. “As the campaigns intensify we’ll probably have more of it,” Clapper noted.

     

  • PrivacyWe know where you live

    By Larry Hardesty

    Researchers have shown that the location stamps on just a handful of Twitter posts — as few as eight over the course of a single day — can be enough to disclose the addresses of the poster’s home and workplace to a relatively low-tech snooper. The tweets themselves might be otherwise innocuous — the location information comes from geographic coordinates automatically associated with the tweets.

  • view counter
  • Cybersecurity educationCybersecurity cracks the undergraduate curriculum

    In a time when million-dollar security breaches of household name corporations regularly make headlines and complicate lives, computer science undergraduates at America’s universities remain surprisingly underexposed to basic cybersecurity tactics. the Software Assurance Marketplace (SWAMP), a national cybersecurity facility housed at the Morgridge Institute for Research in Madison, Wisconsin, has been working to address this skills gap by offering a suite of software security tools that Bowie State has been integrating into undergraduate coding courses, giving students a way to examine and rid their code of security weaknesses.

  • Infrastructure protectionBuilding security into cyber-physical systems

    We are immersed in a cyber-physical world. Information technology is deeply embedded in traditionally non-IT systems, including automobiles, the electric grid and emergency response. But in many of these systems, security is largely incorporated as a last step, like a suit of armor over a vulnerable body. To help bake security into the very core, a new draft NIST publication recommends ways to incorporate time-tested security design principles and concepts into these systems at every step, from concept to implementation.

  • CybersecuritySecurity software can put computers at risk

    Is the antivirus program running on your computer really making your computers safer to use, say, for online banking? Is the parental control software you bought to keep your 13-year-old off porn sites downgrading the overall safety of your computer? New research from Concordia shows security software might actually make online computing less safe.

  • CybersecurityCybersecurity’s weakest link: humans

    By Arun Vishwanath

    There is a common thread that connects many of the recent hacks which captured the headlines. They all employed generic – or what is now considered “old school” – phishing attacks which typically took the form of the infamous “Nigerian prince” type e-mails, trying to trick recipients into responding with some personal financial information. “Spearphishing” attacks are similar but far more vicious. They seek to persuade victims to click on a hyperlink or an attachment that usually deploys software (called “malware”) allowing attackers access to the user’s computer or even to an entire corporate network. Yes, people are the weakest links in cybersecurity. But they don’t have to be. With smarter, individualized training, we could convert many of these weak links into strong detectors – and in doing so, significantly strengthen cybersecurity.

  • view counter
  • Infrastructure protection“Internet of Things” increases threat to infrastructure

    According to former Director of National Intelligence Dennis Blair, a simple Web search can reveal information from thousands of unsecured devices. Even the casual browser can access camera data from Sweden, video game server activity in Eastern Europe, or the output of American wind turbines. He said this information is as easily accessible to terrorists and other criminals. And more will become available as the “Internet of things” — the collection of physical systems and devices connected to the Internet — grows in size.

  • Cybersecurity“Smart home” security flaws found in popular system

    Cybersecurity researchers were able to hack into the leading “smart home” automation system and essentially get the PIN code to a home’s front door. Their “lock-pick malware app” was one of four attacks that the cybersecurity researchers leveled at an experimental set-up of Samsung’s SmartThings, a top-selling Internet of Things platform for consumers. The work is believed to be the first platform-wide study of a real-world connected home system. The researchers did not like what they saw.

  • CybersecurityDefending encrypted data from quantum computer threat

    If an exotic quantum computer is invented that could break the codes we depend on to protect confidential electronic information, what will we do to maintain our security and privacy? This is the overarching question posed by a new report from the National Institute of Standards and Technology (NIST), whose cryptography specialists are beginning the long journey toward effective answers.

  • HackingFBI does not know how the $1m iPhone hack works

    The  FBI does not know how the hack which was used to unlock the San Bernardino terrorist’s iPhone 5C works, even though the agency paid about $1 million for the technique. The identity of the hackers who sold the technique to the agency is a closely guarded secret, and the FBI director himself does not know who they are.

  • CybersecurityArgonne hosts Cyber Defense Competition

    More than seventy-five aspiring cyber defenders from across Illinois and Iowa converged last Saturday on the U.S. Department of Energy’s (DOE’s) Argonne National Laboratory to take on the challenge of Argonne’s first Collegiate Cyber Defense Competition. The competition provided a strong challenge for eight teams from seven colleges, forcing them to defend simulated power utility networks from a variety of realistic attacks by a “Red Team” made up of cyber experts from Argonne and industrial partners.

  • Cyber warfarePentagon “dropping cyberbombs” on ISIS

    Deputy Secretary of Defense Robert Work has said that the U.S. military is “dropping cyberbombs” on ISIS. Earlier this month, Defense Secretary Ashton Carter announced that the U.S. Cyber Command had been given its “first wartime assignment” – attacking and disrupting ISIS cyber infrastructure. in the last few months, the Pentagon has allowed more information to be published about the U.S. military’s cyberwar against ISIS. Work, describing the Cyber Command’s operations at a news conference, said: “We are dropping cyberbombs. We have never done that before.”

  • CybersecurityPatching up Web applications

    By Larry Hardesty

    By exploiting some peculiarities of the popular Web programming framework Ruby on Rails, MIT researchers have developed a system that can quickly comb through tens of thousands of lines of application code to find security flaws. In tests on fifty popular Web applications written using Ruby on Rails, the system found twenty-three previously undiagnosed security flaws, and it took no more than sixty-four seconds to analyze any given program.

  • CybersecurityS&T licenses physical/cyber risk assessment tool to the commercial market

    DHS S&T announced that a fifth cybersecurity technology has been licensed for commercialization as a part of the Cyber Security Division’s Transition to Practice (TTP) program. The TTP program builds on the S&T process of funding projects through the full research and development lifecycle through to the commercial marketplace. The new technology — Physical and Cyber Risk Analysis Tool (PACRAT) — assesses cyber risks simultaneously with physical risks.

  • CybersecurityThe past, present, and future of ransomware

    The rise of ransomware over the past year is an ever growing problem. Business often believe that paying the ransom is the most cost effective way of getting their data back — and this may also be the reality. The problem we face is that every single business that pays to recover their files, is directly funding the development of the next generation of ransomware. As a result of this we are seeing ransomware evolve at an alarming rate.