• CybersecurityHackers “Manipulated” Stolen COVID Vaccine Papers, Says EU Agency

    Documents and emails about the BioNTech-Pfizer and Moderna jabs were taken in a cyberattack late last year. The EU’s drug regulator thinks hackers are trying to damage public trust in the COVID vaccines.

  • CybersecurityThe Sunburst Hack Was Massive and Devastating – 5 Observations from a Cybersecurity Expert

    By Paulo Shakarian

    So much remains unknown about what is now being called the Sunburst hack, the cyberattack against U.S. government agencies and corporations. U.S. officials widely believe that Russian state-sponsored hackers are responsible. The attack gave the perpetrators access to numerous key American business and government organizations. The immediate effects will be difficult to judge, and a complete accounting of the damage is unlikely. However, the nature of the affected organizations alone makes it clear that this is perhaps the most consequential cyberattack against the U.S. to date.

  • The Russia connectionRevelations of Cyberattacks on U.S. Likely Just “Tip of the Iceberg”

    Russian government hackers have infiltrated the computer networks of some of the nation’s biggest corporations, leading defense contractors, and top U.S. government agencies, including those in national security branches, in what security analysts believe is a “very significant” breach. The Russian espionage campaign was “sustained, targeted, far-reaching,” analysts say.

  • Election securityElection security It’s Official: The Election Was Secure

    Election officials and election security experts have long been clear: voter fraud is extraordinarily rare and the U.S. system has strong checks in place to protect the integrity of our voting process. “These are the facts,” says the Brennan Center for Justice. “But the facts have not stopped bad actors from trotting out baseless claims of ‘systemic voter fraud’ to suppress votes and undermine trust in our democracy for political gain.” Government officials, judges, and elected leaders, overwhelmingly Republican —and, in the executive branch and the judiciary, mostly Trump appointees — have publicly acknowledged confidence in the November election.

  • PrivacyOnline Users Manipulated into Sharing Private Information Online

    Online users are more likely to reveal private information based on how website forms are structured to elicit data, BGU researchers have determined.

  • PERSPECTIVE: Better cyberdefensesThe Strategic Implications of SolarWinds

    Recent reports of a broad Russian cyber infiltration across U.S. government networks are a sign of how great-power competition will play out in the twenty-first century. Benjamin Jensen, Brandon Valeriano, and Mark Montgomery write that the SolarWinds operation demonstrates that U.S. Cyber Command’s vision of persistent engagement, which calls for preventively imposing costs as adversaries to shape competition in cyberspace, appears not to have worked as expected. “In the future, what is required is a deeper focus on denial-based approaches: How can the U.S. limit the attack surfaces available to the opposition and harden targets to ensure resilience?” they write.

  • CybersecurityMemory Card May Be Used to Steal Data

    Researchers have published new research detailing a technique to convert a RAM card [a memory module that is plugged into a computer’s motherboard that stores the data being used by the computer] into an impromptu wireless emitter and transmit sensitive data from inside a non-networked air-gapped computer that has no Wi-Fi card.

  • The Russia connectionScope, Damage of Massive Russian Hack Still Uncertain

    Cyberexperts inside and outside the U.S. government are scrambling to determine the dimensions of the massive hack by Russian government hackers of dozens of government agencies and private organizations. “While the Russians did not have the time to gain complete control over every network they hacked, they most certainly did gain it over hundreds of them. It will take years to know for certain which networks the Russians control and which ones they just occupy,” said Thomas Bossert, Trump’s former cybersecurity adviser. Senator Richard Blumenthal (D-Connecticut), after closed-door meeting of the Senate Intelligence Committee, in which members were briefed by the intelligence community, said he was “deeply alarmed, and even downright frightened.”

  • RansomwareK-12 Schools Need to Take Cyberattacks More Seriously

    By Nir Kshetri

    There has been an uptick of ransomware attacks in which cybercriminals have targeted public schools throughout the United States – from Hartford, Connecticut, to Huntsville, Alabama – since the 2020-21 school year began. Federal cybersecurity officials say the attacks – which involve things that range from the theft of sensitive student data to the disruption of online classes – are expected to continue. As a researcher who specializes in cybercrime and cybersecurity, I know that public schools represent easy and attractive targets for cybercriminals.

  • The Russia connectionU.S. National Security Officials Investigating Hacker Intrusions

    The Trump administration acknowledged Sunday that several U.S. institutions were hacked on behalf of a foreign government. Cybersecurity experts believe Russia is likely behind the attack on the U.S. Treasury and Commerce departments in what U.S. media is calling one of the most sophisticated attacks on U.S. government systems in years.

  • ARGUMENT: Russian hackingQuick Thoughts on the Russia Hack

    David Sanger, building on a Reuters story, reports in the New York Times that some country, probably Russia, “broke into a range of key government networks, including in the Treasury and Commerce Departments, and had free access to their email systems.” The breach appears to be much broader. Jack Goldsmith writes that The U.S. approach to preventing these breaches appears to involve five elements, but that, on the whole, these elements have failed to stop, prevent or deter high-level breaches.

  • CybersecurityA Better Kind of Cybersecurity Strategy

    During the opening ceremonies of the 2018 Winter Olympics, held in PyeongChang, South Korea, Russian hackers launched a cyberattack that disrupted television and internet systems at the games. The incident was resolved quickly, but because Russia used North Korean IP addresses for the attack, the source of the disruption was unclear in the event’s immediate aftermath. There is a lesson in that attack, and others like it, at a time when hostilities between countries increasingly occur online. In contrast to conventional national security thinking, such skirmishes call for a new strategic outlook, according to one expert.

  • CybersecurityU.S. Cybersecurity Firm FireEye Hit By “Nation-State” Attack, Russia Suspected

    Prominent U.S. cybersecurity firm FireEye says it has recently been targeted by hackers with “world-class capabilities,” believing that the hacking was state-sponsored. In a blog post, FireEye CEO Kevin Mandia said the hackers broke into its network and stole tools used for testing customers’ security. “The attacker primarily sought information related to certain government customers,” Mandia wrote, without naming them.

  • CybersecurityRussian Government Hackers Exploit Known Vulnerability in Virtual Workspaces

    The National Security Agency (NSA) released a Cybersecurity Advisory on Monday, detailing how Russian state-sponsored actors have been exploiting a vulnerability in VMware products to access protected data on affected systems.

  • CybersecurityIBM Detects Hacking Ploy to Target COVID Vaccine Supply

    Researchers from technology giant IBM say hackers have tried to collect information on the global initiative for distributing coronavirus vaccine to developing countries. They said a nation state appeared to be involved.