• Improving the security of data transfer

    Georgia Tech researchers were awarded $4.2 million from the Defense Advanced Research Projects Agency (DARPA) and Air Force Research Laboratory (AFRL) to improve how data is tracked between computers, Internet hosts, and browsers for better cyber security. The four-year project, titled “THEIA” after the Greek goddess of shining light, attempts to shed light on exactly where data moves as it is routed from one Internet host to another and whether any malicious code, for example, is attached to data during transfer.

  • New tool to improve government computer network security

    Researchers have developed a computer network security tool to help government agencies, along with state and local governments. The software-based technology, known as the Network Mapping System (NeMS), discovers and characterizes computer networks. “It is important to know what you have on your networks, so that you can decide what best practices to apply,” says one of the researchers.

  • N.Y. village pays ransom to regain access to hacker-encrypted files

    The village Ilion in central New York paid ransom twice last year — $300 and $500 — to have access to its computers two official-looking e-mails planted malware throughout the village’s computer system. The New York State comptroller’s office has audited 100 municipal computer systems the past three years, and said the experience of Ilion should serve as a warning to others municipalities of the growing cyberthreat – especially attempts by hackers to infiltrate computer systems to make them inaccessible unless ransom is paid.

  • FDA to hospitals: Infusion system vulnerable to hacks, should not be used

    The Food and Drug Administration (FDA) issued a warning in which it “strongly encourages” hospitals to stop using Hospira’s Symbiq Infusion System, because the device is vulnerable to attacks by hackers who could remotely control dosages delivered via the computerized pumps. The FDS said that tests have shown that an unauthorized third party – hackers – could access the Symbiq infusion system by breaching hospital networks.

  • FireEye: Kremlin-backed hackers used Twitter to mask attacks on U.S.

    FireEye the other day released a new Threat Intelligence report which analyzes the functionality and obfuscation tactics of an advanced piece of malware employed by the likely Russian government-backed Advanced Persistent Threat (APT) group APT29. APT29 combines steganography, cloud storage, and social media services to fly under the radar of network defenders.

  • U.S. military bases vulnerable to cyberattacks on their power, utility systems

    U.S. military bases are at risk for cyberattacks against the bases’ power grid and other utility systems, according to a new report on defense infrastructure from the Government Accounting Office. The 72-page GAO document concludes military bases “may be vulnerable to cyber incidents that could degrade operations and negatively impact missions.”

  • Shoring up Tor

    With 2.5 million daily users, the Tor network is the world’s most popular system for protecting Internet users’ anonymity. For more than a decade, people living under repressive regimes have used Tor to conceal their Web-browsing habits from electronic surveillance, and Web sites hosting content that’s been deemed subversive have used it to hide the locations of their servers. Researchers have now demonstrated a vulnerability in Tor’s design, mounting successful attacks against popular anonymity network — and show how to prevent them.

  • Israel bolsters cyber defenses to cope with an escalating number of cyberattacks

    In 2013, Israel’s grid was cyberattacked, on average, a few hundred times per hour. Last year the average hourly attacks on Israel’s grid was 20,000.The number of detected cyberattacks on Israel reached two million a day during the war with Hamas last summer. The Israeli government decided there was a need to reorganize and improve the cyberdefense systems protecting Israel’s critical infrastructure.

  • Cellphones can steal data from isolated “air-gapped” computers

    Air-gapped computers are isolated — separated both logically and physically from public networks — ostensibly so that they cannot be hacked over the Internet or within company networks. Researchers at the Ben-Gurion University of the Negev (BGU) Cyber Security Research Center have discovered that virtually any cellphone infected with a malicious code can use GSM phone frequencies to steal critical information from infected “air-gapped” computers.

  • Russia offers safe haven for a major botnet operator

    Recently the FBI offered a reward of $3 million for any useful information which will lead to the apprehension of Evgeniy Mikhailovich Bogachev. Bogachev is notorious for creating the Gameover Zeus botnet, which the FBI had successfully shut down in mid-2014, but the agency failed to capture Bogachev himself. In early 2015 Bogachev managed to restore Zeus.The hackers behind Zeus are believed to have stolen more than $100 million since3 2011. Experts worry that botnet may be used for more than stealing money, and may become a weapon of cyber warfare.

  • DHS S&T Awards $2.9 million for mobile app security research

    DHS S& T last week announced a $2.9 million cybersecurity mobile app security (MAS) research and development (R&D) award which will help identify mobile app vulnerabilities. The MAS R&D project aims to establish continuous automated assurance of mobile apps for the federal government.

  • Proposed bill would formalize DHS role in securing government networks

    The hacking of the federal Office of Personnel Management (OPM), which resulted in the theft of records of twenty-two million federal employees and their families, has prompted a Senate response. A bipartisan group of U.S. senators has introduced a bill on the heels of that event, updating the original Federal Information Security Management Act (FISMA) and formalizing the role of DHS in securing government networks and Web sites.

  • Journalists’ computer security tools lacking in a post-Snowden world

    Edward Snowden’s leak of classified documents to journalists around the world about massive government surveillance programs and threats to personal privacy ultimately resulted in a Pulitzer Prize for public service. Though Snowden had no intention of hiding his identity, the disclosures also raised new questions about how effectively news organizations can protect anonymous sources and sensitive information in an era of constant data collection and tracking. Researchers found a number of security weaknesses in journalists’ and news organizations’ technological tools and ad-hoc workarounds.

  • North Wales wants to be “one of the most secure places in the world to do business”

    Glyndŵr University is to play a leading role in the fight against cybercrime. The Wrexham, Wales-based university hosted the first meeting of the North Wales Cyber Security Cluster on Thursday (23 July). The institution and North Wales Police saw experts in online security and e-crime join the forum, and also invited members of the public and business owners who have been targeted in the past to attend and share information and advice, in a bid, the organizers say, “to make North Wales one of the most secure places in the world to do business.”

  • Hackers take remote control of a Jeep, forcing it into a ditch

    Security experts have called on owners of Fiat Chrysler Automobiles vehicles to update their onboard software to make their vehicles better protected against hackers. The call comes after researchers demonstrated they could hack and take control of a Jeep over the Internet. The researchers disabled the engine and brakes and crashed the Jeep into a ditch – while the driver was sill behind the wheel.