• Privacy Flaw Found in E-Passports

    Researchers have discovered a flaw in the security standard of biometric e-passports that has been used worldwide since 2004. This standard, ICAO 9303, allows e-passport readers at airports to scan the chip inside a passport and identify the holder.

  • How Kids Get into Hacking

    Is your kid obsessed with video games and hanging out with questionable friends? These are common traits for involvement in cybercrime, among other delinquencies. New research characteristics and gender-specific behaviors in kids that could lead them to become juvenile hackers.

  • Stopping an “Internet of Things” Attack from Bringing Down the Power Grid

    Last year, Princeton researchers identified a disturbing security flaw in which hackers could someday exploit internet-connected appliances to wreak havoc on the electrical grid. Now, the same research team has released algorithms to make the grid more resilient to such attacks. The algorithms could stop an internet of things attack from bringing down the power grid.

  • What Data Hackers Can Get about You from Hospitals

    When hospitals are hacked, the public hears about the number of victims – but not what information the cybercriminals stole. New research uncovers the specific data leaked through hospital breaches, sounding alarm bells for nearly 170 million people.

  • Science Fiction Has Become Dystopian Fact

    So which dystopia are we living in? Most educated people have read George Orwell’s Nineteen Eighty-Four and Aldous Huxley’s Brave New World. So influential have these books been that we are inclined to view all disconcerting new phenomena as either “Orwellian” or “Huxleyan”. If you suspect we shall lose our freedom to a brutally repressive state, grinding its boot into our faces, you think of George. If you think we shall lose it to a hedonistic consumer culture, complete with test-tube designer babies, you quote Aldous. “My own belief is that the ruling oligarchy will find less arduous and wasteful ways of governing and of satisfying its lust for power,” Huxley wrote in a letter to Orwell in 1949. Niall Ferguson agrees: “As I reflect on the world in 2019, I am struck by the wisdom of [Huxley’s] words. In Xi Jinping’s China, we see Totalitarianism 2.0. The boot on the face remains a possibility, of course, but it is needed less and less as the system of social credit expands, aggregating and analyzing all the digital data that Chinese citizens generate.”

  • How Social Media Should Prepare for Disinformation Campaigns in the 2020 Election

    A new report assesses some of the forms and sources of disinformation likely to play a role on social media during the 2020 presidential election campaign in the U.S. The report explores these risks and analyzes what the major social media companies—Facebook, Twitter, and YouTube (owned by Google)—have done to harden their defenses against disinformation. The report also offers nine recommendations of additional steps social media companies should take to prepare for 2020.

  • Innovation and Cybersecurity: A Balancing Act

    Companies are working to balance their desire for new innovations with their need for strong cyberdefenses – and it is a delicate balance, a new report says. A survey of 500 U.S. businesses reveals that company executives, business staff and technology professionals have distinctly different views on where their organization stands when it comes to cyber-readiness.

  • Cybersecurity of Connected Autonomous Vehicles

    In the near future connected and autonomous vehicles (CAVs) are expected to become widely used across the world. Researchers have been working to improve the security, privacy and safety of CAVs by testing four innovations in the IoT-enabled Transport and Mobility Demonstrator. They were able to connect CAVs to other CAVs and roadside infrastructure more securely and privately.CAVs can now connect to each other, roadside infrastructure, and roadside infrastructure to each other more securely.

  • Tests Find 125 Vulnerabilities in 13 Network Attached Storage Devices

    In a new, follow-up cybersecurity study of network attached storage (NAS) systems and routers since 2013, consulting and research firm Independent Security Evaluators (ISE) found 125 vulnerabilities in 13 IoT devices, reaffirming an industrywide problem of a lack of basic security diligence.

  • Sensitive Personal and Financial Data of What’s Likely an Entire Country Leaked Online

    A chilling data leak on an unsecured server in Miami divulged sensitive personal and financial information of what appears to be the entire population of Ecuador. The discovery came from the internet security firm VpnMentor, which discovered the database containing more than 20 million individuals’ data—including as many as 7 million minors—on an exposed Florida-based server belonging to the Ecuadorian data and analytics company Novaestrat.

  • Fearing “Spy Trains,” Congress May Ban a Chinese Maker of Subway Cars

    A Chinese state-owned company called CRRC Corporation, the world’s largest train maker, completed the $100 million facility this year in the hopes of winning contracts to build subway cars and other passenger trains for American cities like Chicago and Washington. But growing fears about China’s economic ambitions and its potential to track and spy on Americans are about to quash those plans. Lawmakers — along with CRRC’s competitors — say they are concerned that subway cars made by a Chinese company might make it easier for Beijing to spy on Americans and could pose a sabotage threat to American infrastructure. Critics of the deal speculate that the Chinese firm could incorporate technology into the cars that would allow CRRC — and the Chinese government — to track the faces, movement, conversations or phone calls of passengers through the train’s cameras or Wi-Fi.

  • How Artificial Intelligence Is Changing Cyber Security Landscape and Preventing Cyber Attacks

    With the genuinely significant potentials of Artificial Intelligence, the probability of attackers weaponizing it and using it to boost and expand their attacks is a huge threat. One of the biggest concerns is that hackers can use AI to automate cyberattacks on a massive scale. Now, our adversaries are relying on human resources to craft and coordinate their attacks. Cybercrime and cybersecurity landscape are going to change –not for the better – if and when they learn to use AI and machine learning to do the dirty work. So, the three main implications of Artificial Intelligence to the threat landscape are the augmentation of today’s threats and attacks, the development of new threats, and the variation of the nature of existing threats.

  • North Korean Hacking Groups Hit with Treasury Sanctions

    The Department of the Treasury hit three North Korean groups with new sanctions Sept. 13 for conducting cyberattacks against critical infrastructure, including the infamous WannaCry ransomware attacks. Treasury’s Office of Foreign Asset Control announced that Lazarus Group, an advanced persistent threat believed to be working at the behest of the North Korean government and two of its subgroups, dubbed Bluenoroff and Andariel, was responsible for unleashing WannaCry, which wrought havoc across hospital and health care organizations in as well as other sectors in the United Kingdom and other industrial sectors in 2017, as well as the 2014 Sony hack.

  • West Needs to Be Ready for Terrorist “Dirty” Cyber Bomb

    The West must take necessary precautions to prevent terrorists from launching a “dirty” cyber bomb, Lt.-Gen. (ret.) Vincent Stewart, who stepped down a few months ago from his post as deputy head of the US Cyber Command. Stewart that while the West took cyberattacks from nation-states seriously, it is vastly underestimating the danger of a massive ISIS or al-Qaeda cyberattack which could cripple a country’s entire infrastructure. While drawing attention to cyber terrorism, Stewart acknowledged that a nation state like Russia was still the most dangerous cyber adversary with “Russia viewing itself as a global power” and Russian President Vladimir “Putin believing he is almost the czar.”

  • New Clues Show How Russia’s Grid Hackers Aimed for Physical Destruction

    For nearly three years, the December 2016 cyberattack on the Ukrainian power grid has presented a menacing puzzle. Two days before Christmas that year, Russian hackers planted a unique specimen of malware in the network of Ukraine’s national grid operator, Ukrenergo. Just before midnight, they used it to open every circuit breaker in a transmission station north of Kyiv. The result was one of the most dramatic attacks in Russia’s , an unprecedented, automated blackout across a broad swath of Ukraine’s capital. In an insidious twist in the Ukrenergo case, Russia’s hackers apparently intended to trigger that destruction not at the time of the blackout itself but when grid operators turned the power back on, using the utility’s own recovery efforts against them.