• Good apps talking to bad Web sites behind your back

    In one of the first studies to analyze behind-the-scenes behaviors of good applications, researchers conducted a large-scale analysis of URLs embedded in 13,500 free android apps downloaded from Google Play. The apps tested were created by reputable developers and downloaded by many people, among them popular social media, shopping, news and entertainment apps. The researchers found that almost 9 percent of popular apps downloaded from Google Play interact with Web sites that could compromise users’ security and privacy; 15 percent talked to bad Web sites (with intentions that vary from harming devices, stealing confidential data or annoying users with spam); and 73 percent talked to low-reputation Web sites(those receiving a Web of Trust rating lower than 60/100).

  • New cybersecurity legislation would shield companies from public records laws

    A legislation which passed both houses of Congress, but has not yet signed into law by the president, aims to encourage companies and organizations to share with the U.S. government information about cyberattacks and cyberthreats they experience –but critics say there is a catch: the legislation would severely restrict what the public can learn about the program.

  • view counter
  • USD launches a new Center for Cyber Security Engineering and Technology

    To address the threats cyberattacks pose to the security, prosperity, and privacy of the United States and its citizens, the University of San Diego announced the creation of its Center for Cyber Security Engineering and Technology. The Center will focus on cybersecurity challenges through education, training, and research.

  • DHS runs many unsecured databases: IG

    DHS Inspector General found that DHS is running dozens of unpatched databases, some of which are rated “secret” and even “top secret.” An audit of the department’s IT infrastructure has found large security gaps, including the fact that 136 systems had expired “authorities to operate” – that is, no one was in charge of keeping them updated. Of the 136, 17 were classified as “secret” or “top secret.”

  • E-mail security is better than it was, but far from perfect

    E-mail security helps protect some of our most sensitive data: password recovery confirmations, financial data, confidential correspondences, and more. A new report finds that e-mail security is significantly better than it was two years ago, but still has widespread issues.

  • Encryption firm tightens access following Paris attacks

    Encrypted communications specialist Silent Circle, after learning that ISIS was recommending two of the company’s products — the encrypted Blackphone handset and Silent Phone applications for private messaging — to the organization’s followers, is taking steps to make it more difficult for terrorists and their followers to use these products.

  • Telegram IM app recalibrates policies after Paris attacks

    Pavel Durov, the creator of the popular instant messaging app Telegram, has said that following the Paris terrorist attacks, his company has blocked dozens of accounts associated with the jihadist Islamic State group. As is the case with other technology companies, Telegram is trying to negotiate the balance between privacy and security: the same privacy-enhancing technology which keeps customers’ communication private, also helps terrorists communicate with each other and plot attacks safe from monitoring and surveillance by intelligence agencies and law enforcement.

  • Paris terrorist attacks reignite debate over end-to-end encryption, back doors

    The exact way the terrorists who attacked France last Friday communicated with each other, and their handlers, in the run-up to the attack is not yet clear, but the attack has prompted law enforcement and intelligence agencies in Europe and the United States to renew their call to regulate the use of new encryption technologies which allow users to “go dark” and make it difficult, if not altogether impossible, to retrieve the contents of communication.

  • Iranian global cyber espionage campaign exposed

    Check Point Software Technologies Ltd. on Monday published a 38-page report identifying specific details and broad analysis on cyber-espionage activity conducted by the group “Rocket Kitten,” with possible ties to Iranian Revolutionary Guard Corps. The new report also reveals details of the group’s global operations and insight into more than 1,600 of their targets.

  • Automated application whitelisting to prevent intrusions, malware

    Automated application whitelisting regulates what software can load onto an organization’s network. It is one of a number of techniques that can help prevent malware infections, and it complements other security technologies that are part of an enterprise’s defense-in-depth resources. The National Institute of Standards and Technology (NIST) has published a guide to deploying automated application whitelisting to help thwart malicious software from gaining access to organizations’ computer systems.

  • DHS S&T-funded technology protects devices from cyberattacks

    In 2011, a small group of university researchers working on securing embedded devices caught the attention of the Department of Homeland Security (DHS) Science and Technology Directorate (S&T). That effort has since evolved into a one-of-a-kind technology — called Symbiote — which Hewlett-Packard (HP) recently licensed from Red Balloon Security, to protect its printers from cyberattacks.

  • Iran Revolutionary Guard hackers target State Department’s Iran-policy personnel

    Hackers working for Iran’s Revolutionary Guards have in recent weeks intensified their hacking campaign against e-mail and social media accounts of Obama administration officials. U.S. officials say they believe the cyberattacks are linked to the arrest in Tehran of an Iranian-American businessman. The cyberattacks appear to target people working on Iran policy, with many of attacks focusing on personnel in the State Department’s Office of Iranian Affairs and the Bureau of Near Eastern Affairs.

  • NSF highlights more than forty years of supporting cybersecurity research and education

    New report highlights NSF-funded cybersecurity research and education. Today, NSF invests nearly $160 million each year in interdisciplinary research, education, and workforce development help protect national and personal security. This support helps scientists develop the tools, training, and people that will keep the nation safe and maintain online privacy.

  • Protecting vehicles from cyberattacks

    The Department of Homeland Security (DHS) Science and Technology Directorate (S&T) has awarded two grants for the development of technologies that can help defend government and privately owned vehicles from cyberattacks. “Modern vehicles are no longer purely mechanical systems,” said Dr. Dan Massey, S&T Cyber Physical Systems Security (CPSSEC) Program Manager. “Today’s vehicles have interdependent cyber components used for telematics, conveniences, and safety-critical systems. A stealthy adversary could gain access to a vehicle’s cyber components and remain completely hidden until initiating a widespread attack.”

  • Researching cyber vulnerabilities in computer-controlled cars may violate copyright law

    The advent of computer controlled, Internet-capable vehicles is offering fertile new ground to hackers. Groups of “white hat” hackers have already demonstrated the vulnerabilities inherent in the new cars’ computer systems – by taking control over a car from ten miles away. One problem in addressing the issue is that the control software is proprietary, and is owned by the developers, and researching it to uncover flaws may be a violation of copyright laws.