• “Hacking” People, Not Systems: False Claims Attacks on Infrastructure

    False claims and disinformation, especially in a social media-driven society, have become major problems with potentially severe consequences. Disinformation can be weaponized to disrupt underlying cyber-physical systems, human lives and economic productivity. Recent examples include tweets that trigger spikes in gasoline prices and false social media posts reporting impending water pumping station shutdowns. In these scenarios, chaos is caused because people, not systems or devices, are “hacked.”

  • Denying Denial-of-Service: Strengthening Defenses Against Common Cyberattack

    A Denial-of-Service attack is a cyberattack that makes a computer or other device unavailable to its intended users. This is usually accomplished by overwhelming the targeted machine with requests until normal traffic can no longer be processed. Scientists have developed a better way to recognize a common internet attack, improving detection by 90 percent compared to current methods.

  • Cyber Insurance Not Fueling the Ransomware Epidemic

    Contrary to perceived wisdom, there is no compelling evidence that victims of ransomware with cyber insurance are much more likely to pay ransoms than those without.

  • New Cipher System Protects Computers Against Spy Programs

    Researchers have achieved a breakthrough in computer security with the development of a new and highly efficient cipher for cache randomization. The innovative cipher addresses the threat of cache side-channel attacks, offering enhanced security and exceptional performance.

  • De-Risking Authoritarian AI

    You may not be interested in artificial intelligence, but it is interested in you. AI-enabled systems make many invisible decisions affecting our health, safety and wealth. They shape what we see, think, feel and choose, they calculate our access to financial benefits as well as our transgressions. In a technology-enabled world, opportunities for remote, large-scale foreign interference, espionage and sabotage —via internet and software updates—exist at a ‘scale and reach that is unprecedented’.

  • Sandia Helps Develop Digital Tool to Track Cloud Hackers

    Sandia programmers are helping the federal Cybersecurity and Infrastructure Security Agency (CISA) through an innovative program that enlists Microsoft cloud users everywhere to track down hackers and cyberterrorists.

  • Can You Trust AI? Here’s Why You Shouldn’t

    Across the internet, devices and services that seem to work for you already secretly work against you. Smart TVs spy on you. Phone apps collect and sell your data. Many apps and websites manipulate you through dark patterns, design elements that deliberately mislead, coerce or deceive website visitors. This is surveillance capitalism, and AI is shaping up to be part of it.

  • Bolstering Cyber Safety on Roads and Highways

    A new research center is helping prevent potential cyberattacks that could threaten to impede the safe and efficient movement of people and goods in the United States and throughout the world.

  • A New Way to Look at Data Privacy

    Researchers create a privacy technique that protects sensitive data while maintaining a machine-learning model’s performance. The researchers created a new privacy metric, which they call Probably Approximately Correct (PAC) Privacy, and built a framework based on this metric that can automatically determine the minimal amount of noise that needs to be added.

  • Satellite Security Lags Decades Behind the State of the Art

    Thousands of satellites are currently orbiting the Earth, and there will be many more in the future. Researchers analyzed three current low-earth orbit satellites and found that, from a technical point of view, hardly any modern security concepts were implemented. Various security mechanisms that are standard in modern mobile phones and laptops were not to be found.

  • Chinese Intelligence-Linked Hackers Targeted U.S. Government Agencies in Microsoft Hack

    Hackers linked to China’s intelligence agencies, are behind a monthlong campaign that breached some unclassified U.S. email systems, allowing them to access to a small number of accounts at the U.S. State Department and a handful of other organizations.

  • Stressed for a Bit? Then Don’t Click It, Cybersecurity Experts Advise

    Workers feeling a specific form of stress are more likely than others to become the victims of a phishing attack. Phishing psychology study explores what makes workers vulnerable.

  • Recent Chinese Cyber Intrusions Signal a Strategic Shift

    On 25 May, Australia and its partners in the Five Eyes intelligence-sharing network—Canada, New Zealand, the UK and the US—made a coordinated disclosure on a state-sponsored cyber hacking group dubbed ‘Volt Typhoon’. The group has been detected intruding on critical infrastructure since 2021, but the nature of recent intelligence on its behavior hints at worrying developments in the Chinese cyber establishment.

  • Researchers Devise a Way to Evaluate Cybersecurity Methods

    A savvy hacker can obtain secret information, such as a password, by observing a computer program’s behavior, like how much time that program spends accessing the computer’s memory. Security approaches that completely block these “side-channel attacks” are so computationally expensive, so engineers often apply what are known as obfuscation schemes. MIT researchers have developed a system which analyzes the likelihood that an attacker could thwart a certain security scheme to steal secret information.

  • U.S. Agencies Buy Vast Quantities of Personal Information on the Open Market – a Legal Scholar Explains Why and What It Means for Privacy in the Age of AI

    The issues pf the protection of personal information in the digital age is increasingly urgent. Today’s commercially available information, coupled with the now-ubiquitous decision-making artificial intelligence and generative AI like ChatGPT, significantly increases the threat to privacy and civil liberties by giving the government access to sensitive personal information beyond even what it could collect through court-authorized surveillance.