• Hackers working for a “state actor” planted spyware in WhatsApp via missed calls

    Hackers, in all likelihood working for a state, managed to circumvent WhatsApp security by exploiting vulnerability associated with missed calls. The hackers planted an advanced spying software created by Israeli cyber company NSO to infect a few dozen phones. WhatsApp said the attack bore “all the hallmarks of a private company known to work with governments to deliver spyware that reportedly takes over the functions of mobile phone operating systems.”

  • Russia has Americans’ weaknesses all figured out

    What are Americans supposed to think when their leaders contradict one another on the most basic question of national security—who is the enemy? Is Russia the enemy, or was the investigation of Russia’s interference in the 2016 election just a slow-motion attack on the president and his supporters? Are Russian fake-news troll farms stirring up resentment among the American electorate, or are mainstream-media outlets just making things up? Jim Sciutto writes in Defense One that U.S. military commanders, national-security officials, and intelligence analysts have a definitive answer: Russia is an enemy. It is taking aggressive action right now, from cyberspace to outer space, and all around the world, against the United States and its allies. But the public has been slow to catch on, polls suggest, and Trump has given Americans little reason to believe that their president recognizes Russia’s recent actions as a threat.

  • Report reveals scale of Russian interference in European democracy

    Evidence of the Kremlin-backed Internet Research Agency’s long-term interest in European politics and elections has been revealed in two new studies. while Russian involvement in the 2016 U.S. presidential election has been well documented, far less has been known about the Internet Research Agency’s European operations, until now.

  • U.S. official: Executive order not needed to ban Huawei in U.S. 5G networks

    “We have grave concerns about the Chinese vendors because they can be compelled by the National Intelligence Law in China as well as other laws in China to take actions that would not be in the interests of the citizens of other countries around the world. Those networks could be disrupted or their data could be taken and be used for purposes that would not be consistent with fundamental human rights in those countries,” says Robert Strayer, deputy assistant secretary of state for cyber and international communications and information policy.

  • Electricity grid cybersecurity will be expensive – who will pay, and how much?

    Russia, China, North Korea and Iran are capable of hacking into the computers that control the U.S. electricity grid. Protecting the grid from hacking would cost tens of billions of dollars. The electricity customers will likely foot most of the bill.

  • Facebook removes more pages, accounts linked to “inauthentic” Russian operators

    Facebook said it has removed more pages and accounts that are believed to have originated in Russia and were involved in “coordinated inauthentic behavior.”

  • Blockchains are being exploited by bots for profit

    Blockchains have been hailed as fair and open, constructed so a single user can’t falsify or alter records because they’re all part of a transparent network. The reality is not so simple, according to new research.

  • Flaws in metrics for user login systems

    How good is the research on the success or failure of the system that verifies your identity when you log into a computer, smartphone or other device? Chances are it’s not good, and that’s a major security and privacy issue that should be fixed.

  • The Russia investigation will continue

    Special Counsel Robert Mueller’s Russia probe is over, but the FBI is almost certain to continue its counterintelligence investigation into Russian espionage efforts related to the 2016 election. The FBI will continue to search for Americans working on behalf of the Kremlin. John Sipher writes in The Atlantic that the inability to establish that the Trump campaign conspired in a “tacit or express” agreement with the Russian government is not surprising. Most espionage investigations come up empty unless and until they get a lucky break. That does not mean there was no espionage activity in relation to the 2016 election. Every previous Russian political-warfare campaign was built on human spies. Russian “active measures”—propaganda, information warfare, cyberattacks, disinformation, use of forgeries, spreading conspiracies and rumors, funding extremist groups and deception operations—rely on human actors to support and inform their success. Counterintelligence professionals must doubt that Russia could have pulled off its election-interference effort without the support of spies burrowed into U.S. society or institutions.

  • Blinded and confused: Security vulnerabilities in “smart home” IoT devices

    Researchers have identified design flaws in “smart home” Internet-of-Things (IoT) devices that allow third parties to prevent devices from sharing information. The flaws can be used to prevent security systems from signaling that there has been a break-in or uploading video of intruders.

  • Enabling more comprehensive tests on high-risk software

    We entrust our lives to software every time we step aboard a high-tech aircraft or modern car. A long-term research effort has developed new tools to make this type of safety-critical software even safer.

  • Can WiFi networks be completely secure?

    There are many ways in which hackers and crackers can break into a Wi-Fi network. It is trivial if the network uses out of date security protocols or weak passwords. But even if the system is set up with the latest security measures, strong passwords, and firewall and malware protection, there are still ways and means that a malicious third party might access such a network.

  • Actively used private keys on the ethereum blockchain facilitate cryptocurrency theft

    Researchers at Independent Security Evaluators (ISE) have discovered 732 actively used private keys on the Ethereum blockchain. The researchers also found that poorly implemented private key generation is also facilitating the theft of cryptocurrency.

  • Deterring Russian intimidation and aggression: Unconventional approaches

    Amid concerns that Estonia, Latvia and Lithuania are vulnerable to Russian intimidation and hybrid warfare, experts conclude that unconventional defense plans could help deter and counteract Russian aggression.

  • Identifying new way to improve cybersecurity

    With cybersecurity one of the nation’s top security concerns and billions of people affected by breaches last year, government and businesses are spending more time and money defending against it. Researchers have identified a new way to improve network security.