• Busting Russia’s fake news the European Union way

    The U.S. has been rocked over the last two years by claims that the Russian government directly attempted to meddle in the 2016 presidential election. Such efforts may be relatively new in the U.S. But they are part of a much larger global push by the Kremlin to affect politics across the European Union and exploit citizens through the internet. I study computer hacking, malware and the role of the internet in fraud and deception by various actors. And I believe that the Europeans have something to teach the United States about how to protect citizens subject to Russian internet propaganda.

  • Modeling cyber insurance could protect the power grid

    The failure of even parts of the U.S. power grid could cause rolling blackouts that paralyze health care, traffic and business systems. With the advent of “smart” infrastructures that send data to the internet, cybersecurity is becoming a prime concern of public officials. Researchers are aiming to help utility companies prepare for that risk by making it easier for insurance companies to cover it.

  • Privacy of Americans not protected in omnibus spending bill

    The CLOUD Act, inserted at the very end of the 2,232-page omnibus spending bill, will make substantial amendments to the Electronic Communications Privacy Act (ECPA). It grants U.S. law enforcement entities new powers to compel U.S. companies to disclose communications and data on U.S. and foreign users that is stored overseas. It also empowers foreign governments to demand the stored and real-time data and communications of users outside the U.S.

  • Cybersecurity Lab welcomes first female hacker-in-residence

    NYU Tandon’s Offensive Security, Incident Response and Internet Security Laboratory, aka the OSIRIS Lab, recently welcomed a new hacker-in-residence: Sophia d’Antoine, a Senior Security Researcher at Trail of Bits. As a hacker-in-residence at the student-run cybersecurity research lab, d’Antoine will be imparting her own expertise to the student members hoping to learn practical approaches to combating hackers who exploit real systems.

  • Leaky apps exacerbate Facebook’s privacy risks

    A bug in Facebook’s advertising platform made it possible for potential hackers to uncover users’ phone numbers, according to new research. The Facebook advertising system is incredibly effective at targeting specific audiences, which is what has made the company so lucrative, says a researcher. But because anyone can become an advertiser, and there is very little transparency in what ads are being placed, the platform “could be used for nefarious purposes,” he added.

  • Higher education joint cyber security operations center launches

    Indiana University, Northwestern University, Purdue University, Rutgers University and the University of Nebraska-Lincoln have announced the launch and activation of OmniSOC, a specialized, sector-based cyber security operations center, or SOC, that provides trusted, rapid, actionable cyber intelligence to its members. OmniSOC protects five universities, hundreds of thousands of devices and tens of thousands of students and faculty from cyber threats.

  • U.S. not ready to fend off Russian meddling in the 2018 midterms: GOP, Dem. lawmakers

    Dan Coats, the director of national intelligence (DNI), told lawmakers two weeks ago that “the Unsaid States is under attack” by Russia. On Wednesday, the Senate Intelligence Committee held hearings about how the United States was addressing one of the components the three-pronged Russian attack: Russia’s ambitious effort to undermine and discredit American democracy by attacking the U.S. election infrastructure. Homeland Security Secretary Kirstjen Nielsen and former DHS secretary Jeh Johnson were confronted by pointed questions from both Republicans and Democrats, questions which revealed a bipartisan consensus that the United States is not prepared to fend off Russian meddling in the 2018 midterms.

  • Senate Intel Committee: Initial election security recommendations for 2018 election cycle

    The Senate Select Committee on Intelligence will hold an open hearing today, Wednesday, 21 March 2018, on the threats to election infrastructure. The hearing will cover Russian attempted attacks on state election infrastructure in 2016, DHS and FBI efforts to improve election security, and the view from the states on their cybersecurity posture. The committee yesterday made available its initial recommendations on election security after investigating Russian attempts to target election infrastructure during the 2016 U.S. elections.

  • Lawmakers question lack of effort by State, Defense in countering Russian disinformation

    A bipartisan group of six members of the U.S. Senate Foreign Relations Committee have urged the State Department and the Department of Defense to explain why tens of millions in federal funds designated to counter disinformation and propaganda from foreign governments like Russia have not been spent. The Senators’ letter comes in response to a report that the State Department has not spent any of the $120 million Congress allocated to the Department to combat foreign meddling in U.S. elections.

  • Multi-laboratory cyber defense competition

    In little over two weeks, over a hundred college students from across the United States will convene in one of the largest cyber defense competitions in the nation. The event, hosted and funded by the U.S. Department of Energy’s (DOE) Office of Electricity Delivery and Energy Reliability’s (OE) Infrastructure Security and Energy Restoration Division, will take place on 6-7 April 2018. This event will be simultaneously hosted at three of the Department’s national laboratories: Argonne National Laboratory, Oak Ridge National Laboratory and Pacific Northwest National Laboratory.

  • Hackers attacking 4G LTE networks could send fake emergency alerts

    Researchers have identified several new vulnerabilities in 4G LTE networks, potentially allowing hackers to forge the location of a mobile device and fabricate messages. Ten new and nine prior attacks were outlined in a new study, including the authentication relay attack, which enables an adversary to connect to core networks without the necessary credentials. This allows the adversary to impersonate and fake the location of a victim device.

  • Russia planted sabotage-enabling malware in U.S. energy grid, other critical infrastructure

    Russia has not only attacked the infrastructure of American democracy: The U.S. government now says that Russia has engaged in a pervasive, wide-ranging cyber-assault on U.S. energy grid and other key components of the U.S. critical infrastructure. These sustained attacks on U.S. critical infrastructure – along with the Russian interference in the 2016 election and the Russian-launched NoPetya malware — were the reasons the administration on Thursday imposed a new round of sanctions on Russia.

  • Meltdown and Spectre: Exposing the ghost in our machines

    Researchers had found that in an effort to make computer chips more efficient, major manufacturers had inadvertently inserted an opening that would allow hackers to spy on sensitive data. In two papers that were published on 3 January, researchers coined the cyber security threats Meltdown and Spectre. The name Meltdown was chosen for the attack’s ability to “melt” the security system typically enforced by a processor’s hardware. The name Spectre was based on the root cause of the security vulnerability, speculative execution, a speed-enhancing technique in which the processor tries to predict what part of code it will be required to execute next and starts executing it. And, much like a real spectre, the attack is nearly impossible to detect.

  • U.S. military’s cybersecurity’s capacity and capabilities

    The military service chiefs of cybersecurity see an upward trend in the capacity, capabilities, sophistication and persistence of cyber threats against military networks, Navy Vice Adm. Michael M. Gilday, the commander of U.S. Fleet Cyber Command and U.S. 10th Fleet said on Capitol Hill Tuesday.

  • New U.S. sanctions on Russia for election interference, infrastructure cyberattacks, NoPetya

    The U.S. Treasury has issued its strongest sanctions yet against Russia in response to what it called “ongoing nefarious attacks.” The move targets five entities and nineteen individuals. Among the institutions targeted in the new sanctions for election meddling were Russia’s top intelligence services, Federal Security Service (FSB) and Main Intelligence Directorate (GRU), the two organizations whose hackers, disinformation specialists, and outside contractors such as the Internet Research Agency (IRA) troll farm were behind — and are still engaged in — a broad and sustained campaign to undermine U.S. democracy.