• Early warning system for DDoS cyberattacks

    Researchers have developed a kind of early warning system for mass cyberattacks. These mass cyberattacks, known as Distributed Denial of Service (DDoS) attacks, are considered to be one of the scourges of the Internet. Because they are relatively easy to conduct, they are used by teenagers for digital power games, by criminals as a service for the cyber mafia, or by governments as a digital weapon.

  • Sonic cyberattacks expose security holes in ubiquitous sensors

    Sound waves could be used to hack into critical sensors used in broad array of technologies including smartphones, automobiles, medical devices and the Internet of Things. The inertial sensors involved in this research are known as capacitive MEMS accelerometers. They measure the rate of change in an object’s speed in three dimensions. Embedded into the circuits of airplanes, cars, trucks, medical devices, smartphones, and even emerging satellites, they gather information from the outside world and pass it on to decision-making components on the fly. Accelerometers help airplanes navigate, tell auto safety systems when to deploy and keep your smartphone screen properly oriented, to name just a few of their jobs.

  • Making mobile transactions more secure with a quantum key system

    With the growing popularity of mobile phone apps to pay for purchases at cash registers and gas pumps, users would like to know their personal financial information is safe from cyber-attacks. For the first time, researchers have demonstrated a prototype device that can send unbreakable secret keys from a handheld device to a terminal. If integrated into a cell phone, for example, the device could allow secure links to near-field communications mobile payment systems and indoor Wi-Fi networks. It also could improve the security of ATMs and help prevent ATM skimming attacks, which are estimated to cost the industry more than $2 billion annually.

  • Examining susceptibility to cyberattacks through brain activity, eye gaze

    New research examines internet users’ susceptibility and ability to detect cybercriminal attacks by analyzing a user’s brain activity and eye gaze while they are performing security related tasks. “Keeping computer systems and networks secure often relies upon the decisions and actions of those using the system,” one researcher says. “Therefore, it is vital to understand users’ performance and behavior when an attack such as phishing or malware occurs. The analysis of neural activations depicts the users’ decision-making capacities, attention and comprehension of the security tasks.”

  • A First: U.S. brings hacking charges against two Russian government officials

    The United States, for the first time, has brought hacking charges against Russian government officials. The charges include hacking, wire fraud, trade secret theft and economic espionage. The Justice Department has previously charged Russians with cybercrime – and brought prosecutions against hackers sponsored by the Chinese and Iranian governments – but the new indictments are the first time a criminal case is being brought against Russian government officials.

  • Russian interventions in other people’s elections: A brief history

    In the last nine years, Russia has invaded its neighbor Georgia, annexed the Ukrainian province of Crimea, supported rebels in Eastern Ukraine, interfered in the U.S. presidential election, and more. Are these actions a sign that Russia is returning to aggressive foreign policies or are they part of an entirely new direction in Russian foreign policy? The answer to this question is important for the U.S. and countries throughout the world. If these policies are a return to deep Russian tradition, it will be difficult to reverse Russian aggression.

  • Protecting internet video and pictures from cyberattacks

    Recently Wikileaks-published CIA documents focused on hacking smart devices, but attacks on internet video pose a much greater threat – and internet video will comprise 82 percent of all global consumer internet traffic by 2020. A Ben-Gurion University of the Negev (BGU) researcher has developed a new technique that could provide virtually 100 percent protection against cyberattacks launched through internet videos or images.

  • Cyberterrorism threat must be addressed: Pool Re’s chief

    Cyber is unlike any other peril, because of its theoretical ability to affect almost any insurance class. This significantly impairs (re)insurers’ ability to allocate capital, to model losses with confidence, and, as a result, to price insurance products accurately. The gap between the available global insurance capacity and market exposure has become increasingly stark: market capacity stands at approximately $500 million, but the exposure is estimated to be more than $130 billion. Pool Re, the U.K.’s $7.3 billion terrorism reinsurance fund, wants to extend its cover to include cyberattacks on property, chief executive Julian Enoizi said.

  • “Lip password” uses a person’s lip motions to create a password

    The use of biometric data such as fingerprints to unlock mobile devices and verify identity at immigration and customs counters are used around the world. Despite its wide application, one cannot change the scan of their fingerprint. Once the scan is stolen or hacked, the owner cannot change his/her fingerprints and has to look for another identity security system. Researchers have invented a new technology called “lip motion password” (lip password) which utilizes a person’s lip motions to create a password.

  • Misaligned incentives, executive overconfidence create advantages for cyberattackers

    New report outlines how cybercriminals have the advantage, thanks to the incentives for cybercrime creating a big business in a fluid and dynamic marketplace. Defenders on the other hand, often operate in bureaucratic hierarchies, making them hard-pressed to keep up. Attackers thrive in a fluid, decentralized market, while bureaucracy constrains defenders. Ninety-three percent of organizations surveyed have a cybersecurity strategy, but only 49 percent have fully implemented it. Nearly 60 percent of IT executives believe their cybersecurity strategy is fully implemented, while just over 30 percent of IT staff agree. Senior executives designing cyber strategies measure success differently than implementers.

  • WikiLeaks's CIA dump a likely Russian move to make Trump’s charges appear credible: Experts

    Some Trump supporters have suggested that the hacking of the DNC and of the Clinton campaign was not the work of Russia’s intelligence agencies. Rather, it was a “false flag” operation carried out by the U.S. intelligence community, but which was made to look as if it was carried out by Russian intelligence. They portray Trump as a victim of the “deep state,” or permanent bureaucracy, which is hostile to the president’s agenda. Security experts say that the latest WikiLeaks’s publication of information about CIA hacking and surveillance tools – information likely given to WikiLeaks by Russian intelligence – may well be a Russian effort to make Trump’s fact-free charges, that he was “spied on” by U.S. intelligence, appear more credible.

  • RAND study examines 200 real-world “Zero-Day” software vulnerabilities

    Zero-day software vulnerabilities – security holes that developers haven’t fixed or aren’t aware of – can lurk undetected for years, leaving software users particularly susceptible to hackers. A new study from the RAND Corporation, based on rare access to a dataset of more than 200 such vulnerabilities, provides insights about what entities should do when they discover them.

  • S&T awards nearly $8 million to enhance open-source software static analysis tools

    DHS S&T has awarded a $7.86 million contract to Kestrel Technology, LLC of Palo Alto, California to expand the coverage capabilities of static analysis tools used to detect potential vulnerabilities in new software systems and increase developer confidence in those tools. S&T’s Static Tool Analysis Modernization Project (STAMP) addresses the presence of weaknesses in software and deals with the root problem by improving software security before it is released by the developer.

  • Once overlooked, uninitialized-use “bugs” may facilitate hacker attacks

    Popular with programmers the world over for its stability, flexibility, and security, Linux now appears to be vulnerable to hackers. New research found that uninitialized variables — largely overlooked bugs mostly regarded as insignificant memory errors — are actually a critical attack vector that can be reliably exploited by hackers to launch privilege escalation attacks in the Linux kernel.

  • Mathematician explains how to defend against quantum computing attacks

    The encryption codes that safeguard internet data today won’t be secure forever. Future quantum computers may have the processing power and algorithms to crack them. A new paper clarifies misunderstandings about the complex field of public key cryptography and provides a common basis of understanding for the technical experts who will eventually be tasked with designing new internet security systems for the quantum computing age.