-
FBI does not know how the $1m iPhone hack works
The FBI does not know how the hack which was used to unlock the San Bernardino terrorist’s iPhone 5C works, even though the agency paid about $1 million for the technique. The identity of the hackers who sold the technique to the agency is a closely guarded secret, and the FBI director himself does not know who they are.
-
-
Argonne hosts Cyber Defense Competition
More than seventy-five aspiring cyber defenders from across Illinois and Iowa converged last Saturday on the U.S. Department of Energy’s (DOE’s) Argonne National Laboratory to take on the challenge of Argonne’s first Collegiate Cyber Defense Competition. The competition provided a strong challenge for eight teams from seven colleges, forcing them to defend simulated power utility networks from a variety of realistic attacks by a “Red Team” made up of cyber experts from Argonne and industrial partners.
-
-
Pentagon “dropping cyberbombs” on ISIS
Deputy Secretary of Defense Robert Work has said that the U.S. military is “dropping cyberbombs” on ISIS. Earlier this month, Defense Secretary Ashton Carter announced that the U.S. Cyber Command had been given its “first wartime assignment” – attacking and disrupting ISIS cyber infrastructure. in the last few months, the Pentagon has allowed more information to be published about the U.S. military’s cyberwar against ISIS. Work, describing the Cyber Command’s operations at a news conference, said: “We are dropping cyberbombs. We have never done that before.”
-
-
Patching up Web applications
By exploiting some peculiarities of the popular Web programming framework Ruby on Rails, MIT researchers have developed a system that can quickly comb through tens of thousands of lines of application code to find security flaws. In tests on fifty popular Web applications written using Ruby on Rails, the system found twenty-three previously undiagnosed security flaws, and it took no more than sixty-four seconds to analyze any given program.
-
-
S&T licenses physical/cyber risk assessment tool to the commercial market
DHS S&T announced that a fifth cybersecurity technology has been licensed for commercialization as a part of the Cyber Security Division’s Transition to Practice (TTP) program. The TTP program builds on the S&T process of funding projects through the full research and development lifecycle through to the commercial marketplace. The new technology — Physical and Cyber Risk Analysis Tool (PACRAT) — assesses cyber risks simultaneously with physical risks.
-
-
The past, present, and future of ransomware
The rise of ransomware over the past year is an ever growing problem. Business often believe that paying the ransom is the most cost effective way of getting their data back — and this may also be the reality. The problem we face is that every single business that pays to recover their files, is directly funding the development of the next generation of ransomware. As a result of this we are seeing ransomware evolve at an alarming rate.
-
-
Commonly used strategy for Web site protection is not airtight
Cloud-based security providers commonly use DNS redirection to protect customers’ Web sites. The success of this strategy depends on shielding the Web site’s original IP address. Computer scientists have now revealed that the IP address can be retrieved in more than 70 percent of the cases, meaning that the DNS redirection security mechanism can easily be bypassed.
-
-
Registration opens for U.S. Cyber Challenge’s annual Cyber Quests competition
U.S. Cyber Challenge (USCC) on Monday opened registration for the 2016 Cyber Quests online competition. The annual Cyber Quests competition determines who qualifies for the USCC Summer Cyber Camps, a leading nationwide program in cybersecurity workforce development.
-
-
FBI, DHS warn grid operators about cyber threats to power grid
The FBI and DHS are warning infrastructure operators about the potential cyberattacks on the U.S. power grid. The FBI and DHS have launched a nationwide campaign to alert power companies and security firms, a campaign which includes briefings and online Webinars.
-
-
“Moving-target” defense against distributed denial-of-service attacks
Researchers propose a “moving-target” defense against distributed denial-of-service attacks. The defense works by repeatedly shuffling client-to-server assignments to identify and eventually quarantine malicious clients.
-
-
FBI may be able to break into San Bernardino terrorist’s phone without Apple’s help
Magistrate Judge Sheri Pym has postponed until 5 April a court hearing about the FBI’s request that the court would order Apple to unlock the phone of one of the San Bernardino terrorists. The FBI asked the judge to postpone the hearing after the agency said it may have found a way to unlock the phone without Apple’s help.
-
-
Hackers could decrypt iMessage photos, videos
A team of researchers has poked a hole in Apple’s iMessage encryption software. The bug would enable a skilled hacker to decrypt photos and videos sent as secure instant messages. The details of the vulnerability will be published after Apple has issued an update that corrects the flaw.
-
-
Using single photons to improve cybersecurity
With enough computing effort most contemporary security systems will be broken. But a research team has made a major breakthrough in generating single photons (light particles), as carriers of quantum information in security systems.
-
-
Bangladesh central bank governor resigns after discovery of $81 million cybertheft
Bangladesh’s central bank governor, Atiur Rahman, resigned on Tuesday after $81 million was stolen from the bank’s account at the Federal Reserve Bank of New York. It was one of the largest cyber-heists in history. The Bangladesh central bank said that the hackers had tried to withdraw $951 million from its account at the Federal Reserve Bank of New York, but the other transactions were blocked after a typo in one of the instructions raised alarms.
-
-
Nations ranked on vulnerability to cyberattacks
Damaging cyberattacks on a global scale continue to surface every day. Some nations are better prepared than others to deal with online threats from criminals, terrorists, and rogue nations. Data-mining experts ranked the vulnerability of forty-four nations to cyberattacks. The United States ranked 11th safest, while several Scandinavian countries (Denmark, Norway, and Finland) ranked the safest.
-
More headlines
The long view
Ransomware Attacks: Death Threats, Endangered Patients and Millions of Dollars in Damages
A ransomware attack on Change Healthcare, a company that processes 15 billion health care transactions annually and deals with 1 in 3 patient records in the United States, is continuing to cause massive disruptions nearly three weeks later. The incident, which started on February 21, has been called the “most significant cyberattack on the U.S. health care system” by the American Hospital Association. It is just the latest example of an increasing trend.
Chinese Government Hackers Targeted Critics of China, U.S. Businesses and Politicians
An indictment was unsealed Monday charging seven nationals of the People’s Republic of China (PRC) with conspiracy to commit computer intrusions and conspiracy to commit wire fraud for their involvement in a PRC-based hacking group that spent approximately 14 years targeting U.S. and foreign critics, businesses, and political officials in furtherance of the PRC’s economic espionage and foreign intelligence objectives.
Autonomous Vehicle Technology Vulnerable to Road Object Spoofing and Vanishing Attacks
Researchers have demonstrated the potentially hazardous vulnerabilities associated with the technology called LiDAR, or Light Detection and Ranging, many autonomous vehicles use to navigate streets, roads and highways. The researchers have shown how to use lasers to fool LiDAR into “seeing” objects that are not present and missing those that are – deficiencies that can cause unwarranted and unsafe braking or collisions.