• Android device’s Pattern Lock security can be cracked within five attempts

    The popular Pattern Lock system used to secure millions of Android phones can be cracked within just five attempts – and more complicated patterns are the easiest to crack, security experts reveal. Pattern Lock is a security measure that protects devices, such as mobile phones or tablets, and which is preferred by many to PIN codes or text passwords. It is used by around 40 percent of Android device owners.

  • NSA/DHS endorse DCC cybersecurity program

    Virginia Governor Terry McAuliffe on last week praised Danville Community College for becoming the “first rural community college in Virginia” to earn a prestigious cybersecurity designation from the National Security Agency (NSA) and the Department of Homeland Security (DHS). DCC is now one of just four community colleges in Virginia to achieve this milestone, which the governor called “a very big deal” for both attracting new industry and securing digital information.

  • Senior manager at Russia’s biggest cybersecurity firm arrested

    Kaspersky Lab on Wednesday confirmed reports in the usually reliable Kommersant newspaper that Ruslan Stoyanov, the head of the cybersecurity firm computer incidents investigations unit, was arrested in December. Kommersant said Stoyanov was detained along with a senior Russian FSB intelligence officer and that they both faced charges of treason. Kaspersky Lab is Russia’s biggest cybersecurity firm. “It destroys a system that has been 20 years in the making, the system of relations between intelligence agencies and companies like Kaspersky,” says one expert.

  • “Anonymized” Web browsing history may not be anonymous after all

    Raising further questions about privacy on the internet, researchers have released a study showing that a specific person’s online behavior can be identified by linking anonymous Web browsing histories with social media profiles. The new research shows that anyone with access to browsing histories — a great number of companies and organizations —can identify many users by analyzing public information from social media accounts.

  • Canadian Institute for Cybersecurity launched

    The worldwide cybersecurity market is large and growing, with market sizing estimates ranging from $75 billion in 2015 to $170 billion by 2020. The size of the market is a response to the rising global cost of cyberattacks, which is expected to grow to $2.1 trillion by 2020. The Canadian Institute for Cybersecurity, aiming to be a hub for research, training, and industry collaboration, opened at the University of New Brunswick on Monday with more than $4.5 million in funding and the establishment of a research partnership with IBM.

  • GCHQ Cyber Accelerator selects first cyber security start-ups

    Seven start-ups, focusing on online security issues and threats, will join the new GCHQ Cyber Accelerator, powered by Wayra UK. The accelerator will be part of a government-funded cyber innovation center aiming to help keep the United Kingdom secure online. Each start-up will receive benefits including access to technological and security expertise, networks, office space, and mentoring. The accelerator aims to help the United Kingdom take the lead in producing the next generation of cybersecurity systems, boosting the country’s tech sector.

  • Russia waging disinformation war against Sweden: Report

    Researchers from the Swedish Institute of International Affairs, Sweden’s leading foreign policy institute, have written that Russia has been using fake news, false documents, and disinformation as part of a coordinated campaign to influence public opinion and decision-making in Sweden. The Russian meddling in Swedish politics, and the methods used by Russian intelligence agencies to influence the tone of Swedish public discourse and direction of Swedish public policies, are similar to the methods and goals of the Putin government in interfering in the U.S. 2016 presidential election in support of Donald Trump.

  • St. Jude's cardiac devices vulnerable to hacking: FDA

    The FDA confirmed that St. Jude Medical’s implantable cardiac devices are vulnerable to hacking. Once hackers gain access to the device, they could deplete the battery or administer incorrect pacing or shocks. The devices — pacemakers and defibrillators — are used in heart patients.

  • DHS designate U.S. election infrastructure as a Critical Infrastructure Subsector

    The Department of Homeland Security has added the U.S. election infrastructure to the list of protected critical infrastructure sectors of the economy. The move comes in the wake of the Russian government’s interference in the 2016 presidential election, which was aimed to help Donald Trump win the election. “I have determined that election infrastructure in this country should be designated as a subsector of the existing Government Facilities critical infrastructure sector. Given the vital role elections play in this country, it is clear that certain systems and assets of election infrastructure meet the definition of critical infrastructure, in fact and in law,” DHS secretary Jae Johnson said Friday:

  • FBI yet to ask for access to DNC servers

    It has been nearly a year after Russian government hackers began a systemic hacking campaign against the Democratic National Committee (DNC) in an effort to undermine Hillary Clinton’s presidential bid. It has been nearly six month since the same Russian government hackers hacked the Clinton campaign and stole e-mails and internal memos from campaign officials. It is now six months since the FBI said it was examining the DNC hacking, yet, the bureau is yet to examine the DNC servers. A DNC spokesperson said the bureau has not yet asked for access to the servers.

  • Attackers can make it impossible to dial 911

    It’s not often that any one of us needs to dial 911, but we know how important it is for it to work when one needs it. It is critical that 911 services always be available – both for the practicality of responding to emergencies, and to give people peace of mind. But a new type of attack has emerged that can knock out 911 access. These attacks can create extremely serious repercussions for public safety.

  • Hack-proofing RFID-equipped persona devices

    Radio-frequency identification (RFID) tags have become almost ubiquitous – look carefully, and you will notice them in passports, credit cards, library books, office access passes, and even pet cats. The technology, which allows fast, automated identification of physical objects, is also a staple for many industries. But what would happen if RFID technology were compromised?

  • U.S. imposes sanctions on Russia for interfering in 2016 U.S. election

    The United States on Thursday has unveiled a series of retaliatory measures against Russia for its interference in the U.S. 2016 presidential campaign. The goal of the Russian hacking campaign was to help Donald Trump win the election and, more generally, compromise and corrupt the American political process. The retaliatory measures include the expulsion of thirty-five Russian diplomats and the closure of two Russian compounds based the United States. In a statement, President Barack Obama said Americans should “be alarmed by Russia’s actions” and pledged further action.

  • U.S. gov. agencies sued for slow response to Russian election hacking FOIA inquiries

    Jason Leopold, an investigative reporter who frequently writes for Vice, and Ryan Shapiro, a Ph.D. candidate at MIT and research affiliate at Harvard, who has gained a name for himself as a FOIA activist, have sued several federal agencies for agencies’ foot-dragging in responding to requests for documents related to the Russian hacking of the 2016 election.

  • Tackling cybersecurity incidents with recovery plan, playbook

    “Defense! Defense!” may be the rallying cry from cybersecurity teams working to thwart cybersecurity attacks, but perhaps they should be shouting “Recover! Recover!” instead. Attackers are increasingly racking up points against their targets, so NIST has published the Guide for Cybersecurity Event Recovery (link is external) to help organizations develop a game plan to contain the opponent and get back on the field quickly.