• Cybersecurity requires better collaboration between private, public sectors

    A key difference between cybersecurity threats and other security threats is the mismatch between public and private capabilities and levels of authority in responding to these threats. The lack of government resources to defend the private sector from digital threats places businesses on the front lines of the cyber conflict and can put national security, economic vitality, and privacy at risk. A new report calls for increased collaboration between the public and private sectors to use available tools more effectively to disrupt and deter cyber threats, noting the collaboration between the private sector and policymakers is long overdue.

  • NSF awards FSU $4.6 million grant to support cybersecurity scholars

    A new multimillion grant to the Florida State University Department of Computer Science will help dozens of students finance their education and help prepare them for careers in cybersecurity. The NSF awarded the department a $4.6 million grant to help fund the education of students who are specifically pursuing cybersecurity studies. It is the largest grant in the department’s history.

  • Russia has “cultivated” Trump, aiming to weaken Western alliance: Ex-spy

    A former Western intelligence official, whose career involved decades in conducting Russian counterintelligence operations, has handed the FBI a batch of memos in which he suggested that there was “an established exchange of information between the Trump campaign and the Kremlin of mutual benefit.” The retired spook consulted with Russian sources, and said that: “Russian regime has been cultivating, supporting, and assisting Trump for at least five years. Aim, endorsed by Putin, has been to encourage splits and divisions in Western alliance.” The FBI asked to former intelligence official for all the information he had on Trump, and specifically asked the former spy how he had come by this information.

  • Massive cyberattack poses policy dilemma, cybersecurity expert says

    Stanford cybersecurity expert Herb Lin says the 21 October cyberattack that snarled traffic on major Web sites reveals weaknesses in the Internet of Things that need to be addressed. But stricter security requirements could slow innovation, cost more and be difficult to enforce. 

  • What CSPs can learn from the latest DDoS attacks

    Around the world, communications service providers (CSPs) and subscribers were affected by the 21 October 2016 DDoS attack, making it virtually impossible to reach many popular Web sites for several hours. Although CSPs weren’t targeted directly, they were still affected since the outages drove additional caching DNS traffic caused by the errors from failed DNS requests. This spike in traffic slowed overall network performance, likely driving up customer support call volumes from unhappy subscribers. The attacks highlighted the easily overlooked — yet vital — role that DNS plays on the Internet. An expert offers a few key steps CSPs can take to prepare for similar attacks in the future.

  • Detecting malicious Web sites before they do harm

    Malicious Web sites promoting scams, distributing malware, and collecting phished credentials pervade the Web. As quickly as we block or blacklist them, criminals set up new domain names to support their activities. Now a research have developed a technique to make it more difficult to register new domains for nefarious purposes.

  • The “blind spot” in extremist Web content

    In order better to understand the process of on-line radicalization, researchers examined the average monthly number of global searches and regional search frequencies conducted in Google for 287 Arabic and English keywords relating to violent and non-violent extremism. Further analysis was then conducted within the search results for forty-seven of the relevant keywords to understand placement of extremist and counter-narrative content.

  • Can you be anonymous on the Internet? No, you cannot

    If you still think you can be anonymous on the Internet, a team of Stanford and Princeton researchers has news for you: You cannot. Researchers say most people do not realize how much information they are leaving behind as they browse the Web. Online privacy risks are not new, but the researchers say their research is “another nail in the coffin” to the idea that the average person with the average Web browser can be private online.

  • Internet of Things vulnerability: Analyzing the 21 October DDoS attack

    The Friday, 21 October 2016 Distributed Denial of Service (DDoS) has been analyzed as a complex and sophisticated attack, using maliciously targeted, masked TCP, and UDP traffic over port 53. Dyn has confirmed that Mirai botnet was the primary source of the malicious attack traffic. The attack generated compounding recursive DNS retry traffic, further exacerbating the attack’s impact. Dyn says it will not speculate on the motivation or the identity of the attackers, but suggests that, but says that the attack has opened up an important conversation about Internet security and volatility. The attack has not only highlighted vulnerabilities in the security of Internet of Things (IOT) devices that need to be addressed, but it has also sparked further dialogue in the internet infrastructure community about the future of the Internet.

  • DHS S&T awards UCSD $1.4 million to measure Internet vulnerabilities

    DHS S&T has awarded $1,356,071 to UCSD to develop new capabilities better to enable cyber security researchers to measure the Internet’s vulnerabilities to cyberattacks. The award is part of S&T’s Cyber Security Division’s (CSD) larger Internet Measurement and Attack Modeling (IMAM) project.

  • Could your kettle bring down the Internet?

    How could a webcam help bring down some of the world’s most popular Web sites? It seems unlikely but that’s what happened recently when hackers attacked the Internet infrastructure run by U.S. firm Dyn, knocking out services including Paypal, Twitter, and Netflix. More accurately, the attacked involved potentially hundreds of thousands of surveillance cameras and digital video recorders connected to the Internet that had been weaponized by the hackers. Such a high-profile attack demonstrates just how serious the security flaws are in the tech industry’s current approach to the Internet of Things. Without a significant change in the way these devices are designed and used, we can expect to see many more instances of Internet-enabled cameras, TVs, and even kettles used for nefarious purposes. It is time for developers to grow up and take responsibility for their designs or risk interference from regulators.

  • Is someone really trying to find out if they can destroy the Internet?

    A prolonged Internet outage prevented access to major sites like Twitter, Netflix, Spotify, and the New York Times on Friday. Because of the increase in number and intensity of DDoS type attacks in recent years, security analysts have theorized that some of the attacks are masking the probing of vulnerabilities. The Internet remains incredibly vulnerable to attacks on its infrastructure and right now, there are few ways of avoiding them. It does bring into question the ability of governments to put even more of its interface with the public online since as soon as it does, it becomes a potential target for malicious actors. Governments in particular need to become more adept at dealing with this possibility.

  • Long game: Russian government hacking aims to undermine democracy in U.S., globally

    The evidence of cyberattacks by Russian government hackers against the Democratic Party and the Clinton campaign is not only incontrovertible – this is the conclusion of both the U.S. intelligence community and leading cyber experts – but such attacks are nothing new. “This is not a new activity. It is new only in the United States. They routinely undertake cyber operations against democracies in Eastern Europe and other neighbors in the region, mostly to effect turnout, to spread propaganda, and to make the election seen less legitimate,” says Christopher Porter of FireEye’s iSIGHT team. “Ultimately they want to break democracy itself” in the United States and “around the world, wherein it is seen like a less legitimate system. That’s their ultimate goal to send message to the public that democracy cannot be trusted.”

  • Autos require cybersecurity, too

    Most people are familiar with the process of updating the software on their computer and mobile phone, but cyber components — and cybersecurity — are not limited to computers and smart phones. Today’s automobile is a smart device and is highly sophisticated. Late model automobiles also are connected devices. While there never has been a confirmed malicious attack of an automobile, white-hat hackers have proven that automobiles are vulnerable to cyberattacks. Most white-hat hackers believe it is not if, but when hackers will exploit cyber vulnerabilities to remotely access connected vehicles.

  • DoD' “Hack the Pentagon” follow-up initiative

    The Defense Department has awarded a contract to HackerOne and Synack to create a new contract vehicle for DoD components and the services to launch their own ”bug bounty” challenges, similar to the “Hack the Pentagon” pilot program, with the ultimate objective to normalize the crowd-sourced approach to digital defenses.