• Why organizations fight data breaches differently

    Since digitalization began, organizations have understood how valuable their information is. In the wake of recent high-profile security breaches at retail stores such as Target and Neiman Marcus, a new study seeks to determine why differences exist in the level of information security control resources among organizations.

  • Giving government special access to data poses major security risks

    In recent months, government officials in the United States, the United Kingdom, and other countries have made repeated calls for law-enforcement agencies to be able to access, upon due authorization, encrypted data to help them solve crimes. Beyond the ethical and political implications of such an approach, though, is a more practical question: If we want to maintain the security of user information, is this sort of access even technically possible? A report by cybersecurity and encryption experts says that whether “backdoor” or “front-door,” such mechanisms “pose far more grave security risks, imperil innovation on which the world’s economies depend, and raise more thorny policy issues than we could have imagined when the Internet was in its infancy.”

  • Privacy vs. security debate intensifies as more companies offer end-to-end-encryption

    A long running debate has now come to the fore with greater urgency. The tension between the privacy that encryption offers, and the need for law enforcement and national security agencies to have access to secured and encrypted e-mail, has become more acute in the last two years. The revelations of Edward Snowden about the post-9/11 reach and scope of surveillance by intelligence agencies and law enforcement, have caused some tech giants to offer encrypted services to their customers – encrypted services which enhance customers’ privacy protection, but which at the same time make it impossible for law enforcement and intelligence services to track and monitor terrorists and criminals. “Our job is to find needles in a nationwide haystack, needles that are increasingly invisible to us because of end-to-end encryption,” FBI director James Comey told lawmakers in recent hearing on the Hill.

  • Adobe deals with yet another flaw

    On the heels of the discovery of a zero-day defect, a vulnerability not known to the software developer, Adobe is scrambling to develop yet another patch for another vulnerability. The vulnerability, labeled CVE-2015-5119, causes a system to crash and allows a remote computer take control of the target machine. According to the United States Computer Emergency Readiness Team(US-CERT,) ActionScript 3 ByteArray class, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.

  • Countering extremist groups’ social media influence, persuasion

    Social media has become a vital channel for terrorist groups to share news and seduce new members. The recent, notable successes of ISIS in the United States and Europe have demonstrated that terror groups can successfully use this approach to further their agenda of violence. While it gets less attention, social media is equally important for groups that are sharing and communicating information to counter extremist discourse. The problem is, how can those looking to counter the violent ideology of groups like ISIS analyze all the conversations to determine what is a significant danger? How can groups countering violent extremism leverage social media to limit the diffusion of extremist ideology? New research aimed at helping to solve this puzzle.

  • Disinformation campaigns damage credibility of social media emergency alerts

    Disinformation campaigns, which populate sections of social media platforms such as Twitter, are making real emergency data and notifications harder to absorb, a cybersecurity analyst argues. The spreading of emergency-related hoaxes, including those which involve conspiracy-related topics, damages the credibility of sites that provide useful information in those circumstances.

  • Mercenary hackers get hacked

    In an ironic turn of events, a group of mercenary hackers were themselves hacked. The group of Italy-based hackers, known as Hacking Team, has been selling its software and services to government and corporate entities in order to test their security fitness. The hackers were able to gain access to the company’s client list, which shows that the company sold surveillance software to authoritarian regimes so they could spy on political dissidents.

  • Illinois’s cybersecurity talent to participate in USCC camp & competition

    Next week, Illinois’s top cybersecurity talent, including veterans, will gather at Moraine Valley Community College in Palos Hills, Illinois, to participate in the annual U.S. Cyber Challenge (USCC) Cyber Camp. Throughout the week-long camp, individuals will participate in a variety of classes that cover such subjects as packet crafting and pen testing, and compete in a virtual “Capture the Flag” competition to demonstrate their cybersecurity abilities in a free-form environment.

  • New encryption method emulates the way parents talk to their children

    Encrypting e-mails can be tedious, difficult, and very confusing. Even for those who have mastered the process, it is useless unless the intended recipient has the correct software to decode the message. A researcher has now created an easier method — one that sounds familiar to parents who try to outsmart their 8-year-old child. The new technique gets rid of the complicated, mathematically generated messages that are typical of encryption software. Instead, the method transforms specific e-mails into ones that are vague by leaving out key words.

  • New NCCoE building blocks for e-mail security and PIV credentials

    NIST’s National Cybersecurity Center of Excellence (NCCoE) has proposed two new building blocks, one to help organizations improve the security of e-mail, the other to enable mobile devices to provide security services based on personal identity verification (PIV) credentials. NIST invites the public to comment on the draft documents, and the comment period ends 14 August 2015.

  • Studying terrorists' social-media recruiting power in order to negate it

    Last month a United Nations panel asked social-media companies such as Twitter and Facebook to respond to how terrorist groups use their networks to spread propaganda or recruit members with increasing success. As these terrorist groups, such as ISIS or al-Qaeda, evolve their social-media skills, the U.S. Department of Defense’s Minerva Project is funding a research project by a team of researchers who will be monitoring these groups’ advancements and trying to determine how their online actions can be negated.

  • Duqu 2.0: New, menacing programming concept

    In 2011, the security world was rocked by the announcement of a newly discovered virus named Stuxnet. This malware, unlike previous viruses, was targeted at one particular victim. That target was Iran’s nuclear program.Following on the heels of Stuxnet was a variant named Duqu.Duqu is different from Stuxnet, however, in that it was designed to gather information for future attacks, rather than perform the attack itself.There is evidence that the malware was used to gather information on the U.S. talks with Iran over the Iranian nuclear program.Since this worm is able to move laterally, and runs only in system memory, a given computer can be easily re-infected from elsewhere in the home network, without using any mechanisms that would provide persistence. Duqu 2.0 represents programming concepts never used before that make it extremely dangerous.

  • Internet facilitates radicalization of Westerners, even as reasons vary

    Since the early 2000s the Internet has become an important tool for the global jihadist movement. Nowhere has the Internet been more important in the movement’s development than in the West. A new study says that while dynamics differ from case to case, it is fair to state that almost all recent cases of radicalization in the West involve at least some digital footprint. Jihadism is a complex ideology that mixes religion and politics. The study confirms, however, the importance of its religious aspect for many of those who embrace violence — a fact some studies have dismissed.

  • Abu Dhabi’s power system to be used for critical infrastructure cybersecurity study

    Abu Dhabi, UAE-based Masdar Institute of Science and Technology and MIT will use Abu Dhabi’s power system as a case study for developing a knowledge map of the power system and its cybersecurity shortcomings. The project is due to run for two years. At the end of this two year period, the collaborating institutions hope that data from the analysis of Abu Dhabi’s power system could be compared against data from the projects running concurrently in New York and Singapore to develop a comprehensive knowledge map, capable of being applied to critical infrastructure worldwide.

  • U.S. Cyber Challenge Eastern Regional Competition announces winner

    On Friday, participants of the annual U.S. Cyber Challenge (USCC) Eastern Regional Cyber Camp competed in a “Capture-the-Flag” competition to demonstrate their knowledge and skill of cybersecurity and compete to win one of a limited number of (ISC)2 scholarships. Participants of Eastern Regional Cyber Camp were selected based in part on their scores from Cyber Quests, an online competition offered through USCC in April, which drew more than 1,300 registrants from over 600 schools nationwide.