• What's the Deal with the Log4Shell Security Nightmare?

    What started out as a Minecraft prank, has now resulted in a 5-alarm security panic as administrators and developers around the world desperately try to fix and patch systems before the cryptocurrency miners, ransomware attackers and nation-state adversaries rush to exploit thousands of software packages. Nicholas Weaver writes that “Not only does the vulnerability affect thousands of programs but the exploitation of this vulnerability is very straightforward.  Attackers are already starting to launch widespread attacks.  Further compounding the problem is the huge diversity of vulnerable systems, so those responsible for defending systems are going to have a very bad Christmas.”

  • Jabbed in the Back: Russian, Chinese COVID-19 Disinformation Campaigns

    The public health and economic consequences of the COVID-19 pandemic have also become a battle about the nature of truth itself. From the emergence of the first reports of a virus in Wuhan, China, in December 2019, opportunistic leaders in China, Russia, and elsewhere have used the virus as a pretext to further erode democracy and wage information warfare. They have inundated an already polluted information environment with disinformation and propaganda about the virus’s origins and cures, and, most recently, vaccines.

  • How China Could Cyberattack Taiwan

    China has the means to launch a disabling cyberattack against political rival Taiwan ahead of any military invasion, experts say, as the technology is already targeting the island’s political leadership. A straight-up military invasion would cost lives and mobilize U.S. forces for Taiwan’s defense. Disruptive cyberattacks could sow chaos and soften Taiwan’s defenses, potentially making an invasion less costly for Beijing, experts say.

  • New Cyber Protections against Stealthy “Logic Bombs”

    Cybersecurity researchers proposed new ways to protect 3D printed objects such as drones, prostheses, and medical devices from stealthy “logic bombs.”

  • Gait Authentication to Enhance Smartphone Security

    Real-world tests have shown that gait authentication could be a viable means of protecting smartphones and other mobile devices from cyber crime. A study showed that a method sensing an individual’s gait was on average around 85 percent accurate in recognizing the individual.

  • Viral Vendettas: Pandemic-Driven Growth of Online Conspiratorial Movements

    Graphika has just released a new report which  tracks the growth of conspiratorial movements online throughout the course of the Covid-19 pandemic, seeking to understand how these communities have evolved, and to what extent they have enabled real-world and online harms.

  • Detecting Malicious Broadcast Receivers

    The Android operating system has a large share of the mobile market and as such is a target for malware creators and other third parties who would manipulate the system for personal gain. So how might we enhance the detection of malware on the Android operating system commonly used to run mobile phones and tablets?

  • Using Math to Prove Computer Security

    An academic mathematician thought maths was boring, but he now relies on it to secure critical systems like those of the Australian Department of Defense against hackers.

  • Simple and Efficient Method of Quantum Encryption

    Quantum computers will revolutionize our computing lives. But these computers will be able to crack most of the encryption codes currently used to protect our data, leaving our bank and security information vulnerable to attacks

  • Boosting Resilience of U.S. Timekeeping

    The U.S. should bolster research and development of systems that distribute accurate time via fiber-optic cable and radio as part of the effort to back up GPS and enhance the resilience of critical infrastructure that depends on it.

  • Stacked Deep Learning: Deeper Defense against Cyberattacks

    Internet-based industrial control systems are widely used to monitor and operate factories and critical infrastructure. Moving these systems online has made them cheaper and easier to access, but it has also made them more vulnerable to attack. Stacked deep learning offers a better way to detect hacking into industrial control systems. 

  • University of Central Florida Students Defend Virtual Energy System to Win CyberForce Competition

    The Knights of the University of Central Florida won the DOE’s CyberForce Competition, valiantly defending and securing a hydropower energy system against a malicious virtual cyberattack. The event challenged 120 teams from 105 colleges and universities to thwart a simulated cyberattack.

  • Preparing Future Cybersecurity Leaders for Protecting Critical Infrastructure

    A network of Virginia universities, in partnership with the Virginia Department of Elections, joined to create an innovative educational program to train future cybersecurity professionals to protect election infrastructure.

  • Belarusian Government Linked to Hacking, Disinformation Campaign

    U.S. cybersecurity researchers say they have uncovered evidence that the Belarusian government is linked to a hacking and disinformation campaign against Eastern European NATO members.

  • Managing the Cybersecurity Vulnerabilities of Artificial Intelligence

    The National Security Commission on Artificial Intelligence found that, “While we are on the front edge of this phenomenon, commercial firms and researchers have documented attacks that involve evasion, data poisoning, model replication, and exploiting traditional software flaws to deceive, manipulate, compromise, and render AI systems ineffective.” Jim Dempsey writes that “In assembling a toolkit to deal with AI vulnerabilities, insights and approaches may be derived from the field of cybersecurity. Indeed, vulnerabilities in AI-enabled information systems are, in key ways, a subset of cyber vulnerabilities.”