• China Spy Agency Using Contract Hackers to Extort, Destabilize Western Companies

    The United States and its allies in Europe and Asia have charged that China’s Ministry of State Security is employing criminal contract hackers to conduct cyber operations globally, from which the hackers personally profit. The activities include ransomware operations against private companies which are forced to pay millions in ransom demands to regain access to their data.

  • The Storywrangler: Exploring Social Media Messages for Signs of Coming Turmoil

    Scientists have invented an instrument to peer deeply into the billions and billions of posts made on Twitter since 2008, and have begun to uncover the vast galaxy of stories that they contain looking for patterns which would help predict political and financial turmoil.

  • Will China Retaliate Against U.S. Chip Sanctions?

    In response to a series of Chinese trade infractions (intellectual property theft, forced technology transfers, cyber espionage, and WTO violations), the U.S. government implemented a sanctions regime which has inflicted increasing pain on China’s semiconductor industry. The Biden administration has doubled down on the Trump’s sanction strategy against China’s high-tech sector. Terry Daly and Jordan Schneider write that China has so far abstained from taking major retaliatory measures against the United States, but this is not likely to last. “The prudent course in a period of uncertainty is risk mitigation. This applies to countries and companies alike,” Daly and Schneider write.

  • Cryptographic Vulnerabilities on Popular Messaging Platform, Telegram

    Researchers have completed a substantial security analysis of the encryption protocol used by the popular messaging platform, Telegram, with over half a billion monthly active users. The researchers found several cryptographic weaknesses in the protocol that ranged from technically trivial and easy to exploit, to more advanced.

  • Surgeon General Urges ‘Whole-of-Society’ Effort to Fight Health Misinformation

    “Misinformation is worse than an epidemic: It spreads at the speed of light throughout the globe, and can prove deadly when it reinforces misplaced personal bias against all trustworthy evidence,” said National Academy of Sciences President Marcia McNutt. “Research is helping us combat this ‘misinfodemic’ through understanding its origins and the aspects of human nature that make it so transmittable.”

  • Did the Cybersecurity Workforce Gap Distract Us from the Leak?

    There are 500,000 unfilled cybersecurity positions in the United States, and the number is growing. The government and private companies have been investing a lot of money and effort in training and recruiting young cybertalent through college programs, school partnerships, and by adjusting pay and benefit packages, but many have missed a significant leak in cyber workforce funnel: the rapid burnout and churn. In fact, the cyber workforce gap is in experienced roles, not junior levels. To fill the cyber workforce gap, we need to find ways to retain experienced cybersecurity talent.

  • Understanding the U.K. Cybersecurity Labor Market

    The U.K. government is carrying out research to help understand and measure the U.K. cybersecurity labor market. This will help inform future policy and strategy.

  • Germany Fights Cyberattacks and Fraud Claims to Ensure Fair Election

    Germany is in the middle of an election year that will see unprecedented use of mail-in ballots as well as hacker attacks against politicians. Election authorities reject claims of potential voter fraud.

  • Encrypting Photos on the Cloud to Keep Them Private

    The limited amount of data that smartphones hold, and the way in which they are vulnerable to accidental loss and damage, lead many users to store their images online via cloud photo services. However, these online photo collections are not just valuable to their owners, but to attackers seeking to unearth a gold mine of personal data.

  • Empty Threats and Warnings on Cyber

    It is not easy or simple to fashion a retaliation for cyberattacks, and the United States has been offering proof of that. For at least five years, the United States has been subject to a series of intensifying Russian cyberattacks, and public warnings by the Obama, Trump, and Biden administrations about the “consequences” for Russia have so far done little, if anything, to deter Russia. “Even if Biden responds to the latest ransomware operations, and he surely will, it is hard to see how he can impose pain enough to slow the operations while at the same time avoiding a serious risk of on-balance harmful escalation,” Jack Goldsmith writes.

  • Closing the Skills Gap in the Cyber Workforce

    There are currently more than three million unfilled cybersecurity jobs globally, and, as high-profile incidents like the Solar Winds attack demonstrate, it is vital to address that shortage. But it is difficult for organizations to find and recruit the cyber talent they need.

  • An Urgent NATO Priority: Preparing to Protect Civilians

    Russia’s hybrid warfare approach calls for attacking the populations of Russia’s adversaries not through WWII-like carpet bombing, but rather with a combination of disinformation campaigns, cyberattacks on critical infrastructure, supporting proxy forces, and backing terrorist attacks. “Should NATO prepare for this scenario? Absolutely,” Victoria Holt and Marl Keenan write.

  • Automatically Finding Buffer Overflow Vulnerabilities

    A typical buffer overflow occurs when a computer program receives a request to process more data than its physical memory is capable of handling all at once and places the excess into a “buffer.” The buffer itself has a finite capacity, so if the buffer can’t handle the excess, it “overflows,” or crashes.

  • The Kaseya Ransomware Attack Is a Really Big Deal

    If you’re not already paying attention to the Kaseya ransomware incident, you should be. Matt Tait writes that it is likely the most important cybersecurity event of the year. “Bigger than the Exchange hacks by China in January. Bigger than the Colonial Pipeline ransomware incident. And, yes, more important than the SolarWinds intrusions last year.”

  • Holding the World to Ransom: The Top 5 Most Dangerous Criminal Organizations Online Right Now

    Ransomware attacks are growing exponentially in size and ransom demand — changing the way we operate online. Understanding who these groups are and what they want is critical to taking them down. Here, we list the top five most dangerous criminal organizations currently online. As far as we know, these rogue groups aren’t backed or sponsored by any state.