• Hackers exploit flaws in mobile phones’ security

    Owners of smartphones have developed a sense of security, using them as if they were sitting in front of their computers at home. Once used for voice transmission only, mobile phones, or smartphones, have grown to become devices used for shopping, bill paying, bank transactions, and a host of other applications. Unfortunately, they are not nearly as secure as most users think they are. Hackers have found a number of flaws, and are capable of exploiting them.

  • Securing data from attacks by ever more powerful supercomputers

    For the powerful quantum computers that will be developed in the future, cracking online bank account details and credit cards number will be a cinch. But a team of cryptographers is already working at future-proofing the privacy of today’s Internet communications from tomorrow’s powerful computers. The researchers have developed upgrades to the Internet’s core encryption protocol that will prevent quantum computer users from intercepting Internet communications.

  • U.Va. upgrades IT systems after massive Chinese cyberattack

    The University of Virginia announced Sunday (16 August) that it has successfully completed a comprehensive system security upgrade in response to a cyberattack originating in China. The University said it had taken these actions further to enhance the security of data and information stored on university resources and to aid in prevention of future cyberattacks. The cyberattack on U.Va. is the second massive cyberattack by Chinese government hackers on an American institution of higher learning. Last fall, the Penn State College of Engineering was the target of two sophisticated cyberattacks by Chinese government hackers.

  • Researchers carefully protect dangerous pathogens – but how secure are all their data?

    Ebola, smallpox, anthrax and many others: the most dangerous microorganisms are strictly regulated in the United States. The federal government oversees use of sixty-five so-called select agents with “the potential to pose a severe threat to public, animal or plant health, or to animal or plant products.” There has never been as much research performed with these pathogens —to learn more, find cures, or create vaccines — as in the past decade. The sprawl of high containment laboratories has led to a parallel increase in individuals with access to these agents. As of January 2015, approximately 11,000 individuals were on the list. The deadly infectious agents must be kept safely under lock and key, where they can’t threaten the general population or fall into the wrong hands. But even the most physically secure research lab could be the site of a devastating data security breach. As they stand now, information security guidelines published by science regulators with regard to select agents lack the critical level of detail needed to protect data effectively.

  • Easy-to-get tools allow hackers to open garage doors, take over cars

    Pro hacker Samy Kamkar, speaking at the DEF CON event, described how last month he opened a garage door with an easy-to-get text messaging box, and then gained access to the car inside the garage by using General Motors’ RemoteLink app, and turned the engine on. The security of this system has since been beefed up, but this demonstration showed that the car manufacturers have a long way to go on securing their cars against crafty hackers.

  • New analysis method discovers eleven security flaws in popular Internet browsers

    Georgia Tech researchers developed a new cyber security analysis method which discovered eleven previously unknown Internet browser security flaws, and were honored with the Internet Defense Prize, an award offered by Facebook in partnership with USENIX, at the 24th USENIX Security Symposium. Their research explores vulnerabilities in C++ programs (such as Chrome and Firefox) which result from “bad casting” or “type confusion.” Bad casting enables an attacker to corrupt the memory in a browser so that it follows a malicious logic instead of proper instructions.

  • Einstein 3 Accelerated (E3A) deployment gets a push forward

    The two recent network breaches at the Office of Personnel Management (OPM), which allowed the pilfering of sensitive personal information of millions of federal employees, their families, clearance applicants, and contractors, has drawn attention to the Department of Homeland Security’s $3 billion network monitoring program called Einstein. The question now is whether that program is the capable of preventing another intrusion in the future.

  • Researchers use SMS to take control of a car remotely

    Researchers have discovered a serious flaw in vehicle security, which allowed them to hack a car, remotely activating its windscreen wipers, applying its brakes, and even disabling them – and do all this by using simple text messages. The vulnerability was found in small black dongles which are connected to the vehicles’ diagnostic ports. The dongles are used by insurance companies and fleet operators and are plugged into the car’s onboard diagnostics port (OBD-II).

  • Chinese government hackers target personal e-mails of “all top national security and trade officials”: U.S.

    The vulnerability of American government organizations to hacking by foreign government-baked hackers was in evidence again when, a few days ago, it was revealed that Russian government hackers, using spear-phishing attacks, breached Joint Staff e-mail system. The breach caused about 4,000 civilian and military employees to lose access to their e-mail while the system was cleaned. U.S. government sources say that a separate set of attacks by Chinese government hackers targeted the personal e-mails of “all top national security and trade officials.” These attacks, which began in 2010, were among the more than 600 hacks by hackers working for the Chinese government, and their target was the personal e-mail info of top administration officials. The hacks were still going on.

  • Russian government-backed hackers breach Joint Chiefs e-mail server

    Russian government-backed hackers have managed to hack the Pentagon’s unclassified e-mail server used by the office of the Joint Chiefs. Military officials said Thursday that the sophistication of the attack shows that it has been conducted by hackers with the resources typically available only to states. The e-mail system was taken offline as soon as the intrusion was detected. The required cyber protection measures and security patches were all in place, but the attackers still managed to circumvent them and find a way into the network in a manner that U.S. government cyber experts had not seen before, senior Defense officials said.

  • Improving the security of data transfer

    Georgia Tech researchers were awarded $4.2 million from the Defense Advanced Research Projects Agency (DARPA) and Air Force Research Laboratory (AFRL) to improve how data is tracked between computers, Internet hosts, and browsers for better cyber security. The four-year project, titled “THEIA” after the Greek goddess of shining light, attempts to shed light on exactly where data moves as it is routed from one Internet host to another and whether any malicious code, for example, is attached to data during transfer.

  • New tool to improve government computer network security

    Researchers have developed a computer network security tool to help government agencies, along with state and local governments. The software-based technology, known as the Network Mapping System (NeMS), discovers and characterizes computer networks. “It is important to know what you have on your networks, so that you can decide what best practices to apply,” says one of the researchers.

  • N.Y. village pays ransom to regain access to hacker-encrypted files

    The village Ilion in central New York paid ransom twice last year — $300 and $500 — to have access to its computers two official-looking e-mails planted malware throughout the village’s computer system. The New York State comptroller’s office has audited 100 municipal computer systems the past three years, and said the experience of Ilion should serve as a warning to others municipalities of the growing cyberthreat – especially attempts by hackers to infiltrate computer systems to make them inaccessible unless ransom is paid.

  • FDA to hospitals: Infusion system vulnerable to hacks, should not be used

    The Food and Drug Administration (FDA) issued a warning in which it “strongly encourages” hospitals to stop using Hospira’s Symbiq Infusion System, because the device is vulnerable to attacks by hackers who could remotely control dosages delivered via the computerized pumps. The FDS said that tests have shown that an unauthorized third party – hackers – could access the Symbiq infusion system by breaching hospital networks.

  • FireEye: Kremlin-backed hackers used Twitter to mask attacks on U.S.

    FireEye the other day released a new Threat Intelligence report which analyzes the functionality and obfuscation tactics of an advanced piece of malware employed by the likely Russian government-backed Advanced Persistent Threat (APT) group APT29. APT29 combines steganography, cloud storage, and social media services to fly under the radar of network defenders.