-
How the U.S. Is Making Gains in an Uphill Battle Against Russian Hackers
U.S. policy and actions in response to cyberattacks connected to Russia have changed distinctly since the Biden administration took office. The Biden administration has taken unprecedented steps to impose costs on Russian cyber criminals and frustrate their efforts, but we should be realistic about what national cyber defense can and can’t do.
-
-
Security Flaws in China’s Mandatory Olympics App for Athletes
Athletes arriving at the Winter Olympics in China will have to install a Chinese-made app, called MY2022, on their smartphones, and fill in detailed information about themselves. China says that app, which the athletes will have to carry with them and periodically update, will be used to report health and travel data when they are in China. Athletes who fail to install the app, or who fail to fill in and update the information, will be sent home. Cyber analysts have found serious security and privacy flaws in the app.
-
-
Home for the Holidays? The Global Implications of a State-Level Cyberattack
The 4 December 2021 cyberattack on the Maryland Department of Health (MDH) appeared, at first blush to be a local-to-Maryland problem. Maggie Smith writes, however, that “the MDH hack points to a concerning development at the nexus of cybercrime and data supply chains,” as it “shows how fragile data supply chains can be and signals how easy it is to disrupt even the most critical data flows by stopping the upstream flow of data that provides the insights and statistics on which the nations’ decision-makers rely.”
-
-
Massive Cyberattack Targeting Ukraine’s Government Websites
Several Ukrainian government websites have been targeted in a massive cyberattack amid heightened tensions between the West and Russia, which has massed troops and military equipment near the border with Ukraine.
-
-
U.S. Cyber Officials Bracing for Fallout from “Log4j” Vulnerability
More than a month after the Log4j software vulnerability was first discovered, U.S. cybersecurity officials are still warning about it, saying that some criminals and nation state adversaries may be waiting to make use of their newfound access to critical systems.
-
-
Aiding Evaluation of Adversarial AI Defenses
There are many inherent weaknesses that underlie existing machine learning (ML) models, opening the technology up to spoofing, corruption, and other forms of deception. Evaluation testbed, datasets, tools developed on GARD program were released to jump-start community and encourage creation of more robust defenses against attacks on ML models.
-
-
What Is Log4j? A Cybersecurity Expert Explains the Latest Internet Vulnerability, How Bad It Is and What’s at Stake
Log4Shell, an internet vulnerability that affects millions of computers, involves an obscure but nearly ubiquitous piece of software, Log4j. So what is this humble piece of internet infrastructure, how can hackers exploit it and what kind of mayhem could ensue?
-
-
CISA Hosts Cybersecurity Navigators Forum for Election Officials
CISA recently concluded a forum for state and local election officials to discuss cyber navigator programs. Cyber navigators are state liaisons that can help under-resourced local jurisdictions manage their cyber risks, help sort through the onslaught of risk information, advice, and available services, and help fast-track mitigation efforts. DHS is currently in the midst of its “Election Security” sprint, focused on the need to cement the resilience of the nation’s democratic infrastructures and protect the integrity of its election.
-
-
Computer Attacks with Laser Light
Computer systems that are physically isolated from the outside world (air-gapped) can still be attacked. This is demonstrated by IT security experts in the LaserShark project. The researchers demonstrate hidden communication into air-gapped computer systems: Data transmitted to light-emitting diodes of regular office devices.
-
-
Far Too Little Vote Fraud to Tip Election to Trump, AP Finds
>The Associated Press conducted a thorough review of every potential case of voter fraud in the six battleground states disputed by former President Donald Trump.Joe Biden won the 79 Electoral College votes of these states by a combined 311,257 votes out of 25.5 million ballots cast for president. The AP comprehensive review has found fewer than 475 potential fraud cases. The cases could not throw the outcome into question even if all the potentially fraudulent votes were for Biden, which they were not, and even if those ballots were actually counted, which in most cases they were not.
-
-
Securing U.S. Democracy
Most of the homeland security architecture built in the past twenty years has been devoted to protecting Americans from an act of international terrorism. Carrie Cordero writes that as a result, Americans are safer than they were twenty years ago from a terrorist attack directed or inspired by foreign groups on U.S. soil. She says, though, that more significantly, the threats to American safety and security have compounded in the past two decades. “These disparate threats and circumstances have challenged the effectiveness of the homeland security enterprise.”
-
-
What's the Deal with the Log4Shell Security Nightmare?
What started out as a Minecraft prank, has now resulted in a 5-alarm security panic as administrators and developers around the world desperately try to fix and patch systems before the cryptocurrency miners, ransomware attackers and nation-state adversaries rush to exploit thousands of software packages. Nicholas Weaver writes that “Not only does the vulnerability affect thousands of programs but the exploitation of this vulnerability is very straightforward. Attackers are already starting to launch widespread attacks. Further compounding the problem is the huge diversity of vulnerable systems, so those responsible for defending systems are going to have a very bad Christmas.”
-
-
How China Could Cyberattack Taiwan
China has the means to launch a disabling cyberattack against political rival Taiwan ahead of any military invasion, experts say, as the technology is already targeting the island’s political leadership. A straight-up military invasion would cost lives and mobilize U.S. forces for Taiwan’s defense. Disruptive cyberattacks could sow chaos and soften Taiwan’s defenses, potentially making an invasion less costly for Beijing, experts say.
-
-
New Cyber Protections against Stealthy “Logic Bombs”
Cybersecurity researchers proposed new ways to protect 3D printed objects such as drones, prostheses, and medical devices from stealthy “logic bombs.”
-
-
Gait Authentication to Enhance Smartphone Security
Real-world tests have shown that gait authentication could be a viable means of protecting smartphones and other mobile devices from cyber crime. A study showed that a method sensing an individual’s gait was on average around 85 percent accurate in recognizing the individual.
-
More headlines
The long view
Ransomware Attacks: Death Threats, Endangered Patients and Millions of Dollars in Damages
A ransomware attack on Change Healthcare, a company that processes 15 billion health care transactions annually and deals with 1 in 3 patient records in the United States, is continuing to cause massive disruptions nearly three weeks later. The incident, which started on February 21, has been called the “most significant cyberattack on the U.S. health care system” by the American Hospital Association. It is just the latest example of an increasing trend.
Chinese Government Hackers Targeted Critics of China, U.S. Businesses and Politicians
An indictment was unsealed Monday charging seven nationals of the People’s Republic of China (PRC) with conspiracy to commit computer intrusions and conspiracy to commit wire fraud for their involvement in a PRC-based hacking group that spent approximately 14 years targeting U.S. and foreign critics, businesses, and political officials in furtherance of the PRC’s economic espionage and foreign intelligence objectives.
Autonomous Vehicle Technology Vulnerable to Road Object Spoofing and Vanishing Attacks
Researchers have demonstrated the potentially hazardous vulnerabilities associated with the technology called LiDAR, or Light Detection and Ranging, many autonomous vehicles use to navigate streets, roads and highways. The researchers have shown how to use lasers to fool LiDAR into “seeing” objects that are not present and missing those that are – deficiencies that can cause unwarranted and unsafe braking or collisions.