• Closing the Skills Gap in the Cyber Workforce

    There are currently more than three million unfilled cybersecurity jobs globally, and, as high-profile incidents like the Solar Winds attack demonstrate, it is vital to address that shortage. But it is difficult for organizations to find and recruit the cyber talent they need.

  • An Urgent NATO Priority: Preparing to Protect Civilians

    Russia’s hybrid warfare approach calls for attacking the populations of Russia’s adversaries not through WWII-like carpet bombing, but rather with a combination of disinformation campaigns, cyberattacks on critical infrastructure, supporting proxy forces, and backing terrorist attacks. “Should NATO prepare for this scenario? Absolutely,” Victoria Holt and Marl Keenan write.

  • Automatically Finding Buffer Overflow Vulnerabilities

    A typical buffer overflow occurs when a computer program receives a request to process more data than its physical memory is capable of handling all at once and places the excess into a “buffer.” The buffer itself has a finite capacity, so if the buffer can’t handle the excess, it “overflows,” or crashes.

  • The Kaseya Ransomware Attack Is a Really Big Deal

    If you’re not already paying attention to the Kaseya ransomware incident, you should be. Matt Tait writes that it is likely the most important cybersecurity event of the year. “Bigger than the Exchange hacks by China in January. Bigger than the Colonial Pipeline ransomware incident. And, yes, more important than the SolarWinds intrusions last year.”

  • Holding the World to Ransom: The Top 5 Most Dangerous Criminal Organizations Online Right Now

    Ransomware attacks are growing exponentially in size and ransom demand — changing the way we operate online. Understanding who these groups are and what they want is critical to taking them down. Here, we list the top five most dangerous criminal organizations currently online. As far as we know, these rogue groups aren’t backed or sponsored by any state.

  • Full Impact of Russian Ransomware Attack Hard to Estimate

    Hackers associated with the REvil gang, a major Russian ransomware syndicate have demanded $70 million in Bitcoin in exchange for a decryption tool to free the data of companies targeted, but also indicated they were willing to negotiate.

  • Ransomware Cyberattack Hits Hundreds of U.S. Businesses

    U.S. IT company Kaseya urged its customers to shut down their servers after hackers smuggled ransomware onto its network. Such attacks infiltrate widely used software and demand ransom to regain access. The REvil gang, a major Russian-speaking ransomware syndicate, appears to be behind the attack.

  • With Cyberattacks Growing More Frequent and Disruptive, a Unified Approach Is Essential

    Coordinated cyberattacks can create massive disruptions to infrastructure and supply chains. New treaties are needed to prevent cyberwarfare, but it’s challenging to predict technological advances.

  • The Ideal Responses to Ransomware Attacks

    A ransomware attack is like a cyber hijacking, with criminals infiltrating and seizing an organization’s data or computer systems and demanding a payment or ransom to restore access.What is the best strategy to decrease the risk of digital extortion?

  • Building a Better “Canary Trap”

    A new artificial intelligence system generates fake documents to fool adversaries. The system automatically creates false documents to protect intellectual property such as drug design and military technology.

  • Matt Hancock and the Problem with China’s Surveillance Tech

    Matt Hancock, Britain’s Health Secretary, resigned last week – and informed his wife that he was divorcing her – after CCTV footage emerged of him snogging his assistant outside his office. Ian Williams writes that the Hancock affair raises serious questions involving surveillance and national security: The cameras involved were made by the Chinese company Hikvision, one of the 1.3 million Hikvision cameras installed across the U.K. Hikvision has close links to the Chinese Communist Party and China’s intelligence services. Even if the Chinese intelligence services were not involved in leaking the compromising Hancock video to the press, the episode is one more indication, if one were needed, of the security risks involved in allowing an unregulated access by Chinese technology companies access unfettered and unregulated access to Western markets.

  • Supply Chains Have a Cyber Problem

    If it wasn’t clear before the cyberattacks on, JBS S.A. and Colonial Pipeline, it’s now painfully clear that the intersection of cyberattacks and supply chains creates a wicked new form of risk—and the stakes are as much about national security as they are economics.

  • Making Our Computers More Secure

    Corporations and governments rely on computers and the internet to run everything, but security hacks just this past month —  including the Colonial Pipeline security breach and the JBS Foods ransomware attacks  — demonstrated, yet again, how vulnerable these systems are. Researchers presented new systems to make computers safer.

  • Path Forward for FAA’s Cybersecurity Workforce

    A new report offers path forward for creating and maintaining a cybersecurity workforce at FAA that can meet the challenges of a highly competitive cybersecurity labor market and a wave of future retirements.

  • How Will We Protect American Infrastructure from Cyberattacks

    As the Colonial Pipeline hack and subsequent shutdown reminded us so recently, our infrastructure’s digital connectedness — while bringing benefits like convenience, better monitoring and remote problem-solving — leaves it vulnerable to cyberattacks.