• U.S. Cybersecurity Firm FireEye Hit By “Nation-State” Attack, Russia Suspected

    Prominent U.S. cybersecurity firm FireEye says it has recently been targeted by hackers with “world-class capabilities,” believing that the hacking was state-sponsored. In a blog post, FireEye CEO Kevin Mandia said the hackers broke into its network and stole tools used for testing customers’ security. “The attacker primarily sought information related to certain government customers,” Mandia wrote, without naming them.

  • Russian Government Hackers Exploit Known Vulnerability in Virtual Workspaces

    The National Security Agency (NSA) released a Cybersecurity Advisory on Monday, detailing how Russian state-sponsored actors have been exploiting a vulnerability in VMware products to access protected data on affected systems.

  • IBM Detects Hacking Ploy to Target COVID Vaccine Supply

    Researchers from technology giant IBM say hackers have tried to collect information on the global initiative for distributing coronavirus vaccine to developing countries. They said a nation state appeared to be involved.

  • Barr: DOJ Has Found Nothing that Could Impact Election Result

    Attorney General Bill Barr has thrown cold water on the president’s false claims of massive voter fraud and a “stolen election.” Despite Department of Justice investigations turning up no evidence, and despite the fact that the president and his legal team have lost practically every legal challenge they filed — Trump and his allies are 1-39 in post-election litigation — Trump continues to spread falsehoods about the election, and continues to raise money — $170 million so far — based on these untrue claims.

  • New Cyberattack Tricks Scientists into Making Dangerous Toxins, Synthetic Viruses

    An end-to-end cyber-biological attack, in which unwitting biologists may be tricked into generating dangerous toxins in their labs, has been discovered by Ben-Gurion University of the Negev cyber-researchers. It is currently believed that a criminal needs to have physical contact with a dangerous substance to produce and deliver it. However, malware could easily replace a short sub-string of the DNA on a bioengineer’s computer so that they unintentionally create a toxin producing sequence.

  • China-Sensitive Topics at US Universities Draw More Online Harassment

    Last week, students at Brandeis University hosted an online discussion about China’s controversial Xinjiang policies, hearing experts discuss the detention, abuse and political indoctrination of more than 1 million Uighurs and other Muslim minorities. But as Uighur attorney and advocate Rayhan Asat appeared before the student group last Friday, her screen was taken over as hackers wrote “fake news” and “liar” on it. Experts said it fits with an increase in more organized harassment against topics on American campuses seen as objectionable by the Chinese government.

  • Scientists: No Credible Evidence of Computer Fraud in the 2020 Election Outcome

    “Anyone asserting that a U.S. election was ‘rigged’ is making an extraordinary claim, one that must be supported by persuasive and verifiable evidence. Merely citing the existence of technical flaws does not establish that an attack occurred, much less that it altered an election outcome. It is simply speculation,” 59 top U.S. computer scientists and election security experts write in an open letter. “We are aware of alarming assertions being made that the 2020 election was ‘rigged’ by exploiting technical vulnerabilities. However, in every case of which we are aware, these claims either have been unsubstantiated or are technically incoherent. To our collective knowledge, no credible evidence has been put forth that supports a conclusion that the 2020 election outcome in any state has been altered through technical compromise.”

  • Trump Fires Security Chief Who Said 2020 Vote Was “Most Secure” in U.S. History

    Barely two weeks after the polls closed in an election he is now projected to lose, President Donald Trump took to Twitter to fire CISA’s director Christopher Krebs, the official responsible for spearheading efforts to secure the vote. Since the 3 November election, Trump, his campaign, and some of his supporters have issued a continuous stream of allegations about the integrity of the election, but evidence of massive voter fraud or other irregularities on a scale necessary to swing the election in Trump’s favor has not materialized. Late last Thursday, a coalition of federal and state officials, including CISA, further rejected the allegations as baseless. Krebs himself had also taken an active role in debunking rumors and unfounded allegations in the days and weeks following the election, taking to Twitter to dismiss some conspiracy theories as “nonsense.”

  • The China Initiative: Year-in-Review

    On the two-year anniversary of the Department of Justice’s China Initiative, the Department said it continues its focus on the Initiative’s goals, and announced progress during the past year in disrupting and deterring the wide range of national security threats posed by the policies and practices of the People’s Republic of China (PRC) government.

  • Your Smart Watch May Be Sharing Your Data

    You may not realize it, but your internet-connected household devices such as the Ring doorbell, Peloton exercise bike and Nest thermostat are all exchanging data with other devices and systems over the network. These physical objects, all part of the Internet of Things (IoT), come with sensors and software, and they often use cloud computing. Most people would consider the information contained in these household items as highly private.

  • When to Worry, When to Not, and the Takeaway from Antrim County, Michigan

    Everyone wants an election that is secure and reliable. With technology in the mix, making sure that the technology supports this is critical. The Electronic Frontier Foundation (EFF) has long-warned against blindly adopting technologies that can be easily manipulated or fail without having systems in place to test, secure, and catch problems, including through risk limiting audits. At the same time, not every problem is worth pulling the fire alarm about—we have to look at the bigger story and context.  And we have to stand down when our worst fears turn out to be unfounded.

  • New Tool Detects Unsafe Security Practices in Android Apps

    Computer scientists have shown for the first time that it is possible to analyze how thousands of Android apps use cryptography without needing to have the apps’ actual codes. Open-source CRYLOGGER is the first tool that detects cryptographic misuses by running the Android app instead of analyzing its code.

  • World's Fastest Open-Source Intrusion Detection Is Here

    Intrusion detection systems are the invisible intelligence agencies in computer networks. They scan every packet of data that is passed through the network, looking for signs of any one of the tens of thousands of different types of cyberattacks they’re aware of. A newly developed intrusion detection system achieves speeds of 100 gigabits per second using a single server.

  • Plenty More Phish: Why Employees Fall for Scams and What Companies Can Do about It

    Preventive countermeasures to phishing emails may actually increase the likelihood of employees falling for such scams, a new academic study reveals. Protective controls, such as email proxy, anti-malware and anti-phishing technologies, can give employees a false sense of security, causing them to drop their vigilance because they incorrectly assume such measures intercept all phishing emails before they reach their inbox.

  • New Cyber Technologies Protect Utility Energy Delivery Systems

    Researchers are taking new approaches to solve cybersecurity vulnerabilities for utilities and other industries that use process control technologies. These connected devices are used in operational technology settings and tend to be more vulnerable to cyberattacks than information technology equipment. The software identifies and mitigates vulnerabilities in operational technologies.