• Sharing Personal Information on Social Media Is Risky

    An innocent, seemingly fun and engaging social media trend has been popping up on news feeds. In an act of solidarity with high school seniors who were finishing out their final semester at home due to the coronavirus stay-at-home order, Facebook users were sharing their own senior class photos in nostalgic posts. While it is a nice sentiment and the presence of cameras in nearly every cellphone has made it easy to take and exchange pictures, there are certain security considerations one should keep in mind.

  • Germany Has “Hard Evidence” of Russian Cyberattack on Parliament

    German Chancellor Angela Merkel says there is “hard evidence” of the involvement of “Russian forces” in a 2015 cyberattack on the German parliament in which documents from her own parliamentary office were reportedly stolen. Last week that federal prosecutors in Germany had issued an arrest warrant for a suspected officer with Russia’s GRU military intelligence agency.

  • U.S. to Accuse China of Hacking COVID-19 Vaccine Research

    For months, U.S. officials have been warning about a spike in cyberattacks during the coronavirus pandemic, but they’ve stopped short of pointing fingers at any one country. Now, as the all-out global race for a coronavirus vaccine accelerates and hackers home in on related scientific research, U.S. officials are preparing to single out a long-standing cyber adversary: China.

  • Enhancing Privacy Protections for Android Applications

    From navigation to remote banking, mobile device users rely on a variety of applications to streamline daily tasks, communicate, and dramatically increase productivity. While exceedingly useful, the ecosystem of third-party applications utilizes a number of sensors – microphones, GPS, pedometers, cameras – and user interactions to collect data used to enable functionality. Troves of sensitive personal data about users are accessible to these applications and as defense and commercial mobile device users become increasingly reliant on the technology, there are growing concerns around the challenge this creates for preserving user privacy.

  • Assessing Cyber Risk from External Information

    There is a vision for the future of assessing cybersecurity: The goal is a system of cyber metrics that are transparent, auditable, practical, scalable and widely agreed upon. To that end, it is useful—indeed, imperative—to evaluate various approaches to cyber risk quantification with the aim of informing the development of a public standard for measuring cybersecurity.

  • Wobbly” Tracing App “Failed” Clinical Safety and Cybersecurity Tests

    The government’s coronavirus contact tracing app has so far failed the tests needed to be included in the NHS app library, HSJ understands. Jasmine Rapson writes in HJS that the app is being trialed on the Isle of Wight this week, ahead of a national rollout later this month. Senior NHS sources told HSJ it had thus far failed all of the tests required for inclusion in the app library, including cyber security, performance and clinical safety. There are also concerns at high levels about how users’ privacy will be protected once they log that they have coronavirus symptoms, and become “traceable,” and how this information will be used. Senior figures told HSJ that it had been hard to assess the app because the government was “going about it in a kind of a ham-fisted way. They haven’t got clear versions, so it’s been impossible to get fixed code base from them for NHS Digital to test. They keep changing it all over the place.” HSJ’s source described the app as “a bit wobbly.”

  • Predicting and Countering Cyberttacks

    The U.K Defense and Security Accelerator (DASA) announce nearly £1m to further develop technology that predicts and counters cyber-attacks. “This work will develop, adapt and merge the novel approaches explored in Phase 1 of the competition, to proactively defend deployed U.K. military systems and networks from the rapidly growing threat of offensive cyber action from aggressive adversaries,” DASA said.

  • Cyber Operations against Medical Facilities During Peacetime

    In the face of the coronavirus pandemic, governments around the world have tried to compensate for insufficient hospital beds and intensive care units by nationalizing private medical facilities and relying on military ships and improvised evac hospitals. Adina Ponta writes that at a time when overcrowded medical and testing facilities struggle with shortages in supplies and a huge influx of patients, hacker groups have exploited their inattention to cybersecurity.

  • New Privacy Threat Combines Device Identification with Biometric Information

    A new study by computer scientists has revealed a new privacy threat from devices such as smartphones, smart doorbells and voice assistants that allows cyber attackers to access and combine device identification and biometric information.

  • The COVIDSafe App Was Just One Contact Tracing Option. These Alternatives Guarantee More Privacy

    Since its release on Sunday, experts and members of the public alike have raised privacy concerns with the Australian federal government’s COVIDSafe mobile app. Many Australians have said that they worried about “the security of personal information collected” by the app. In its coronavirus response, the government has a golden opportunity to build public trust. There are other ways to build a digital contact tracing system, some of which would arguably raise fewer doubts about data security than the app.

  • The Department of Defense Should Not Wage Cyber War Against Criminal Hackers During the Coronavirus Crisis

    Politicians and pundits in the United States have frequently described the challenge of controlling the COVID pandemic with the language of waging war. Erica D. Borghard writes that given this terminology, it can be tempting to look to the Department of Defense (DOD) to solve problems it was not meant to address. While nefarious actors in cyberspace are seeking to capitalize on scared and vulnerable individuals during the pandemic for criminal gain and national strategic objectives, “any efforts to leverage DOD capabilities in combating these efforts must distinguish between nation-state and criminal activity,” she writes.

  • Studying Ideologically Motivated Cyberattacks

    A John Jay College of Criminal Justice project on cyberterrorism is one of 13 selected by the Department of Homeland Security as part of the National Counterterrorism Innovation, Technology, and Education (NCITE) Center, a new DHS Center of Excellence. The John Jay project will study and aggregate ideologically motivated cyberattacks and will create a new, unique dataset – the Cyber-Extremist Crime Database (Cyber-ECDB) – which will track ideologically motivated cyberattacks against U.S. targets from 1998 to present.

  • Senate Intel Releases Report on Intel Community Assessment of Russian Interference

    On Tuesday, Senate Select Committee on Intelligence released a new report, the fourth and penultimate volume in the Committee’s bipartisan Russia investigation. The latest installment examines the sources, tradecraft, and analytic work behind the 2017 Intelligence Community Assessment (ICA) that determined Russia conducted an unprecedented, multi-faceted campaign to interfere with the 2016 U.S. presidential election. “One of the ICA’s most important conclusions was that Russia’s aggressive interference efforts should be considered ‘the new normal,’” said Senator Richard Burr (R-North Carolina), the committee’s chairman.

  • Bolstering Cybersecurity for Systems Linking Solar Power to Grid

    DOE has awarded researchers $3.6 million to advance technologies that integrate solar power systems to the national power grid. “As U.S. energy policy shifts toward more diverse sources, particularly solar, the Energy Department understands the critical importance of protecting these systems and technologies,” said Alan Mantooth, U Arkansas Professor of electrical engineering and principal investigator for the project.

  • Strengthening Mobile Device Email Security and Privacy

    Large and small organizations alike now rely heavily on mobile devices like smartphones or tablets to enable their workers, customers and management to connect and collaborate, even when some or all of them are working remotely. But device users may prioritize convenience over strong security, accidently share sensitive information with unintended audiences, or use their corporate- or government-owned devices in contexts in which sensitive business information should not be shared.