• Senate panel passes bipartisan “Hack DHS” bill

    On Wednesday, 4 October, the U.S. Senate Homeland Security and Governmental Affairs Committee passed the bipartisan Hack Department of Homeland Security (DHS) Act, whichwould establish a bug bounty pilot program – modeled off of similar programs at the Department of Defense and major tech companies – in order to strengthen cyber defenses at DHS by utilizing “white-hat” or ethical hackers to help identify unique and undiscovered vulnerabilities in the DHS networks and information technology.

  • “Cardiac password” project uses the wave of the heart motion for authentication

    One of the unique features for the upcoming iPhone X is facial recognition security, where users can simply unlock their phones by holding it up to their face and allowing the phone’s security measures to identify the correct user. However, it seems just as soon as new means of authentication are developed and put into use, hackers find a way around them, from hacking passwords to faking fingerprints to fool biometric security systems. But there may be one authentication method that cannot be hacked: Cardiac password.

  • Bipartisan bill to help secure the electric grid

    Last week, a bipartisan group of lawmakers introducing H.R. 3855, the Securing The Electric Grid to Protect Military Readiness Act of 2017. H.R. 3855, if enacted, would require the Secretary of Defense, in coordination with the Director of National Intelligence, and the Secretaries of Energy and Homeland Security, to submit to Congress a report detailing significant security risks to defense critical electric infrastructure posed by malicious cyber-enabled activities.

  • Stanford Cyber Initiative addresses cybersecurity, governance, and the future of work

    Daily headlines emphasize the down side of technology: cyberattacks, election hacking and the threat of fake news. In response, government organizations are scrambling to understand how policy should shape technology’s role in governance, security and jobs. The Stanford Cyber Initiative is bringing together scholars from all over campus to confront the challenges technology presents.

  • Flooding the zone: “Junk news” targeted key U.S. swing states in run-up to 2016 U.S. election

    Russia’s use of social media to sow discord, discredit U.S. democracy, and help Donald Trump win the 2016 election was more sophisticated and targeted than initially thought. Oxford University researchers found that voters in key swing states were exposed to larger amounts of “junk news” in the run-up to the U.S. presidential election last year than voters in non-swing states. The researchers say this type of content – most of it deliberately produced false reporting — uses divisive and inflammatory rhetoric, and presents faulty reasoning or misleading information to manipulate the reader’s understanding of public issues and feed conspiracy theories. Arizona was the swing state with the highest junk news concentration, followed by Missouri, Nevada, and Florida.

  • Tracing the sources of today’s Russian cyberthreat

    Cyberspace is an active battleground, with cybercriminals, government agents and even military personnel probing weaknesses in corporate, national and even personal online defenses. Some of the most talented and dangerous cybercrooks and cyberwarriors come from Russia, which is a longtime meddler in other countries’ affairs. Over decades, Russian operators have stolen terabytes of data, taken control of millions of computers and raked in billions of dollars. They’ve shut down electricity in Ukraine and meddled in elections in the U.S. and elsewhere. They’ve engaged in disinformation and disclosed pilfered information such as the emails stolen from Hillary Clinton’s campaign chairman, John Podesta, following successful spearphishing attacks. Who are these operators, why are they so skilled and what are they up to?

  • Addressing election privacy and security

    Data-driven campaigns and computerized election infrastructure have raised serious concerns regarding election privacy and security. As more political activity touches the digital realm, there exists a real potential for these issues to influence voting, compromise election activities, and alter core democratic norms. Through a new grant from Democracy Fund, the Center for Democracy & Technology (CDT) will conduct a two-year research project aimed at addressing key election cybersecurity issues, such as voter registration and campaign data management.

  • Clear tactics, if only few easy solutions, for hospitals tackling ransomware

    Hospitals facing the prospect of ransomware attacks like the one that afflicted British hospitals in May can take many concrete steps to better protect themselves, but some of the most important measures — such as a national policy not to pay ransoms — may be tougher to formulate.

  • Using infrared light to hack security cameras

    Researchers have demonstrated that security cameras infected with malware can receive covert signals and leak sensitive information from the very same surveillance devices used to protect facilities. The method, according to researchers, will work on both professional and home security cameras, and even LED doorbells, which can detect infrared light (IR) that is not visible to the human eye.

  • Strengthening the cybersecurity of the grid

    As the U.S. electricity grid continues to modernize, it will mean things like better reliability and resilience, lower environmental impacts, greater integration of renewable energy, as well as new computing and communications technologies to monitor and manage the increasing number of devices that connect to the grid. However, that enhanced connectivity for grid operators and consumers also opens the door to potential cyber intrusions. New project aims to mitigate vulnerabilities introduced by rooftop solar panels integrated with the grid.

  • Voting-roll vulnerability

    For as little as a few thousand dollars, online attackers can purchase enough personal information to perhaps alter voter registration information in as many as thirty-five states and the District of Columbia, according to a new study. The vulnerability could be exploited by internet attackers attempting to disenfranchise many voters where registration information can be changed online. Armed with personal information obtained through legitimate or illegitimate sources, hackers could learn enough to impersonate voters and change key information using the online registration systems.

  • Using game theory to predict cyberattacks on elections and voting machines

    A Vanderbilt University game theory expert has been researching how and why someone would want to tamper with an election and then developing an algorithm to protect against those efforts. “With increased use of electronic voting machines, it’s more important to consider why someone would attack them, what it would accomplish and how to address that,” the expert says.

  • Forget login, fingerprint, or retinal scan: Your heart is the new identifier.

    Forget fingerprint computer identification or retinal scanning. Researchers have developed a computer security system using the dimensions of your heart as your identifier. The system uses low-level Doppler radar to measure your heart, and then continually monitors your heart to make sure no one else has stepped in to run your computer. This new non-contact, remote biometric tool could be the next advance in computer security.

  • How does your cellphone know whether your finger is real or a fake?

    Do you know how safe it is to use your finger as a security login? And have you wondered how your cell phone knows if your finger is real or a fake? Researchers are working to answer these questions and solve the biggest problems facing fingerprint recognition systems today: how secure they are and how to determine whether the finger being used is actually a human finger.

  • Breaking nuclear deal could bring hacking onslaught from Iran

    If the Trump administration discarded the nuclear deal with Iran, Tehran could retaliate quickly – and inflict considerable damage – by unleashing its increasingly aggressive Iranian hacker army. Cyber-experts who track Tehran’s hackers warn that the attacks might target U.S. power plants, hospitals, airports, and other components of the country’s critical infrastructure. Iran’s current hacking against Western targets is limited almost entirely to commercial espionage and dissident surveillance, but Teheran could quickly redirect its efforts in the event of a rupture of the nuclear pact.