-
Expanding cybersecurity education to fill job market shortfall
Experts say that the U.S. cyber workforce shortfall is growing. By the 2022, the shortage of cybersecurity professionals is predicted to be 1.8 million. Colleges and universities expand their cybersecurity education offerings.
-
-
Developing a system to identify, patch software security holes
DARPA is funding research of security vulnerabilities in web software. A new system called GAMEPLAY (for Graph Analysis for Mechanized Exploit-generation and vulnerability Patching Leveraging human Assistance for improved Yield) will spot security weaknesses in the millions – sometimes billions – of lines of code that run websites including banking and online shopping which are attractive to hackers.
-
-
Is your VPN secure?
About a quarter of internet users use a virtual private network, a software setup that creates a secure, encrypted data connection between their own computer and another one elsewhere on the internet. Many people use them to protect their privacy when using Wi-Fi hotspots, or to connect securely to workplace networks while traveling. Other users are concerned about surveillance from governments and internet providers. However, most people – including VPN customers – don’t have the skills to double-check that they’re getting what they paid for. A group of researchers I was part of do have those skills, and our examination of the services provided by 200 VPN companies found that many of them mislead customers about key aspects of their user protections.
-
-
Problems using mobile technologies in public health care
Many health care providers in remote locations around the world are actively using newer mobile technologies like text messaging and fingerprint identification to deliver important services and timely information to their patients. While the efforts are well-intended, two new studies find that such approaches need to be closely monitored to make sure they are meeting targeted goals. The two recently published studies identified multiple problems integrating mobile technologies into public health care.
-
-
Significance vulnerabilities discovered in high-performance computer chips
Researchers have uncovered significant and previously unknown vulnerabilities in high-performance computer chips that could lead to failures in modern electronics. The researchers found they could damage the on-chip communications system and shorten the lifetime of the whole computer chip significantly by deliberately adding malicious workload.
-
-
Answering the pressing cyber-risk economics questions
When it comes to improving the cybersecurity posture of the U.S. critical infrastructure and vital data assets, there are a host of questions that need to be answered before actionable cybersecurity risk-management strategies can be developed and resources deployed.
-
-
Strict password policies help prevent fraud
The all-too-common practice of using the same email address/password combination to log into multiple websites can be damaging, especially for employers with many users and valuable assets protected by passwords, like universities. Researchers show that longer minimum passwords are the most effective way to prevent password reuse and reduce potential exposure in a third-party data breach.
-
-
S&T awards $11.6 million to defend against network, internet disruptions
Five research organizations were awarded separate contracts totaling $11,511,565 to develop new methods to identify and attribute Network/Internet-scale Disruptive Events (NIDEs), the DHS S&T announced last week.
-
-
Dojo by BullGuard establishes lab at Cyber@BGU
Dojo by BullGuard, an Internet of Things (IoT) security specialist, and BGN Technologies, the technology transfer company of Ben-Gurion University of the Negev (BGU), have announced a partnership to develop advanced technologies for automated IoT threat detection, employing artificial intelligence and machine learning algorithms.
-
-
Germany creates cybersecurity R&D agency
The German government today (Wednesday) announced the creation of a new federal agency to develop cutting-edge cyber defense technology. The agency would resemble the U.S. Defense Advanced Research Projects Agency (DARPA), which is credited with developing the early internet and GPS. The German agency, unlike DARPA, will focus on cyber defense ad cyber protection. DARPA’s range of defense-related research and development is much broader.
-
-
Making electronic documents more trustworthy
Today, the expeditious delivery of electronic documents, messages, and other data is relied on for everything from communications to navigation. As the near instantaneous exchange of information has increased in volume, so has the variety of electronic data formats–from images and videos to text and maps. Verifying the trustworthiness and provenance of this mountain of electronic information is an exceedingly difficult task – especially since the software used to process electronic data is error-prone and vulnerable to exploitation through maliciously crafted data inputs, opening the technology and its underlying systems to compromise.
-
-
Security gaps identified in internet protocol IPsec
Researchers have demonstrated that the Internet protocol “IPsec” is vulnerable to attacks. The Internet Key Exchange protocol “IKEv1,” which is part of the protocol family, has vulnerabilities that enable potential attackers to interfere with the communication process and intercept specific information.
-
-
Microprocessor designers realize security must be a primary concern
Fifty years after the founding of Intel, engineers have begun to second-guess many of the chip-making industry’s design techniques. Recently, security researchers have found that some innovations have let secrets flow freely out of computer hardware the same way software vulnerabilities have led to cyberattacks and data breaches. This realization has led to calls from microchip industry leaders, including icons John Hennessy and David Patterson, for a complete rethinking of computer architecture to put security first. Identifying and securing these newly identified hardware vulnerabilities and side-channels will be challenging, but the work is important – and a reminder that designers and architects must always think about other ways attackers might try to compromise computer systems.
-
-
Buried internet infrastructure at risk as sea levels rise
Thousands of miles of buried fiber optic cable in densely populated coastal regions of the United States may soon be inundated by rising seas, according to a new study. The study, presented at a meeting of internet network researchers, portrays critical communications infrastructure that could be submerged by rising seas in as soon as fifteen years. “Most of the damage that’s going to be done in the next 100 years will be done sooner than later,” says Ban authority on the “physical internet.” “That surprised us. The expectation was that we’d have 50 years to plan for it. We don’t have 50 years.”
-
-
Better detection, analysis of malicious attacks
DHS S&T has selected Cyber 20/20, Inc. of Newark, Delaware to develop security capabilities for financial services as part of S&T’s Silicon Valley Innovation Program (SVIP). Cyber 20/20’s project—Trained Using Runtime Analysis from Cuckoo Outputs (TURACO)—expands the capabilities of Cuckoo, an open-source sandbox, to better detect and analyze malicious attacks.
-