News Items

  • news

    Visible to the public Pub Crawl #77


    Pub_Crawl_web.jpgPub Crawl summarizes, by hard problems, sets of publications that have been peer reviewed and presented at SoS conferences or referenced in current work. The topics are chosen for their usefulness for current researchers.

  • news

    Visible to the public Science of Security BAA for Virtual Institutes

    The National Security Agency on March 1 released a Broad Agency Announcement (BAA), which calls for research project proposals. These research projects are for foundational cybersecurity research. Additional details on the requirements and interesting research questions can be found in the BAA document.

    The title of the BAA is Science of Security Virtual Institutes and the deadline to submit is April 14, 2023. The BAA number is MASMPO-23-001 or RFI-23-00212.

  • news

    Visible to the public HoTSoS 2023: Registration Open March 7th!

    HoTSoS 2023: Registration Open March 7th!

    The Hot Topics in the Science of Security (HoTSoS) Symposium is a research event centered on the Science of Security, which aims to address the fundamental problems of security in a principled manner. The tenth annual event will be virtually held April 3-5, 2023.

    Registration for HoTSoS is scheduled to open March 7th!

    Visit the HoTSoS 2023 home page for more information about the schedule of events and important deadlines.

  • news

    Visible to the public 11th Annual Best Scientific Cybersecurity Paper Competition Now Live!

    The eleventh NSA Competition for Best Scientific Cybersecurity Paper i

  • news

    Visible to the public Science of Security and Privacy Annual Reports Archive

    The reports highlight the progress and accomplishments of the Science of Security and Privacy initiative.

  • news

    Visible to the public NSF 21-122 Dear Colleague Letter: Enabling Secure and Trustworthy Cyberspace (SaTC) CISE-SBE Interdisciplinary Collaborations

    NSF 21-122

    Dear Colleague Letter: Enabling Secure and Trustworthy Cyberspace (SaTC) CISE-SBE Interdisciplinary Collaborations

    Proposals are due Dec 10, 2021, but an approval letter from a program officer is required before you can submit. Submitting in response to that DCL does *not* count against the limit of the number of proposals that can be submitted against the SaTC solicitation.


    September 27, 2021

    https://www.nsf.gov/pubs/2021/nsf21122/nsf21122.jsp

  • news

    Visible to the public Solicitation: NSF Secure and Trustworthy CyberSpace (SaTC) [Solicitation 22-517]

    Secure and Trustworthy Cyberspace (SaTC)

    PROGRAM SOLICITATION
    NSF 22-517

    REPLACES DOCUMENT(S):
    NSF 21-500

    National Science Foundation

    Directorate for Computer and Information Science and Engineering
         Division of Computer and Network Systems
         Division of Computing and Communication Foundations
         Division of Information and Intelligent Systems
         Office of Advanced Cyberinfrastructure

  • news

    Visible to the public HoTSoS 2022 Call for Papers! Deadline December 17th!

    HoTSoS 2022 Call for Papers! Deadline December 17th!

    The HoT Topics in the Science of Security (HoTSoS) Symposium is now soliciting submissions for the 2022 program. Following the success of the virtual HoTSoS Symposium in 2021, HoTSoS`22 will be a virtual event held the week of April 4th, 2022. In addition to research paper discussions and presentations, the symposium program will also include invited talks and panels.

    We are accepting submissions in the following three categories:

  • news

    Visible to the public Follow @SoS_VO_org on Twitter!

    Follow @SoS_VO_org on Twitter!

    The SoS-VO team is excited to announce that we recently updated the homepage of the website to link to the official Science of Security & Privacy twitter account where we will be making daily announcements about noteworthy news items, upcoming opportunities, and impending deadlines in the SoS community.

  • news

    Visible to the public Predictive Intelligence for Pandemic Prevention (PIPP) Webinars

    Predictive Intelligence for Pandemic Prevention (PIPP) Webinars


    February 16, 2021 11:00 AM to
    February 17, 2021 6:45 PM
    Virtual Workshop

    Save the Date

    February 25, 2021 11:00 AM to
    February 26, 2021 6:00 PM
    Virtual Workshop

    Save the Date

  • news

    Visible to the public HoTSoS 2021: Works-in-Progress Co-Chairs

    Meet the HoTSoS 2021 Team:
    Works-in-Progress Co-Chairs

    Kurt Kelville (MIT) and Aron Laszka (University of Houston) are our Works-in-Progress Co-Chairs for the 2021 Symposium. Happy to have these two on the Program Committee Team!

    About the Chairs

  • news

    Visible to the public Call for Participation: Canberra Artificial Intelligence Summer School

    Call for Participation

    Canberra Artificial Intelligence Summer School

    Virtual, December 4-7th, 2020

    FREE

    Website: http://canberraai.net/caiss2020/
    Discord: https://discord.com/invite/rcKuNm4

    [If interested in staying up-to-date, please join this Discord channel!]


    Introduction

  • news

    Visible to the public Take my word for it: Privacy and COVID alert apps can coexist

    BY LORRIE CRANOR, OPINION CONTRIBUTOR -- 11/10/20 09:30 AM EST

    Since the COVID-19 pandemic began, technologists across the country have rushed to develop digital apps for contact tracing and exposure notifications. New York, New Jersey, Pennsylvania, and Delaware have all recently announced the launch of such apps, announcements which generated excitement. But the advent of these tools has also created questions. Chief among them: Do these apps protect privacy?

  • news

    Visible to the public CPS-VO.org now supports DOI!

    The latest release of the CPS-VO.org has added Zenodo support for generating archives and including DOI information for content types such as files, news items, web pages, and wiki pages!

  • news

    Visible to the public NIST Releases Draft Security Feature Recommendations for IoT Devices

    NIST Releases Draft Security Feature Recommendations for IoT Devices

    "Core Baseline" guide offers practical advice for using everyday items that link to computer networks.

    August 01, 2019

  • news

    Visible to the public NSA-approved cybersecurity law and policy course now available online

    NSA-approved cybersecurity law and policy course now available online

    Cyber Scoop

    Shannon Vavra

    August 27th, 2019

    Anyone who is interested in cybersecurity law and policy can now take an online course that was partly shaped by National Security Agency.

  • news

    Visible to the public Verification Tool Competition

    ARCH brings together researchers and practitioners to establish a curated set of benchmarks for verification, testing and reachability, and evaluate them in a friendly competition. ARCH started in 2014 and has sustained a vibrant community since. Since 2017, ARCH has organized as a part of the workshop the International Competition on Verifying Continuous and Hybrid Systems (ARCH-COMP, https://cps-vo.org/group/ARCH/), now in its 3rd iteration.

  • news

    Visible to the public Game-theoretic Paper Wins Annual Paper Competition

    The winner of the 6th Annual Best Scientific Cybersecurity Paper Competition is How Shall We Play a Game? A Game-theoretical Model for Cyber-warfare Games by Tiffany Bao, Yan Shoshitaishvili, Ruoyu Wang, Christopher Kruegel, Giovanni Vigna, and David Brumley. These researchers are from Carnegie Mellon University and University of California, Santa Barbara. This paper was originally accepted at 30th IEEE Computer Security Foundations Symposium (CSF '17).

    To learn more visit the competition homepage: https://cps-vo.org/group/sos/papercompetition/pastcompetitions

  • news

    Visible to the public Secretary of Energy Rick Perry Announces $68.5 Million for Advanced Vehicle Technologies Research

    WASHINGTON, D.C. - Today, U.S. Secretary of Energy Rick Perry announced up to $68.5 million in available funding for early-stage research of advanced vehicle technologies that will enable more affordable mobility, strengthen domestic energy security, and enhance U.S. economic growth.

  • news

    Visible to the public 2018 NSF CPS Program Solicitation

    The 2018 Cyber-Physical Systems Program Solicitation has been released. The submission window for proposals is April 27, 2018 - May 8, 2018. Please see the full solicitation for additional details and the summary of program requirements: https://cps-vo.org/node/45729

  • news
  • news

    Visible to the public NSA SoS Lablet Call for Proposals is Open

    The National Security Agency has distributed its BAA (really a request for proposals) for its next generation of SoS Lablets. These lablets include lablets on the 5 Hard Problem areas in Science of Security, on the Science of Privacy and dealing with Cyber Physical Systems. Proposals are due August 21. While the SoS team is not the point of contact for the contracting process, we can aid in directing: https://cps-vo.org/group/SoS/contact

  • news

    Visible to the public Reviews & Outreach Subscription

    Subscribe to Reviews & Outreach (R&O) - designed to highlight some of the exciting research, news, and events that impact our Science of Security (SoS) community.

  • news

    Visible to the public U.S. Department of Transportation Launches Smart City Challenge to Create a City of the Future

    Smart City Challenge

  • news

    Visible to the public NEW 2016 NSF-USDA Solicitation: Innovations at the Nexus of Food, Energy, and Water Systems (INFEWS)

    Innovations at the Nexus of Food, Energy and Water Systems (INFEWS)


    Program Solicitation
    NSF 16-524

    National Science Foundation

  • news

    Visible to the public Sticky News Item

    This news item always appears at the top of the 'recent news' list because the 'pin to top of lists' box is checked under 'publishing options' below. News Items can also be set to show in the spotlight slideshow feature.

  • news

    Visible to the public Sticky News Item

    This news item always appears at the top of the 'recent news' list because the 'pin to top of lists' box is checked under 'publishing options' below. News Items can also be set to show in the spotlight slideshow feature.

  • news

    Visible to the public "Signal Jamming Defense Not up to the Task? These Researchers Have a Solution"

    As growing and maturing data services demand faster Internet speeds and operating systems call for better security, hackers and adversaries continue to interfere. For some, this involves infiltrating home and office wireless networks to steal personal or business information. These attackers often use high-powered signal jamming devices, which are wireless portable devices that impede devices' communication with each other. These jammers also serve as a defense for users trying to avoid these attacks. With this dichotomy in mind, former Khoury doctoral student Hai Nguyen and his advisor Guevara Noubir, both of whom are members of Khoury College's Cybersecurity and Privacy Institute, have developed a novel approach that cancels these high-powered jammers in situations where traditional techniques fail. This failure may occur as a result of the traditional techniques being designed for benign interference, requiring mechanically moving parts that react slowly to jamming, or requiring additional radio frequency bands to achieve resilience. JaX is the name of the duo's technique that sidesteps these situations. This article continues to discuss the researchers' JaX solution.

    Northeastern University reports "Signal Jamming Defense Not up to the Task? These Researchers Have a Solution"

  • news

    Visible to the public "The Life-or-Death Importance of Medical Device Security"

    Cybersecurity researcher Alex Vakulov emphasizes that cybersecurity is not always a top priority when developing smart medical devices. Many are easily connected to the Internet, are often found to have simple passwords, and occasionally do not require passwords at all. This lack of security is a significant issue because it enables hackers to break into the devices themselves, infiltrate hospital systems, and unleash malicious software. According to a report published by Cynerio in 2021, ransomware attacks on healthcare facilities increased by 123 percent, with more than 500 attacks costing over $21 billion. The Internet of Medical Things (IoMT) is a subset of the Internet of Things (IoT). IoT connects various devices, including smartphones, wearables, and industrial sensors, whereas IoMT focuses solely on medical devices. Both use cloud-based storage and Artificial Intelligence (AI)-powered communication to share data. However, IoMT takes it further by helping healthcare professionals assess, diagnose, treat, and track patients' conditions. Hackers target IoMT devices and systems to steal sensitive information, which they could then hold for ransom or sell on the dark web. This article continues to discuss Vakulov's insights on typical security issues associated with connected medical devices and some best practices for securing them.

    CACM reports "The Life-or-Death Importance of Medical Device Security"

  • news

    Visible to the public "P2Pinfect Botnet Targets Redis and SSH Services"

    P2Pinfect, a novel peer-to-peer botnet that targets the Redis and SSH open-source services, has experienced a 600-time increase in activity since August 28, including a 12.3 percent increase in traffic over the past week. According to Cado Security Labs, P2Pinfect compromises have been seen in China, the US, Germany, the UK, Singapore, Hong Kong, and Japan. P2Pinfect was discovered in July, targeting servers hosting publicly accessible instances of the Redis open-source database. In a new blog post, the researchers noted that targeting Redis is only half of P2Pinfect's functionality, as the malware can also propagate via SSH and includes a list of username/password combinations to facilitate brute-force attacks. Matt Muir, the threat research lead at Cado Security Labs, explained that attackers could use a botnet of this size to conduct disruptive Distributed Denial-of-Service (DDoS) attacks, similar to those launched by hacktivists during the Russia-Ukraine war. Muir added that attackers could use it to mine cryptocurrency on a large scale, or to support additional malware campaigns or social engineering operations such as phishing. This article continues to discuss new findings regarding the P2Pinfect botnet.

    SC Media reports "P2Pinfect Botnet Targets Redis and SSH Services"

  • news

    Visible to the public "Research Warns Email Rules Are Being Weaponized by Cyberattackers"

    The cloud cybersecurity company Barracuda Networks has released new research on attackers using malicious email rules to steal information and avoid detection after compromising corporate networks. Automated email inbox rules help manage the flood of emails that many people encounter in their professional lives. Inbox rules help categorize, forward, and delete emails based on user-defined criteria. However, research from Barracuda Networks suggests that cybercriminals can also exploit their convenience. According to the study, once an attacker has access to an account, they can use email rules to hide inbound emails, such as security alerts, or cover their tracks from the account owner. An attacker can hide activities using email rules, exfiltrate data by setting rules to forward emails containing specific keywords to external addresses, and impersonate senior executives to conduct Business Email Compromise (BEC) attacks. This article continues to discuss the weaponization of email rules.

    SiliconANGLE reports "Research Warns Email Rules Are Being Weaponized by Cyberattackers"

  • news

    Visible to the public "What's Wrong With This Picture? NIST Face Analysis Program Helps to Find Answers"

    Face recognition software is often implemented to gatekeep access to secure websites and electronic devices. Researchers are looking into the possibility of defeating it simply by wearing a mask resembling another person's face. The National Institute of Standards and Technology (NIST) recently published research on software designed to detect this type of spoof attack. The new study is published alongside another that evaluates the ability of software to identify potential issues with a photograph or digital facial image, such as one captured for a passport. Together, the two NIST publications provide insight into the effectiveness with which modern image-processing software executes a face analysis task that is becoming increasingly important. This article continues to discuss the two NIST evaluation studies that will help software better detect photo spoofs and image quality issues.

    NIST reports "What's Wrong With This Picture? NIST Face Analysis Program Helps to Find Answers"

  • news

    Visible to the public "Signal Upgrades Encryption to Ward off Quantum Attacks"

    Signal, the telecommunications app, has announced an upgrade to its cryptographic specifications aimed at withstanding a potential future cyberattack involving quantum computers. On September 19, Signal announced an upgrade to the X3DH specification called PQXDH, which is the first step in advancing quantum resistance for its dedicated protocol. With this upgrade, Signal is adding a layer of protection against the threat posed by a future quantum computer powerful enough to break current encryption standards. Quantum computing is expected to revolutionize certain sciences and technologies in the transport, energy, and medical sectors, but it will render the RSA Cryptosystem obsolete. This article continues to discuss Signal upgrading its cryptographic specifications to withstand a potential future cyberattack by a threat actor using quantum computers.

    Cybernews reports "Signal Upgrades Encryption to Ward off Quantum Attacks"

  • news

    Visible to the public "Atos Unify Vulnerabilities Could Allow Hackers to Backdoor Systems"

    According to security researchers at SEC Consult, two vulnerabilities discovered earlier this year in Atos Unify products could allow malicious actors to cause disruption and even backdoor the targeted system. The vulnerabilities affect the Atos Unify Session Border Controller (SBC), which provides security for unified communications, the Unify OpenScape Branch product for remote offices, and Border Control Function (BCF), which is designed for emergency services. The researchers discovered that the web interface of these products is affected by CVE-2023-36618, which can be exploited by an authenticated attacker with low privileges to execute arbitrary PHP functions and, subsequently, operating system commands with root privileges. The second security hole, CVE-2023-36619, can be exploited by an unauthenticated attacker to access and execute certain scripts. The researchers stated that attackers could leverage these scripts to cause a denial-of-service (DoS) condition or change the system's configuration. The researchers noted that the vulnerabilities have a critical impact, but the vendor has assigned the flaws a "high severity" rating based on their CVSS score. The researchers stated that attackers can gain full control (root access) over the appliance if any low-privileged user credentials are known and could reconfigure or backdoor the system. Atos has released updates that should patch both Unify vulnerabilities.

    SecurityWeek reports: "Atos Unify Vulnerabilities Could Allow Hackers to Backdoor Systems"

  • news

    Visible to the public "Canada Blames Border Checkpoint Outages on Cyberattack"

    Several Canadian airports reportedly experienced service disruptions due to a cyberattack allegedly perpetrated by a pro-Russia hacking group. According to the Canada Border Services Agency (CBSA), recent connectivity issues that impacted airport check-in kiosks and electronic gates were caused by a Distributed Denial-of-Service (DDoS) attack. The Montreal Airport Authority reported that a computer outage at check-in kiosks caused delays in processing arrivals at border checkpoints across the country, including Montreal-Trudeau International Airport, for more than an hour. Recently, the Russian hacking group NoName057(16) claimed responsibility for cyberattacks against several Canadian organizations, including CBSA, the Canadian Air Transport Security Authority, as well as government and financial institutions. However, CBSA has not directly linked NoName057(16) to the attack. This article continues to discuss the cyberattack that resulted in widespread service disruptions at several Canadian airports.

    The Record reports "Canada Blames Border Checkpoint Outages on Cyberattack"

  • news

    Visible to the public "Smart Utility Meter Security Takes a Quantum Leap"

    Quantinuum is a merger between Honeywell Quantum Solutions and Cambridge Quantum focused on quantum computing. It aims to help build quantum-hardened cryptographic keys to secure Honeywell's smart utility meters. Quantum Origin is a service that uses quantum computers to generate large random numbers that can safeguard sensitive information or grid infrastructure. The first step in creating cryptographically secure encryption and authentication keys is to generate random numbers. A well-functioning Random Number Generator (RNG) ensures that future cryptographic keys cannot be guessed based on a predictable pattern. Traditionally, random numbers are generated algorithmically or with hardware devices that sample physical phenomena such as electrical noise. This article continues to discuss Honeywell securing its meters with cryptographic keys from Quantinuum.

    IEEE Spectrum reports "Smart Utility Meter Security Takes a Quantum Leap"

  • news

    Visible to the public "Finnish Authorities Shutter Dark Web Drugs Marketplace"

    Investigators in Finland have recently seized and shut down a web server used to operate a local dark web marketplace. Piilopuoti opened on May 18, 2022, with its administrators attempting to hide its presence by operating only on the encrypted Tor network. The investigators noted that the site had been used in anonymous criminal activities such as trading narcotics. As a rule, the narcotics sold on the site were smuggled to Finland from abroad. The investigators stated that the criminal investigation is still underway. Finnish customs officers worked with partners in Germany and Lithuania, Europol, the European Union Agency for Criminal Justice Cooperation (Eurojust), Finnish police, and authorities in other countries.

    Infosecurity reports: "Finnish Authorities Shutter Dark Web Drugs Marketplace"

  • news

    Visible to the public "Skyhawk Security Ranks Accuracy of LLM Cyberthreat Predictions"

    The cloud security vendor Skyhawk has introduced a new benchmark for evaluating generative Artificial Intelligence (AI) Large Language Models' (LLMs) ability to identify and score cybersecurity threats within cloud logs and telemetries. According to the company, the free resource analyzes the accuracy with which ChatGPT, Google BARD, Anthropic Claude, and other LLAMA2-based open LLMs predict the maliciousness of an attack sequence. From a risk perspective, generative AI chatbots and LLMs can be a double-edged sword, but when used properly, they can significantly improve an organization's cybersecurity. Their potential to identify and dissect possible security threats faster and in greater volume than human security analysts is one of the benefits they offer. A Cloud Security Alliance (CSA) report exploring the cybersecurity implications of LLMs suggests that generative AI models can be used to improve the scanning and filtering of security vulnerabilities. CSA demonstrated in the paper that OpenAI's Codex Application Programming Interface (API) is an effective vulnerability scanner for programming languages, including C, C#, Java, and JavaScript. This article continues to discuss the generative AI benchmark that evaluates the ability of LLMs to identify and score cybersecurity threats within cloud logs and telemetries.

    CSO Online reports "Skyhawk Security Ranks Accuracy of LLM Cyberthreat Predictions"

  • news

    Visible to the public "Fresh Wave of Malicious npm Packages Threaten Kubernetes Configs and SSH Keys"

    Researchers have discovered a new set of malicious packages in the npm package registry designed to exfiltrate Kubernetes configurations and SSH keys from compromised machines to a remote server. Sonatype reported discovering 14 different npm packages that impersonate JavaScript libraries and components, such as ESLint plugins and TypeScript SDK tools. Multiple versions of the packages were observed executing obfuscated code to collect and extract sensitive files from the target system upon installation. In addition to Kubernetes configurations and SSH keys, the modules can collect system metadata, including username, IP address, and hostname. The disclosure follows Sonatype's detection of counterfeit npm packages that use a technique known as dependency confusion to impersonate internal packages used by PayPal Zettle and Airbnb developers as part of an ethical research experiment. This article continues to discuss the new batch of malicious packages in the npm package registry aimed at exfiltrating Kubernetes configurations and SSH keys from compromised machines to a remote server.

    THN reports "Fresh Wave of Malicious npm Packages Threaten Kubernetes Configs and SSH Keys"

  • news

    Visible to the public "Rising OT/ICS Cybersecurity Incidents Reveal Alarming Trend"

    According to Rockwell Automation, 60 percent of cyberattacks against the industrial sector are conducted by state-affiliated actors and are often facilitated by internal personnel (33 percent of the time). This aligns with other industry research that suggests Operational Technology/Industrial Control Systems (OT/ICS) cybersecurity incidents are increasing in volume and frequency, and are targeting critical infrastructure, including energy producers. In the last three years, the number of OT/ICS cybersecurity incidents has already surpassed the total number reported between 1991 and 2000. The energy sector is the primary target of threat actors (39 perecent of attacks), which is over three times more frequently targeted than critical manufacturing (11 percent) and transportation (10 percent). This article continues to discuss key findings from Rockwell Automation's "Anatomy of 100+ Cybersecurity Incidents in Industrial Operations" report.

    Help Net Security reports "Rising OT/ICS Cybersecurity Incidents Reveal Alarming Trend"

  • news

    Visible to the public "GitLab Urges Users to Install Security Updates for Critical Pipeline Flaw"

    GitLab has released security updates to address a vulnerability of critical severity that allows attackers to run pipelines as other users through scheduled security scan policies. The flaw, tracked as CVE-2023-5009 with a CVSS score of 9.6, impacts GitLab Community Edition (CE) and Enterprise Edition (EE) versions 13.12 through 16.2.7 and versions 16.3 through 16.3.4. Johan Carlsson, a security researcher and bug hunter, discovered the issue, which is a bypass of CVE-2023-3932, a medium-severity problem fixed in August. The researcher found a way to evade the implemented protections and showed an additional impact that elevated the flaw's severity rating to critical. Impersonating users without their knowledge or permission to execute pipeline tasks, which are a series of automated tasks, could result in attackers gaining access to sensitive data or abusing the impersonated user's permissions to run code, modify data, or activate specific events within the GitLab system. This article continues to discuss the critical pipeline flaw.

    Bleeping Computer reports "GitLab Urges Users to Install Security Updates for Critical Pipeline Flaw"

  • news

    Visible to the public "Qatar Cyber Chiefs Warn on Mozilla RCE Bugs"

    Following the disclosure of vulnerabilities in Mozilla's Firefox and Thunderbird, the National Cyber Security Agency in Qatar urges Adobe users to apply patches. However, other affected browsers were not mentioned. The vulnerability, tracked as CVE-2023-4863 with a CVSS score of 8.8, is a critical heap buffer overflow in the WebP library. It enables Remote Code Execution (RCE) and affects three versions of Firefox and two Thunderbird releases. The vulnerability also impacts other browsers supporting this library, including Google Chrome, Microsoft Edge, Mozilla Firefox, and Apple Safari. Google recently warned that the vulnerability had been exploited in the wild as a zero-day before being patched. WebP allows administrators and web developers to create smaller, more robust images to improve user experience. This article continues to discuss the WebP vulnerability affecting multiple browsers.

    Dark Reading reports "Qatar Cyber Chiefs Warn on Mozilla RCE Bugs"

  • news

    Visible to the public "Understanding Cyber Threats in IoT Networks"

    New research delves into how Internet of Things (IoT) devices, which are not as well protected as traditional computers regarding firewalls, antivirus, and malware protection, can represent a significant system vulnerability. In addition to potential financial loss, such threats can disrupt infrastructure and government, as well as endanger human lives, especially in healthcare facilities. A team of researchers from Tallinn University of Technology and the University at Albany developed a comparative framework for modeling the cyber threat to IoT devices and networks. The new framework developed by the team can be used to evaluate specific vulnerabilities within an IoT network from the perspective of a hypothetical third-party adversary. The framework can critically assess the factors determining the level of sophistication required to conduct a successful cyberattack that causes system damage. This article continues to discuss the comparative framework developed for cyber threat modeling.

    Inderscience reports "Understanding Cyber Threats in IoT Networks"

  • news

    Visible to the public "The Emergence of Security Flaws as a 'National Resource' in China"

    A regulation requiring organizations conducting business in China to notify the government of software vulnerabilities within 48 hours of discovery reflects the Chinese government's increasingly strategic view of security flaws. A new report published by the Atlantic Council highlights how companies are complying with China's "Regulations on the Management of Network Product Security Vulnerabilities" (RMSV) law, as well as the mandate's effect on the broader vulnerability disclosure landscape and China's offensive hacking capabilities. This article continues to discuss key findings and points from the Atlantic Council's report on the 2021 RMSV.

    Decipher reports "The Emergence of Security Flaws as a 'National Resource' in China"

  • news

    Visible to the public "Nation-State Actors Are Exploiting AI for Discord and Attacks, DHS Warns"

    A recently released report from the Department of Homeland Security (DHS) warns that nation-state actors and cybercriminals are increasingly using new cyber tools, such as generative Artificial Intelligence (AI), to incite conflict in the US, exploit vulnerabilities, and attack critical infrastructure sectors. The DHS 2024 Homeland Threat Assessment report identifies financially motivated cyberattacks as a major threat to domestic economic security. It notes that emerging technologies enable adversaries to conduct larger-scale, faster, more efficient, and stealthier cyberattacks. The accumulation of accessible AI tools will likely strengthen adversaries' tactics, according to the report. Nation-states attempting to undermine trust in government institutions, social cohesion, and democratic processes are using AI to create more believable misinformation, disinformation, and malinformation campaigns. DHS reports that generative AI gives threat actors unprecedented capabilities to execute real-time malicious information campaigns. The report provided examples of Chinese and Russian news sites using generative AI platforms to enhance their operations, distribute disinformation, and conduct influence operations within the US. This article continues to discuss key findings and points from the DHS 2024 Homeland Threat Assessment report.

    NextGov reports "Nation-State Actors Are Exploiting AI for Discord and Attacks, DHS Warns"

  • news

    Visible to the public "AI Under Criminal Influence: Adversarial Machine Learning Explained"

    Since the release of ChatGPT to the public, the adoption of Artificial Intelligence (AI) and Machine learning (ML) systems has increased significantly. In order to gain a competitive advantage, companies are racing to adopt AI technology. However, they may be exposing themselves to cybercriminals. ML models that drive many AI applications are susceptible to attacks against data contained within AI systems and adversarial ML attacks. Adversarial ML involves providing malicious input to an ML model to cause it to generate inaccurate results or degrade its performance. This attack could occur during the training phase of the ML model, or it could be introduced later via input samples to trick a trained model. This article continues to discuss how ML models are trained, the different types of adversarial ML attacks, and how to combat such attacks.

    Cybernews reports "AI Under Criminal Influence: Adversarial Machine Learning Explained"

  • news

    Visible to the public "Cybersecurity Incident Hits ICC"

    The International Criminal Court (ICC) has recently announced that it had been affected by what it called "anomalous activity" regarding its IT systems and that it was currently responding to this "cybersecurity incident." The ICC is currently investigating war crimes in Ukraine and declined to provide further details and said its priority was ensuring it could continue its work. Based in The Hague, the court is no stranger to international espionage. The Netherlands said it had stopped a Russian spy posting as a Brazilian intern from infiltrating the court last year.

    SecurityWeek reports: "Cybersecurity Incident Hits ICC"

  • news

    Visible to the public "Metaverse Poses Serious Privacy Risks for Users, Report Warns"

    According to a new report from New York University (NYU), the immersive Internet experience known as the metaverse will erode users' privacy unless significant measures are taken to improve and regulate how the technology collects and stores personal data. The metaverse relies on Extended Reality (XR) technologies, encompassing Augmented Reality (AR), Virtual Reality (VR), and Mixed Reality (MR). The report from NYU's Stern Center for Business and Human Rights warns that because the technology cannot function without collecting and processing personal and bodily data, it poses a significant privacy risk. According to the report, behavioral and psychological information about individuals can be deduced from bodily data alone. Conventional XR hardware includes sensors that continuously track at least three categories of user data: head movements, eye movements, and spatial maps of physical surroundings. The report argues that when compiled over time, these types of data can disclose "highly sensitive information" about users, such as their physical and mental health, which can be used for commercial or political gain. This article continues to discuss privacy threats posed by metaverse technology.

    The Record reports "Metaverse Poses Serious Privacy Risks for Users, Report Warns"

  • news

    Visible to the public "KEV Catalog Reaches 1,000, What Does That Mean and What Have We Learned" 

    The US Cybersecurity and Infrastructure Security Agency (CISA) launched the Known Exploited Vulnerabilities (KEV) catalog in November 2021 to provide an authoritative source of vulnerabilities that have been exploited "in the wild." Recently, the catalog has expanded to include over 1,000 vulnerabilities. As part of a vulnerability management program that facilitates prioritization based on organizational attributes, such as how a vulnerable product is being used and the exploitability of the relevant system, every organization should prioritize the mitigation of KEVs. This article continues to discuss how the KEV program works, lessons learned, how organizations can effectively use the KEV, future improvements, and how to reduce the prevalence of vulnerabilities by design.

    CISA reports "KEV Catalog Reaches 1,000, What Does That Mean and What Have We Learned"

  • news

    Visible to the public "APT36 State Hackers Infect Android Devices Using YouTube App Clones"

    The APT36 hacking group, also known as Transparent Tribe, has been using at least three YouTube-mimicking Android apps to infect devices with their signature Remote Access Trojan (RAT) called CapraRAT. Once the malware has been installed on a victim's device, it can extract data, record audio and video, and access sensitive communication information, functioning as a spyware tool. APT36 is a Pakistan-aligned threat actor notorious for using malicious Android apps to target Indian defense and government entities, those dealing with Kashmir region affairs, and human rights activists. The latest campaign was discovered by SentinelLabs, which warns military and diplomacy organizations in India and Pakistan to be cautious about YouTube Android apps hosted on third-party sites. This article continues to discuss the APT36 hacking group using Android apps that mimic YouTube to infect devices with CapraRAT.

    Bleeping Computer reports "APT36 State Hackers Infect Android Devices Using YouTube App Clones"