News Items

Security researchers have discovered a new "Google Docs" phishing campaign that attackers have launched to deceive Google users into logging in and granting permission for the application to access their account permissions. This phishing campaign quickly evolves into a worm if the fraudulent app is granted authorization by the user, allowing distribution to contacts. Although this attack was soon terminated by Google, about 1 million users may have still been affected. This article further discusses how the attack performs, details of the OAuth Worm, what cybercriminals behind this attack could do with the stolen information as well as the importance of users being cautious of what they click on.

BankInfoSecurity reports "Attackers Unleash OAuth Worm via 'Google Docs' App"

Cybersecurity gets a boost in encryption innovation as scientists at the University of Texas introduce a new technique to generate random numbers, which requires less effort in computation than other methods. This approach on generating random numbers improves upon randomness extractors by mixing two weakly random sources to generate a statistically random sequence of numbers. This method is expected to produce several benefits beyond encryption. This article further discusses this innovative formula, the difficulty of generating random numbers for a computer, how the quality of randomness is measured, previous versions of randomness extractors, and how the mathematical method is expected to improve in the future.

SIGNAL Magazine reports "Doing The Math For Better Encryption"

As many organizations and government foundations are being encouraged to embrace the future of artificial intelligence (AI) in the implementation and processes of cybersecurity, concerns of emerging machine learning-based malware arises. Researchers at Peking University's School of Electronics Engineering and Computer Science have published a research paper, "Generating Adversarial Malware Examples for Black Box Attacks Based on GAN", which discusses the components of "MalGAN", an algorithm used to produce adversarial malware examples and evade black-box machine learning-based detection models. This article discusses some points outlined in the research paper as well as how cybersecurity experts expect AI to benefit cybercriminals.

TechRepublic reports "Using AI-enhanced malware, researchers disrupt algorithms used in antimalware"

Considering the growing percentage of Americans owning smartphones and the significant amounts of personal and private data that is being stored on these devices, one layer of security is not substantial enough for protecting all that data. This thin layer of security is the password that unlocks the smartphone's screen. Researchers have developed another authentication method that is expected to replace passwords, called "user-generated free-form gestures", which would allow owners to draw their own pattern on the screen instead of entering a password. This article discusses the comparison between this new method of authentication and biometric authentication methods, the capabilities and measurements within this new method, along with the expansion of this type of authentication to other platforms.

The Conversation reports "Could a doodle replace your password?"

UK's most popular banks have been targeted in a scheme in which hackers use fake website domains to impersonate them, deceiving customers into revealing their personal details such as sensitive login credentials. Researchers at DomainTools, a cybersecurity firm, have found a significant number of fake websites posing as different financial firms and a selection of US-based retailers. Researchers have also revealed the method that hackers are using, known as "cybersquatting", which is the act of inexpensively purchasing website domains then designing each website to appear legitimate by displaying brand names and trademarked logos. This article further discusses the details of this hacking scheme, specific banking services that have been targeted, and suggestions for brands in handling domain name registrations.

IBTimesUK reports "Hackers using 'cybersquatting' tactics to spoof websites of UK's biggest banks"

IEEE Standards Association has announced the launch of a new program called Digital Inclusion through Trust and Agency, which will focus on creating standards for the protection of consumer and patient data, specifically in consideration of identity and blockchain technology. This press release outlines the goals of this new initiative, which programs will be complemented by this new program, as well as which multi-disciplinary fields and sectors program members will represent.

"IEEE Standards Association Announces Initiative Designed to Protect Digital Identity for the Global Community"

A new Mac malware dubbed "Dok" has been discovered by researchers from Check Point. Researchers reveal that this malware is mainly targeting German-speaking European users through a surge of spam emails. This malware utilizes Android-like nag screens to acquire admin privileges and funneling tactics to transmit traffic through a remote proxy. This article further discusses the details of Dok, capabilities and attributes of this malware, as well as how this malware performs as demonstrated by researchers.

BleepingComputer reports "New Dok Mac Malware Uses Nag Screens, Intercepts Encrypted Web Traffic"

Nomx is a startup company that claims to provide the most secure email service by offering a device, which could be used to set up a personal email server, avoiding connection with the naturally "vulnerable" mail exchange. Scott Helme, a security researcher, decided to challenge the claims of ensured security from Nomx by examining the device's true structure and process. Helme discovered numerous vulnerabilities within the software, which would allow anyone to hijack the device remotely if the user were to be tricked into visiting a malicious site. This malicious act is known as cross-site request forgery (CSRF). This article further discusses the vulnerabilities of Nomx's device, as well as the response of Will Donaldson, the CEO of Nomx, in regards to these flaws.

Motherboard reports "'World's Most Secure' Email Service Is Easily Hackable"

Researchers at University of Michigan have shared their findings of hundreds of applications in Google Play having the capability of allowing a phone to act as a server as the owner connects to that phone from their PC. This capability raises major security risks as a great number of these applications leave insecure ports open on smartphones, which could be exploited by hackers to steal sensitive data or install malware. This article further discusses how researchers went about determining and demonstrating the scope of this port problem along with the identification of vulnerable popular apps.

WIRED reports "An Obscure App Flaw Creates Backdoors In Millions of Smartphones"

Adam Mudd has been sentenced to two years in prison after he plead guilty to developing and selling a distributed denial-of-service attack tool by the name of "Titanium Stresser". Mudd was 16 years old when he developed this malicious tool that has been used to target multiple organizations such as Microsoft and Sony. Though Mudd has been arrested for the cybercrime he has committed, his work still remains impactful worldwide as this malicious tool has been used to launch more than 1.7 million DDoS attacks. This article further discusses the prosecution of Mudd, how his case was investigated, as well as the common origin of teen cybercrime offenders and how their skills could be guided toward legitimate activities.

Data Breach Today reports "Teen Hacker Sentenced Over 'Titanium Stresser' Attacks"

Blockchain technology offers alternative approaches for managing, distributing, and sharing data to avoid massive data loss or damage in single point of failure systems. Blockchain technology features are classified into three components, which include protection from identity theft, ensuring data integrity by preventing the tampering of data, and stopping DDoS attacks from infiltrating and damaging centralized infrastructure. This article discusses what Blockchain technology provides beyond traditional endpoint protection, and how new alternatives offered by this technology would help in advancing cybersecurity with the three highlighted features.

Nasdaq reports "Advancing Cybersecurity with Blockchain Technology"

The latest version of Google Chrome tackles phishing by restricting how domain names made up of non-Latin characters are displayed by the browser as attackers were using a certain technique involving these characters to create highly convincing phishing websites. Internationalized domain names are converted into ASCII-compatible form then displayed with their non-Latin characters to billions of internet users through browsers that support Unicode, allowing users to read domain names in their native language. Though this process facilitates global internet usability, it also raises issues of security as some characters could be substituted for another set of characters from a different alphabet, matching in appearance. This technique can be used to spoof URLs and launch phishing attacks. This article further discusses how browsers perform checks on these types of malicious activity, how this malicious act was discovered and demonstrated, as well as how Google Chrome and other internet browsers are reacting to this issue.

PCWorld reports "Phishing attacks using internationalized domains are hard to block"

Security researchers state that the Stuxnet worm flaw is still the most exploited despite Microsoft's release of a patch to fix this flaw seven years ago. According to Kaspersky Lab, the Windows Shell flaw responsible for the Stuxnet worm is still first in the ranks of exploits targeting users in 2015 and 2016, mainly because of the self-replicating feature possessed in this attack. This article further discusses why this exploit is so powerful as well as suggested mitigation of this exploitation.

SecurityIntelligence reports "Stuxnet: The Computer Worm That Keeps on Living"

Security vendor, Rapid7, has a released a quarterly threat intelligence report, outlining analyses of encountered security incidents by customers, which were then handled and managed by the company's services. This report reveals that advanced persistent threats were less common for companies not in conjunction with nation-state interests and that such threats have not been an issue for most organizations in the first quarter of 2017. Organizations in alignment with government, manufacturing, aerospace, and other industries formed by nation-state interests were the most impacted by APT activity. This article further discusses the handling of APT attacks, other findings and analysis made by Rapid7, along with the issues of security monitoring in organizations.

Dark Reading reports "APT Attack Activity Occurs at 'Low, Consistent Hum,' Rapid7 Finds"

Rapid7 Threat Report 2017 Q1

Researchers at Argus Cyber Security, a firm dedicated to researching automobile security, has discovered two vulnerabilities within Bosch's Drivelog Connect OBD-II dongle and the smartphone app that would allow the engine of a vehicle to be shut off or disabled by hackers. These vulnerabilities can be exploited to send malicious messages to the Controller Area Network bus, which manages the communication between the vehicle's controllers and devices. This article further discusses the functionalities of the dongle device, how the connection between the dongle device and an app would allow this hack to be performed, BOSCH's intent to improve security, as well as the risk of third-party connections to vehicle systems.

Threatpost reports "Patched Flaw in Bosch Diagnostic Dongle Allowed Researchers to Shut Off Engine"

Coming into town for the Challenge? Check out http://cps-vo.org/node/34687 to make sure your machine is ready to go, so you can get straight to work and avoid having to download a bunch of stuff when you arrive.

Mirai, the notorious IoT malware, faces new competition as a new malware emerges by the name of "Hajime". Security researchers have discovered this new malware to be much more resilient than Mirai in that it forms botnets by communicating over a BitTorrent protocol dependent peer-to-peer network. This form of communication introduces a more decentralized botnet, making it more difficult to terminate. This article further discusses the details of this new IoT malware, how it compares to Mirai, as well as why there is much difficulty in tackle these attacks completely.

PCWorld reports "IoT malware clashes in a botnet territory battle"

As tensions rise between the U.S. and North Korea, the Pentagon is seeking to develop an alterative communications network in hopes of protecting the U.S. power grids from potential cyberattacks. Defense Advanced Research Project Agency (DARPA) and BAE Systems are managing this project, which will focus on detecting early signs of imminent attacks, raising awareness of threats, and identifying threats based on specific characteristics. Rapid Attack Detection, Isolation and Characterization Systems (RADICS) is the name of the program being developed to protect all connections dependent on the power grid, especially in regards to networks and operational combat services. This article further discusses relevant technologies that could be implemented into this project, goals of utilizing these technologies, as well as potential impacts an attack could have on the U.S. power grid.

IJR reports "Pentagon, Fearing Cyber Attack, Moves to Find Alternative Comms Network"

Bastille, leader in enterprise threat detection via software-defined radio, is trying to bring more attention to the potential rise in radio frequency hacking. A recent case sparks concern as a hack was performed through radio frequencies of the Dallas emergency system, setting off 150 false weather sirens for the duration of more than 90 minutes. This article discusses how Bastille is alarming governments and enterprises to fully examine security implementations, particularly in regards to radio frequencies to protect radio-configurable critical infrastructure, as well as the Bastille Audit solution to help identify RF threats and vulnerabilities within systems.

Government Security News reports "Bastille warns radio-based hacks pose risk to national infrastructure"

Sucuri researchers have discovered another rush of attacks targeting and vandalizing websites through the use of images, applying a technique that complicates the process of detection as well as the identification of the compromised site as malicious by search engines. This article discusses the difficulty of detecting this threat due to malicious use of image files, the goals of the attackers, and strategies for users to protect themselves from these attacks.

SC Media US reports "Attackers caught defacing sites with difficult to spot techniques"

Differential Privacy, CPS, and complex navigation of security issues at HotSoS 2017

Cyber researchers at Newcastle University have discovered that it is possible for hackers to crack PINs and passwords by using malicious websites and apps to spy on users just based on the motion of 25 different standard sensors integrated into most smart devices. This allows hackers to easily monitor what a user is typing, clicking, and browsing. This article further discusses the findings of these researchers on the vulnerabilities of websites and apps that would allow this type of privacy invasion, how particular sensors can be monitored by hackers, and how users can protect themselves from this attack.

Phys.org reports "How criminals can steal your PIN by tracking the motion of your phone"

The Science of Security Annual Report details the progress of the activities in the Science of Security research initiative. The most recent annual report, published in April 2017, highlights the work done in Fiscal Year 2016.

For more information about the activities associated with the SoS initiative, browse through the SoS Annual Report at

http://cps-vo.org/group/sos/annualreport2016