News Items

Security researchers have discovered a new service that is being offered in the dark web, which can be used by cybercriminals to deceive victims into revealing their credit card pins. Stolen credit card and debit card numbers are often exchanged within the dark web, however for cybercriminals to draw cash with the use of credit cards, they must have the ATM pins as well. Therefore, automated phishing or social engineering by phone has been developed as a service to trick victims into confirming their pin numbers or other sensitive data. This article further discusses the origins of this service and how it operates.

Motherboard reports "This Dark Web Site Creates Robocalls to Steal People's Credit Card PINs"

Researchers at Sucuri have discovered a SQL injection vulnerability within the WordPress plugin, WordPress Statistics, whilst performing a security assessment on popular open source products. The vulnerability arises with the injection of WordPress Statistics shortcode, as WordPress enables developers to create content, which can then be added into pages via the insertion of a shortcode. This vulnerability could be exploited to steal data. This article further discusses this vulnerability, the popularity of WordPress, and other vulnerabilities discovered within WordPress.

SC UK reports "SQL injection vulnerability found in popular WordPpress plug in, again"

The European Union's General Data Protection Regulation (GDPR) will be executed on May 25, 2018, therefore any organizations or entities that handle personal data belonging to EU residents must be prepared to fully comply with the rules of this decree. The set of requirements to be implemented by the GDPR seek to protect the privacy of data, while giving EU residents a significant amount of control over their personal data, in pertinence to how that data is used and disclosed to others. This article further discusses the details of the GDPR, including a list of key things that security professionals and organizations must know about this statute.

Dark Reading reports "8 Things Every Security Pro Should Know About GDPR"

Distributed Denial-of-Service (DDoS) attacks are expected to increase in frequency and sophistication, especially with the growing use of interconnected and unsecure IoT devices. The largest DDoS attack on record, targeted security news site, KrebsOnSecurity, by posing as generic routing encapsulation (GRE) data packets. According to Brian Krebs, it was apparent that this DDoS attack was launched almost entirely by a massive botnet, consisting of compromised devices. However, blockchain technology could be utilized to resist the impacts of DDoS attacks. This article further discusses the notable DDoS attack on KrebsOnSecurity, how blockchain is able to stand against DDoS attacks, and why IoT devices will remain as the main targets of such attacks.

VentureBeat reports "How blockchain-based apps and sites resist DDoS attacks"

Security researchers at Ben-Gurion University of the Negev have introduced a new firewall, which serves to detect malicious code and deliver a level of security that has been absent from Android cellphones. Research behind the development of this innovative firewall stem from the discovery of a security flaw in the internal communications between the components of an Android cellphone and the cellphone's CPU. This firewall operates with the use of machine learning algorithms to check for anomalies within the phone's internal communications. This article further discusses the development of this firewall, how this firewall could be implemented, vulnerabilities emerged from the communication between a phone's components and CPU, in addition to where more information on this discovery will be presented.

EurekAlert! reports "Researchers demonstrate new firewall that protects cellphones from security threat"

Researchers from the College of Management Academic Studies have shared their findings of a new technique in which an attacker could perform a password man-in-the-middle attack with the exploitation of password reset procedure vulnerabilities during the account registration process. Researchers reveal that many sites are vulnerable to this attack, including Google, Facebook, Yahoo, Snapchat and many others. This attack can also defeat the implementation of two-factor authentication (2FA). This article further discusses how this attack could be performed, how this attack could overthrow the process of 2FA, and similar vulnerabilities found in messaging apps.

CSO reports "Even weak hackers can pull off a password reset MITM attack via account registration"

The global outbreak of the Petya ransomware cyberattack continues as organizations are still being hit, more so in the Ukraine than in the U.S. It has been discovered that the Petya ransomware attack was initiated by the ExternalBlue exploit within Microsoft systems. This article further discusses discoveries made by recent analyses performed on the attack, disagreements over the naming of this ransomware, and ways in which organizations can avoid the infection of this new variant of Petya ransomware.

eWeek reports "New Petya Ransomware Attack Moving Laterally to Exploit Users"

Researchers from the University of Tulsa have discovered that wind farms are susceptible to being hacked with the use of a Raspberry Pi minicomputer. With the authorization of wind energy companies, these researchers have conducted a number of penetration tests on five different wind farms throughout the U.S. in order to bring attention to vulnerabilities of this type of energy production. This article further discusses how researchers demonstrated the exploitation of such vulnerabilities, potential consequences of these exploitations, where details of these vulnerabilities will be presented, and reactions from major wind farm suppliers to this research.

Wired reports "Researchers Found They Could Hack Entire Wind Farms"

Crypto-locking ransomware is on the rise, according to a new report released by Kaspersky Lab. The number of people who have encountered ransomware from April 2016 to March 2017, grew significantly. The increase of ransomware is also indicated by the rapid outbreak of the WannaCry attack. The distribution of ransomware via the ransomware-as-a-service marketplace also continues to expand as well as the use of affiliate programs to largely distribute bulks of malware. This article further discusses other findings pertaining to ransomware distribution, processes, and targets.

Info Risk Today reports "Crypto-Locking Ransomware Attacks Spike"

According to the latest Internet Security report released by WatchGaurd Technologies, more than 36 percent of the most prevalent threats in Q1 2017 have been identified as Linux malware. This finding indicates the increase of Linux-targeting attacks as well as the need for more security implementations to safeguard Linux servers and dependent IoT devices. Other findings suggest the increased targeting of web servers. This article further discusses significant findings outlined within the report.

Help Net Security reports "Cybersecurity battleground shifting to Linux and web servers"

Millennials, born between 1980 and 2000, have surpassed Baby Boomers and are now considered the largest living generation. Though members of this demographic are expected to grow into professionals and steer all sectors much like their parents, there is still concern over the predicted shortage of information security workers by 2022. In order for the field of cybersecurity to flourish in the future, a major inflow of a millennial workers is crucial. This article further discusses the reason behind the cybersecurity skills gap, the importance of diversity in filling this gap, and ways to attract millennials to the field of cybersecurity.

We Live Security reports "Millennials: Meet the next generation of cybersecurity"

Ruben Santamarta, a principal security consultant at IOActive, has discovered major security vulnerabilities in devices that are used to monitor levels of radiation within nuclear plants, hospitals, seaports, and border controls. These vulnerabilities could allow an attacker to inject false radiation readings, which could lead to poor radiation detection and incorrect reactions by system operators. This article further discusses how Santamarta discovered these vulnerabilities, where these vulnerabilities stem from, how these flaws could be exploited, and where technical details of these findings will be presented.

Dark Reading reports "Nuclear Plants, Hospitals at Risk of Hacked Radiation Monitoring Devices"

A malvertising campaign is suspected to be the cause of the ransomware attack that targeted UK universities and was able to be launched via a click to a site with the malware. Cybersecurity researchers at Proofpoint has identified this ransomware as Mole ransomware, which first emerged in April. Mole ransomware derived from file-encrypting software and is a member of the CryptoMix ransomware family. This article further discusses the process of this ransomware attack, targets of this attack, and other findings.

ZDNet reports "This malvertising campaign infected PCs with ransomware without users even clicking a link"

Cisco has revealed its new network, which uses machine learning for the automation and security of enterprise networks. As claimed by Cisco, this network marks a significant development for enterprise networks as machine learning has been implemented to adjust accordingly to business needs and identify threats within encrypted traffic, while still maintaining privacy. This network also considers the increasing complexity of managing a network as the use of mobile, cloud, and IoT technology rises. This article further discusses Cisco's announcement of this new network and its distinguishing features.

Silicon UK reports "'Breakthrough' Cisco New Network Uses Machine Learning To Detect Malware In Encrypted Data"

MC2 facilitates a wide variety of educational opportunities on the UMD campus. MC2 also sponsors a number of educational/outreach events for lower-school, middle-school, and high-school students, especially targeting women and under-represented minorities. MC2 will host two camps in Summer 2017 focusing on STEM and cybersecurity topics.

CyberSTEM Camp for Girls entering 7th and 8th Grade
Dates: Monday, July 17 - Friday, July 21, 2017

Founder of Red Balloon Security, Ang Cui, and research scientist, Rick Housley, have discovered a new way in which a processor could be hacked, with the use of self-built electromagnetic pulsing equipment to raise faults within targeted hardware. This attack could be performed with a simple wave of a hand over the targeted device, while holding an electronic pulse generating device at an appropriate proximity. This article further discusses the development of this type of attack, researchers' previous experiments with fault injection attacks, and how electromagnetic fault injection hacking will call for more security implementations.

Wired reports "A Diabolical Way of Hacking a Chip With a Wave of Your Hand"

According to survey results published by Harvey Nash/KPMG and observations made by cybersecurity experts at Spohn Security Solutions, a large portion of threats to cybersecurity originate from within an organization and this type of security risk is the fastest-growing. As entities within an organization such as employees or contractors gain access to a company's network infrastructure, security risk increases due to the potential for accidental human error. This article further discusses the findings of this survey and ways in which businesses could protect themselves from such security risks.

GSN reports "Insider threats fastest growing cybersecurity concern"

There are concerns pertaining to what will be done about current public-key encryption when commercially viable quantum computers are fully available. Concerns arise from future quantum computing being able to break the current most popular public-key cryptosystem, which uses the RSA algorithm. This article discusses the announcement of a competition by NIST to encourage the development of quantum-resistant public-key cryptography and a proposed new cryptosystem that uses Mersenne numbers.

SecurityWeek reports "Quantum Computing's Threat to Public-key Cryptosystems"

A new vulnerability discovered by researchers from Pen Test enables infections from the Mirai IoT worm and other IoT malware to remain on devices, despite their reboots. Consequently, this vulnerability could lead to the development of permanent IoT botnets. This article further discusses how researchers discovered this vulnerability, other vulnerabilities discovered that could reignite and expand the Mirai IoT worm, as well as what vendors are doing to protect devices from future attacks of IoT malware.

Bleeping Computer reports "New Vulnerability Could Give Mirai the Ability to Survive Device Reboots"

Emre Koksal's electrical and computer engineering research at Ohio State University have introduced an approach to further securing wireless systems used by vehicles in order to combat security threats such as fraudulent signals or messages. This approach improves upon authentication with the implementation of multiple input, multiple output antenna technology (MIMO). This article further discusses the details of this approach and how it is expected to advance authentication of vehicle systems, how current approaches to improving the cybersecurity of vehicular communication fall short, impacts of such cyberattacks, and the research behind this development.

Homeland Security News Wire reports "Protecting auto computer systems from hacks"

Hackers can now use electronic cigarettes to hack into computers as demonstrated by security researchers and experts. At BSides London, Ross Bevington gave a presentation in which he reveals how a computer could be hacked by using an e-cigarette to intrude into its network traffic or trick it into recognizing the device as a keyboard. A security expert by the name of FourOctets also performed a demonstration with the addition of a hardware chip to the e-cigarette and pre-written script to distribute commands, which were then executed by the computer. This article further discusses these demonstrations and how to prevent such attacks.

TechWorm reports "E-cigarettes can be used to hack computers"

Analyses shared by researchers at ESET and Dragos Inc. suggest that the December 2016 power outage that occurred in the city of Kiev was a testing of an even bigger critical infrastructure-targeting malware. This malware, which has been dubbed the "Industroyer" or "Crash Override", poses a significant threat to critical infrastructure as it can automate mass power outages, possibly stronger and far-reaching than the blackout in Kiev. This article further discusses the details of this malware, how this malware could potentially inflict physical damage to power components, and possible links to the creation of this malware.

Wired reports "'Crash Override': The Malware That Took Down a Power Grid"

Dvmap is an unusual rooting malware distributed through the Google Play Store that injects malicious code into system runtime libraries, in addition to installing malicious modules into the system. This Trojan utilizes a variety of dangerous methods according to an investigation conducted by Kaspersky Lab. This article further discusses the phases of this Trojan and its malicious modules.

Securelist reports "Dvmap: the first Android malware with code injection"

Over the past few years, great advancements have been made to the encryption and the protection of data, however the potential for cyberattacks and theft are still of great concern as the data must be decrypted to be manipulated. Therefore, there is much research pertaining to the manipulation of data in its encrypted state. The Rapid Machine-learning Processing Applications and Reconfigurable Targeting of Security (RAMPARTS) is an initiative to further enhance the promising solution of fully homomorphic encryption (FHE), which is expected to advance encrypted computing. This article further discusses past research that has been conducted on encrypted data, the goal of RAMPARTS, and areas in which encrypted data would be valuable.

GCN reports "Computing with encrypted data"