News Items

Professor Angela Sasse, who is well familiar to the Science of Security community was recently a keynote speaker at InfoSecurity Europe 2017.

During her talk she honed into the idea of the importance of usable security. "If security doesn't work for people, it doesn't work."

Article: https://www.scmagazineuk.com/infosec-2017-if-security-doesnt-work-for-people-it-doesnt-work/article/666566/

Article 2: https://www.infosecurity-magazine.com/news/infosec17-security-doesnt-work-for/

Researchers at Ben-Gurion University of the Negev (BGU) have discovered the possibility that any common network router could covertly leak sensitive information, including passwords and company data. They have demonstrated this possibility through the use of the LED light on a network router and their own form of malware to secretly forward data, overrule the router, and control the LED. This article further discusses the demonstration performed by researchers.

TechRepublic reports "Cybersecurity researchers claim every network router at risk of secretly leaking data"

Malware by the name of "Fireball" has recently been discovered by Check Point Threat Intelligence and research teams, which has infected over 250 million computers globally. The malware infiltrates and manipulates users' browsers and web-traffic to download additional malware and generate ad-revenue. Fireball is an operation run by Rafotech, a digital marketing agency located in Beijing for the purpose of collecting private information of users via fake search engines generated by the manipulation of users' browsers. This article further discusses key findings and details pertaining to this highly infectious threat operation along with how to remove the malware.

Check Point reports "Fireball - The Chinese Malware of 250 Million Computers Infected"

A survey conducted by Crowd Research Partners with the help of ERPScan, reveals the lack of awareness and implementation of security measures within enterprises, though most cybersecurity professionals surveyed agree that the number of cyberattacks against ERP systems will continue to increase. More than 1900 cybersecurity experts participated in the survey, revealing the heightened concern over ERP Security. This article further discusses the findings of this survey as well as other topics covered within the ERP Cybersecurity 2017 Survey Report.

GSN reports "Cybersecurity Experts Anticipate Growing Number of Attacks Against ERP Systems"

Voice-based smartphone apps can pose serious security threats to users via voice hacking. Attackers could use audio samples of users' voices for impersonation to deceive people and digital security systems in order to retrieve sensitive information. Therefore, a team of engineers are developing an app to end voice hacking with the help of tools already established on smartphones such as the compass. This article further discusses forms of voice recognition attacks and the details of this development.

UB News Center reports "App uses smartphone compass to prevent voice hacking"

A recent study conducted by researchers at Trend Micro reveals that cybercriminals within the Dark Web are not only attacking those outside of it, but also those who participate in it. This discovery was made when the security vendor constructed four honeypots to resemble a cybercrime operation on the Tor network. The purpose of this study was to discover whether cybercriminals within the Dark Web also attack other cybercriminals operating malicious services on the Tor network. This article further discusses how this study was conducted, activities performed within the Dark Web, how cybercriminals are attacking within this platform, as well as the discoveries made about Tor during the conduction of this study.

Dark Reading reports "Cybercriminals Regularly Battle it Out on the Dark Web"

According to privacy researchers at the University of Toronto's Citizen Lab, a cyber espionage campaign allegedly connected to Russia, has launched phishing attacks by distributing false emails that appear to be from Google. This attack has targeted more than 200 people within 39 countries, including those who are members of governments, heads of energy companies, journalists, and more. Malicious acts of theft and dumping of victims' documents stored in Google Drive accounts are performed when the attack is successful. This article further discusses the details of this attack as well as the research conducted behind it.

GovInfoSecurity reports "Tainted Leaks: Researchers Unravel Cyber-Espionage Attacks"

The task of protecting large bytes of sensitive digital data that is created, stored, transferred, and exchanged, is quite massive for computer technicians and researchers. The possibility of breaching security is immense as well as the exploitation of weak links in the chain of data transport. Therefore, research groups at A*STAR are applying their technical expertise to improve the monitoring and identification of vulnerabilities within the management of data as well as the development of software and hardware to secure data. This article further discusses the researchers' discovery of weaknesses within the Global System for Mobile Communications (GSM) and cloud storage, along with the value of data and complications of quantum computing.

Phys.org reports "Ensuring the security of digital information"

The planned establishment of UK's surveillance laws are igniting concerns among computer scientists and security researchers within the UK as it has been brought to attention, the potential enforced compliance to disclose any discoveries of vulnerabilities made to the UK government. An interpretation of the Bulk Equipment Interference Warrants section of the Investigatory Powers Act 2016 (section 190) has sparked these concerns. This article further discusses the potential implications of the UK's surveillance law along with the thoughts, reactions, and interpretations of security researchers and computer scientists in regards to this legislation.

The Register reports "UK surveillance law raises concerns security researchers could be 'deputised' by the state"

In a budget blueprint for the fiscal year of 2018, the Donald Trump administration outlines spending proposals expected to bolster the security of information systems. The budget proposes to allocate increased spending of $1.5 towards the improvement of cybersecurity at the DHS, as this provision of funds is expected to advance protection for federal networks and critical infrastructure sectors against attacks. This article further discusses the proposed budgeting for network protection, breakdown of DHS spending, goal of the technology modernization fund, FBI budgeting for cybersecurity, and spending cuts.

InfoRiskToday reports "How the Trump Budget Would Fund Cybersecurity"

Cyber Scene #10

Cyber Insecurity: the Optic of Informed Outreach Pragmatists

Following the devastating terror attack in Manchester that took the lives of 22 people during a concert, British politicians are allegedly pursuing to enact anti-encryption orders upon technology firms within the UK. As technology firms currently apply strong encryption technology within various communication applications such as WhatsApp and Skype, the government assert that these protections grant secrecy of communication among terror groups. This article further discusses pursuit of these encryption breakdowns and the impacts it could have on overall security.

IBT UK reports "UK reportedly set to enforce anti-encryption proposals in wake of Manchester attack"

The reuse of passwords by employees pose a bigger security threat than expected as hackers are increasingly performing acts of credential-stuffing. The act of credential-stuffing includes the use of automated systems to perform brute-force logins into a website using stolen credentials from another site. This article further discusses the dangerous impacts the reuse of passwords could pose on businesses, other ways in which hackers are using stolen information, tools used by hackers to perform credential-stuffing attacks, and suggested strategies for protecting against such attacks.

Dark Reading reports "Credential-Stuffing Threat Intensifies Amid Password Reuse"

According to Check Point security researchers, attackers can exploit vulnerabilities within media player subtitles to perform malicious activity, which could pose serious threats to the security of millions of users. Media players that have been found to be impacted by this vulnerability include VLC, Kodi (XBMC), Popcorn Time, and Stremio. This article discusses the details of the vulnerability and the process by which researchers discovered this vulnerability.

eWeek reports "Check Point Discovers Media Subtitle Vulnerability Impacting Millions"

The General Data Protection Regulation (GDPR) will go into effect on May 25, 2018. The GDPR consists of rules enforced by the European Commission to govern the privacy and security of personal data. Though this regulation is being put forward by the European Commission, some organizations positioned outside of the European Union will still be affected. The GDPR is expected to pose serious impacts and implications for certain organizations. This article further discusses the details of the GDPR, which organizations will most likely have to comply with this regulation, as well as how the GDPR will impact costs, timing, security, and data breach notification processes within companies.

WeLiveSecurity reports "Is the world ready for GDPR? Privacy and cybersecurity impacts are far-reaching"

Researchers reveal the capability of detecting malware infection far in advance with the examination of malware-related network traffic carried by an ISP preceding the actual detection of malware. In the study of this new malware-independent detection strategy, researchers conducted an analysis of network events provided by years of network traffic handled by an ISP. DNS requests made by malware samples and the re-registration timing of expired domains were also focuses of this study. This article further discusses the details of this study, the collaboration and support behind this research, other findings made, as well as how this discovery is expected to significantly improve response times and reduce impacts of attacks.

Phys.org reports "Network traffic provides early indication of malware infection"

Fujitsu has announced a high-speed forensic technology that they have developed to identify the degree to which an organization's intranet has been damaged after a targeted cyberattack. Fujitsu's new technology shortens the average time required to identify damages inflicted by cyberattacks, from weeks to minutes. This new technology will be added to Fujitsu's Security Solution Global Managed Security Service, which also provides enhanced support for security resilience, mitigation of risks, and minimization of damage from cyberattacks. This article provides further details behind this new technology and Fujitsu's collaboration with US-based Dtex Systems to improve upon human behavior through machine learning.

GSN reports "Fujitsu high-speed technology identifies within minutes damage from cyberattacks"

Check Point researchers have conducted an investigation to decipher the operation behind banking malware. It has been discovered that the development and operation of banking malware requires little skill with the availability of simplified tools and open source code. Studies also show that the spread of banking malware has increased through Google Play and obfuscation techniques. This article further discusses how attackers are gaining access to such tools and open source code to create banking malware, how distribution of this malware has increased, and other findings of this study.

SC Media reports "Unraveling mobile banking malware, Check Point"

The massive spread of the WannaCry ransomware to more than 100 countries within a few hours have left cybersecurity researchers baffled as to how this attack was initiated, the rapid speed of which it spread as well as how the hackers behind this attack aren't making an abundance of money from it. This article further discusses the details of WannaCry, the difficulties of investigating the initial starting points of this attack, how this malware differs from other ransomware, and possible links to this attack.

Reuters reports "Oddities in WannaCry ransomware puzzle cybersecurity researchers"

Researchers at federally funded laboratories and academic research centers are prepared to introduce new cybersecurity technologies that they have developed to the commercial market. The eight new technologies will be showcased by DHS Science and Technology Directorate's Transition to Practice program on the 16th of May in Washington D.C. Each fiscal year, the TTP program showcases a selected set of promising federally funded cybersecurity technologies to merge into its well-established transition-to-market program. This article further discusses the details of this program and outlines the eight new TTP technologies that will be introduced this year.

Homeland Security News Wire reports "DHS S&T's Transition to Practice program unveils 2017 cohort"

A study conducted by Bronium, a cybersecurity company, at RSAC 2017 reveal the average percentages of security professionals that have admittedly given into ransomware demands as well as evaded or disabled security protocols put in place by their organization. Possible reasons for this increase in security workarounds include security fatigue and overconfidence in current security implementations. This article further discusses the results of this study, possible reasons for this increase in security sidestepping, and strategies for minimizing the acts of circumventing security standards and practices within an organization.

TechRepublic reports "Study finds cybersecurity pros are hiding breaches, bypassing protocols, and paying ransoms"

Researchers from Carnegie Mellon University and the University of Chicago have introduced a new advanced password meter to assist people in creating stronger passwords. Traditional password meters will simply indicate whether a password is weak or strong, but not how to improve upon it. The newly developed password meter provides real-time feedback and suggestions to a user as they are typing their password. The meter functions through the operation of an artificial neural network. This article discusses how researchers conducted their study of password creation, findings of this study, and where their study will be presented.

Phys.org reports "Researchers unveil new password meter that will change how users make passwords"

A new IoT Botnet, Persirai, has been discovered by researchers at Trend Micro. Persirai has targeted 1,000 different models of IP cameras, leaving 120,000 cameras vulnerable to attacks. This article further discusses the details of Persirai, how researchers uncovered this new IoT botnet, notable differences from the notorious Mirai botnet, and suggestions for improving the implementation of security for IP cameras in order to prevent the infiltration of such attacks.

Dark Reading reports "New IoT Botnet Discovered, 120K IP Cameras At Risk of Attack"