Russian Hackers Launch Major Cyberattack Through U.S. Aid Agency's Email System, Microsoft Says
CNBC
Sam Shead
May 28, 2021
Microsoft reported that Nobelium, the Russian hacking group believed to be responsible for last year's SolarWinds attack, has targeted more than 150 organizations in at least 24 countries in the last week in another major cyberattack. More than 3,000 email accounts received phishing emails as part of the latest attack. Microsoft's Tom Burt said at least 25% of the affected organizations are involved in international development and humanitarian and human rights work. The hackers gained access to the U.S. Agency for International Development's email marketing account to distribute the phishing emails. The malicious file distributed as part of the attack contains the NativeZone backdoor, which Burt said can "enable a wide range of activities from stealing data to infecting other computers on a network."
Pipelines Now Must Report Cybersecurity Breaches
NPR
Brian Naylor
May 27, 2021
The U.S. Department of Homeland Security (DHS)' Transportation Security Administration (TSA) has announced new reporting mandates for pipeline operators following the ransomware attack on the Colonial Pipeline. Operators are required to report any cyberattacks on their systems to the federal government within 12 hours; they also must appoint a round-the-clock, on-call cybersecurity coordinator to work with the government in the event of an attack, and then have 30 days to evaluate their cyber practices. Pipeline operators must report cyberattacks to the Cybersecurity and Infrastructure Security Agency, or face fines starting at $7,000 a day. DHS says roughly 100 pipelines have been deemed critical and subject to the new directive; a DHS official said additional actions will be taken "in the not-too-distant future."
New Attacks Break PDF Certification
Ruhr-Universität Bochum (Germany)
Julia Weiler
May 25, 2021
Researchers at Germany's Ruhr-Universität Bochum (RUB) discovered a bug in PDF document certification signatures that can be exploited to bypass document integrity. The certification signature allows certain revisions to the document after signing; the second contractual party also can amend the contract text unnoticed when adding their digital signature, without invalidating the certification. The RUB researchers used two attacks to display fake content in the document, without invalidating its certification or triggering an alert from the PDF applications. The team was able to break certification with at least one of these attacks in 24 of 26 PDF apps, and incorrectly implemented specifications for certifications in 11 apps. The researchers also exposed a vulnerability specific to Adobe products, exploiting certain Adobe documents' ability to execute JavaScript code to plant malware into the documents.
Massive Phishing Campaign Delivers Password-Stealing Malware Disguised as Ransomware |
CyLab's IoT Security, Privacy Label Effectively Conveys Risk
Carnegie Mellon University CyLab Security and Privacy Institute
Daniel Tkacik
May 26, 2021
Researchers found that Carnegie Mellon University CyLab's prototype security and privacy label adequately conveys the risks associated with the use of Internet-connected devices. Their study involved 1,371 participants who were given a randomly assigned scenario about buying a smart device, and asked whether information on the label would change their risk perception and their willingness to purchase. The label detailed a device's privacy and security practices, like the purpose of data collection and with whom data is shared. Most of the attributes on the label resulted in accurate risk perceptions, although the study found some misconceptions. Researcher Pardis Emami-Naeini said, "Our findings suggest that manufacturers need to provide consumers with justifications as to why patching may be necessary, why it takes them a specific amount of time to patch a vulnerability, and why it might not be practical to patch vulnerabilities faster."
AI Technology Protects Privacy
Technical University of Munich (Germany)
May 24, 2021
Technology developed by researchers at Germany's Technical University of Munich (TUM) ensures that the training of artificial intelligence (AI) algorithms does not infringe on patients' personal data. The team, collaborating with researchers at the U.K.'s Imperial College London and the OpenMined private AI technology nonprofit, integrated AI-based diagnostic processes for radiological image data that preserve privacy. TUM's Alexander Ziller said the models were trained in various hospitals on local data, so "data owners did not have to share their data and retained complete control." The researchers also used data aggregation to block the identification of institutions where the algorithm was trained, while a third technique was utilized to guarantee differential privacy. TUM's Rickmer Braren said, "It is often claimed that data protection and the utilization of data must always be in conflict. But we are now proving that this does not have to be true."
Dutch Researchers Build Security Software to Mimic Human Immune System
Computer Weekly (U.K.)
Kim Loohuis
May 24, 2021
Researchers at Dutch research institute TNO, working with Dutch banks and insurers, have developed self-healing security software modeled after the human immune system. TNO's Bart Gijsen said the work yielded decentralized disposability for information technology; “TNO did this by building a system that is decentralized, repairs itself, and also recognizes the moment to do so.” At the core of this regenerative technique is existing container software, which Gijsen said “already contains the option of restarting and renewing, but we have added functionality to our software that allows containers to renew themselves at pre-set intervals.” That, said Gijsen, "ensures that a faster response is possible in the event of an attack. Moreover, it offers cybersecurity specialists the opportunity to focus on the cause instead of constantly putting out fires."
U.S. Has Almost 500,000 Job Openings in Cybersecurity
CBS News
Khristopher J. Brooks
May 19, 2021
The U.S. Commerce Department's Cyber Seek technology job-tracking database and the trade group CompTIA count about 465,000 current U.S. cybersecurity jobs openings. Experts said private businesses and government agencies' need for more cybersecurity staff has unlocked a prime opportunity for anyone considering a job in that field. The University of San Diego's Michelle Moore suggested switching to a cybersecurity career could be as simple as obtaining a Network+ or Security+ certification, while an eight-week online course could help someone gain an entry-level job earning $60,000 to $90,000 a year as a penetration tester, network security engineer, or incident response analyst. Moore cited a lack of skilled cybersecurity personnel as a problem, while CompTIA's Tim Herbert said only a small percentage of computer science graduates pursue cybersecurity careers.
Inside Higher Ed (4/16, McKenzie) reported that the University of Colorado has “declined to pay cybercriminals a $17 million ransom in order for the criminals not to publish stolen information on the dark web.” Several universities “recently confirmed that sensitive data had been accessed and shared on the dark web in connection to a cyberattack on IT company Accellion.” At the University of Colorado, “more than 300,000 university records, including personal information such as student transcripts and medical records, were compromised.” The University of Colorado at Boulder “was most heavily affected, although files from some other campuses were accessed.”
Hackers Breach Electronic Arts, Stealing Game Source Code and Tools
CNN
Brian Fung
June 10, 2021
A spokesperson for video game publisher Electronic Arts (EA) verified that hackers have compromised the company's systems and stolen game source code and other assets. The hackers claimed in online forum posts that they had acquired 780 gigabytes of data, including the Frostbite source code undergirding a series of video games, and were offering "full capability of exploiting on all EA services." The hackers also said they had stolen software development tools and server code for player matchmaking in several other games. The EA spokesperson said, "No player data was accessed, and we have no reason to believe there is any risk to player privacy," adding that the company is "actively working with law enforcement officials and other experts as part of this ongoing criminal investigation."
TLS Attack Lets Attackers Launch Cross-Protocol Attacks Against Secure Sites
The Hacker News
Ravie Lakshmanan
June 9, 2021
A new transport layer security (TLS) attack allows hackers to reroute HTTPS traffic from a target's Web browser to a different TLS service endpoint on another Internet Protocol (IP) address, according to researchers at Germany's Ruhr University Bochum, Munster University of Applied Sciences, and Paderborn University. The researchers said the ALPACA (Application Layer Protocol Confusion—Analyzing and mitigating Cracks in TLS Authentication) exploit is basically a man-in-the-middle scheme in which the malefactor tricks a victim into accessing a malicious Website to invoke a cross-origin HTTPS request with a specially engineered file transfer protocol payload. The team proposed using Application Layer Protocol Negotiation and Server Name Indication extensions to TLS so servers are aware of the intended protocol to be employed over a secure connection and the hostname to which it tries to connect at the beginning of the handshake process.
Researchers Create 'Un-Hackable' Quantum Network Over Hundreds of Kilometers Using Optical Fiber
ZDNet
Daphne Leprince-Ringuet
June 10, 2021
Toshiba researchers in the U.K. transmitted quantum information over 600-kilometer (372-mile)-long optical fibers without disruption, demonstrating technology that stabilizes environmental fluctuations within the fibers. The researchers utilized dual-band stabilization to send two signals down the fiber at differing wavelengths, with one signal canceling out rapidly varying fluctuations, while the other made finer quantum-phase adjustments. The Toshiba team said this enabled the safe routing of quantum bits over the optical fiber, which it used to employ quantum-based encryption in the form of the Quantum Key Distribution protocol. Said Toshiba Europe’s Mirko Pittaluga, "Further extensions of the communication distance for QKD are still possible ,and our solutions can also be applied to other quantum communications protocols and applications."
FBI Secretly Ran Anom Messaging Platform, Yielding Hundreds of Arrests in Global Sting
The Wall Street Journal
Byron Tau; James Marson
June 8, 2021
Global authorities have arrested hundreds of suspected members of international criminal networks by tricking them into using Anom, an encrypted communications platform run by the U.S. Federal Bureau of Investigation (FBI). A bureau-led international law enforcement coalition monitored Anom, which makes and distributes mobile phones equipped with a covert communications application service. The FBI's San Diego field office co-opted Anom in 2018; with the cooperation of a confidential source, the FBI and its law-enforcement partners secretly embedded the ability to covertly intercept and decrypt messages. FBI special agent Suzanne Turner said, “The immense and unprecedented success of Operation Trojan Shield should be a warning to international criminal organizations—your criminal communications may not be secure; and you can count on law enforcement world-wide working together to combat dangerous crime that crosses international borders.”
*May Require Paid Registration
Feds Recover More Than $2 Million in Ransomware Payments from Colonial Pipeline Hackers
The Washington Post
Ellen Nakashima
June 7, 2021
U.S. officials say more than $2 million in cryptocurrency payments to the hackers who held Colonial Pipeline hostage in May has been recovered, marking the first recovery by the U.S. Department of Justice's new ransomware task force. Federal Bureau of Investigation deputy director Paul Abbate said the bureau seized proceeds paid to the Russian DarkSide hacker ring from a digital "wallet" containing the ransom, after securing a warrant from a federal judge. An affidavit said the bureau acquired the wallet's "private key," while officials have not disclosed how it was obtained. In announcing the seizure, Deputy Attorney General Lisa Monaco said, "The sophisticated use of technology to hold businesses and even whole cities hostage for profit is decidedly a 21st century challenge. But the adage, ‘follow the money’, still applies."
SeKVM Makes Cloud Computing Provably Secure
IEEE Spectrum
Charles Q. Choi
June 7, 2021
Columbia University researchers say they have designed the first hypervisor that can ensure secure cloud computing. SeKVM is a secure version of the popular KVM open source hypervisor that cuts the verification workload through what the researchers call microverification. Microverification reduces a hypervisor to a small core and an array of untrusted services, then demonstrates security by verifying the core exclusively; the core lacks exploitable vulnerabilities, and mediates the hypervisor's interactions with virtual machines (VMs) so one compromised VM cannot impact others. The researchers developed microverification-based MicroV software to authenticate large commercial-grade multi-processor hypervisors. Columbia's Ronghui Gu said, "SeKVM will lay a foundation for future innovations in systems verification and lead to a new generation of cyber-resilient systems software."
CyLab Researchers Discover Novel Class of Vehicle Cyberattacks
Carnegie Mellon University
Daniel Tkacik
June 7, 2021
Carnegie Mellon University (CMU) researchers led a team that identified a new class of cybersecurity vulnerabilities in vehicles that could allow hackers to remotely bypass a vehicle's intrusion detection system and shut down the engine and other components. While the researchers found that hackers cannot launch these kinds of attacks without first breaching the vehicle's network, Bosch Research's Shalabh Jain said, "This class of vulnerabilities can provide new directions for lateral movement in a larger attack chain." The attack strategy discovered by the team was able to turn off the electrical control units that control most modern car functions. CMU's Sekar Kulandaivel said that "to really defend yourself against this type of attack, you have to update the hardware."
Less Nosy Smart Speakers
The Michigan Engineer News Center
Gabe Cherry
June 8, 2021
University of Michigan (U-M) researchers have designed a device called PrivacyMic to reduce eavesdropping by smart speakers by notifying household devices of important data without recording speech. PrivacyMic pieces together ambient ultrasonic information that indicate when its services are required. The system compresses these ultrasonic signatures into smaller files that feature key bits of information, while removing noise within the range of human hearing. The researchers showed that PrivacyMic was more than 95% accurate in identifying household and office activities. U-M’s Alanson Sample said, “What we’ve found is that you can have a system that understands what’s going on, and a hard guarantee that it will never record any audible information.”
Google Boosts Android Privacy Protections in Attempt to Rival Apple
Financial Times
Patrick McGee
June 3, 2021
Google will unveil additional safeguards for users of the Android mobile operating system so advertisers cannot track them when they switch between applications. Google said the extra protections will ensure any marketer trying to access Android users who have opted out of sharing their Advertising ID "will receive a string of zeros instead of the identifier." Although users can already restrict ad tracking or reset their Advertising IDs, developers can bypass those settings via alternative device identifiers. The Android OS revamp will let billions of users opt out of interest-based advertising, and sever marketers from the wealth of data they use to personalize messaging.
*May Require Paid Registration
TikTok Gave Itself Permission to Collect Biometric Information on U.S. Users
TechCrunch
Sarah Perez
June 3, 2021
Chinese video-sharing social networking service TikTok has revised its U.S. privacy policy to say it is permitted it to "collect biometric identifiers and biometric information" from users' content, including "faceprints and voiceprints." A newly-added Image and Audio Information section on TikTok about information it collects automatically says the app may collect data about images and audio in users' content "such as identifying the objects and scenery that appear, the existence and location within an image of face and body features and attributes, the nature of the audio, and the text of the words spoken in your User Content." The disclosure of the service’s biometric data collection followed the $92-million settlement of a class action lawsuit against TikTok over its violation of Illinois’ Biometric Information Privacy Act.
Amazon's Ring Will Ask Police to Publicly Request User Videos
Bloomberg
Matt Day
June 3, 2021
Amazon subsidiary and Internet-connected doorbell maker Ring said police departments that require help in investigations must publicly request home security video from doorbells and cameras. Law enforcement agencies now must post such Requests for Assistance on Neighbors, Ring's video-sharing and safety-related community discussion portal; nearby users with potentially helpful videos can click a link within the post and select which videos they wish to submit. Ring, which has been accused of having a too-cozy relationship with law enforcement, explained on its blog that it has been working with independent third-party experts to help give people greater insight into law enforcement's use of its technology.
Quantum Holds the Key to Secure Conference Calls
Heriot-Watt University (U.K.)
June 7, 2021
Scientists in the Quantum Communications Hub at the U.K.'s Heriot-Watt University, working with German colleagues, facilitated a quantum-secure four-way conversation, the result of deploying Quantum Key Distribution (QKD) in a network scenario for the first time. The team applied a process called Quantum Conference Key Agreement to surmount the constraints of traditional QKD systems to share keys between only two users. This enabled the first quantum conference call to share an image of a Cheshire cat between four parties, separated by up to 50 kilometers (31 miles) of optical fiber. Said Heriot-Watt’s Alessandro Fedrizzi, “Our work is the first example where this was achieved via 'spooky action' between multiple users at the same time, something that a future quantum Internet will be able to exploit.”
PNNL's Shadow Figment Technology Foils Cyberattacks
Pacific Northwest National Laboratory
Tom Rickey
June 2, 2021
Shadow Figment technology is designed to contain cyberattacks by luring hackers into artificial environments and feeding them false indicators of success. Scientists at the U.S. Department of Energy's Pacific Northwest National Laboratory (PNNL) developed Shadow Figment to extend beyond typical honeypot technology, employing artificial intelligence to keep attackers decoyed in an imaginary world that mimics the real world. Shadow Figment adds credibility to its false-success signals through an algorithm that learns from observing the real-world system where it is deployed, and responds to attacks in a seemingly plausible manner by using an interactive clone of the system. NNL's Thomas Edgar said, "Our intention is to make interactions seem realistic, so that if someone is interacting with our decoy, we keep them involved, giving our defenders extra time to respond."
Mass-scale Manipulation of Twitter Trends Discovered
EPFL News (Switzerland)
June 2, 2021
The Twitter Trends platform's algorithm for identifying and alerting Twitter users to popular hashtag-fueled topics is vulnerable to mass-scale manipulation, according to researchers at the Swiss Federal Institute of Technology, Lausanne (EPFL). They found that in failing to account for deletions, the Twitter Trending Topics-deciding algorithm can be influenced by hackers to elevate specific topics to the top of Twitter Trends, despite deleting their tweets containing the candidate trend soon after. EPFL's Tugrulcan Elmas said attackers are using both fake accounts and accounts compromised either by malware or stolen credentials, with the result that "47% of local trends in Turkey and 20% of global trends are fake, created from scratch by bots." Despite alerting Twitter of the exploit, Elmas said the bug has not been corrected.
White House Sends Memo to Private Sector on Cyberattack Protections
The Hill
Tal Axelrod
June 3, 2021
A memo issued by the White House offers recommendations for private sector organizations to guard against cyberattacks, following recent high-profile incidents including those affecting Colonial Pipeline and SolarWinds. Deputy National Security Advisor for Cyber and Emerging Technology Anne Neuberger stressed that "all organizations must recognize that no company is safe from being targeted by ransomware, regardless of size or location." The memo calls on business executives to "convene their leadership teams to discuss the ransomware threat and review corporate security posture and business continuity plans to ensure you have the ability to continue or quickly restore operations." Companies are urged to, among other things, deploy multifactor authentication, test backups and update patches on a regular basis, test incident response plans, and restrict Internet access to operational networks.
Quantum Memory Crystals Are a Step Towards Futuristic Internet
New Scientist
Matthew Sparkes
June 2, 2021
Hugues de Riedmatten and colleagues at Spain's Institute of Photonic Sciences have taken a step toward a secure quantum Internet by using crystals to execute quantum teleportation of information. The researchers were able to store a pair of entangled photons in yttrium orthosilicate crystals for 25 microseconds in two separate quantum memories. The experiment was conducted between two laboratories connected by 50 meters (164 feet) of fiber-optic cable; theoretically, 25 microseconds would allow communication between devices that are up to five kilometers (3.1 miles) apart. The researchers stored and retrieved photons in the order of transmission, and sent them using frequencies and cables already used in data networks.
U.S. Supreme Court Narrows Scope of Sweeping Cybercrime Law
Politico
Eric Geller; Josh Gerstein
June 3, 2021
The U.S. Supreme Court has ruled that the 1986 Computer Fraud and Abuse Act (CFAA) cannot be invoked to prosecute people who misuse databases they are otherwise entitled to access. The 6-3 ruling follows concerns raised by justices that the federal government's interpretation of the statute could penalize people for commonplace activities, such as checking social media on their work computers. Dissenting Justice Clarence Thomas called the majority's view contrived and unfounded, contending there are many areas of law where consent to do something for one purpose does not imply permission for an unconnected purpose.
EU Plans Digital ID Wallet for Post-Pandemic Life
Associated Press
Kelvin Chan
June 3, 2021
The European Union (EU) on Thursday announced plans for a post-pandemic smartphone application to enable EU residents to access services across the bloc. Europeans would be able to store digital credentials such as driver's licenses, prescriptions, and school diplomas through the European Digital Identity Wallet, and access online and offline public/private services while keeping personal data secure. The European Commission (EC) said the e-wallet would be available to all EU residents, although its use is not mandatory. Dominant online platforms, however, would have to accept the wallet, in line with the EC's agenda to regulate big technology companies and their control over personal information.
The Detroit News (4/19) reported that a professor and a group of University of Michigan graduate students “spent six years building Morpheus, a computer chip that sought to defeat the sort of cyberattacks that threaten Americans every day, from banking and financial systems to computer security and medical data.” The UM chip was entered into a competition from June through August “called FETT (finding exploits to thwart tampering) from the U.S. Department of Defense.” More than 500 hackers were offered a $50,000 bounty by cracking Morpheus in a mock medical database, but “none succeeded.” Todd Austin, the professor who led the project, “said the idea came from the human immune system.” Austin believes Morpheus “has the potential to help industries protect information on databases such as emails and logins to medical and financial information.”
Data Breaches: Most Victims Unaware When Shown Evidence of Multiple Compromised Accounts
University of Michigan News
June 21, 2021
Most data breach victims do not realize their personal data has been exposed in five breaches on average, according to a study by an international team of researchers. Investigators at the University of Michigan, George Washington University (GW), and Germany's Karlsruhe Institute of Technology showed 413 participants facts from up to three breaches involving their personal information, and 74% said they were unaware of the breaches. Most victims blamed their personal habits for the problem—like using the same password for multiple accounts—while just 14% blamed it on external factors. GW's Adam Aviv said, "The fault for breaches almost always lies with insufficient security practices by the affected company, not by the victims of the breach."
Security Flaw Found in 2G Mobile Data Encryption Standard
Associated Press
June 16, 2021
Cybersecurity researchers from Germany, France, and Norway have identified a flaw in the GEA-1 encryption algorithm that affects the GPRS or 2G mobile data standard. The vulnerability may have enabled attackers to eavesdrop on some data traffic for decades. The researchers said it likely was created intentionally as a "backdoor" for law enforcement agencies. Germany-based Ruhr University Bochum's Christof Beierle said, "According to our experimental analysis, having six correct numbers in the German lottery twice in a row is about as likely as having these properties of the key occur by chance." The GEA-1 algorithm was found in current Android and iOS smartphones, though it was supposed to have been phased out starting in 2013. Most current phones use 4G or 5G mobile data standards, but GPRS remains a fallback for data connections in some countries.
ThroughTek Flaw Opens Millions of Connected Cameras to Eavesdropping
The Hacker News
Ravie Lakshmanan
June 16, 2021
An advisory issued by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) warns of a major software supply-chain flaw in cloud security provider ThroughTek's point-to-point (P2P) software development kit (SDK), which could allow unauthorized access to the audio and video streams from millions of connected cameras. The flaw stems from insufficient protection when transferring data between the local device and ThroughTek's servers; it impacts ThroughTek P2P product versions 3.1.5 and before, and SDK versions with NoSSL tag. Security firm Nozomi Networks reported the bug in March, warning that vulnerable security cameras could place critical infrastructure operators at risk by compromising sensitive business, production, and employee data.
Quantum Data Link Established Between 2 Distant Chinese Cities
New Scientist
Matthew Sparkes
June 21, 2021
Researchers at the University of Science and Technology of China have created a secure quantum link extending 511 kilometers (almost 320 miles) between two Chinese cities. The researchers strung a fiber-optic connection between Jinan and Qingdao, with a central receiver located between the two cities in Mazhan. Lasers at both ends of the cable send photons toward each other. The relay in the middle does not read the data, checking only whether the two signals matched. The researchers found the two ends could exchange a quantum key that could be used to encrypt data sent over traditional networks. University of Sussex's Peter Kruger said, "Single photons over hundreds of kilometers is quite remarkable."
Malicious Content Exploits Pathways Between Platforms to Thrive Online, Subvert Moderation
George Washington University Today
June 16, 2021
New research indicates that malicious COVID-19 content circumvents social media platforms' moderation initiatives to prosper online. George Washington University (GW) investigators combined machine learning with network data science to detail malicious content's exploitation of pathways between platforms. The team mapped the interconnection of hate clusters to spread their narratives across Facebook, VKontakte, Instagram, Gab, Telegram, and 4Chan. They found the COVID-19 discussion solidified in the early phases of the pandemic, with hate clusters subverting moderation via adaptive methods to regroup on other platforms and/or re-infiltrate a platform. GW's Yonatan Lupu said, "Our study demonstrates a similarity between the spread of online hate and the spread of a virus. Individual social media platforms have had difficulty controlling the spread of online hate, which mirrors the difficulty individual countries around the world have had in stopping the spread of the COVID-19 virus."
McAfee Finds Security Vulnerability in Peloton Products
NBC News
Liat Weinstein; Vicky Nguyen
June 15, 2021
Researchers at software security company McAfee discovered a vulnerability in the Peloton Bike+ that could enable attackers to install malware in the system through a USB port. The flaw, which the researchers said was associated with the Android attachment accompanying the Bike+, could allow attackers to access its webcam and spy on riders and their surroundings. It also could allow them to install fake versions of popular apps like Netflix and Spotify, and capture riders' personal information. McAfee's Steve Povolny said, "The flaw was that Peloton actually failed to validate that the operating system loaded. And ultimately what that means then is they can install malicious software, they can create Trojan horses and give themselves back doors into the bike, and even access the webcam." Peloton confirmed it was working with McAfee to fix the issue, adding that it recently pushed a mandatory update to affected devices to address the vulnerability.
MSU, Facebook Develop Research Model to Fight Deepfakes
Michigan State University
June 16, 2021
A new reverse-engineering approach developed by artificial intelligence experts at Michigan State University (MSU) and Facebook aims to identify and attribute "deepfakes." Facebook's Tal Hassner said, "With model parsing, we can estimate properties of the generative models used to create each deepfake, and even associate multiple deepfakes to the model that possibly produced them. This provides information about each deepfake, even ones where no prior information existed." The researchers tested their approach using a dataset of 100,000 synthetic images produced by 100 publicly available generative models, and found that it outperformed the random baselines of previous detection models. MSU's Xiaoming Liu said, "Our framework can not only perform model parsing, but also extend to deepfake detection and image attribution."
A Big Step Towards Cybersecurity's Holy Grail
Carnegie Mellon University CyLab Security and Privacy Institute
Daniel Tkacik
June 15, 2021
Carnegie Mellon University (CMU) scientists have unveiled a provably secure computing environment that employs users' device communications to grant them immunity from compromised components. The researchers proposed an input/output (I/O) separation model that precisely describes mechanisms to safeguard the communications of isolated applications running on often-vulnerable operating systems like Windows, Linux, or MacOS. The CMU team said this is the first mathematically-proven model that enables communication separation for all types of I/O hardware and I/O kernels. CMU's Virgil Gilgor said, "Business, government, and industry can benefit from using this platform and its VDI [Virtual Desktop Infrastructure] application because of the steady and permanent shift to remote work and the need to protect sensitive applications from future attacks. Consumers can also benefit from adopting this platform and its VDI clients to secure access banking and investment accounts, perform provably secure e-commerce transactions, and protect digital currency."
Security Week (5/3, Kovacs) reported that researchers Ralf-Philipp Weinmann and Benedikt Schmotzle “have shown how a Tesla – and possibly other cars – can be hacked remotely without any user interaction. They carried out the attack from a drone.” The type of attack, “dubbed TBONE, involves exploitation of two vulnerabilities affecting ConnMan, an internet connection manager for embedded devices.” The researchers “showed how an attacker could use a drone to launch an attack via Wi-Fi to hack a parked car and open its doors from a distance of up to 100 meters (roughly 300 feet). They claimed the exploit worked against Tesla S, 3, X and Y models.” Tesla “patched the vulnerabilities with an update pushed out in October 2020, and it has reportedly stopped using ConnMan.”
In an opinion piece for Just Security (4/30),NYU Engineering research professor Ed Amoroso and NYU Center for Cybersecurity co-chair Randal S. Milch write, “The Department of Justice announced recently that the FBI had unilaterally removed malicious web shells from hundreds of private systems. These shells were the remnants of a major security problem that emerged earlier in March in Microsoft Exchange Server software. ... On Friday, April 9, the FBI secretly asked a federal magistrate judge in Texas to issue a warrant allowing the Bureau, without prior notice, to access, copy, and remove the web shells from hundreds of vulnerable computers in the United States running on-premises versions of Microsoft Exchange Server software used to provide enterprise-level e-mail service.” They argue that the FBI’s hack-to-patch “approach is a harmful practice at the enterprise level and that a dangerous precedent has been set.” There are many “negative technical, security, and policy consequences to the hack-to-patch approach.” Moreover, they continue, “we believe the proffered justifications for this particular government intervention are slight, which leads us to fear more ambitious hack-to-patch operations in the future.” From an “information security perspective,” they write, “this is a troubling prospect.”
Microsoft's Emergency Patch Fails to Fix Critical 'PrintNightmare' Vulnerability
Ars Technica
Dan Goodin
July 7, 2021
Researchers warn a software patch Microsoft issued this week did not fully correct a flaw in all supported versions of the Windows operating system that allows hackers to commandeer infected networks. The PrintNightmare vulnerability is rooted in bugs in the Windows print spooler, which supports printing functionality in local networks, and which attackers can exploit remotely when print capabilities are exposed online. Hackers also can use the flaw to escalate system privileges once they have infiltrated a vulnerable network via another bug, hijacking the domain controller. Benjamin Delpy, a developer of the hacking and network utility Mimikatz, tweeted that exploits could circumvent Microsoft's out-of-band update, which fails to fix vulnerable systems that employ certain settings for the point and print feature.
Mass Ransomware Hack Used IT Software Flaws, Researchers Say
Bloomberg
Jordan Robertson; William Turton
July 4, 2021
Cybersecurity researchers said the Russia-associated REvil hacker gang was responsible for a mass ransomware attack this past weekend that exploited previously unknown flaws in Kaseya’s information technology (IT) management software. Marcus Murray at Sweden-based cybersecurity firm TruSec said the victims were targets of opportunity, with REvil pushing ransomware to Internet-linked servers that used flawed VSA software. The Dutch Institute for Vulnerability Disclosure said it had notified Kaseya of multiple software vulnerabilities exploited by the hackers; the Institute said it was working with Kaseya to patch them when the attack was launched. Murray said recovery from the attack could take longer than in typical ransomware incidents, because Kaseya plays a core role in managing security and IT.
Data Security Rules Instituted for U.S. Payment Processing System
ZDNet
Jonathan Greig
June 30, 2021
New data security rules governing the payment system that facilitates direct deposits and direct payments for nearly all U.S. bank and credit union accounts are now in effect. The National Automated Clearinghouse Association (NACHA) stipulates that an account number used for any Automated Clearinghouse (ACH) payment must be rendered indecipherable while stored electronically. This mandate is applicable to any facility where account numbers related to ACH entries are stored. NACHA has instructed ACH originators and third parties that process over 6 million ACH transactions annually to render deposit account data unreadable when stored electronically, recommending measures that include encryption, truncation, tokenization, and destruction. The regulator said access controls like passwords are unacceptable, but disk encryption is permitted, provided additional and prescribed physical safeguards are implemented.
Untappable Communication Becomes Practical with MDI-QKD System in Future Quantum Internet
TU Delft (Netherlands)
July 6, 2021
Engineers at the QuTech institute created by the Delft University of Technology (TU Delft) and the Netherlands Organization for Applied Scientific Research have devised a cost-scalable system for untappable communication. TU Delft's Joshua Slater said the measurement-device independent quantum key distribution (MDI-QKD) system enables the connection of multiple users through a central node that functions like a switchboard operator. Said Slater, "The entire system is designed such that hacking attacks against the central node cannot break the security of the protocol." He also said QuTech researchers have facilitated a proof-of-principle demonstration of MDI-QKD, as well as demonstrations of its capabilities over deployed optical fibers and commercially available hardware.
Danger Caused by Subdomains
Technical University of Wien (Austria)
June 28, 2021
A security vulnerability could enable hackers to commandeer Website subdomains and inflict severe damage, according to researchers at Austria's Technical University of Wien (TU Wien) and Italy's Ca' Foscari University. The vulnerability lies in the persistence of dangling records—links to subdomains no longer in use—where TU Wien's Mauro Tempesta said attackers can establish their own domains. Such exploits can create vulnerabilities that pose risks to anyone who wants to use the actual site. The researchers found 1,520 vulnerable subdomains within 50,000 of the world's most critical Websites, and university sites were more likely to be vulnerable, since they have an especially large number of subdomains. TU Wien's Marco Squarcina said only 15% of those vulnerabilities have been corrected six months after administrators were warned of the threat.
Microsoft Discloses New Customer Hack Linked to SolarWinds Cyberattackers
The Wall Street Journal
Robert McMillan
June 26, 2021
Microsoft has issued a warning that hackers affiliated with Russia's Foreign Intelligence Service had installed data-harvesting malware on one of its systems and used the information to attack some of its customers. The company identified the attackers as Nobelium, the same group linked to the breach at Texas-based software supplier SolarWinds. A Microsoft spokesman said in compromising a computer used by a Microsoft customer support employee, the attackers could have accessed metadata of the company’s accounts and billing contact information. The software giant said it knows of three customers affected by the breach, and has eliminated the access point and secured the device.
Hackers Infecting Gamers' PCs with Malware to Make Millions From Crypto
CNBC
Sam Shead
June 25, 2021
Security firm Avast has found that hackers are exploiting gamers with "Crackonosh" malware to generate millions by mining cryptocurrency using gamers’ computers. Avast researchers said the criminals hide Crackonosh in free downloadable versions of games like NBA 2K19, Grand Theft Auto V, and Far Cry 5, available on torrent sites; upon installation, Crackonosh starts the gamers' PCs crypto-mining. The researchers estimate Crackonosh has been used to mine $2 million in mMonero cryptocurrency since June 2018; Avast's Daniel Benes said about 220,000 users have been infected worldwide, with an additional 800 devices infected daily. Benes said indications of the malware’s presence can include slower PC performance and higher-than-normal electricity bills.
NFC Flaws Let Researchers Hack ATMs by Waving a Phone
Wired
Andy Greenberg
June 24, 2021
An Android app developed by IOActive's Josep Rodriguez exploits flaws in near-field communication (NFC) systems, enabling ATMs and a variety of point-of-sale terminals to be hacked by waving a smartphone over a contactless credit card reader. Rodriguez said his app was able to force at least one ATM brand to dispense cash, but only in combination with other flaws in the ATM's software. Rodriguez added that the point-of-sale vulnerabilities allow you to "modify the firmware and change the price to $1, for instance, even when the screen shows that you're paying $50. You can make the device useless, or install a kind of ransomware. There are a lot of possibilities here." The findings have been disclosed to the affected vendors, but Rodriguez acknowledged that physically patching hundreds of thousands of affected terminals and ATMs "would require a lot of time."
Average Time to Fix Critical Cybersecurity Vulnerabilities is 205 Days: Report
ZDNet
Jonathan Greig
June 22, 2021
Software security adviser WhiteHat Security has estimated that the average time to correct critical cybersecurity vulnerabilities increased from 197 days to 205 days between April and May 2021. WhiteHat researchers determined that 66% of all apps used by the utility sector had at least one exploitable bug exposed throughout the year. The top five vulnerability classes WhiteHat researchers observed over the last three months were information leakage, insufficient session expiration, cross-site scripting, insufficient transport layer protection, and content spoofing; many such bugs also can be found and leveraged with little skill or effort. WhiteHat's Setu Kulkarni said the situation highlights a dearth of cybersecurity talent available to most organizations, and an overall scarcity of resources for many sectors wrestling with updates and patches for numerous apps.
GPS Cyberattack Falsely Placed U.K. Warship Near Russian Naval Base
New Scientist
David Hambling
June 24, 2021
A cyberattack may have been involved in a naval confrontation this week between Russia and a British warship in the Black Sea that never really happened. The global positioning system (GPS)-tracking Automatic Identification System (AIS) last week showed both a U.K. warship and a Dutch naval vessel coming within a few kilometers of a Russian naval base at Sevastopol, but a live Web camera feed confirmed that both ships were docked in Odessa, Ukraine, at the time. The spoofing in this case suggests a deliberate deception, as the ships' coordinates were changed gradually to imitate normal travel. Dana Goward at the Resilient Navigation and Timing Foundation said Russia could have executed the spoofing attack, and warned that such a hack "could easily lead to a shooting war by making things more confusing in a crisis."
Security Robots Expand Across U.S., with Few Tangible Results
NBC News
Cyrus Farivar
June 27, 2021
Concrete proof that security robots are reducing crime is lacking, despite wider deployment by U.S. government agencies and the private sector. Despite claims that its robots "predict and prevent crime," U.S. security robot supplier Knightscope cites little public evidence that its products work, or specific cases of crimes they have foiled; its clients are similarly unaware of how effective the robots are. Huntington Park, CA's police department deployed a K5 model from Knightscope to patrol a local park; Huntington Park chief of police Cozme Lozano said in the two years since the robot’s deployment, it was most useful in recording evidence of “robot tipping and vandalism against the robot itself.” Law enforcement and legal experts say demonstrating that a given piece of technology clearly results in a reduction in crime is difficult, with American University's Andrew Ferguson calling crime-fighting robots an "expensive version of security theater."
IT Leaders Say Cybersecurity Funding Being Wasted on Remote Work Support: Survey
ZDNet
Jonathan Greig
June 23, 2021
A JumpCloud survey of 401 IT decision-makers at small and medium-sized enterprises found that 56% think their organizations are spending too much to enable remote work. Over 60% of those polled said their organizations paid "for more tooling than they need" to manage user identities. When asked about their top concerns, 39% cited software vulnerabilities, followed by reused user names and passwords (37%), unsecured networks (36%), and device theft (29%). Thirty-three percent of respondents said their organizations were in the process of implementing a Zero Trust security approach, while 53% said multi-factor authentication is required across everything. Among other things, more than half of respondents said IT budgets this year largely would be used to support remote management, security, and cloud services, and about two-thirds of responding IT managers said they felt “overwhelmed” by the management of remote workers.
Authority Magazine (5/11, Remillard) publishes an interview with Paris Stringfellow, the Deputy Director for the Clemson University Center for Advanced Manufacturing. Stringfellow’s research “focuses on investigating human error within socio-technical complex systems and cyber-physical-social systems with applications in cybersecurity, decision making under risk and advanced manufacturing.” When asked about “the 3 things in particular that most excite you about” the cybersecurity industry, Stringfellow said, “Cybersecurity has got to be one of the most exciting industries to be in right now. For one, it’s incredibly fast-paced and dynamic. If you’re responding to a known cyber threat today, you can bet that there’s already another one right around the corner.” She continues, “Also, I have come to appreciate the diversity and ubiquity that this discipline brings. Cybersecurity is one of this century’s grand challenges as it touches everyone and everything. This means that there are thousands of opportunities to engage.” Stringfellow also adds that the industry “requires incredible creativity. The diversity of this problem entails deep technical understanding, but it’s also a very human issue.”
Biden Signs Executive Order Calling For Enhanced Federal Cyber Defense. The AP (5/12, Suderman) reports Biden “signed an executive order Wednesday meant to strengthen U.S. cybersecurity defenses in response to a series of headline-grabbing hacking incidents.” The order will “require all federal agencies to use basic cybersecurity measures, like multi-factor authentication, and require new security standards for software makers that contract with the federal government.”
Bloomberg (5/12, Jacobs) reports that a Biden Administration official “told reporters on a conference call that the order only makes a down payment toward modernizing cyber defenses, and stressed that the White House wants to focus on secure software development on building more secure software products for Americans.”
ECB Starts Work on Digital Version of the Euro
CNBC
Silvia Amaro
July 14, 2021
The European Central Bank (ECB) has launched an initiative to produce a digital euro currency. The ECB expects the design and investigation stage to take two years, while the currency's actual implementation could add two more years to the project. ECB’s Fabio Panetta said, "Private solutions for digital and online payments bring important benefits such as convenience, speed, and efficiency. But they also pose risks in terms of privacy, safety, and accessibility. And they can be expensive for some users." The digital euro would let consumers make payments electronically, but also would "complement" the existing monetary system rather than supplanting physical cash and eliminating the commercial lending business.
Faces Are the Next Target for Fraudsters
The Wall Street Journal
Parmy Olson
July 7, 2021
Facial recognition systems increasingly are a target for fraudsters. Identity verification company ID.me Inc. found more than 80,000 attempts to trick facial identification verification to claim fraudulent unemployment benefits between June 2020 and January 2021. ID.me's Blake Hall said these attempts involved people wearing masks, using deepfakes, or holding up images or videos of other people. Veridium LLC's John Spencer said fraudsters sometimes try to carry out "presentation attacks" by using a photo of someone's face, cutting out the eyes and using it as a mask. Adversa.ai's Alex Polyakov said the algorithms underpinning these systems need to be updated, or the models need to be trained with a large number of adversarial examples, to protect against such spoofing.
Google Releases Open Source Security Software Program: Scorecards
ZDNet
Steven J. Vaughan-Nichols
July 1, 2021
Google and the Open Source Security Foundation have developed the OpenSSF Security Scorecards, an automated security tool that generates a "risk score" for open source programs. This is important because 95% of all commercial programs contain open source software, according to the Synopsys Cybersecurity Research Center, and many organizations lack the systems and processes to evaluate new open source dependencies for security issues. Scorecards v2 includes new security checks, including the Branch-Protection check, which ensures code reviews to prevent malicious contributors from introducing potential backdoors into code. The Scorecards project already has performed security evaluations for more than 50,000 open source projects.
Tool Automatically Finds Buffer Overflow Vulnerabilities
Carnegie Mellon University CyLab Security and Privacy Institute
Daniel Tkacik
July 9, 2021
A new tool designed to automatically test for memory flaws in the Rust programming language libraries could detect and mitigate the threat of buffer overflow attacks. Crafted by researchers at Carnegie Mellon University's Security and Privacy Institute (CyLab), the SyRust tool can automatically generate unit tests for library application programming interfaces, and check these library deployments for memory bugs. CyLab's Limin Jia said the team used SyRust on 30 popular libraries, unearthing four previously undiscovered vulnerabilities. Jia said the team is attempting to enhance what it calls the "improved courage" of testing to ensure a wider net has been cast and to improve users' confidence that most, if not all, bugs have been identified.
Ad Age (6/1, Moore) reports Toyota Motor North America “said it added a data privacy portal to its Toyota and Lexus apps.” The company “says implementing the Toyota Data Privacy Portal is the latest step it is taking to make consumer data ‘more accessible and transparent’ and follow privacy protection benchmarks it and 19 other automakers submitted to the Federal Trade Commission in 2014.” The portal “can be accessed for vehicles with connected services capabilities that were built in the 2013 model year or later, the company said in a statement Tuesday.” Consumers who own multiple vehicles “can customize privacy and data-sharing settings for each of their vehicles, according to the automaker.” Consumers will also be able to see what specific data they are sharing if they choose to share information with third parties.
Insider (5/28, Sonnemaker) reports on “newly unredacted documents in a lawsuit against Google” that show “the company’s own executives and engineers knew just how difficult the company had made it for smartphone users to keep their location data private.” Insider explains that, according to the documents, “Google continued collecting location data even when users turned off various location-sharing settings, made popular privacy settings harder to find, and even pressured LG and other phone makers into hiding settings precisely because users liked them.” In a deposition, former Google Maps VP Jack Menzel said “that the only way Google wouldn’t be able to figure out a user’s home and work locations is if that person intentionally threw Google off the trail by setting their home and work addresses as some other random locations.” Google did not respond to requests for comment on Insider’s story.
In a piece for Fast Company (5/28), University of Edinburgh Senior Researcher Ben Williamson argues that Google’s continued expansion and distribution of Google Classroom, which “gives Google access to data about students and schools at international scale,” is worrying privacy advocates because the company has repeatedly proven its primary interest in data-mining over more altruistic goals. Williamson writes that Google’s focus on education “has always been highly controversial,” and he cites an Electronic Frontier Foundation 2016 FTC complaint, which accused Google of “collecting and data mining schoolchildren’s personal information from Chromebooks and Google Apps for Education (since renamed Workspace for Education) without permission or opt-out options.” He calls on regulators to pay specific attention to Google as it, and the rest of the technology sector, attempts to entrench its pandemic-era achievements more permanently.
Reuters (5/27, Sun, Munroe) reports that earlier this month, China’s “cyberspace regulator posted a draft rule that said automakers must seek customer approval to collect driving data” which “would also require automakers to store data locally and get regulatory permission when they want to send such data to foreign entities.” Automakers BMW, Daimler, and Ford “have set up facilities in China to store data generated by their cars locally, they told Reuters, as automakers come under growing pressure in the world’s biggest car market over how they handle information from vehicles.”
Kaseya Gets Master Decryption Key After July 4 Global Attack
Associated Press
Frank Bajak
July 22, 2021
Florida-based software supplier Kaseya has obtained a universal key that will decrypt all businesses and public organizations crippled in the July 4 global ransomware attack. The Russia-affiliated REvil syndicate released the malware, which exploited Kaseya's software and immobilized more than 1,000 targets. Kaseya spokesperson Dana Liedholm would only disclose that the key came from a "trusted third party," and that Kaseya was distributing it to all victims. Ransomware analysts suggested multiple possibilities for the master key's appearance, including Kaseya paying the ransom, or the Kremlin seizing the key and handing it over.
iPhone Security No Match for NSO Spyware
The Washington Post
Craig Timberg; Reed Albergotti; Elodie Gueguen
July 19, 2021
Spyware made by Israeli surveillance company NSO has been used to hack Apple iPhones without users’ knowledge. An international probe uncovered 23 Apple devices compromised by Pegasus spyware, which circumvented their security systems and installed malware. The hacked smartphones included an iPhone 12 with the latest Apple software updates, indicating even the newest iPhones are vulnerable, and undercutting Apple's long-hyped claims of superior security. An Amnesty International study found evidence that NSO's clients use commercial Internet service companies to send Pegasus malware to targeted devices. The international probe found the inability to block such smartphone hacking threatens democracy in many nations by weakening journalism, political activism, and campaigns against human rights abuses.
China Spy Agency Blamed by U.S., Others of Using Contract Hackers
Voice of America News
Steve Herman
July 19, 2021
U.S. President Joe Biden said he expected to receive a report Tuesday detailing how China's Ministry of State Security has employed contract hackers to hold U.S. businesses hostage with ransomware. This follows the Biden administration’s public accusation that Beijing is conducting unsanctioned cyber operations worldwide. An international coalition claims China launched a zero-day hack in March that impacted tens of thousands of organizations through Microsoft Exchange servers. In a jointly issued advisory Monday, the U.S. National Security Agency, Cybersecurity and Infrastructure Security Agency, and the Federal Bureau of Investigation said they “have observed increasingly sophisticated Chinese state-sponsored cyber activity targeting U.S. political, economic, military, educational, and CI (critical infrastructure) personnel and organizations.”
iOS Zero-Day Let SolarWinds Hackers Compromise Fully Updated iPhones
Ars Technica
Dan Goodin
July 14, 2021
Google and Microsoft researchers found that the Russian state hackers behind last year's SolarWinds supply chain hack also exploited a then-unknown iOS zero-day vulnerability in a separate malicious email campaign. The goal was to steal Web authentication credentials from Western European governments via messages to government officials through LinkedIn. Google's Shane Huntley confirmed that the attack involving the iOS zero-day were connected to an attack reported by Microsoft in May in which the SolarWind hackers, known as Nobelium, compromised an account belonging to U.S. foreign aid and development assistance agency USAID. Google's Project Zero vulnerability research group found 33 zero-day exploits used in attacks during the first half of 2021, 11 more than from the total for last year.
Encrypting Photos on the Cloud to Keep Them Private
Columbia Engineering News
July 15, 2021
Computer scientists at Columbia University have developed a system that allows mobile users to encrypt personal images on cloud photo services like Google Photos, in order to maintain their privacy. The system, Easy Secure Photos (ESP), encrypts photos uploaded to cloud services so hackers cannot access them, even if the user's account is breached. Columbia's John S. Koh said, "Our system adds an extra layer of protection beyond your password-based account security. The goal is to make it so that only your devices can see your sensitive photos, and no one else unless you specifically share it with them."
Crypto Experts in Demand as Countries Launch Digital Currencies
The Wall Street Journal
James T. Areddy
July 18, 2021
Demand for cryptocurrency consultants continues to grow as countries accelerate efforts to launch their own digital tenders. For example, Israeli crypto consultant Barak Ben-Ezer designed the SOV (sovereign), a bitcoin-like tradable cryptocurrency, for the Marshall Islands archipelago nation. China has jumpstarted other countries' eagerness to have their own digital currencies by indicating the launch of a digital yuan (the e-CNY) is approaching. Advisers say central banks often have teams modeling digitization schemes, although many are discreetly consulting with engineers with backgrounds in cryptocurrencies and blockchain. Having private advisers like Ben-Ezer directing such efforts raises concerns about potential conflicts of interest and liability; the Marshall Islands' crypto issuance has been delayed amid similar issues raised by the First Hawaiian Bank and the International Monetary Fund.
The Hacker News (6/18, Lakshmanan) reported that Google has released its Supply chain Levels for Software Artifacts (SLSA) end-to-end framework, “a solution to ensure the integrity of software packages and prevent unauthorized modifications.” The framework “aims to secure the software development and deployment pipeline...and mitigate threats that arise out of tampering with the source code, the build platform, and the artifact repository at every link in the chain.” Google “said SLSA is inspired by the company’s own internal enforcement mechanism called Binary Authorization for Borg, a set of auditing tools that verifies code provenance and implements code identity to ascertain that the deployed production software is properly reviewed and authorized.”
Newsweek (6/21, Giella) reports as cyber criminals continue to “launch ransomware attacks on businesses, experts warn that the ransom victims are expected to pay could skyrocket, funding the next round of advanced attacks.” Eric Goldstein, a top DHS cybersecurity official, “told lawmakers during a congressional hearing last week that paying the ransom doesn’t guarantee data will be returned or sensitive files won’t be sold on the dark web. He added that paying ransomware criminals will finance newer, more advanced tools for criminal intelligence.”
Higher Ed Dive (6/21, Busta) reports that “ransomware attacks are hitting colleges at an inopportune time.” Institutions “have been relying far more heavily on their virtual systems for instruction and student support during the pandemic than ever before.” This has “made the impact of such attacks that much bigger for colleges, said Von Welch, associate vice president for information security at Indiana University.” Higher Ed Dive “talked with Welch about the recent spate of ransomware attacks and other cyberthreats colleges should be watching for.” When discussing what a school should do if they are hit with a ransomware attack, Welch said, “One of the critical things they’re going to have to figure out at that moment is do they have good backups. If you have good backups of all your IT systems you can restore those backups and get online without having to worry about the extortion.”
The San Antonio Business Journal (6/16, E. Garcia, Subscription Publication) reports that the University of Texas at San Antonio (UTSA) “will receive a $500,000 grant from the National Science Foundation to support its efforts to fight cyberattacks.” The project is “anticipated to continue until 2024, according to the university.” UTSA’s Cyber Center for Security and Analytics “within its Alvarez College of Business will develop data-driven methods and algorithms to make cyber infrastructure more resilient against ransomware attacks.” The center’s mission “is to apply practical solutions to address the vulnerabilities of the nation’s cybersecurity systems.”