Dr. T's security brief
dtau...@gmail.com
Simple Firmware Update Completely Hides a Device's Bluetooth Fingerprint
A firmware update developed by University of California San Diego researchers prevents a connected device user from being tracked using the device's unique Bluetooth fingerprint. The new method hides the device's Bluetooth fingerprint using multiple layers of randomization. The researchers tested the firmware update on the Texas Instruments CC2640 chipset used in various smart devices and found the level of tracking accuracy achieved in one minute without the firmware update would take more than 10 days of continuous observation with the firmware update.
[ » Read full article ]
UC San Diego Today; Ioana Patringenaru (July 10, 2024)
New Blast-RADIUS Attack Breaks 30-Year-Old Protocol Used in Networks Everywhere
Researchers at Cloudfare, University of California San Diego, BastionZero, Microsoft Research, and the Netherlands' Centrum Wiskunde & Informatica found the RADIUS (Remote Authentication Dial-In User Service) network protocol is vulnerable to an attack that could enable hackers to assume control of industrial controllers, telecommunications services, ISPs, enterprise networks, and more. With "Blast RADIUS," an attacker with an active adversary-in-the-middle position can gain administrative access to devices that authenticate themselves to a server via the RADIUS protocol.
[ » Read full article ]
Ars Technica; Dan Goodin (July 9, 2024)
10 Billion Passwords Exposed in Largest Leak Ever
Cybernews researchers discovered what they described as the largest-ever password compilation on a popular hacking forum. The rockyou2024.txt file, posted July 4 by a user known as "ObamaCare," contains 9,948,575,739 unique plaintext passwords. Although these passwords are from a combination of old and new data breaches, the researchers said the risk of credential stuffing attacks is higher given that the passwords were compiled into a single, searchable database.
[ » Read full article ]
PC Magazine; Emily Price (July 6, 2024)
Intel CPUs Face Spectre-Like 'Indirector' Attack
University of California San Diego researchers demonstrated a technique that can deploy Spectre-like side channel attacks on high-end Intel CPUs by exploiting a speculative execution feature to redirect a program's control flow. The technique, called Indirector, could dupe the CPU into incorrectly altering the order in which individual instructions and function calls are executed and allow attackers to access sensitive data.
[ » Read full article ]
Dark Reading; Jai Vijayan (July 3, 2024)
Rust Leaps Forward in Language Popularity Index
Rust achieved its highest position ever in the monthly Tiobe Programming Index of computer language popularity, reaching the 13th spot in July. Previously, Rust has never gone higher than 17th place in the index. Tiobe CEO Paul Jansen attributed Rust’s ascent to a February U.S. report recommending Rust over C/C+ for security reasons.
[ » Read full article ]
InfoWorld; Paul Krill (July 8, 2024)
Australia Spy Agency Moves Intelligence Data to Cloud
In a deal with Amazon Web Services, the Australian Defense Force will move its top secret intelligence data to the cloud to increase interoperability with the U.S. Rachel Noble, director general of the Australian Signals Directorate, added that top secret datacenters will be built in Australia as the national security agency ramps up AI use to analyze data.
[ » Read full article ]
Reuters; Kirsty Needham (July 4, 2024)
Attacks on the Global Positioning System (GPS) are being perpetrated worldwide, daily. GPS jamming is common in the airspace near conflict zones. The U.S. has lagged behind other countries in replacing aging GPS satellites and developing backup plans. The European Galileo system authenticates its signals, and China is developing timing stations and laying fiber-optic cables to eliminate the need for satellites to provide navigation.
[ » Read full article *May Require Paid Registration ]
The New York Times; Selam Gebrekidan; K.K. Rebecca Lai; Pablo Robles (July 2, 2024); et al.
Tiny Chip Could Secure Quantum Wi-Fi
A quantum phase array (QPA) developed by California Institute of Technology researchers could allow secure quantum Wi-Fi communication in any location. The QPA contains more than 1,000 electronic components arranged on a 1.8 mm by 3 mm silicon-based chip. The system on a chip features 32 antennas that can transmit and receive quantum signals moving through free space, and it can operate at room temperature.
[ » Read full article ]
New Scientist; Karmela Padavic-Callaghan (July 2, 2024)
dtau...@gmail.com
CrowdStrike Issue Causes Major Global Outages
An update by cybersecurity firm CrowdStrike led to a major IT outage on Friday, impacting businesses around the world. CrowdStrike said it is in the process of rolling back the update that caused the issue and that a fix for the defect had been deployed. Said CEO George Kurtz, "CrowdStrike is actively working with customers impacted by a defect found in a single content update for Windows hosts. Mac and Linux hosts are not impacted.” Airlines, banks, and telecom firms were among the companies impacted.
[ » Read full article ]
CNBC; Katrina Bishop; Arjun Kharpal (July 19, 2024)
Kaspersky Labs Quits U.S. After Ban
Russia's Kaspersky Labs is pulling out of the U.S. following a ban on the sale and distribution of its antivirus and cybersecurity software, noting that "business opportunities in the country are no longer viable." This follows comments from U.S. Commerce Secretary Gina Raimondo that Kaspersky posed a serious risk to U.S. infrastructure and services due to Moscow's influence over the company. Software updates, resales, and licensing of Kaspersky products will be prohibited in the U.S. beginning Sept. 29.
[ » Read full article ]
BBC; João da Silva (July 16, 2024)
Investigators Raced to Crack Phone Used by Trump Rally Gunman
The latest phone-cracking technology was used to quickly access the phone of the man suspected of shooting former U.S. President Donald Trump during a campaign event. The phone was a relatively new model, which can be harder for law enforcement to access than old phones because of newer software. Insiders said the FBI was able to crack the suspect's phone within 45 minutes.
[ » Read full article ]
Washington Post; Devlin Barrett; Emily Davies (July 16, 2024)
Hackers Claim Leak of Internal Disney Slack Messages over AI Concerns
Activist hacking group Nullbulge claimed it leaked thousands of Disney’s internal Slack messaging channels, which included information about unreleased projects, raw images, computer codes, and log-ins. The group said it leaked about 1.2 terabytes of information and that it wants to protect artists’ rights and compensation for their work, especially in the age of AI.
[ » Read full article ]
CNN; Ramishah Maruf (July 15, 2024)
CISA Urges Software Makers to Eliminate OS Command Injection Vulnerabilities
An alert issued by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the FBI calls on software manufacturers to eliminate "entirely preventable" operating system (OS) command injection vulnerabilities. The alert said designing and developing software that trusts user input without proper validation or sanitization “can allow threat actors to execute malicious commands, putting customers at risk." The agencies indicated OS command injection vulnerabilities can be avoided with clear separations between user input and a command's contents.
[ » Read full article ]
Infosecurity Magazine; James Coker (July 11, 2024)
Germany to Phase Out Chinese Components from Its 5G Core Network
German Interior Minister Nancy Faeser said "a clear and strict agreement" has been made with telecom providers Deutsche Telekom, Vodafone, and Telefonica Deutschland to phase out the use of components from Huawei, ZTE, and other Chinese companies from Germany's 5G network products by 2029. The agreement is intended to protect Germany's critical infrastructure from potential security risks posed by China.
[ » Read full article ]
Reuters; Andreas Rinke; Rachel More; Chiara Holzhaeuser (July 11, 2024); et al.
Google Close To Acquiring Wiz In Its Biggest Deal Ever
The New York Times 
(7/14) reports Google is “in talks to buy Wiz, a New York-based cybersecurity start-up,” for roughly $23 billion in what would be “its largest-ever acquisition to improve what it can offer to business customers.” Google is pursuing the acquisition “despite the possibility that regulators might try to block the deal.” However, “the company may be willing to fight to beef up its cloud-computing division, which lags behind Amazon Web Services and Microsoft Azure.” The Wall Street Journal (7/14, Subscription Publication) reports that if a deal for Wiz materializes, it would be among the largest technology transactions recently, given that antitrust scrutiny and high interest rates are deterring potential buyers.
AT&T Says Records Of “Almost All” Wireless Customers Impacted In Breach
The Washington Post (7/12, A1, Menn, Gregg) reported, “Hackers stole records detailing the phone contacts of almost all AT&T Wireless customers in one of the most serious breaches of sensitive consumer data in recent years, the company disclosed in a securities filing Friday.” This “cache includes the numbers called or texted by more than 100 million customers between May 1 and Oct. 31, 2022, as well as one day this past January.” The cache also “contains the numbers themselves as well as the frequency and combined durations of the interactions, but not the customer names or the content of those communications, AT&T said.”
The New York Times (7/12, Gross, Kaye) reports the company in a regulatory filing “said it became aware of the breach in April.” But “the Justice Department requested in May and June that AT&T delay the public disclosure of the incident because of ‘a substantial risk to national security and public safety,’ a spokesman for the department said.”
AT&T Paid Hacker $370,000 To Delete Stolen Data. Digital Trends (7/14) reports that after news broke on Friday “that a security breach had impacted tens of millions” or AT&T’s customers, “a new report claims that the carrier paid around $370,000 to the hacker to delete all of the stolen data.” AT&T sent a cryptocurrency payment to the hackers in May, “and as part of the deal, the hacker had to provide a video that proved the data had been deleted, Wired reported on Sunday.” Communicating with AT&T through a cybersecurity researcher as an intermediary, the hacker “had originally demanded $1 million to delete the data, but ended up accepting around a third of that.” Digital Trends says, “The perpetrator is believed to be part of the ShinyHunters hacking group that’s also believed to have been involved in stealing data from unsecured storage accounts operated by US cloud computing company Snowflake.”
AI Enhances Cybersecurity Amid Rising Cybercrime
Entrepreneur Magazine (7/17, Wong) reports cybercrime has surged globally, causing over $12 billion in damages in the past decade. AI now plays a crucial role in both perpetrating and combating cyber threats. Chief information security officers leverage AI technologies like machine learning to detect anomalies and prevent damage. Amazon GuardDuty, an AI-based threat detector, protects AWS accounts by analyzing data and automating threat remediation. IBM Watson for Cybersecurity also uses AI to detect threats from various sources. Despite advancements, challenges remain, including securing generative AI projects. Case studies of Andritz AG and United Family Healthcare illustrate successful AI-based cybersecurity implementations. As generative AI use expands, the need for robust cybersecurity will grow, necessitating advancements in AI-based protection.
Higher Ed Groups Challenge Federal Cybersecurity Transparency Proposal
Inside Higher Ed (7/18, Coffey) reports that more than a dozen higher education organizations are opposing a federal proposal requiring more than 5,000 colleges and universities to report cybersecurity attacks. Educause, “a nonprofit focused on education and technology, sent a letter July 1 to express concerns about a proposal from the Cybersecurity and Infrastructure Security Agency (CISA).” The proposal “expands on the Cyber Incident Reporting for Critical Infrastructure Act of 2022” to include higher education institutions. The American Council on Education (ACE) also filed a letter on July 3, supported by 15 other organizations, criticizing the lack of consultation with the education sector. Both Educause and ACE argue “the strain the new proposals could put on both small and large institutions.” The public comment period ended on July 3, and final regulations are expected in October 2025.
dtau...@gmail.com
Security Firm Discovers Remote Worker Is North Korean Hacker
KnowBe4, a U.S. security training firm, disclosed that it had unknowingly hired a remote software engineer who turned out to be a North Korean hacker. The firm revealed in a blog post that as soon as the employee received a company-issued Mac, it began to load malware. The Mac's onboard security software detected the malware, however, and the company was able to prevent the hacker from using the device to compromise its internal systems.
[ » Read full article ]
PC Magazine; Michael Kan (July 23, 2024)
Malware Shuts Down Heating in Ukrainian City
Cybersecurity company Dragos on Tuesday published a report detailing how a new malware designed to target a specific type of heating system controller caused the loss of heating for nearly 48 hours during winter to over 600 apartment buildings in Lviv, Ukraine. The FrostyGoop malware was designed to interact with industrial control devices over Modbus, a decades-old protocol widely used across the world to control devices in industrial environments.
[ » Read full article ]
TechCrunch; Lorenzo Franceschi-Bicchierai (July 23, 2024)
U.S. Mandates Stricter Cybersecurity for R&D Institutions
According to a memo from the U.S. Office of Science and Technology Policy, higher education institutions certified by federal research agencies must implement cybersecurity programs for research and development (R&D) security. Institutions receiving more than $50 million in federal science and engineering support annually must certify to the funding agency their R&D security programs cover cybersecurity, and must implement a cybersecurity program following the CHIPS and Science Act’s cybersecurity document for research-focused entities.
[ » Read full article ]
Security Intelligence; Jonathan Reed (July 22, 2024)
Microsoft's Global Sprawl Under Fire After Historic Outage
The July 19 computer outage resulting from a defective CrowdStrike update to Windows systems worldwide shines a spotlight on the global economy's dependence on Microsoft. Although Microsoft said only an estimated 8.5 million devices were impacted, accounting for less than 1% of computers running the Windows operating system, U.S. Federal Trade Commission Chair Lina Khan said it underscores "how concentration can create fragile systems."
[ » Read full article *May Require Paid Registration ]
The Washington Post; Cristiano Lima-Strong; Cat Zakrzewski; Jeff Stein (July 20, 2024)
How China Avoided Worst of Global Tech Meltdown
China managed to escape much of the damage caused by the faulty CrowdStrike software update Friday for the simple reason that the computer security provider is hardly used in the country. Additionally, China is not as reliant on Microsoft as the rest of the world; domestic companies are that nation’s dominant cloud providers.
[ » Read full article ]
BBC News; Nick Marsh (July 20, 2024)
DHS Develops Robot for Walking DoS Attacks
The U.S. Department of Homeland Security (DHS) has developed a four-legged robot designed to jam the wireless transmissions of smart home devices. The NEO robot is equipped with an antenna array designed to overload home networks, to disrupt devices that rely on wireless communication protocols. The robot also may be used to communicate with subjects in a target area, or to provide remote eyes and ears to agents on the ground.
[ » Read full article *May Require Paid Registration ]
Tom's Hardware; Jowi Morales (July 23, 2024)
Technology Policy Experts Say It's Time to Rethink Data Privacy Protections
The latest TechBrief released by ACM's global Technology Policy Council focuses on data privacy protections. “Few people realize that, in just the last decade, new technologies such as generative AI have made old approaches to ensuring data privacy obsolete,” said co-author Micah Altman at the Massachusetts Institute of Technology. "We call for a new set of best practices in our field to manage privacy risks. We also emphasize that privacy regulation must keep pace with privacy protection technologies."
[ » Read full article ]
ACM Media Center (July 25, 2024)
EU Cloud Scheme Needs More Privacy Safeguards, French Watchdog Says
French privacy watchdog CNIL said improvements must be made to the data protection safeguards in the proposed EU certification scheme for cloud services (EUCS). The EUCS is intended to protect ICT packages sold in the EU from cyberattacks. However, the CNIL said, "In its current state, the EUCS no longer allows providers to demonstrate that they protect stored data against access by a foreign power."
[ » Read full article ]
Euronews; Cynthia Kroet (July 22, 2024)
White House Works To Address “Fallout” Of Major Microsoft Outage
Politico (7/19, Sakellariadis, Miller, Gedeon) reported the Administration on Friday raced “to assess the fallout from a massive IT outage that is ricocheting across the globe, grounding airplanes, ripping through health systems and snarling IT networks at federal agencies and Fortune 500 companies.” Deputy NSA for Cyber and Emerging Technology Anne Neuberger “said during a panel at the Aspen Security Forum Friday that she had spent the morning assessing the impact of the outage on all U.S. critical infrastructure sectors,” and also “said she spoke with George Kurtz, the CEO of cybersecurity giant CrowdStrike, and convened interagency calls to understand the impact of the errant software update, and had reached out to foreign partners to offer assistance as well.”
The Washington Post (7/19, Ziegler, Telford, Gilbert) detailed how “countless people worldwide...were tangled by a software outage affecting Microsoft Windows users,” which “disrupted airports, hospitals, transportation systems and other businesses, creating a cascade of chaos and inconvenience.” The New York Times (7/19, A1, Satariano, Mozur, Tobin) calls the outage “unparalleled,” adding that “the fallout, which was immediate and inescapable, highlighted the brittleness of global technology infrastructure,” since “when a single flawed piece of software is released over the internet, it can almost instantly damage countless companies and organizations that depend on the technology.”
The Washington Post (7/19, A1) explained that “as more information emerged about the cause of the outage, it seemed clear it was nothing more than an accident, one caused by faulty software in an automated update from...CrowdStrike,” underlining “the vulnerability of major industries” to such events. The Post adds with “the AI revolution...poised to make these systems even more interdependent and opaque,” the Post adds that “political leaders have been slow to react to these changes in part because few of them understand the technology,” though “even technologists can’t fully understand the complexities of our globally networked systems.”
CrowdStrike Deploys Fix For Issue Causing Global Tech Outage Reuters (7/19, Sophia) reported CrowdStrike CEO George Kurtz on Friday announced it had “deployed a fix for an issue that triggered a major tech outage that affected industries ranging from airlines to banking to healthcare worldwide,” while Microsoft “said separately it had fixed the underlying cause for the outage of its 365 apps and services including Teams and OneDrive, but residual impact was affecting some services.” Reuters says the “massive” outage led to “major airlines halting flights,” took “some broadcasters off-air,” and left “sectors ranging from banking to healthcare hit by system problems.”
Airlines Face Difficulties Recovering From CrowdStrike Outage As Cancellations Continue. The AP (7/21) reports airlines “continued to struggle to restore operations two days after a faulty software update caused technological havoc worldwide and resulted in several carriers grounding flights,” with total cancellations reaching 1,461, topped by Delta Airlines and United Airlines. Transportation Secretary Buttigieg spoke with Delta CEO Ed Bastian on Sunday “about the airline’s high number of cancellations since Friday,” and “the Transportation Department said its top officials have reminded Delta of the airline’s obligation to provide refunds to passengers whose flights were canceled and who don’t want to be rebooked on a later flight.” Nonetheless, Reuters (7/21, Valetkevitch, Shepardson) says Delta “struggled to restore normal operations on Sunday,” having “canceled just over a quarter of its schedule Sunday and delayed another 1,700 flights or 46%,” amid “ongoing operational problems caused by the outage’s impact on its crew tracking system.”
House Committee Demands CrowdStrike CEO Testify About Global Outages
The Washington Post (7/22, Lima) reports the House Homeland Security Committee on Monday “demanded that CrowdStrike CEO George Kurtz commit by Wednesday to appearing on Capitol Hill” to explain the widespread computer outages caused by his company’s botched software update over the weekend and commit to “mitigation steps” to prevent future issues. The error “threw businesses and government organizations worldwide into disarray,” forcing airlines “to ground thousands of flights” and disrupting “emergency services such as the 911 call line.” The Post adds that the “worldwide meltdown is forcing regulators and lawmakers to confront the extent to which the global economy and critical infrastructure relies on a small set of software services.” The AP (7/22) reports that in a letter to Kurtz, Republican lawmakers said they “cannot ignore the magnitude of this incident, which some have claimed is the largest IT outage in history,” adding that Americans “deserve to know in detail how this incident happened and the mitigation steps CrowdStrike is taking.”
Colleges Continue To Grapple With CrowdStrike Outage. Inside Higher Ed (7/22, Alonso) reports “colleges and universities were and continue to be affected by massive technology outages caused by an update to CrowdStrike, a cybersecurity software, on Friday.” Two institutions in Texas, Texas A&M University and the University of Houston at Victoria, “canceled classes in the wake of the outage,” and last Friday, Texas A&M “announced that 81 percent of its servers had been restored and classes would resume as normal today.” Higher ed institutions “aren’t alone,” but in some cases, “institutions’ online learning arms were impacted more than their in-person campuses.” Though CrowdStrike released “a solution to the shutdowns within hours of the flawed update, the process is too complicated for many who aren’t IT professionals,” meaning the outage “will most likely have the direst effect on universities where faculty and staff work remotely and can’t easily get their computers looked at in person.”
CrowdStrike Blames Bug In Update For Global Tech Outage
CrowdStrike “is blaming a bug in an update that allowed its cybersecurity systems to push bad data out to millions of customer computers, setting off last week’s global tech outage that grounded flights, took TV broadcasts off air and disrupted banks, hospitals and retailers,” the AP (7/24) reports. Additionally, the company “outlined measures it will take to prevent the problem from recurring, including staggering the rollout of updates, giving customers more control over when and where they occur, and providing more details about the updates that it plans.”
Delta May Take $500 Million Loss From CrowdStrike Outage. The New York Post (7/24, Herzlich) reports that Delta Air Lines may face a $500 million impact this quarter due to last week’s global CrowdStrike outage, according to Citi Research analyst Stephen Trent. Citigroup reduced Delta’s third-quarter earnings per share estimate by 60 cents to $1.37, citing operational expenses and potential customer compensation costs. Conor Cunningham of Melius Research estimated a $350 million hit to Delta’s operating profit and a possible fine from the Department of Transportation, which is investigating the airline for canceling over 5,000 flights. Delta declined to comment on the projected financial loss.
dtau...@gmail.com
DDoS Attack Triggers New Microsoft Global Outage
A global outage of Microsoft services on Tuesday was started by a Distributed Denial-of-Service (DDoS) attack, the company said. An error in Microsoft’s DDoS protection measures then amplified the impact of the attack rather than mitigating it, the firm added. The outage lasted for around 10 hours, during which time customers reported issues with a range of Microsoft platforms.
[ » Read full article ]
Infosecurity Magazine; James Coker (July 31, 2024)
Meta's AI Safety System Defeated by Space Bar
Meta last week unveiled Prompt-Guard-86M alongside its Llama 3.1 generative AI model, to detect prompt injection attacks. However, Robust Intelligence researcher Aman Priyanshu found the Prompt-Guard-86M classifier model is itself vulnerable to prompt injection attacks. Priyanshu explained adding spaces between the letters of a given prompt and leaving out punctuation "effectively renders the classifier unable to detect potentially harmful content."
[ » Read full article ]
The Register (U.K.); Thomas Claburn (July 29, 2024)
DOJ Says TikTok Collected U.S. User Views on Sensitive Issues
In documents filed in federal appeals court in Washington, U.S. Department of Justice (DOJ) attorneys said TikTok employees sent sensitive data about U.S. users to engineers at parent company ByteDance in China via an internal Web-suite system. The Lark system was used to transmit data on users' views on sensitive topics like religion, abortion, and gun control; the data was stored on Chinese servers. DOJ expressed concerns about the potential for "covert content manipulation" by the Chinese government.
[ » Read full article ]
Associated Press; Haleluya Hadero; Eric Tucker (July 27, 2024)
AI Snoops on HDMI Cables to Capture Screen Data
An AI model developed by researchers at Uruguay's University of the Republic can reconstruct digital signals by intercepting electromagnetic radiation leaked from the HDMI cable that connects a computer and monitor. This would allow hackers to view a user's computer screen as they enter encrypted messages or personal information. Said the university’s Federico Larroca, “If you really care about your security, whatever your reasons are, this could be a problem.”
[ » Read full article ]
Tom's Hardware; Jeff Butts (July 28, 2024)
Search Engine Exposes Privacy Violations
Former Google engineer Tim Libert has launched webXray, a search engine that lets users identify which websites are tracking them and where the data goes. Users can input a search term to identify all the websites connected to that term that are tracking the data and search queries connected to their IP address and giving that information to Google, advertisers, and third-party data brokers. Libert said his goal is "to give privacy enforcers equal technology as privacy violators."
[ » Read full article ]
Wired; Brian Merchant (July 24, 2024)
Hackers Vie for Millions in Contest to Thwart Cyberattacks
About 40 contestants are vying for a $2-million prize in a contest sponsored by the U.S. Defense Advanced Research Projects Agency (DARPA) to come up with an autonomous program capable of scanning lines of open-source code, identifying security flaws, and repairing them. The AIxCC challenge aims to harness AI to counter a lack of skilled engineers to catch poorly maintained open-source software.
[ » Read full article ]
The Washington Post; Joseph Menn (July 27, 2024)
Paris Olympics' Cyber Team Braces for Onslaught
Government, private-sector, and Olympic cybersecurity specialists have collaborated for months to prevent cyberattacks during the Summer Games. ANSSI, the French government's cybersecurity agency, worked with 500 companies, organizations, and facilities that it identified as critical to the Summer Games to perform cybersecurity audits of their systems.
[ » Read full article ]
Bloomberg; Jamie Tarabay; Benoit Berthelot (July 25, 2024)
Meta Agrees to $1.4-Billion Settlement in Biometric Data Suit
Facebook parent Meta agreed to pay $1.4 billion to settle a Texas lawsuit over the unauthorized use of biometric data from users. The suit, filed in 2022 by the state's attorney general, accused Meta of capturing and using the biometric data of millions of Texas residents from uploaded photos and videos on Facebook without permission, violating state law.
[ » Read full article ]
CNBC; Dan Mangan (July 30, 2024)
Georgia Website That Lets Voters Cancel Registrations Displayed Personal Data
Georgia election officials are urging people to use a state website to cancel voter registrations when someone moves out of state or dies, despite a Monday rollout of the site marred by a glitch that allowed people to access others’ personal data. The issue, which has been fixed, underscored concerns that the site could allow outsiders to unjustifiably cancel voter registrations.
[ » Read full article ]
Associated Press; Jeff Amy; Charlotte Kramon (July 30, 2024)
One Question Saved Ferrari from a Deepfake Scam
With one question, an executive at Ferrari stopped an effort to use deepfake technology to scam the company. CEO Benedetto Vigna (pictured) was impersonated on a call by deepfake software that, using a convincing imitation of Vigna's southern Italian accent, said he needed to discuss something confidential that required an unspecified currency-hedge transaction to be carried out. The executive started to have suspicions and asked, for identification purposes, the title of the book Vigna had recently recommended to him. With that, the call ended.
[ » Read full article ]
Bloomberg; Daniele Lepido (July 26, 2024)
China Wants to Start National Internet ID System
Websites and apps in China verify users with their phone numbers, which are tied to personal ID numbers all adults are assigned. Now, the government wants to assume the job of user verification and give people a single ID to use across the Internet. Critics warn such a move would give the government more power to monitor what people do online.
[ » Read full article *May Require Paid Registration ]
The New York Times; Meaghan Tobin; John Liu (July 31, 2024)
U.S. Indicts North Korean Hacker
The U.S. Department of Justice announced on Thursday that Rim Jong Hyok (pictured) was indicted for his alleged role in a scheme to breach U.S. hospital computer systems and extort them for ransom. Rim is an alleged member of a hacking group working for North Korea's military intelligence agency. U.S., South Korean, and British government security agencies on Thursday released information on North Korean hackers’ tactics and warned the hackers were targeting classified and other sensitive information in the nuclear, aerospace, and other sectors to advance their country's military and nuclear programs.
[ » Read full article ]
CNN; Sean Lyngaas (July 25, 2024)
California DMV Puts 42 Million Car Titles on Blockchain
To make the title transfer process more efficient and prevent fraud, the California Department of Motor Vehicles (DMV) digitized 42 million car titles, putting them on Ava Labs' Avalanche blockchain. This will allow California residents to claim their car titles via a mobile app and reduce in-person DMV visits. Additionally, with blockchain technology, a transparent and unalterable record of property ownership will be created, making it easier to detect lien fraud.
[ » Read full article ]
Reuters; Akash Sriram (July 30, 2024)
Senate Passes Legislation Aimed at Protecting Minors Online
The U.S. Senate on Tuesday passed bipartisan legislation aimed at protecting children online. The Kids Online Safety Act requires platforms to provide safeguards for minors, including restricting access to minors’ personal data and providing parents with tools to supervise minors’ use of a platform. The Children and Teens’ Online Privacy Protection Act amends the Children’s Online Privacy Protection Act of 1998 to strengthen protections relating to the online collection, use, and disclosure of personal information of minors.
[ » Read full article ]
CNN; Shania Shelton (July 30, 2024)
Punishment Sought for Russian Troops Using Smartphones in Ukraine War
A draft law proposed by Russia's State Duma Defense Committee would classify the use of electronic devices intended for "household purposes" while in the combat zone in Ukraine as a gross disciplinary offense. These are devices are equipped with cameras, audio, and geolocation functions, such as smartphones. A recent report by cybersecurity software firm Enea found mobile phones could be tracked easily on the battlefield in numerous ways.
[ » Read full article ]
Reuters; Lidia Kelly (July 23, 2024)
Cisco: Cybersecurity, AI Top Investment Priorities For Organizations
Security Week (7/30) reports Cisco’s inaugural State of Industrial Networking report found that cybersecurity and artificial intelligence are the top investment priorities for industrial organizations. Based on a survey of 1,000 individuals from companies in 17 countries across 20 sectors, the report shows 89% of respondents view cybersecurity compliance as very or extremely important. Cybersecurity risks are identified as significant internal and external barriers to growth. Over 60% of respondents reported increased spending on operational technology over the past year.
dtau...@gmail.com
Researchers Uncover AWS Vulnerabilities, 'Shadow Resource' Vector
During a Black Hat USA 2024 session, Aqua Security researchers detailed six critical vulnerabilities in AWS services, which have since been patched, and a new "shadow resource" attack vector. An AWS S3 bucket (shadow resource) is created automatically when customers create a CloudFormation service with the AWS Management Console for the first time in a new region. The researchers identified weaknesses in the bucket-naming process that could allow attackers to guess the name of a potential bucket prior to its creation.
[ » Read full article ]
TechTarget; Rob Wright (August 7, 2024)
Faulty Instructions in Alibaba's T-Head C910 RISC-V CPUs Blow Away All Security
A serious vulnerability in Alibaba subsidiary T-Head Semiconductor's RISC-V processors, identified by researchers at Germany's CISPA Helmholtz Center for Information Security, could allow attackers to assume complete control of a device. The GhostWrite vulnerability affecting the four T-Head C910 CPU cores in the TH1520 SoC could enable attackers to read and write physical memory and execute arbitrary code with kernel and machine-mode privileges.
[ » Read full article ]
The Register (U.K.); Thomas Claburn (August 7, 2024)
Illinois Voter Data Exposed by Unsecured Databases
More than a dozen databases containing sensitive voter information from multiple counties in Illinois were openly accessible on the Internet, revealing 4.6 million records that included driver's license numbers and other personally identifiable information. Security researcher Jeremiah Fowler uncovered a total of 13 exposed databases, none of them password-protected or requiring any type of authentication to access.
[ » Read full article ]
Wired; Lily Hay Newman (August 2, 2024)
Smartphone Flaw Reveals Floor Plans
A security flaw found in smartphones can be used to create a map of the room users are in and determine what they are doing. The vulnerability, discovered by researchers at the Indian Institute of Technology Delhi, uses data in the GPS signal. The researchers created an AI-based system called AndroCon that interpreted the metrics provided by this data from five types of Android smartphones.
[ » Read full article ]
New Scientist; Matthew Sparkes (August 8, 2024)
The Race to Become First Document-Free Airport
Abu Dhabi's Zayed International Airport could become the world's first document-free airport by 2025. As part of its Smart Travel Project, the airport is installing biometric sensors at every identification checkpoint. Biometric information is collected by the Federal Authority for Identity, Citizenship, Customs & Port Security from anyone entering the United Arab Emirates at immigration, and the airport's system accesses this database to verify passengers at each checkpoint.
[ » Read full article ]
CNN; Ana DeOliva (August 7, 2024)
French Museum Network Hit by Ransomware Attack
The central data systems of dozens of museums in the Réunion des Musées Nationaux network in France were targeted by a ransomware attack. While venues in the network are hosting competitions for the Summer Olympics, officials say no events have been disrupted thus far. The attack, detected Sunday, hit data systems used by around 40 museums across the country.
[ » Read full article ]
Associated Press (August 6, 2024)
DOJ Sues TikTok, Alleging It Broke Child Privacy Law
The U.S. Department of Justice (DOJ) on Friday sued TikTok and its China-based owner ByteDance, alleging they violated a children’s privacy law by collecting data on millions of Americans younger than 13. According to the DOJ, TikTok made it too easy for children to create accounts and then collected data on those who did, constituting a “massive-scale” violation of the Children’s Online Privacy Protection Act.
[ » Read full article ]
The Washington Post; Drew Harwell (August 2, 2024)
DOJ Sues TikTok For Allegedly Violating Child Privacy Laws
The New York Times (8/2) reports the Justice Department sued TikTok on Friday, accusing the company of “illegally collecting children’s data and escalating a long-running battle between the U.S. government and the Chinese-owned app.” The Times says according to the DOJ, “TikTok broke the law by gathering personal information from users under the age of 13 without their parents’ permission.” The app also “knowingly allowed children under 13 to create and use TikTok accounts, the government said, and frequently failed to honor parents’ requests to delete their children’s accounts,” and the lawsuit “said those practices violated both the Children’s Online Privacy Protection Act.”
Reuters (8/2, Shepardson) reports the lawsuit, “which was joined by the Federal Trade Commission, said it was aimed at putting an end ‘to TikTok’s unlawful massive-scale invasions of children’s privacy.’” Rep. Frank Pallone (D-NJ) said the lawsuit “underscores the importance of divesting TikTok from Chinese Communist Party control. We simply cannot continue to allow our adversaries to harvest vast troves of Americans’ sensitive data.”
AI Firms Collect Children’s Photos For Age Verification
The Washington Post (8/7) reports that in 2021, London-based artificial intelligence firm Yoti initiated a campaign called “Share to Protect” in South Africa, which would “donate 20 South African rands, about $1, to their children’s school” for every child’s photo submitted. The initiative aimed to improve Yoti’s AI tool “that could estimate a person’s age by analyzing their facial patterns and contours.” While some parents participated, others expressed strong opposition due to privacy concerns. Companies such as Yoti, Incode, and VerifyMyAge “increasingly work as digital gatekeepers, asking users to record a live ‘video selfie’ on their phone or webcam, often while holding up a government ID, so the AI can assess whether they’re old enough to enter.” However, critics argue these systems could lead to privacy violations and misuse of personal data.
dtau...@gmail.com
Ballot Randomization Flaws Threaten Voter Privacy
The paper “DVSorder: Ballot Randomization Flaws Threaten Voter Privacy” identifies a flaw in precinct-based ballot scanners made by Dominion Voting Systems, allowing attackers to link individuals with their votes and compromise ballot secrecy, using only public information. It received a Distinguished Paper Award at the USENIX Security 2024 conference.
Hackers Leak 2.7 Billion Data Records with Social Security Numbers
A threat actor known as Fenice has leaked the most complete version of the nearly 2.7 billion records of personal information for U.S. residents stolen earlier this year from National Public Data. The data can be accessed for free via the Breached hacking forum. Made available in two text files totaling 277GB, the data includes names, Social Security numbers, mailing addresses, and possible aliases. The data was scraped from public sources and sold for use in background checks, criminal records searches, and by private investigators.
[ » Read full article ]
BleepingComputer; Lawrence Abrams (August 11, 2024)
German Cyber Agency Wants Changes in Microsoft, CrowdStrike Products after Outage
Germany's Federal Office for Information Security (BSI) wants changes in the way Microsoft gives security providers access to its Windows kernel and the way CrowdStrike and other cyber firms design their tools, in hopes of curbing that access. The agency says that its efforts are focused on reducing the likelihood of a massive tech outage, like the one that resulted from faulty CrowdStrike software last month.
[ » Read full article *May Require Paid Registration ]
WSJ Pro Cybersecurity; Catherine Stupp (August 14, 2024)
NIST Releases First Three Finalized Post-Quantum Encryption Standards
The National Institute of Standards and Technology (NIST) has released three encryption algorithms designed to withstand cyberattacks from a quantum computer. FIPS 203 is derived from post-quantum cryptographic algorithm Kyber. FIPS 204 is based on Dilithium and is designed to protect digital signatures. FIPS 205 is based on the security of SHA-2 or SHA-3 and offers robust security with very small public keys, generating signatures of about seven kilobytes. Said NIST's Laurie E. Locascio. “Quantum computing technology could become a force for solving many of society’s most intractable problems, and the new standards represent NIST’s commitment to ensuring it will not simultaneously disrupt our security."
[ » Read full article ]
NIST (August 13, 2024)
Experts Try to Hack New Voting Platform
At the DEF CON conference on Aug. 9, hackers attempted to infiltrate the new online Secure Internet Voting (SIV) platform to identify vulnerabilities. The SIV platform is being tested in small pilot programs across the U.S. and was used during a 2023 Republican primary race. Any hackers who identify flaws in the SIV platform will share $10,000 in prize money from SIV.
[ » Read full article ]
Reuters; James Pearson; Christopher Bing (August 9, 2024)
Want to Win a Bike Race? Hack Your Rival's Wireless Shifters
Relatively inexpensive hardware can be used to hack the Shimano Di2 wireless gear-shifting systems used by cyclists, according to researchers at the University of California San Diego and Northeastern University. They tested the eavesdrop-and-replay attack with a $1,500 USRP software-defined radio, an antenna, and a laptop but said the setup could be miniaturized. Attackers could spoof signals from up to 30 feet away, causing the target bike to shift gears unexpectedly or lock into the wrong gear. Shimano has released a firmware update to remedy the issue.
[ » Read full article ]
Wired; Andy Greenberg (August 14, 2024)
Home Robots Can Be Hacked to Spy on Owners
Security researchers Dennis Giese and Braelynn found vulnerabilities in Ecovacs' vacuum and lawnmower robots that could allow hackers to access the devices' cameras and microphones. The researchers found that anyone with a phone who is within 450 feet of an Ecovacs robot can hack the device via Bluetooth, then remotely access the microphones and cameras to spy on users. They also found that data stored on the robots, as well as the authentication token, stays on Ecovacs' cloud servers even after a user deletes their account, and the PIN number used to protect the lawnmower robots is stored in plain text inside the device.
[ » Read full article ]
TechCrunch; Lorenzo Franceschi-Bicchierai (August 9, 2024)
Infrared Laser Spies on Laptop's Keystrokes
Hacker Samy Kamkar (pictured) demonstrated a light-based keystroke eavesdropping technique at the Defcon security conference. The technique involves pointing an invisible laser through a window at a laptop and recording the computer's vibrations to reconstruct the characters being typed. Kamkar said his open-source surveillance system features the first laser microphone "modulated in the radio frequency domain," with the ability to pick up anything spoken or typed in the targeted room. Using the 400-kilohertz frequency, the laser microphone can convert sound into light, then into radio, and then back into sound.
[ » Read full article ]
Wired; Andy Greenberg (August 8, 2024)
GPS Spoofers 'Hack Time' on Commercial Airlines
A recent surge in GPS “spoofing” includes incidents in which time had been "hacked," according to Ken Munro, founder of cybersecurity firm Pen Test Partners. During a presentation at the DEF CON hacking convention on Saturday, Munro said, “We think too much about GPS being a source of position, but it's actually a source of time.” He described a recent case in which an aircraft operated by a major Western airline had its onboard clocks suddenly sent forward by years, causing the plane to lose access to its digitally-encrypted communication systems.
[ » Read full article ]
Reuters; James Pearson (August 10, 2024)
Computer Crash Reports Are Untapped Hacker Gold Mine
During a presentation at the Black Hat security conference, Mac security researcher Patrick Wardle explained that crash reports revealed the cause of the worldwide computer outages related to a flawed software update from CrowdStrike before it was officially disclosed. Wardle said crash reports provide valuable information about coding issues and potentially exploitable software vulnerabilities, with cyber criminals and state-backed hackers combing through them for information they can use to their advantage. Wardle presented multiple vulnerabilities he discovered in crash reports on his own devices, including bugs in the analysis tool YARA and in the current version of Apple's macOS operating system.
[ » Read full article ]
Wired; Lily Hay Newman (August 8, 2024)
Trump Campaign Confirms It Was Hacked
Former President Donald Trump’s campaign said Saturday that some of its internal emails had been hacked. The admission came after Politico started receiving emails from an anonymous account with documents from inside Trump’s operation, including a research dossier the campaign had done on Trump’s running mate, Ohio Sen. JD Vance. The campaign blamed “foreign sources hostile to the U.S.,” citing a Microsoft report on Friday that Iranian hackers “sent a spear phishing email in June to a high-ranking official on a presidential campaign.”
[ » Read full article ]
Politico; Alex Isenstadt (August 10, 2024)
Tech Giants To Aid Small Hospitals With Cybersecurity
NPR (8/14, Bolton) reports that tech companies Google and Microsoft will provide cybersecurity services to small hospitals following recent cyberattacks. On June 10, the Biden Administration announced these protections, including free security assessments and up to 75% discounts on cybersecurity tools. Cyberattacks against US healthcare have more than doubled between 2022 and 2023, affecting patient care. Smaller hospitals, often targets due to limited resources, face significant challenges in securing their systems. Experts, like Beau Woods and Amie Stepanovich, emphasize the necessity of these measures and call for continued support. Simulations, such as those led by CyberMed Summit, highlight the critical need for preparedness in handling cyberattacks.
Daniel Tauritz
Worldcoin Battles with Governments over Your Eyes
Governments increasingly are concerned the Worldcoin biometric cryptocurrency project, headed by OpenAI's Sam Altman, is building a global biometric database with minimal oversight. The initiative's goal is to scan the eyes of every human, issue online "World ID" passports to prove users are human, and make payments to users in Worldcoin's WLD cryptocurrency. Governments have raised concerns over reports that operators of Worldcoin's iris-scanning devices are encouraging users to allow Worldcoin to use their iris scans to train its algorithms.
[ » Read full article *May Require Paid Registration ]
The Wall Street Journal; Angus Berwick; Berber Jin (August 18, 2024)
Android Phones Sold with Hidden Insecure Feature
Google’s master software for some Android phones includes a hidden feature that could be activated to allow remote control or spying on users, according to security company iVerify, which found the feature inside phones at a U.S. intelligence contractor. The feature is intended to give employees at stores deep access to phones so they can demonstrate how they work. The application, called Showcase.apk, is normally dormant, but iVerify was able to enable it on a device in its possession.
[ » Read full article ]
The Washington Post; Joseph Menn (August 15, 2024)
A Loophole in Digital Wallet Security
University of Massachusetts Amherst computer engineers found that Apple Pay, Google Pay, PayPal, and similar digital wallets are not secure, as they rely on outdated authentication methods and put a higher priority on convenience than security. The researchers noted that digital wallets lack an adequate mechanism to authenticate whether the user of a payment card is the registered cardholder, adding that when cards are reported stolen, banks block transactions from the physical card, but not digital wallet transactions.
[ » Read full article ]
University of Massachusetts Amherst (August 14, 2024)
U.S. Government Wants You — Yes, You — to Hunt Down Generative AI Flaws
Ethical AI and algorithmic assessment nonprofit Humane Intelligence and the National Institute of Standards and Technology (NIST) are calling for public participation in the qualifying round of NIST's Assessing Risks and Impacts of AI challenge. Those who make it through the online qualifier will participate in an in-person red-teaming event to assess AI office productivity software at the Conference on Applied Machine Learning in Information Security in October. Said Humane Intelligence's Theo Skeadas, "We want to democratize the ability to conduct evaluations and make sure everyone using these models can assess for themselves whether or not the model is meeting their needs."
[ » Read full article ]
Wired; Lily Hay Newman (August 21, 2024)
Swiss to Join Two EU Security Cooperation Projects
Switzerland's Federal Council announced it will participate in the Military Mobility and Cyber Ranges Federation initiatives as part of the EU's Permanent Structured Cooperation policy. The Military Mobility initiative is intended to facilitate cross-border transport and movement applications processing, while the Cyber Ranges Federation's goal is to improve cyber defense cooperation. This follows Switzerland's decision to enhance its defenses against cyberattacks by joining the European Cyber Security Organization.
[ » Read full article ]
Reuters; John Revill; Dave Graham (August 21, 2024)
U.S. Firms Warn Against ‘Unprecedented’ Hong Kong Cyber Rules
Some U.S. firms warn that proposed cyber regulations in Hong Kong could be used by the Hong Kong government to access to their computer systems. The Asia Internet Coalition is among the bodies critical of new rules that, officials say, are designed to protect critical infrastructure from cyberattacks. A key objection was to proposed investigative powers for authorities that would allow them to connect their equipment to critical computer systems owned by private firms, and even to install programs on them.
[ » Read full article ]
Bloomberg; Newley Purnell (August 20, 2024)
The Top Programming Languages of 2024
Python dominates IEEE Spectrum's 11th annual rankings of the most popular programming languages, despite ranking second after database query language SQL, in terms of programming languages popular with employers. Java, Javascript, and C++ continue to rank toward the top, but Typescript is climbing up the ranks. Also making gains is Rust, which can be attributed, in part, to a February White House cybersecurity report that called for C and C++ to be replaced by memory-safe programming languages.
[ » Read full article ]
IEEE Spectrum; Stephen Cass (August 22, 2024)
ACM USTPC Calls for Public Investigation to Prevent Repeat of CrowdStrike Incident
ACM's U.S. Technology Policy Committee (USTPC) released a statement on the global outage caused last month by a faulty CrowdStrike update, noting that while the cybersecurity technology company provided some information as to how the outage happened, more details are needed. ACM USTPC urges all aspects of the incident be thoroughly, publicly investigated, to guard against such incidents in the future.
[ » Read full article ]
ACM Media Center (August 20, 2024)
Halliburton Hit by Apparent Cyberattack
A source said a cyberattack at Halliburton is affecting business operations at the oilfield services firm's Houston campus and some global networks. In a statement, Halliburton said, "We are aware of an issue affecting certain company systems and are working diligently to assess the cause and potential impact." A U.S. Department of Energy spokesperson said the agency is "aware of reports of a cyber incident impacting an energy services company," adding, "there are no indications that the incident is impacting energy services at this time."
[ » Read full article ]
CNN; Matt Egan (August 22, 2024)
Pentagon's New Supercomputer to Boost Defense Against Biothreats
The U.S. Department of Defense (DOD) announced a new supercomputer and rapid response laboratory (RRL) intended to bolster its Chemical and Biological Defense Program's Generative Unconstrained Intelligent Drug Engineering (GUIDE) program. The supercomputer will use AI modeling, simulations, threat classification, and medical countermeasure development in conjunction with the RRL to improve biodefenses.
[ » Read full article ]
TechRadar; Benedict Collins (August 19, 2024)
Pakistan Internet Slowdown Blamed on National Firewall
Pakistan's Internet speeds have slowed, in some cases to less than 50% of its usual capacity. Pakistan Software House Association said the economy could lose $300 million as a result of business interruptions related to the Internet slowdown, attributing it to the implementation of a national firewall. Minister for Information and Technology Shiza Fatima blamed the slow connections on the use of virtual private networks, and said the government has not imposed any restrictions.
[ » Read full article ]
Associated Press; Babar Dogar; Asim Tanveer (August 19, 2024)
OpenAI Disrupts AI-Based Iranian Influence Campaign
The New York Times (8/16, Metz) reported OpenAI “said on Friday that it had discovered and disrupted an Iranian influence campaign that used the company’s generative artificial intelligence technologies to spread misinformation online, including content related to the U.S. presidential election.” The company “said it had banned several accounts linked to the campaign from its online services,” but it “added that a majority of the campaign’s social media posts had received few or no likes, shares or comments, and that it had found little evidence that web articles produced by the campaigns were shared across social media.” The campaign had “used its technologies to generate articles and shorter comments posted on websites and on social media.”
The Washington Post (8/16) explains that “the sites and social media accounts that OpenAI discovered posted articles and opinions made with help from ChatGPT on topics including the conflict in Gaza and the Olympic Games,” as well as “material about the U.S. presidential election, spreading misinformation and writing critically about both candidates.” Ben Nimmo, “principal investigator on OpenAI’s intelligence and investigations team, said the activity was the first case of the company detecting an operation that had the U.S. election as a primary target,” adding, “Even though it doesn’t seem to have reached people, it’s an important reminder, we all need to stay alert but stay calm.”
dtau...@gmail.com
Chinese Government Hackers Penetrate U.S. ISPs
U.S. Internet service providers (ISPs) have been breached by Chinese government-backed hackers, say researchers, with the goal of gathering intelligence on users. Government and military personnel working undercover and groups of strategic interest to China are thought to be the primary targets. Lumen Technologies researchers said three U.S. ISPs were hacked this summer via a previously unknown zero-day flaw in a Versa Networks program used for managing wide-area networks.
[ » Read full article ]
The Washington Post; Joseph Menn (August 27, 2024)
Telegram Founder’s Indictment Thrusts Encryption into the Spotlight
Telegram CEO Pavel Durov's indictment in France for various criminal offenses includes accusations that the messaging platform had provided cryptology services aimed at ensuring confidentiality without a license. Encryption has been a long-running point of friction between governments and tech companies, with the latter arguing it is crucial for digital privacy, while the former say it enables illegal activity. Telegram’s encryption does not offer the same transparency as encryption provided on other messaging platforms.
[ » Read full article *May Require Paid Registration ]
The New York Times; Mike Isaac; Sheera Frenkel (August 30, 2024)
Struggling to Unlock Your Phone? You Might Have Lost Your Fingerprints
Fingerprints increasingly are being used in security applications, but this can pose a problem for people who lose their fingerprints. This can occur as people age, as well as from "microtrauma," such as repeated wear on the fingertips from gaming, typing, construction work, and rock climbing, among other things. Forensic scientist Glenn Langenburg said the use of multiple biometric factors, such as retinal scans or face ID, could help address fingerprint issues.
[ » Read full article ]
Wired; Dawn Fallik (August 26, 2024)
Computer Scientists Discover Vulnerabilities in Popular Security Protocol
University of California San Diego computer scientists led a research team that identified a decades' old flaw in the Remote Authentication Dial-In User Service (RADIUS) protocol. The Blast-RADIUS vulnerability could allow for "a man in the middle" to attack communication between a RADIUS client or networked device and the RADIUS server. The researchers attributed the flaw to RADIUS being developed prior to an understanding of cryptographic protocol design. Short-term patches have been issued by vendors.
[ » Read full article ]
UC San Diego Today; Katie E. Ismael (August 20, 2024)
Multiple Flaws in Microsoft macOS Apps Unpatched Despite Potential Risks
Security researchers at Cisco Talos identified eight flaws in Microsoft's macOS apps that could allow hackers to access a device to record video and sound, obtain sensitive data, log user input, and escalate privileges. The vulnerabilities affect Microsoft products Excel, OneNote, Outlook, PowerPoint, Teams, and Word. The researchers said Microsoft considers the flaws to be low risk and has no plans to fix them.
[ » Read full article ]
The Register; Connor Jones (August 19, 2024)
Check Point security researchers reported a "significant operational security error" by the suspected developer of the new Styx Stealer malware in which he exposed his identity and "provided valuable intelligence about other cybercriminals." The information leak occurred when the Styx Stealer developer used a Telegram bot token provided by a customer involved in the Agent Tesla malware campaign to debug the stealer on his own computer. The leaked information included his Telegram accounts, emails, and contacts.
[ » Read full article ]
The Record; Daryna Antoniuk (August 20, 2024)
Toward a Code-Breaking Quantum Computer
Massachusetts Institute of Technology (MIT) researchers have developed an algorithm that could help pave the way for encryption methods strong enough to withstand a quantum computer's code-breaking power and feasible to implement. The new algorithm uses a series of Fibonacci numbers requiring simple multiplication instead of squaring, which allows any exponent to be computed using only two qubits. It also addresses error correction, filtering out corrupt results and processing only correct ones.
[ » Read full article ]
MIT News; Adam Zewe (August 23, 2024)
Protecting Connected Self-Driving Vehicles from Hackers
University of Michigan (U-M) researchers found that connected self-driving vehicles are vulnerable to data fabrication attacks, which occur when hackers remove real objects from or insert fake objects into perception data. Researchers at U-M's Mcity Test Facility used falsified LiDAR-based 3D sensor data and zero-delay attack scheduling to better understand the security vulnerabilities, and developed the Collaborative Anomaly Detection system as a countermeasure. The system uses shared 2D occupancy maps to cross-check the data and quickly identify geometric inconsistencies.
[ » Read full article ]
University of Michigan Computer Science and Engineering; Patricia DeLacey (August 20, 2024)
China's AI Engineers Secretly Access Banned Nvidia Chips
Chinese AI developers increasingly are skirting U.S. export controls that prevent them from directly importing Nvidia chips by working with brokers to access them overseas. The users' identities are concealed through "smart contracts" via the blockchain, and the transactions are paid for using cryptocurrency. Experts say these arrangements do not break any laws.
[ » Read full article *May Require Paid Registration ]
The Wall Street Journal; Raffaele Huang (August 26, 2024)
Meta Reports Iranian Hackers Targeted Administration Officials Using WhatsApp
The Washington Post (8/23, Menn) reported Meta on Friday revealed that “Iranian government hackers accused of breaching the Trump campaign with deceptive emails also used WhatsApp accounts to try to trick former Biden and Trump administration officials.” The company “said it discovered the effort after users reported suspicious messages in which the hackers posed as customer support representatives from Microsoft, Google, Yahoo and AOL.” Meta “investigated and suspended fewer than a dozen accounts that had targeted fewer than two dozen people in the United States, Israel, Iran and elsewhere,” though it “said the efforts were in their early stages and that it had not seen evidence that any had succeeded.”
Meanwhile, Reuters (8/23, Bing, Slattery) discussed how the APT42 hacking group behind the campaign “is known for placing surveillance software on the mobile phones of its victims, enabling them to record calls, steal texts and silently turn on cameras and microphones,” according to experts. The group is “widely believed to be associated with an intelligence division inside Iran’s military,” and “their appearance in the U.S. election is noteworthy, sources told Reuters, because of their invasive espionage approach against high-value targets in Washington and Israel.” APT42 “also commonly impersonates journalists and Washington think tanks in complex, email-based social engineering operations that aim to lure their targeting into opening booby-trapped messages.”
Schools Need To Plan For Cyberattacks
Education Week (8/28, Bushweller) reports that recent paralysis of many different kinds of companies and organizations due to CrowdStrike’s faulty software update shows how schools need to be ready to deal with the loss of computers. Even is a school’s systems are affected, vendors and other organizations the school relies on may be. Chief technology officers and tech emphasize that educators need alternative plans, such as taking roll by hand, using printed materials instead of online curricula, and other adaptations.
dtau...@gmail.com
SQL Injection Bypasses Airport Security Checks
Security researchers identified a flaw in a third-party Web-based service used by airlines to manage the Known Crewmember (KCM) program and the Cockpit Access Security System (CASS). They found the FlyCASS login system was vulnerable to SQL injection, which could allow hackers to log in as an administrator and manipulate employee data. The U.S. Department of Homeland Security said FlyCASS was disconnected from KCM/CASS in May; the vulnerability reportedly was fixed soon afterward.
[ » Read full article ]
BleepingComputer; Sergiu Gatlan (August 30, 2024)
Quantum Holograms Can Send Messages That Disappear
Quantum holograms developed by researchers at the U.K.’s University of Exeter can be used to embed secure messages that are erased after sending. The researchers used a metasurface to create quantum holograms in which complex information can be encoded and recovered. Said Andrew Forbes of South Africa’s University of the Witwatersrand, “Everybody’s dream is to see all this quantum technology that spreads out over many square meters on a table to be compact enough to sit in your smartphone. Metasurfaces seem to be a good way to go [about that].”
[ » Read full article *May Require Paid Registration ]
New Scientist; Karmela Padavic-Callaghan (August 30, 2024)
Education Sector Saw Record Number Of Ransomware Attacks In 2023
K-12 Dive (8/30) reported that ransomware attacks on schools and colleges reached a record high in 2023, with 121 incidents compared to 71 in 2022, according to a Tuesday report by Comparitech. The education sector experienced an average downtime of 12.6 school days due to these attacks, up from 8.7 days in 2021. Comparitech estimates the average cost of downtime to be $548,185 per day, based on data from 26 institutions between 2018 and 2024. The report notes difficulties in accurately measuring attacks due to lack of universal reporting requirements. However, more schools and colleges “will be required to report such cyberattacks when the Cyber Incident Reporting for Critical Infrastructure Act of 2022, or CIRCIA, goes into effect no later than October 2025.”
White House Urges Federal Agencies To Increase Internet Routing Security
Reuters (9/3, Shepardson) reports that on Tuesday the White House called on federal agencies to “boost internet routing security on networks in the face of concerns raised by U.S. officials about China’s ability to divert internet traffic.” The White House Office of the National Cyber Director (ONCD) “in a report outlined a series of efforts, aimed at addressing a key security vulnerability associated with the Border Gateway Protocol, or BGP, which is central to the internet’s global information routing system.” ONCD “said federal agencies should implement routing security on their networks and seeks to require U.S government-contracted service providers to deploy current commercially viable internet routing security technologies.” Traffic can be “inadvertently or purposely diverted, which may expose personal information; enable theft, extortion, and state-level espionage; disrupt security-critical transactions; and disrupt critical infrastructure operations,” according to the report, which said the BGP’s “original design properties do not adequately address the threat to and resilience requirements of today’s internet ecosystem.”
FCC Announces Program Aimed At Boosting Cybersecurity For Schools, Libraries
Stars and Stripes (9/4) reports that in “an important step toward federal funding for much-needed school cybersecurity tools and services, the application window for the three-year $200 million Schools and Libraries Cybersecurity Pilot Program is set to open this fall.” Approved “by the Federal Communications Commission (FCC) in June, the program’s short-term goal is to fund cybersecurity measures for a select group of K-12 schools and libraries most in need. Long term, the aim is to gather data on the resources necessary to improve cybersecurity in schools and libraries throughout the United States.” Leaders “of education organizations such as the nonprofit Schools, Health and Libraries Broadband Coalition (SHLB) said the hope is the FCC will use the pilot data to add appropriate cybersecurity funding to its E-rate program.” E-rate “currently helps schools and libraries pay for telecommunications and Internet services but does not fund cybersecurity measures beyond a basic firewall.”
dtau...@gmail.com
Cyberattacks on U.S. Utilities Surged 70% This Year, Says Check Point
Check Point Research reported an almost 70% increase in cyberattacks against U.S. utilities during the first eight months of 2024, totaling 1,162 compared with 689 during the same period in 2023. Although none of these cyberattacks impaired U.S. utilities, industry experts say there are more potential points of attack as the grid expands, citing in particular incremental interconnections to generative AI datacenters.
[ » Read full article ]
Reuters; Seher Dareen; Srivastava Vallari (September 11, 2024)
Google AI Model Faces EU Scrutiny from Privacy Watchdog
EU regulators said Thursday they’re looking into Google’s Pathways Language Model 2 (PaLM2) over concerns about its compliance with the bloc’s data privacy rules. Ireland’s Data Protection Commission, which has oversight of Google in data privacy matters, said it has opened an inquiry to assess whether the AI model's data processing would likely result in a “high risk to the rights and freedoms of individuals” in the bloc.
[ » Read full article ]
Associated Press; Kelvin Chan (September 11, 2024)
U.S. Proposes Requiring Reporting for Advanced AI, Cloud Providers
The U.S. Department of Commerce's Bureau of Industry and Security has proposed mandatory reporting requirements for AI developers and cloud computing providers regarding the development of "frontier" AI models and computing clusters. The reporting would cover cybersecurity measures and outcomes from "red-teaming efforts," such as testing whether AI models can assist in cyberattacks or enable non-experts to develop chemical, biological, radiological, or nuclear weapons.
[ » Read full article ]
Reuters; David Shepardson (September 9, 2024)
RAMBO Steals Data Using RAM in Air-Gapped Computers
A side-channel attack created by a team led by Mordechai Guri of Israel's Ben-Gurion University of the Negev generates electromagnetic radiation from a device's Random-Access Memory (RAM) to send data from air-gapped computers. RAMBO (Radiation of Air-gapped Memory Bus for Offense) requires malware to be planted on an air-gapped computer to collect data and prepare it for transmission. It transmits the data by manipulating memory access patterns to generate controlled electromagnetic emissions from the device's RAM.
[ » Read full article ]
BleepingComputer; Bill Toulas (September 7, 2024)
EU Opened a Door to a Universal Wallet. Berners-Lee Wants to Enter
The EU plans to launch the European digital identity (eID) by 2026, allowing citizens to use a single digital wallet app to manage finances, access services, sign contracts, and travel. ACM A.M. Turing Award laureate Tim Berners-Lee and his startup Inrupt recently launched a universal data wallet infrastructure that enables interoperability across multiple servers, securely hosting data in personal data "pods," with the user maintaining control. Berners-Lee said he expects the EU to set an “important bar” for wallets and enforce “a standard” for credentials.
[ » Read full article ]
The Next Web; Thomas Macaulay (September 6, 2024)
Smart Speakers at Crime Scenes Could Provide Valuable Clues
Data can be extracted from smart speakers at crime scenes, without having to obtain it from their owner or the manufacturer. In a test of Amazon's Echo Show 15, researchers at Germany's University of Erlangen-Nuremberg were able to access the device's local data and data stored in the cloud. The Echo Show's unencrypted file system provided logs of detected movement and faces recognized by the built-in camera and AI.
[ » Read full article *May Require Paid Registration ]
New Scientist; Matthew Sparkes (September 6, 2024)
A Janco Associates analysis of U.S. Department of Labor data revealed the unemployment rate for IT workers climbed to 6% in August. Janco's Victor Janulaitis said the rate is the highest since the end of the dot-com bubble in the early 2000s and attributed the increase to "seismic changes" in the tech landscape brought on by AI. On the other hand, said Janulaitis, AI and cybersecurity roles are experiencing growth.
[ » Read full article *May Require Paid Registration ]
The Wall Street Journal; Belle Lin (September 7, 2024)
Rising Cyber Threats Target Critical Infrastructure
Government Technology (9/5, Pattinson Gordon) reported that critical infrastructure sectors such as water, electricity, and satellites face escalating cyber threats. Legacy systems and increased connectivity challenge water utilities and the power grid, while outdated satellite designs struggle with modern cyber risks. The water sector, in particular, has seen a 300 percent increase in ransomware attacks from 2021 to 2023, according to FBI reports. Federal agencies and organizations like CISA and WaterISAC are providing guidance and resources to enhance cyber resilience. Meanwhile, the energy sector faces similar threats, with experts emphasizing the potential for societal panic from even minor disruptions. Daniel G. Cole, an assistant professor of mechanical engineering at the University of Pittsburgh, previously told Government Technology that “traditional energy infrastructure can struggle with legacy systems and operators are often wary of upgrading, lest doing so cause disruptions.” Regardless, efforts are underway to bolster cybersecurity across these sectors, including federal initiatives and international collaborations.
Increasing Use Of Biometric Information May Pose Risks
The Wall Street Journal (9/8, James, Subscription Publication) reports that with businesses and the government using biometric information such as palm or face scans to identify people, there are related risks, but the risks, according to the report, seem to be largely taken care of at present. That’s because the face and hand scans are themselves deleted, being stored in an encoded numerical form. In addition, the scans are generally being used in public places where it would be nearly impossible to defraud a palm scan by using a photograph, or a face scan with a mask. The dangers of fraud may be greater with more sophisticated AI-generated fakes if the scans are occurring via computer or phone in a non-public situation.
University Of Delaware Piloting AI Study Tools
Inside Higher Ed (9/9, Mowreader) reports that the University of Delaware (UD) has launched a pilot initiative “that will transform recorded lectures into study guides, flash cards and practice quizzes” using generative AI technology, starting this fall. The leader of Academic Technology Systems (ATS) at UD explained that the AI builds a knowledge graph from lecture transcripts, which faculty members then review for accuracy. The initiative, “developed in-house at the university, leads with ethical principles and prioritizes faculty content ownership to protect all participants, as well,” ensuring privacy through Amazon Web Services Bedrock encryption. The development team “includes two software engineers, some instructional designers, a user-interface developer and a Ph.D. student who used to work as a software developer.” Currently, the project is being piloted in two psychology courses.
Microsoft Holds Cybersecurity Summit
Reuters (9/10) reports Microsoft “held a summit on Tuesday to discuss steps to improve cybersecurity systems, after a faulty software update from CrowdStrike caused a global IT outage in July.” The event “marked the first significant step by Microsoft to address the issues that affected nearly 8.5 million Windows devices on July 19, disrupting operations across industries ranging from major airlines to banks and healthcare.”
Americans Lost $5.6B In Crypto Scams Last Year
NBC News (9/10) reports, “Americans reported losing $5.6 billion to cryptocurrency scams in 2023, with older Americans hit the hardest, according to the FBI.” The FBI’s Cryptocurrency Fraud Report “shows that Americans reported more than 69,000 complaints last year saying they had been scammed into sending cryptocurrency to criminals, often by using commonly available crypto ATMs.” Victims who were “60 years old and older filed more than 16,000 complaints of cryptocurrency fraud and reported losing over $1.6 billion, much more than any other age group,” while those “under 20 had the fewest, with 858 complaints totalling almost $15 million.”
Microsoft To Build New Platform Capability For Cybersecurity Firms In Wake Of Crowdstrike Outage
Bloomberg (9/12, Bleiberg, Subscription Publication) reports Microsoft “said it’s building an alternative for cybersecurity companies that now utilize the deepest layer of its operating system after a flawed update from CrowdStrike Holdings Inc. triggered a global IT meltdown.” The company “announced Thursday that it would ‘continue to design and develop’ a ‘new platform capability’ in response to what it said was customer and partner demand to enable security vendors to operate outside of kernel mode, the base layer of the operating system.” Such a shift “would require major retooling by Microsoft and by some outside cybersecurity companies that use kernel access to monitor potential threats.” The goal, “Microsoft said, was ‘enhanced reliability without sacrificing security.’” The announcement “follows a Sept. 10 meeting between Microsoft and other cybersecurity companies to discuss deploying updates safely and alternatives to kernel access.”
dtau...@gmail.com
FTC Report Assails Social Networks’ Privacy, Safety Practices
In a staff report released Thursday, the U.S. Federal Trade Commission (FTC) summed up a years-long study into industry practices by criticizing social media and online streaming companies for not “consistently prioritizing” users’ privacy, for broadly gleaning data to feed new AI tools, and for refusing to confront potential risks to kids. FTC’s Lina Khan said the report shows how companies’ practices “can endanger people’s privacy, threaten their freedoms, and expose them to a host of harms.”
[ » Read full article *May Require Paid Registration ]
The Washington Post; Cristiano Lima-Strong; Naomi Nix (September 19, 2024)
Apple Vision Pro's Eye Tracking Exposed What People Type
Computer scientists from the University of Florida, Texas Tech University, and blockchain security firm CertiK demonstrated that hackers can decipher the letters typed by users of Apple's Vision Pro mixed reality headsets with their eyes. The GAZEploit vulnerability involves a recurrent neural network that analyzes the user's 3D avatar to identify when they are typing and geometric calculations that determine the user's keyboard position and size. Apple has fixed the vulnerability.
[ » Read full article ]
Wired; Matt Burgess (September 12, 2024)
How $20 and a Lapsed Domain Allowed Security Pros to Undermine Internet Integrity
Researchers at watchTowr Labs discovered a vulnerability in the WHOIS protocol that could undermine certificate authorities. They found the WHOIS server for [.]mobi had migrated from whois[.]dotmobiregistry[.]net to whois[.]nic[.]mobi, and they acquired the expired domain for $20. The researchers then deployed a new WHOIS server and identified users that had yet to update their client to the new nic[.]mobi address. Within a week, the researchers reported more than 135,000 unique systems speaking to the server and more than 2.5 million queries.
[ » Read full article ]
The Register; Jessica Lyons (September 11, 2024)
As Quantum Computing Threats Loom, Microsoft Updates Its Core Crypto Library
Microsoft updated its SymCrypt cryptographic library with two new encryption algorithms to protect against attacks from quantum computers. The new algorithms were ML-KEM (Module Learning with Errors-Key Encapsulation), one of three post-quantum standards formalized in August by the National Institute of Standards and Technology (NIST), and the NIST-recommended XMSS (eXtended Merkle Signature Scheme).
[ » Read full article ]
Ars Technica; Dan Goodin (September 11, 2024)
Operational Technology Leaves Itself Open to Cyberattack
Team82 security researchers analyzed data from more than 50,000 remote access-enabled devices and determined the uncontrolled use of remote access tools (RATs) poses a danger to operational technology (OT). The researchers found 55% of organizations use at least four RATs, and another 33% used six or more. The researchers recommend centralized management of RATs in OT and industrial control systems, with common access control policies.
[ » Read full article ]
Infosecurity Magazine; Stephen Pritchard (September 11, 2024)
Malaysia Shelves Web Traffic Re-Routing Plan After Censorship Concerns
Malaysian Communications Minister Fahmi Fadzil said the Malaysian Communications and Multimedia Commission (MCMC) will no longer re-route Web traffic through local domain name servers (DNS) beginning Sept. 30. The directive, which would have redirected user requests from third-party DNS servers to those operated by Malaysian Internet service providers, had generated concerns about online censorship and cybersecurity.
[ » Read full article ]
Reuters; Rozanna Latiff; Xinghui Kok (September 8, 2024)
PIXHELL Attack Exploits LCD Screen Noise to Exfiltrate Data from Air-Gapped Computers
Researchers at Israel's Ben Gurion University of the Negev discovered a side-channel attack that leverages the noise generated by pixel patterns on the LCD screens of air-gapped computers. Ben Gurion University's Mordechai Guri said the PIXHELL attack "exploits the sound generated by coils and capacitors to control the frequencies emanating from the screen." PIXHELL uses malware deployed on the compromised device to create an acoustic channel and exfiltrate sensitive data by encoding it within the acoustic signals.
[ » Read full article ]
The Hacker News; Ravie Lakshmanan (September 10, 2024)
dtau...@gmail.com
China-Linked Hackers Breach U.S. ISPs
Sources say Chinese state-backed hackers breached U.S. Internet-service providers (ISPs) to obtain sensitive information as part of the "Salt Typhoon" hacking campaign. Investigators are working to determine whether Cisco System's routers and core network components were infiltrated; Microsoft also reportedly is looking into whether its data may have been exposed.
[ » Read full article *May Require Paid Registration ]
The Wall Street Journal; Sarah Krouse; Robert McMillan; Dustin Volz (September 26, 2024); et al.
HP Spots Malware Attack Likely Built with Generative AI
HP security researchers identified malware likely created using generative AI. The firm's Sure Click anti-phishing system flagged a suspicious email attachment for French language users that contained an HTML file requiring a password to open it. After the researchers determined the correct password, the HTML generated a ZIP file containing the AsyncRAT malware. The researchers found the malicious code’s “structure, consistent comments for each function, and the choice of function names and variables" suggested the use of GenAI.
[ » Read full article ]
PC Magazine; Michael Kan (September 24, 2024)
Some U.S. Kaspersky Customers Find Their Security Software Replaced
Following the U.S. government's ban on the sale of Kaspersky products over concerns that Russia could use them to spy on U.S. citizens, users of the firm's antivirus products on Windows systems have had their software replaced automatically by something labelled UltraAV. UltraAV software reportedly has not undergone testing by the Anti-Malware Testing Standards Organization, and most major antivirus testing laboratories have not seen UltraAV's code.
[ » Read full article ]
The Register; Iain Thomson (September 24, 2024)
Smart TVs Take Snapshots of What You Watch Multiple Times Per Second
Samsung and LG smart TVs take multiple screenshots per second, found researchers at the University of California, Davis, even when users connect laptops or video game consoles to the TVs via HDMI. The researchers found the smart TVs uploaded snapshots of broadcasts from the TV antenna or content from HDMI-connected devices, but not when streaming from third-party apps like Netflix, mirroring YouTube content streamed on a separate device, or when sitting idle.
[ » Read full article *May Require Paid Registration ]
New Scientist; Jeremy Hsu (September 24, 2024)
California Governor Vetoes Bill Requiring Opt-Out Signals for Sale of User Data
A bill vetoed by California Gov. Gavin Newsom would have required Web browsers and mobile operating systems (OS) to have settings that allow consumers to send opt-out preference signals for the sale and sharing of their sensitive personal information. Newsom noted, “No major mobile OS incorporates an option for an opt-out signal," adding, "To ensure the ongoing usability of mobile devices, it's best if design questions are first addressed by developers, rather than by regulators."
[ » Read full article ]
Ars Technica; Jon Brodkin (September 24, 2024)
Telegram Will Now Provide Some User Data to Authorities
The Telegram messaging app has changed its terms of service and privacy policy to state that it will provide users' IP addresses and phone numbers in response to search warrants or other valid legal requests from authorities. Stanford University's Daphne Keller said that policy likely will not satisfy the requirements of French and European law, noting that some countries require authorities to be notified when child sexual abuse material and other illegal content is posted.
[ » Read full article ]
BBC; Lily Jamali (September 23, 2024)
Google Chrome Switches to ML-KEM for Post-Quantum Cryptography Defense
Google said it will move from KYBER to ML-KEM (Module-Lattice-based Key-Encapsulation Mechanism) for post-quantum cryptography defense with version 131 of its Chrome browser, slated for release in early November. The company attributed the switch to changes in the final version of ML-KEM, which make it incompatible with KYBER.
[ » Read full article ]
The Hacker News; Ravie Lakshmanan (September 17, 2024)
Study Finds Thousands of Browser Extensions Compromise User Data
Georgia Institute of Technology researchers developed the Arcanum web framework to study the more than 100,000 functional browser extensions available in the Google Chrome Web Store to determine whether they extract user data from websites containing sensitive data. The researchers found user-specific data is collected automatically by more than 3,000 browser extensions, more than 200 of which uploaded sensitive user data from webpages to servers.
[ » Read full article ]
Georgia Tech News Center (September 17, 2024)
Researchers Uncover RCE Exploit in Google Cloud
Tenable researchers identified a significant vulnerability in Google Cloud Platform (GPC) that could have enabled threat actors to run malicious code on millions of GPC servers remotely. The researchers said the "dependency confusion" flaw known as CloudImposer was located in GCP's Composer dependency installation process, and would have allowed hackers to upload a malicious package to PyPI that would be preinstalled on all Composer instances with high permissions. The flaw has been fixed.
[ » Read full article ]
TechRadar; Sead Fadilpasic (September 17, 2024)
C++ Alliance Takes Aim at C++ Memory Safety
The C++ Alliance said it plans to submit its Safe C++ Extensions proposal to the ISO for inclusion in the C++ standard, with the goal of advancing a superset of C++ with a "rigorously safe subset" to ensure C++ code has the same safety guarantees as code written in Rust. The White House in February had called on developers to stop using C++ and the C language due to concerns regarding memory safety.
[ » Read full article ]
InfoWorld; Paul Krill (September 17, 2024)
White House Initiative Aims To Boost Cybersecurity Workforce
Supply Chain Connect (9/25) reports that while cybersecurity threats continue to proliferate, “the industry is grappling with a global shortage of about 4 million cyber-professionals.” The Biden Administration “recently introduced a new initiative focused on filling the hundreds of thousands of cybersecurity job vacancies in the U.S. alone. ‘Service for America’ the initiative is focused on preparing the U.S. for a ‘digitally-enabled future’ by connecting Americans to good-paying, meaningful jobs in cyber, technology and artificial intelligence (AI).” The piece quotes National Cyber Director Harry Coker Jr. saying in a statement, “These jobs offer an opportunity to serve our country by protecting our national security, while also offering a personal path to prosperity.”
Google Argues In Court That Its Ad Tech Practices Enhance Security
The Verge (9/26) reports Google defended itself in court against anticompetitive conduct claims by emphasizing security concerns. Google’s witnesses, including Director of Product Management for Ad Traffic Quality Per Bjorke and Director of Product Management for Ad Safety Alejandro Borgia, argued that a closed ecosystem ensures user safety. Bjorke highlighted extensive efforts to combat click fraud, vetting 15,000-20,000 publishers daily. Borgia noted millions of advertiser signups are blocked annually for malicious intent. Bjorke insisted Google’s ecosystem decisions, like rejecting the AWBid project, prioritize security over competition. He detailed how Google lost $30-$40 million and compensating advertisers after the 3ve botnet scam. Borgia emphasized Google’s scale allows better security and ad quality. Google argues its practices benefit the entire industry and adhere to Supreme Court precedents.
dtau...@gmail.com
Say g**dby# to Annoying Password Rules
The U.S. National Institute of Standards and Technology has proposed the elimination of certain password requirements, such as mandatory resets, required or restricted use of certain characters, and security questions. “Highly complex passwords introduce a new potential vulnerability: They are less likely to be memorable and more likely to be written down or stored electronically in an unsafe manner,” the proposal reads.
[ » Read full article *May Require Paid Registration ]
The Washington Post; Tatum Hunter (September 27, 2024)
Website Bug Allowed Kia Vehicles to Be Hacked, Tracked
Independent security researchers identified a vulnerability in the back end of a Kia Web portal for customers and dealers that could allow a hacker to redirect control of Internet-connected features of most Kia models from the car owner's smartphone to the hacker. A custom app built by the researchers allowed them to leverage that flaw. Shortly after the researchers reported the issue, Kia made a change to its Web portal API that appeared to block the technique.
[ » Read full article ]
Wired; Andy Greenberg (September 27, 2024)
Security Protocol Shields Data from Attackers During Cloud-Based Computation
A security protocol developed by Massachusetts Institute of Technology (MIT) researchers protects data sent to and from cloud servers during deep-learning computations. The protocol uses laser light to encode the weights of deep neural networks into an optical field, preventing attackers from intercepting or duplicating information while maintaining the accuracy of deep-learning models.
[ » Read full article ]
MIT News; Adam Zewe (September 26, 2024)
HHS Launches AI Cybersecurity Task Force
Inside Health Policy (9/29, Robles, Subscription Publication) reports behind a paywall that Greg Garcia, executive director of the Health Sector Coordinating Council Cybersecurity Working Group, announced an upcoming joint task force with HHS and industry to address AI’s cybersecurity implications. The task force will explore AI-related risks and threats and how AI can enhance cybersecurity defenses. Garcia made the announcement at AHIP’s digital health conference. Micky Tripathi, head of HHS’s health information technology office, confirmed the collaboration.
CrowdStrike CEO Discusses AI’s Impact On Cybersecurity
SiliconANGLE (10/3) reports that artificial intelligence is revolutionizing cybersecurity by enhancing threat detection and prevention. CrowdStrike CEO George Kurtz, speaking at Fal. Con 2024 with theCUBE, emphasized the importance of continuous innovation in security. He noted that partnerships with companies like Microsoft, Nvidia, and Amazon Web Services are crucial for addressing modern threats. “No one company can solve everything in security,” Kurtz stated. CrowdStrike’s early adoption of AI, particularly machine learning, has transformed its security platform, allowing for rapid problem-solving and integration of new technologies. The company’s Falcon Flex service and Next-Gen SIEM system exemplify its commitment to customer-centric solutions, driven by client feedback.
dtau...@gmail.com
Hacker Defaces Internet Archive, Steals Data on 31 Million Users
The Internet Archive's main site and its Wayback Machine went offline earlier in the week following a distributed denial-of-service (DDoS) attack. The breach was confirmed by Troy Hunt of HIBP, with whom the hacker shared a 6.4GB database of stolen information on 31 million Internet Archive user accounts, including email addresses, user names and hashed passwords.
[ » Read full article ]
PC Magazine; Michael Kan (October 9, 2024)
Telegram App Hosts 'Underground Markets' for Crime Gangs, U.N. Says
A report by the United Nations Office for Drugs and Crime (UNODC) found that Southeast Asian criminal networks are using the Telegram messaging app to conduct illicit activities on a massive scale. This includes the open trading of credit card details, passwords, browser histories, and other hacked data, as well as the sale of deepfake software and other tools for cybercrime. The UNODC report also found Telegram is used by unlicensed cryptocurrency exchanges to provide money laundering services.
[ » Read full article ]
Reuters; Poppy Mcpherson; Tom Wilson (October 7, 2024)
GoldenJackal Targets Embassies, Air-Gapped Systems
Cybersecurity firm ESET said threat actor GoldenJackal has been connected to cyberattacks at a South Asian embassy in Belarus and an EU government organization, using two disparate bespoke toolsets to infiltrate air-gapped systems to steal confidential data. The intrusions involved the use of JackalWorm, a worm that can infect connected USB drives and deliver the JackalControl trojan. Malware tools written primarily in Go were deployed in the attack on the EU government organization.
[ » Read full article ]
The Hacker News; Ravie Lakshmanan (October 8, 2024)
American Water Works Systems Hacked
New Jersey's American Water, the largest U.S. regulated water and wastewater utility, disclosed that a cyberattack caused it to stop customer billing. The utility, which became aware of the unauthorized activity last Thursday, shut down certain systems and took other precautions when the unauthorized activity was detected on Oct. 3. American Water does not believe the attack affected any of its facilities or operations.
[ » Read full article ]
CBS News; Kate Gibson (October 8, 2024)
Some of the Web's Sketchiest Sites Share an Address in Iceland
The proxy service Withheld for Privacy has shielded tens of thousands of suspicious websites (including online forums used by a U.S.-based white supremacist group, phishing sites, and sites tied to Russian influence campaigns) behind its Reykjavik, Iceland, address. Proxy services have proliferated in Iceland to take advantage of the country's strict privacy laws, which officials say are meant to protect ordinary users from authoritarian governments.
[ » Read full article *May Require Paid Registration ]
The New York Times; Steven Lee Myers; Tiffany Hsu (October 9, 2024)
Smartphone's Motion Sensors Can Be Hacked for Eavesdropping
Android smartphones can eavesdrop on conversations by offsetting the timing of measurements taken by the device's gyroscope and motion sensor. Google restricted Android apps to sampling data from phones' inertial measurement units no more than 200 times per second. Researchers at Pakistan's Lahore University of Management Sciences increased the sample rate to 400 times per second, which reduced the word error rate when transcribing audio recovered by attackers using AI by 83%.
[ » Read full article *May Require Paid Registration ]
New Scientist; Matthew Sparkes (October 7, 2024)
U.S. Wiretap Systems Targeted in China-Linked Hack
China-linked hacker group Salt Typhoon penetrated the networks of U.S. broadband providers to access information from systems the federal government uses for court-authorized network wiretapping requests. For months or longer, the hackers might have held access to network infrastructure used to cooperate with lawful U.S. requests for communications data, say sources. The breach appeared to be geared toward intelligence collection.
[ » Read full article *May Require Paid Registration ]
The Wall Street Journal; Sarah Krouse; Dustin Volz; Aruna Viswanatha (October 5, 2024); et al.
European Cyber Teams Can’t Keep Up with Attack Volumes
Data from IT governance-focused association ISACA indicates 61% of European cybersecurity professionals think their teams are understaffed, while around half (52%) think their teams are underfunded, leaving them unable to keep pace with the threat environment. About 68% of respondents said they feel their work was more stressful today that it was in 2019, with 79% of those respondents attributing the increase in stress to an increasingly complex threat landscape.
[ » Read full article ]
Computer Weekly; Alex Scroxton (October 1, 2024)
dtau...@gmail.com
Hackers Use Linux Malware to Raid ATMs
A researcher reported finding two samples of FASTCash malware for switches running on Linux. FASTCash is a remote access tool that gets installed on payment switches inside compromised networks that handle payment card transactions. The U.S. Cybersecurity and Infrastructure Security Agency warned of it in a 2018 advisory that said it was being used to infect switches inside retail payment networks powered by AIX, IBM’s proprietary version of Unix. In 2020, the agency reported FASTCash was now infecting switches running Windows.
[ » Read full article ]
Ars Technica; Dan Goodin (October 15, 2024)
Cyber Criminals Help Russia, China Target U.S., Allies
Russia, China, and Iran rely on criminal networks to lead their cyberespionage and hacking operations against the U.S. and its allies, according to a report from Microsoft. In one example, investigators identified a Russian criminal network that infiltrated more than 50 electronic devices used by the Ukrainian military in June, apparently seeking access and information that could aid Russia’s invasion of Ukraine.
[ » Read full article ]
Associated Press; David Klepper (October 15, 2024)
China Cybersecurity Group Seeks Review of Intel Products
A Chinese cybersecurity group has called for a review of Intel products sold on the mainland, alleging the company's chips pose a threat for “frequent vulnerabilities and high failure rates." The Cyber Security Association of China said Intel’s central processing units have shown multiple vulnerabilities in the past and that certain chip series from the firm caused video games to crash.
[ » Read full article ]
South China Morning Post; Feng Coco; Pan Che (October 16, 2024)
PLCHound Algorithm Aims to Boost Critical Infrastructure Security
Researchers at the Georgia Institute of Technology's Cyber-Physical Security Lab say an algorithm they developed boosts critical infrastructure security by more accurately identifying devices vulnerable to remote cyberattacks. The PLCHound algorithm uses advanced natural language processing and machine learning techniques to sift through databases of Internet records and log the IP addresses and security of connected devices.
[ » Read full article ]
Industrial Cyber; Anna Ribeiro (October 16, 2024)
University Of Michigan Professor Discusses Effort To Secure Georgia Voting Machines
WBUR-FM Boston (10/9, Chang, Chakrabarti) interviewed Alex Halderman, a professor of electrical engineering and computer science at the University of Michigan, about “very serious vulnerabilities” in Georgia’s Dominion Voting Systems. He reveals that Ballot Marking Devices (BMDs) can be easily tampered with by a voter in the voting booth with a pen, causing the machines to reboot and “gain full control” of their software and data. Halderman stresses that the “existence of vulnerabilities is not in and of itself evidence that any past election result was compromised,” but emphasizes the need for proactive security measures to prevent potential manipulation by foreign adversaries.
FBI Arrests Man For Hacking SEC’s X Account To Manipulate Bitcoin Prices
The Washington Post (10/17, Ziegler) reports FBI officials arrested Alabama resident Eric Council Jr. Thursday for “allegedly hacking the Securities and Exchange Commission’s X account this year as part of an attempt to promote bitcoin.” Prosecutors claim Council and accomplices used a SIM swap to impersonate someone with access to the SEC’s account, posting a false message that the agency had approved bitcoin exchange-traded funds, causing bitcoin prices to spike. The incident highlighted security vulnerabilities on X, as the SEC’s account lacked two-factor authentication at the time of the breach, prosecutors said Thursday. The AP (10/17, Richer) adds that the breach had allowed the hackers to “prematurely announce the approval of long-awaited bitcoin exchange-traded funds.” The SEC officially approved “the first exchange-traded funds that hold bitcoin the following day.”
dtau...@gmail.com
Samsung Galaxy S24 Smartphone Hacked During $1-Million Zero Day Spree
During the Pwn2Own hacking competition held in Ireland this week, Ken Gannon of the NCC Group exploited five security vulnerabilities to compromise a Samsung Galaxy 24 smartphone by getting shell access and installing an arbitrary application. The feat won Gannon $50,000 of the more than $1,000,000 in bounty rewards up for grabs at the competition. Samsung was given 90 days to patch those vulnerabilities before the exploit proof of concept and details are disclosed publicly.
[ » Read full article ]
Forbes; Davey Winder (October 24, 2024)
Georgia Election Official Says State Fended Off Cyberattack
The office of Georgia's Secretary of State said it warded off a cyberattack that sought to knock its absentee ballot website offline. The office's Gabe Sterling said it had "the hallmarks of a foreign power or a foreign entity [acting] at the behest of a foreign power." Sterling explained that the website was hit with bogus traffic from hundreds of thousands of IP addresses from several countries.
[ » Read full article ]
CNN; Gabe Cohen; Sean Lyngaas; Zachary Cohen (October 23, 2024)
Researchers Discover Flaws in End-to-End Encrypted Cloud Services
Researchers at Switzerland's ETH Zurich discovered cryptographic flaws in five cloud services offering end-to-end encryption (E2EE). The researchers tested Sync, pCloud, Seafile, Icedrive, and Tresorit with 10 potential exploits, identifying serious vulnerabilities in four of the E2EE services that could let attackers, after compromising a cloud server, access, tamper with, or inject files. While Tresorit had the fewest vulnerabilities, it could enable some metadata tampering and use of non-authentic keys when sharing files.
[ » Read full article ]
SC Media; Laura French (October 21, 2024)
Internet Archive, Under Siege, Is Fighting Back
A recent hack forced the Internet Archive to be taken down, the first time in its almost 30-year history it has suffered an outage longer than a few hours. The DDoS attack was a rude awakening for founder Brewster Kahle (pictured), who has been working with his team since the incident to identify and fix vulnerabilities that left the digital archive open to attack.
[ » Read full article ]
The Washington Post (October 18, 2024)
U.S. Urges Agencies to ‘Harness’ AI for National Security
The first-ever national security memorandum on AI, issued by President Biden on Thursday, directs the federal government to take action to improve the security and diversity of chip supply chains and to provide AI developers with cybersecurity and counterintelligence to keep their inventions secure. An administration official added that “the U.S. should harness the most advanced AI systems with appropriate safeguards to achieve national security objectives."
[ » Read full article ]
The Hill; Miranda Nazzaro (October 24, 2024)
China Extends "Great Firewall" into Space
The Cyberspace Administration of China has issued draft rules that require its satellite Internet equipment and service providers to ensure all data is routed through China-based ground facilities so users' requests pass through "the Great Firewall." The rules are intended to prevent satellite Internet services from letting users connect via satellite to ground stations outside Chinese government control.
[ » Read full article ]
IEEE Spectrum; Edd Gent (October 23, 2024)
GPS Jamming is Screwing with Norwegian Planes
GPS jamming in the northern Norway county of Finnmark is so constant that Norwegian authorities decided last month they would no longer log when and where it happens—accepting these disturbance signals as the new normal. Since Russia’s full-scale invasion of Ukraine in 2022, jamming has dramatically increased across Europe’s eastern edges, with authorities accusing Russia of overloading GPS receivers with benign signals.
[ » Read full article ]
Wired; Morgan Meaker (October 17, 2024)
U.S. Charges Sudanese Men with Running Cyberattack-for-Hire Gang
U.S. prosecutors charged two Sudanese brothers with running a cyberattack-for-hire gangs, accusing them of orchestrating 35,000 denial-of-service attacks in a single year. The pair are alleged to have operated Anonymous Sudan, which managed to knock offline key pages on the sites of Microsoft, OpenAI, and PayPal since January 2023, and impairing computers in at least one hospital in the U.S. The group also took down government sites in the U.S., Dubai, Chad, Bahrain, and other nations.
[ » Read full article *May Require Paid Registration ]
The Washington Post; Joseph Menn (October 16, 2024)
U.S. Rule Aims to Curb the Sale of Personal Data Overseas
The U.S. Department of Justice formally proposed regulations to prevent or restrict the sale and transfer of Americans’ sensitive personal data to adversarial countries. The proposed rule stems from an executive order issued by the Biden administration in February and imposes restrictions on how American entities can sell “bulk” sensitive data across six categories: personal data like driver’s license and Social Security numbers, precise geolocation data, biometric identifiers, human genomic data, health information, and financial information.
[ » Read full article ]
CyberScoop; Derek B. Johnson (October 21, 2024)
Vulnerabilities, AI Compete for Software Developers' Attention
The annual "State of the Software Supply Chain" report from software company Sonatype found that developers are on track to download more than 6.6 trillion software components in 2024, including a 70% increase in downloads of JavaScript components and an 87% increase in Python. Sonatype's Brian Fox said while the advent of AI is driving speedier development cycles, it is also making security more difficult.
[ » Read full article ]
Dark Reading; Robert Lemos (October 22, 2024)
L. A. Maglaras, M. A. Ferrag, H. Janicke, N. Ayres and L. Tassiulas, "Reliability, Security, and Privacy in Power Grids", Computer, vol. 55, no. 09, pp. 85-88, Sept. 2022.
As we move from traditional power grids to smart grids, new threats arise. We focus on cybersecurity in power grids, highlighting the threats to and vulnerabilities of those cyberphysical systems and presenting future solutions.
URL: https://doi.ieeecomputersociety.org/10.1109/MC.2022.3184425
M. Backendal, M. Haller and K. Paterson, "End-to-End Encrypted Cloud Storage", IEEE Security & Privacy, vol. 22, no. 02, pp. 69-74, March-April 2024.
End-to-end encryption is rapidly becoming the accepted security goal for personal data. In this article, we examine consumer cloud storage systems, focusing in particular on those systems that attempt to provide end-to-end security for customer data. We survey the security guarantees of current service providers and the issues they face, discuss open research questions, and highlight the challenges that impede the deployment of end-to-end secure cloud storage.
URL: https://doi.ieeecomputersociety.org/10.1109/MSEC.2024.3352788
C. Ebert and M. Beck, "Artificial Intelligence for Cybersecurity", IEEE Software, vol. 40, no. 06, pp. 27-34, Nov.-Dec. 2023.
Cybersecurity attacks are on a steep increase across industry domains.1,2 With ubiquitous connectivity and increasingly standard software stacks, basically all software is accessible and vulnerable. Yet, cybersecurity is not systematically deployed because necessary processes are demanding and need continuous attention paired with technology competences. Many software suppliers do not pay adequate attention and governance, resulting in problems such as weak communication protocols, insufficient passwords, and social engineering risks.
URL: https://doi.ieeecomputersociety.org/10.1109/MS.2023.3305726
A. Piplai et al., "Knowledge-Enhanced Neurosymbolic Artificial Intelligence for Cybersecurity and Privacy", IEEE Internet Computing, vol. 27, no. 05, pp. 43-48, Sept.-Oct. 2023.
Neurosymbolic artificial intelligence (AI) is an emerging and quickly advancing field that combines the subsymbolic strengths of (deep) neural networks and the explicit, symbolic knowledge contained in knowledge graphs (KGs) to enhance explainability and safety in AI systems. This approach addresses a key criticism of current generation systems, namely, their inability to generate human-understandable explanations for their outcomes and ensure safe behaviors, especially in scenarios with unknown unknowns (e.g., cybersecurity, privacy). The integration of neural networks, which excel at exploring complex data spaces, and symbolic KGs, which represent domain knowledge, allows AI systems to reason, learn, and generalize in a manner understandable to experts. This article describes how applications in cybersecurity and privacy, two of the most demanding domains in terms of the need for AI to be explainable while being highly accurate in complex environments, can benefit from neurosymbolic AI.
URL: https://doi.ieeecomputersociety.org/10.1109/MIC.2023.3299435
Tougaloo College Launches Free Cybersecurity Clinic For Underserved Communities
Mississippi Today (10/21, Gates) reports Tougaloo College, a private HBCU in Jackson, Mississippi, “has established a cybersecurity clinic to protect and educate the underserved,” such as churches, healthcare facilities, small businesses, and community organizations. The clinic also offers cyber awareness training to students, faculty, staff, and community clients. The initiative is supported by “a $1 million grant from the Google Cybersecurity Clinics Fund,” aimed at helping colleges establish cybersecurity clinics. The final cohort of interns “will be revealed when the clinic opens for operation in January.”
dtau...@gmail.com
Colorado Accidentally Put Voting System Passwords Online
Election officials in Colorado disclosed on Oct. 29 that a spreadsheet with a hidden tab containing voting system passwords was mistakenly made available on the Colorado Secretary of State's website for several months before being discovered and removed. Colorado Secretary of State Jena Griswold said the matter does not pose a security threat, and there is no evidence of a security breach.
[ » Read full article ]
Associated Press; Jesse Bedayn (October 29, 2024)
Police Operation Claims Takedown of Prolific Password Stealers
A coalition of international law enforcement agencies led by the Dutch National Police has gained full access to the servers utilized by the Redline and Meta infostealer malware strains as part of Operation Magnus. Such malware has been used to steal passwords, credit card data, search histories, cryptocurrency wallets, and other sensitive data from millions of individuals. The coalition said the infostealers' usernames, passwords, IP addresses, timestamps, registration dates, source code, and Telegram bots were accessed by authorities and that "legal actions are underway."
[ » Read full article ]
TechCrunch; Carly Page (October 28, 2024)
Millions of Android, iOS Users at Risk from Hardcoded Creds in Popular Apps
Symantec researchers found hardcoded and unencrypted cloud service credentials in numerous mobile apps on Google Play and the Apple App Store. The researchers attribute their findings largely to lazy coding.
[ » Read full article ]
The Register (U.K.); Iain Thomson (October 23, 2024)
Fake IT Worker Schemes Expand Beyond North Korea
HYPR, a New York-based cybersecurity firm providing identity protection and passwordless technology, said it hired a fake remote IT worker posing as an Eastern European software engineer. HYPR reported several red flags during the onboarding process, such as refusing to appear on video and failing a facial recognition test, but said the employee left before completing the onboarding process and receiving login credentials. This follows a North Korean IT worker scam reported earlier this year by the cybersecurity training platform KnowBe4.
[ » Read full article ]
Axios; Sam Sabin (October 25, 2024)
China Said to Have Collected Audio of U.S. Calls
Hackers affiliated with China collected audio from the phone calls of U.S. political figures, say insiders, including calls from an unnamed adviser to former President Donald Trump's current campaign. The Salt Typhoon hacker group also accessed unencrypted communications, including text messages, of that individual.
[ » Read full article *May Require Paid Registration ]
The Washington Post; Ellen Nakashima; Josh Dawsey (October 27, 2024)
Google Watermarks Its AI-Generated Text
Google DeepMind researchers have developed a system to watermark its AI-generated text and has integrated it into its Gemini chatbot. The open source SynthID-Text system provides a way to determine whether text outputs have come from large language models without compromising "the quality, accuracy, creativity, or speed of the text generation," according to Google DeepMind's Pushmeet Kohli.
[ » Read full article ]
IEEE Spectrum; Eliza Strickland (October 23, 2024)
U.S. Census Data Could Be More Accurate with Better Noise
A team led by researchers at the University of Pennsylvania developed a method the U.S. Census Bureau could use to make U.S. Census data more accurate without compromising citizens' privacy. The U.S. Census Bureau implemented a "disclosure avoidance" algorithm for the 2020 Census that added statistical noise to each published statistic to maintain citizens' privacy. To eliminate resulting distortions in the data, the researchers identified a method of improving the noise without having to redesign the algorithm. A Census Bureau spokesperson said the agency will examine the research as part of its “ongoing disclosure avoidance research.”
[ » Read full article *May Require Paid Registration ]
New Scientist; Jeremy Hsu (October 30, 2024)
White House Nearing Completion Of Second Cybersecurity Executive Order
CyberScoop (10/31, Starks) reports the White House is close to “finalizing a second executive order on cybersecurity that covers a wide range of subjects for federal agencies to address, including artificial intelligence, secure software, cloud security, identity credentialing and post-quantum cryptography.” Sources indicate that the interagency review process is nearly complete, with a draft expected to be finalized by early December, pending presidential approval. Key focus areas include pilot programs for advanced AI models in cyber defense and transparency in secure software deployment. The order aims to build on existing standards, including those from NIST, and address vulnerabilities highlighted by incidents such as Chinese hackers exploiting Microsoft’s cloud services.
Cybersecurity Dive (10/31, Jones) reports the world is “on edge as the potential outcome could signal key changes in U.S. cyber policy.” There is a broad consensus “on the need for robust cyber protections and more resilient infrastructure, but the respective presidential candidates are likely to divert from each other on the role of government in enforcing security policy and the willingness to engage international partners to cooperate on key policy objectives.” A May report from ONCD “showed the U.S. has made significant progress in its effort to enhance the nation’s cyber resilience in the years” since the Colonial Pipeline attack.
NSA Research Director Explains Quantum Computing Research
The Washington Times (10/31, Lovelace) reports that Gilbert Herrera, the National Security Agency’s research director, addressed the potential risks and benefits of quantum computing during the Institute for Electrical and Electronics Engineers’ Military Communications Conference on Wednesday. Herrera acknowledged concerns about quantum computers as potential “economic weapons of mass destruction” due to their ability to break encryption and compromise global security. However, he emphasized the NSA’s commitment to funding research to understand and prepare for these technologies. Herrera highlighted the dual nature of quantum computing, which could significantly reduce global energy consumption and expedite drug discovery while posing threats to economic stability and government networks.
dtau...@gmail.com
Air Fryers May Be Spying on Consumers
U.K. consumer rights group Which? has found evidence of “excessive smart device surveillance” from Chinese air fryers and other products. Which? reported that smart air fryers from Xiaomi, Cosori, and Aigostar all wanted to know customers’ precise locations, and sought permission to record audio on a user’s phone. It also found that products from Aigostar and Xiaomi sent personal user data to servers in China.
[ » Read full article ]
Infosecurity Magazine; Phil Muncaster (November 5, 2024)
TikTok Ordered to Close Canada Unit due to National Security Risk
Canada has ordered ByteDance Ltd. to close its Canadian TikTok subsidiary, following a national security review and advice from Canada’s security and intelligence agencies. This comes after a bipartisan bill was passed in the U.S. in April forcing ByteDance to divest its TikTok ownership stake or face a U.S. ban. Canada's order will not prevent Canadians from using the social video app.
[ » Read full article *May Require Paid Registration ]
Bloomberg; Thomas Seal (November 6, 2024)
German Law Could Protect Cybersecurity Researchers
Germany's Federal Ministry of Justice has drafted legislation that would protect security researchers who discover and report security flaws to vendors. For researchers to qualify for protection, their action must aim to identify a vulnerability or security risk in an IT system and they must have the intent of reporting the vulnerability to those responsible for addressing the issue.
[ » Read full article ]
Dark Reading (November 6, 2024)
Bugs Expose Smart Factory Gear to Cyberattack
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) said factory automation software from Mitsubishi Electric and Rockwell Automation have critical security flaws that could enable remote code execution, authentication bypass, product tampering, or denial-of-service. The Mitsubishi Electric vulnerability could let an attacker call a function with a path to a malicious library while connected to the device, with the Rockwell Automation vulnerability could enable an attacker with network access to exploit a missing authentication check to send crafted messages to a device.
[ » Read full article ]
Dark Reading; Tara Seals (November 1, 2024)
Eavesdropping on Phone Calls by Sensing Vibrations
Suryoday Basak at Pennsylvania State University and colleagues used a commercially available millimeter-wave sensor to pick up the tiny vibrations of a Samsung Galaxy S20 earpiece speaker playing audio clips. The team converted the signal to audio and passed it through an AI speech recognition model, which transcribed the speech. The system achieved a word accuracy rate of 50% and a character accuracy rate of 67%.
[ » Read full article ]
New Scientist; Matthew Sparkes (October 31, 2024)
Zero-Click Flaw Exposes Popular Storage Devices to Attack
A zero-click vulnerability uncovered by researchers at security consultancy Midnight Blue in the Netherlands affects a photo application installed by default on popular network-attached storage devices made by Taiwan’s Synology. Discovered as part of the recent Pwn2Own hacking contest in Ireland, the bug would allow attackers to gain access to the devices to steal personal and corporate files, plant a backdoor, or infect the systems with ransomware.
[ » Read full article *May Require Paid Registration ]
Wired; Kim Zetter (November 1, 2024)
dtau...@gmail.com
These Are the Passwords Not to Use
Password manager NordPass revealed "123456" as the most popular password for the second straight year. Its annual list of the world's most common passwords is based on a 2.5TB database of publicly available sources, some from the dark web and many able to be cracked within milliseconds. Rounding out the top 10 were 123456789, 12345678, password, qwerty123, qwerty1, 111111, 12345, secret, and 123123.
[ » Read full article ]
The Verge; Emma Roth (November 13, 2024)
It's Surprisingly Easy to Jailbreak LLM-Driven Robots
University of Pennsylvania researchers developed an algorithm that can jailbreak robots controlled by a large language model (LLM). The RoboPAIR algorithm uses an attacker LLM to provide prompts to a target LLM, adjusting the commands until they bypass the safety filters. It also employs a "judge" LLM to ensure the attacker LLM produces prompts that take into account the target LLM's physical limitations, such as certain obstacles in the environment.
[ » Read full article ]
IEEE Spectrum; Charles Q. Choi (November 11, 2024)
A report from U.K. software company Egress revealed a 28% increase in phishing emails in the second quarter of 2024 compared with the first quarter. The sophistication of these emails has increased as well, with a 52.2% jump in phishing attacks successfully bypassing secure email gateway detection. AI tools are being leveraged to increase the scale of the attacks.
[ » Read full article ]
TechRadar; Efosa Udinmwen (November 10, 2024)
iPhones Reboot Themselves, Locking Police Out
Law enforcement officials in Detroit said Apple iPhones stored for forensic examination are rebooting themselves and entering the Before First Unlock state, which makes it difficult to obtain data from the devices. While the reason for the reboot remains unknown, cybersecurity researcher Jiska Naehrdine found code hosted on GitHub indicating Apple's iOS 18.1 included an "inactivity reboot."
[ » Read full article ]
PC Magazine; Will McCurdy (November 9, 2024)
Java Proposals Would Boost Resistance to Quantum Computing Attacks
Two Java proposals aim to boost resistance to quantum computing attacks. The Quantum-Resistant Module-Lattice-Based Digital Signature Algorithm (ML-DSA) proposal calls for using digital signatures to detect unauthorized modifications to data and to authenticate the identity of signatories. The Quantum-Resistant Module-Lattice-Based Key Encapsulation Mechanism (ML-KEM) proposal calls for the use of KEMs to secure symmetric keys over insecure communication channels using public key cryptography.
[ » Read full article ]
InfoWorld; Paul Krill (November 8, 2024)
U.S. to Support U.N. Cyber Treaty
The Biden administration is expected to support the first legally binding United Nations agreement on cybersecurity, despite concerns it could be used by authoritarian states to obtain data from political opponents or track dissidents overseas. The agreement could become a global legal framework for cooperation on preventing and investigating cybercriminals.
[ » Read full article ]
Bloomberg; Jamie Tarabay (November 11, 2024)
Hackers Target People Who Type These Six Words into Google Search
Researchers at cybersecurity firm Sophos found that users inputting "Are Bengal cats legal in Australia?" into Google's search engine could fall prey to a cyberattack. The phrase reportedly generates fraudulent links near the top of the search results listings, and clicking on what appears to be a legitimate link could result in users having their personal information stolen or being locked out of their computers via the Gootloader malware.
[ » Read full article ]
New York Post; Andrew Court (November 9, 2024)
North Korea staged GPS jamming attacks for the second consecutive day Saturday, affecting several ships in the Yellow Sea and dozens of civilian aircraft, according to South Korea's Joint Chiefs of Staff (JCS). After being alerted, the International Civil Aviation Organization adopted a decision raising serious concerns over the GPS jamming, naming North Korea explicitly for the first time.
[ » Read full article ]
The Korea Times (November 9, 2024)
Vulnerabilities Lead to Predatory Trading in Ethereum Crypto Rollups
Northeastern University computer scientists and colleagues at Switzerland's ETH Zurich uncovered vulnerabilities in Ethereum rollups, off-the-platform services that allow faster processing of higher volumes of transactions. The researchers presented three novel types of attacks in which predatory traders could have made about $2 million in profits over the last three years by manipulating transactions.
[ » Read full article ]
Northeastern Global News; Alena Kuzub (November 8, 2024)
FCC Cybersecurity Pilot Program Sparks Strong Interest
K-12 Dive (11/11, Merod) reports that there was “strong interest” in the Federal Communications Commission’s “new cybersecurity pilot program for schools and libraries during the application process this fall, according to an FCC announcement on Friday.” The program will provide “up to $200 million over three years” to help cover cybersecurity costs. The application window closed on Nov. 1, with 2,734 applications requesting $3.7 billion, exceeding the allocated funds. FCC Chair Jessica Rosenworcel stated, “The overwhelming response to our pilot program makes clear that the cybersecurity threats impacting school systems are widespread.” The funds, ranging from $15,000 to $1.5 million per recipient, will be used for “advanced or next-generation firewalls; endpoint protection; identity protection and authentication; and monitoring, detection and response.” Advocates argue that the current $200 million “is too low to meet needs nationwide.”
AI Assistant Tools Challenge Higher Education Privacy Policies
The Chronicle of Higher Education (11/13, Swaak) reports that the California Institute of the Arts experienced an unexpected proliferation of AI note-taking tools from Read AI after a videoconference. Allan Chen, the institute’s chief technology officer, noted the aggressive spread of the tool in meetings, highlighting concerns about data privacy and security. This reflects a broader issue in higher education, where AI tools like Read AI, Otter.ai, and Fireflies.ai are outpacing institutional governance, potentially violating privacy policies. Heather Brown at Tidewater Community College experienced unauthorized access by Otter.ai to her calendar. Institutions are considering blocking or controlling these tools, and they are also advised to explore alternative tools and develop policies to manage AI tool use, ensuring transparency and control over data.
dtau...@gmail.com
Microsoft Offers Hackers Millions in Zero Day Quest Event
Microsoft unveiled the Zero Day Quest bug bounty event at this week's Microsoft Ignite conference, offering up to $4 million in rewards to security researchers. Zero Day Quest, taking place next year, will serve as an expansion of Microsoft's bug bounty and transparency initiatives under the company's Secure Future Initiative. "At the end of the day, we recognize that when it comes to security, it's fundamentally a team sport," said Microsoft CEO Satya Nadella.
[ » Read full article ]
TechTarget; Alexander Culafi (November 19, 2024)
T-Mobile Hacked in Chinese Breach of Telecom Networks
T-Mobile’s network was among the systems hacked by a Chinese cyber-espionage operation that gained entry into multiple U.S. and international telecommunications companies, say insiders. Hackers linked to a Chinese intelligence agency were able to breach T-Mobile as part of months-long campaign to spy on the cellphone communications of high-value intelligence targets.
[ » Read full article *May Require Paid Registration ]
The Wall Street Journal; Sarah Krouse; Dustin Volz (November 16, 2024)
Hardware Hacking? Study Raises Alarm on 98 Risks
Researchers at the U.S. National Institute of Standards and Technology identified 98 vulnerabilities that allow chips to be hacked. Most involve access control, with 43 different scenarios identified that would allow unauthorized users to access sensitive data or control systems. The researchers noted modern computer chips contain millions of components and software that are physically embedded in silicon and thus difficult and expensive to patch.
[ » Read full article ]
Forbes; Lars Daniel (November 15, 2024)
Zero-Day Exploits Increasingly Sought Out by Attackers
Cyber agencies from the Five Eyes governments published a list of the 15 most exploited vulnerabilities of last year, the majority of which were zero-days, a trend that has continued this year. “More routine initial exploitation of zero-day vulnerabilities represents the new normal which should concern end-user organizations and vendors alike as malicious actors seek to infiltrate networks,” said Ollie Whitehouse at the UK’s National Cyber Security Centre.
[ » Read full article ]
Computer Weekly; Alex Scroxton (November 12, 2024)
dtau...@gmail.com
Interpol Clamps Down on Cybercrime, Arresting over 1,000 Suspects in Africa
Interpol arrested 1,006 suspects in Africa during a two-month operation clamping down on cybercrime that left tens of thousands of victims, the global police organization said Tuesday. Operation Serengeti, a joint operation with African Union police agency Afripol, ran in 19 African countries and targeted criminals behind ransomware, business email compromises, digital extortion, and online scams, the agency said. Afripol’s Jalel Chelba said his group's focus includes emerging threats like AI-driven malware and advanced cyberattack techniques.
[ » Read full article ]
Associated Press; Mark Banchereau (November 26, 2024)
Starbucks Calculates Baristas' Pay Manually Following Ransomware Attack
Starbucks said the recent ransomware attack at Arizona-based cloud services provider Blue Yonder has forced it to manually track and manage its baristas' schedules to ensure they are paid properly. Blue Yonder's cloud services are used by a number of multinational corporations to manage their supply chains. Automaker Ford and top grocery chains in the U.K. are among other companies potentially impacted by the attack.
[ » Read full article ]
CNN; Sean Lyngaas (November 25, 2024)
Russian Hackers Breach U.S. Target Through Neighbor's Wi-Fi
Russian military hackers broke into a targeted Wi-Fi network by first hacking into another vulnerable network in a building across the street, remotely hacking into a laptop in that building, and then using that computer's antenna to break into the intended victim's network. At the Cyberwarcon security conference last week, cybersecurity researcher Steven Adair revealed how his firm, Volexity, discovered the unprecedented hacking technique while investigating a network breach targeting a customer in Washington, D.C., in 2022.
[ » Read full article *May Require Paid Registration ]
Wired; Andy Greenberg (November 22, 2024)
Australia Critical Infrastructure Faces Cyber Threats
A report from the Australian Signals Directorate revealed that over 11% of cybersecurity incidents in Australia last year related to critical infrastructure. Of these, a quarter were phishing incidents, 21% were exploitation of a public-facing interface, and 15% brute-force activities. "We are worryingly seeing an increased focus by both cybercriminals and state actors on our critical infrastructure," said Defense Minister Richard Marles.
[ » Read full article ]
Reuters; Kirsty Needham (November 20, 2024)
dtau...@gmail.com
U.S. Officials Urge Americans to Use Encryption amid Cyberattack
U.S. officials are recommending that Americans use encrypted messaging to ensure their communications stay hidden from foreign hackers, amid a cyberattack on telecommunications companies by China-backed hackers. Officials on a news call Tuesday refused to set a timetable for declaring the country’s telecommunications systems free of intruders, and recommended using encrypted messaging apps to minimize risks of interception.
[ » Read full article ]
NBC News; Kevin Collier (December 3, 2024)
Tor Needs 200 New WebTunnel Bridges to Fight Censorship
The Tor Project is seeking volunteers to deploy 200 new WebTunnel bridges by year's end to bolster its efforts to combat government censorship. These WebTunnel bridges run over a Web server with a valid SSL/TLS certificate, which makes Tor traffic appear as regular HTTPS traffic. The Tor Project currently operates 143 WebTunnel bridges in heavily censored regions to help users bypass Internet access restrictions and website blocks.
[ » Read full article ]
BleepingComputer; Bill Toulas (November 28, 2024)
35 Million Devices Targeted by Matrix
Assaf Morag of Aqua Security warns that 35 million Internet-connected devices have been targeted by a cyber-threat actor dubbed "Matrix." A distributed denial-of-service campaign masterminded by Matrix “demonstrates a growing trend among threat actors to target vulnerabilities and misconfigurations across Internet-connected devices, particularly IoT and enterprise systems," wrote Morag. The attack is believed to have been perpetrated by Russian actors and to be motivated by financial gain, rather than politics.
[ » Read full article ]
Forbes; Davey Winder (November 27, 2024)
Trump Names David Sacks White House AI, Crypto Czar
U.S. President-elect Donald Trump has chosen venture capitalist David Sacks of Craft Ventures LLC to serve as his AI and crypto czar, a newly created position. “David will guide policy for the Administration in Artificial Intelligence and Cryptocurrency, two areas critical to the future of American competitiveness," Trump said Thursday in a post on his Truth Social network. Trump said Sacks also would lead the Presidential Council of Advisors for Science and Technology.
[ » Read full article *May Require Paid Registration ]
Bloomberg; Stephanie Lai; Hadriana Lowenkron; Sarah McBride (December 5, 2024)
University Of Florida Researchers Conduct Largest Audio Deepfake Study
The Gainesville (FL) Sun (11/27, Schlenker) reported that University of Florida researchers completed the largest study on audio deepfakes, involving 1,200 participants tasked with distinguishing real audio from digital fakes. Participants achieved a 73% accuracy rate but were often misled by machine-generated details, such as accents and background noises. The study compared human performance with machine learning detectors and aimed to improve detection models to combat scams and misinformation. Lead investigator Patrick Traynor participated in a White House meeting addressing deepfake threats. The study, funded by the Office of Naval Research and the National Science Foundation, highlighted the differing biases of humans and machines in detecting deepfakes. Traynor emphasized the need for future systems combining human and machine capabilities to address deepfake challenges effectively.
dtau...@gmail.com
Flaw in Computer Memory Leads to Global Security Fixes
A security flaw in AMD computer processors identified by researchers at the U.K.'s University of Birmingham, Belgium's KU Leuven, and Germany's University of Luebeck allowed the bypassing of AMD's Secure Encrypted Virtualization technology, which safeguards data stored in shared cloud environments. The researchers used rogue memory modules, known as BadRAM, to trick the CPU into addressing non-existent memory regions, allowing CPU memory protections to be bypassed.
[ » Read full article ]
University of Birmingham (U.K.) (December 10, 2024)
New Technique for Stealing AI Models
North Carolina State University researchers demonstrated a method of stealing an AI model without hacking into a device where the model is running. The researchers determined the hyperparameters of an AI model running on a Google Edge Tensor Processing Unit (TPU) with an electromagnetic (EM) probe that provided real-time data on changes in the EM field during AI processing. By comparing that EM signature to a database of other AI model signatures made on another Google Edge TPU, the team identified the target modelʼs architecture and layer details.
[ » Read full article ]
NC State University News; Matt Shipman (December 12, 2024)
Russia Takes Unusual Route to Hack Devices in Ukraine
A Russian hacking group used servers and malware from different threat groups in attacks targeting front-line Ukrainian military forces, Microsoft said Wednesday. In one case, the group, referred to as Secret Blizzard by Microsoft, leveraged the infrastructure of a cybercrime group tracked as Storm-1919. In the other, Secret Blizzard appropriated resources of Storm-1837, a Russia-based threat actor with a history of targeting Ukrainian drone operators.
[ » Read full article ]
Ars Technica; Dan Goodin (December 11, 2024)
Ferroelectric Devices Could Make Data Unhackable
A device created by researchers at China's Peking University uses arrays of ferroelectric field effect transistors (FeFETs) to enable homomorphic encryption. Fluctuations in current through the FeFETs allow the transistor array to create an encryption key, with a higher degree of fluctuation than traditional MOSFET transistors, enabling the generation of less-predictable random numbers.
[ » Read full article ]
IEEE Spectrum; Kohava Mendelsohn (December 10, 2024)
QR Codes Bypass Browser Isolation for Malicious C2 Communication
Researchers at Google cybersecurity subsidiary Mandiant have developed a technique that uses QR codes to bypass browser isolation technology and achieve command-and-control operations. The method involves encoding commands in a QR code visually displayed on a webpage. In a test involving the latest Google Chrome browser and integrating the implant through Cobalt Strike's External C2 feature, the researchers demonstrated that malware that previously infected the device captured and decoded the QR code to obtain the instructions.
[ » Read full article ]
BleepingComputer; Bill Toulas (December 8, 2024)
ChatGPT is Terrible at Checking Its Code
ChatGPT is generally overconfident in its assessment of correctness, vulnerabilities, and successful repairs of code it has created, according to researchers at China's Zhejiang University. Their study found ChatGPT-3.5 had an average 57% success rate in generating correct code, 73% in producing code without security vulnerabilities, and 70% in repairing incorrect code. Using guiding questions enabled ChatGPT to identify more of its own mistakes, the researchers found, while asking it to generate test reports increased the number of flagged vulnerabilities.
[ » Read full article ]
IEEE Spectrum; Michelle Hampson (December 5, 2024)
FCC Chair Proposes Cybersecurity Rules in Response to China's Telecom Hack
U.S. Federal Communications Commission (FCC) Chair Jessica Rosenworcel proposed that communications service providers be required to submit an annual certification attesting that they have a plan in place to protect against cyberattacks. Said Rosenworcel, "We need to put in place a modern framework to help companies secure their networks and better prevent and respond to cyberattacks in the future."
[ » Read full article ]
Reuters (December 5, 2024)
U.S. Tries to Limit Doxing Through Credit Data
A proposed rule change by the U.S. Consumer Financial Protection Bureau will impose limits on when data brokers can distribute sensitive information, including individuals’ names and addresses. The rule focuses on the distribution of credit header data, the personal information at the top of an individual's credit report, which does not include information on an individual's actual lines of credit, but is distributed broadly, making it easier for foreign adversaries to purchase and use the data for malicious purposes.
[ » Read full article ]
404 Media; Joseph Cox (December 3, 2024)
Ukraine Asks if Telegram Is a Sleeper Agent
Millions of Ukrainians depend on messaging app Telegram to organize food, medical aid, and other support and for information about impending Russian attacks. However, Ukrainian officials increasingly are concerned Telegram, founded and owned by Russian-born Pavel Durov, is being used as a spying tool for Russia and to spread disinformation. In response, they have ordered military and government officials and those working on critical infrastructure to restrict use of the app on work phones, and to shift sensitive communications to encrypted apps.
[ » Read full article *May Require Paid Registration ]
The New York Times; Paul Mozur; Adam Satariano; Sasha Maslov (December 9, 2024)
dtau...@gmail.com
Crypto Hackers Steal $2.2bn, Led by North Korea
Hackers stole a total of $2.2 billion from cryptocurrency platforms this year, according to block analytics firm Chainalysis, with 61% of the activity attributed to hackers in North Korea. This year marks the fifth in the past decade that hackers have stolen over $1 billion from crypto firms. The total amount stolen this year represents a 21% year-on-year increase, with the number of individual incidents increasing from 282 in 2023 to 303 in 2024.
[ » Read full article ]
Infosecurity Magazine; Phil Muncaster (December 19, 2024)
U.S. Weighs Ban on Chinese-Made Routers
The U.S. departments of Commerce, Defense, and Justice are investigating home Internet routers manufactured by China's TP-Link, which have been linked to recent cyberattacks. If the agencies determine there is a national security risk, they could ban the sale of TP-Link routers in the U.S. next year. The Department of Justice reportedly is investigating whether TP-Link violated a federal law prohibiting the sale of products for less than their manufacturing costs in an attempt to create a monopoly.
[ » Read full article *May Require Paid Registration ]
The Wall Street Journal; Heather Somerville; Dustin Volz; Aruna Viswanatha (December 18, 2024)
Chinese Cybersecurity Center Accuses U.S. of Hacking, Stealing Tech Secrets
The National Computer Network Emergency Response Technical Team/Coordination Center of China on Wednesday accused the U.S. of carrying out cyberattacks and stealing business secrets from a research center and a data company. An advanced material design research unit has been targeted by U.S. intelligence agencies since August, the center said, through a breach in an electronic document security management system. The center alleged another attack took place in May 2023, when a breach in Microsoft Exchange software was used to invade the email server of a large hi-tech enterprise specializing in smart energy and digital information.
[ » Read full article ]
South China Morning Post; Phoebe Zhang (December 19, 2024)
U.S. Tells Officials, Politicians to Ditch Regular Calls, Texts
In written guidance released on Wednesday, the U.S. Cybersecurity and Infrastructure Security Agency said "individuals who are in senior government or senior political positions" should "immediately review and apply" a series of best practices around the use of mobile devices, following intrusions at American telecom companies attributed to Chinese hackers. The guidance included a warning to avoid traditional phone calls and text messages and advocated the use of end-to-end encrypted communications.
[ » Read full article ]
Reuters; Raphael Satter; A.J. Vicens (December 18, 2024)
Quantum Computing's Threat to Bitcoin Quantified
Researchers at the U.K.'s University of Kent School of Computing said a protocol update that would take Bitcoin offline for 76 days is needed to effectively defend the cryptocurrency from the threat of quantum computing. More likely, the researchers calculated, Bitcoin would instead designate 25% of its server to a protocol update and allow its users to continue to mine and trade the cryptocurrency at a slower pace.
[ » Read full article ]
Fortune; Sasha Rogelberg (December 17, 2024)
Hackers Can Jailbreak Digital License Plates
IOActive researcher Josep Rodriguez demonstrated that Reviver's digital license plates can be hacked within minutes, allowing drivers to evade automatic license plate readers used to catch drivers for toll evasion, speeding, and parking violations, or to track criminal suspects. The "jailbreak" technique involves rewriting the plate's firmware by removing a sticker on the back and attaching a cable to its internal connectors. Custom firmware would allow a hacker to change the plate's display, even potentially putting another driver's license plate number on the screen.
[ » Read full article ]
Wired; Andy Greenberg (December 16, 2024)
Their Job Is to Push Computers Toward AI Doom
AI startup Anthropic's Frontier Red Team is tasked with running safety tests (evals) on its AI models. The team worked with outside experts and internal stress testers to develop evals for its main risk categories: cyber, biological and chemical weapons, and autonomy. Anthropic's "Responsible Scaling Policy" states that it will delay the release of an AI model that comes close to specific capabilities in evals until fixes are implemented.
[ » Read full article *May Require Paid Registration ]
The Wall Street Journal; Sam Schechner; Deepa Seetharaman (December 10, 2024)
Rhode Island Residents’ Data Breached in Large Cyberattack
The personal data of potentially hundreds of thousands of people who applied for government assistance in Rhode Island was accessed by hackers, who have threatened to release the information unless they receive a ransom. State officials said at a news conference on Friday that hackers had gained access to RIBridges, the state’s online portal for obtaining social services.
[ » Read full article *May Require Paid Registration ]
The New York Times; Aimee Ortiz (December 15, 2024)
Biden to Target Chinese Legacy Chips with Trade Investigation
The U.S. is reportedly gearing up to launch an investigation into Chinese production of "legacy" or "foundational" chips. The government is concerned China's increased investments in new factories to manufacture older-model semiconductors could put those in the U.S. and allied countries out of business, making the U.S. supply chain more dependent on China and U.S infrastructure and weaponry vulnerable to cybersecurity threats.
[ » Read full article *May Require Paid Registration ]
The New York Times; Ana Swanson; Paul Mozur (December 16, 2024)
Computer Scientists Earn IMC Test-of-Time Award for Bitcoin Research
A team of computer scientists at the University of California San Diego was recognized with a Test-of-Time Award at ACM's Internet Measurement Conference last week for a 2013 paper that detailed a technique for tracing Bitcoin. The paper concluded that Bitcoin payments are not anonymous; it has been credited with helping identify drug rings, cryptocurrency heists, and money launderers.
[ » Read full article ]
UC San Diego Today; Kimberley Clementi (December 12, 2024)
AI Tools In Education Raise Privacy Concerns
Chalkbeat (12/13) reported that the rise of AI tools in education, such as AI tutors and chatbots, has led to privacy concerns regarding student data. For example, the abrupt shutdown of Los Angeles Unified’s AI tool earlier this year due to the company’s financial issues left behind questions about data handling. Schools are responsible for student data under the Family Education Rights and Privacy Act, but AFT President Randi Weingarten argues that districts should lead in vetting AI tools. Calli Schroeder from the Electronic Privacy Information Center says that AI risks are similar to existing ed-tech tools but on a larger scale. AI platforms like ChatGPT and Google’s Gemini, not specifically designed for education, pose risks, while educational tools like Khanmigo have safeguards but still require cautious use. Anjali Nambiar from Learning Collider emphasizes understanding data usage policies of AI platforms. A survey by Education Week found that 58% of educators received no AI training, posing risks of unintentional data exposure.
Chalkbeat (12/13) consulted various experts to provide nine recommendations for educators using AI. Teachers are advised to consult their school districts regarding vetted AI tools and privacy policies. Organizations like Common Sense Media offer reviews on the safety of ed-tech tools. Teachers should scrutinize AI platforms’ privacy policies to understand data usage and avoid platforms with ambiguous data retention terms. Larger AI companies may offer better privacy safeguards, though caution is still advised. AI should also be used as an assistant, not a replacement, avoiding inputting personal student information. Experts advise enabling maximum privacy settings should be on AI platforms, although this “does not necessarily make AI tools completely safe or compliant with student privacy regulations.” Regardless, transparency with school officials, parents, and students about AI use is encouraged. Teachers can also request AI platforms to delete user data, though this may not resolve all privacy issues.
University Of Central Florida Lost $107K After Hacking Incident
The Miami Herald (12/17, Johnson) reports that the University of Central Florida (UCF) in Orlando lost $107,625 after hackers compromised a vendor’s email, redirecting payments to a fraudulent bank account and overwhelming UCF’s email system to obscure warnings. The theft was discovered 12 days later, with only $2,394 recovered. The Florida auditor general’s report highlighted that UCF continued to process vendor payments without verification even after the incident. The report stated, “The university cannot demonstrate that appropriate measures have been taken to reduce the risk of fraud.” UCF President Alexander Cartwright acknowledged the findings, stating the university has “implemented enhanced procedures” for verifying vendor information. The university is considering hiring an external firm for this purpose and has provided updated fraud detection training to finance staff. Despite the audit, UCF has not released its internal investigative report, citing public records law constraints.
dtau...@gmail.com
Congress Funds Removal of Chinese Telecom Gear
U.S. lawmakers approved $3 billion in funding for a project to remove Chinese equipment from networks nationwide over fears they are vulnerable to cyberattacks. As part of the annual defense budget, Congress approved the funding to complete the “Rip and Replace” program to remove equipment made by the Chinese telecommunications manufacturing giants Huawei Technologies and ZTE from rural U.S. phone networks.
[ » Read full article ]
The Washington Post; Eva Dou; Cate Cadell; Joseph Menn (December 19, 2024)
Japan Airlines Hit by Cyberattack
Japan Airlines announced on Thursday that a cyberattack had affected its systems, leading to delays in domestic and international flight operations, at the outset of one of Japan's busiest travel seasons. JAL has told the police it believes it was the victim of a DDoS attack.
[ » Read full article *May Require Paid Registration ]
Nikkei Asia; Sayumi Take (December 26, 2024)
CISA Seeking Public Comment on Updated NCIRP
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is accepting public comments on a draft version of its updated National Cyber Incident Response Plan (NCIRP) through Jan. 15, 2025. The NCIRP serves as a framework for how governmental agencies and international organizations respond to higher-severity cyber incidents that could disrupt critical infrastructure or damage equipment. The plan covers asset response, threat response, intelligence support, and affected entity response.
[ » Read full article ]
Security Week; Ionut Aghrire (December 17, 2024)
Worldcoin Must Delete All Iris Scan Data, Watchdog Says
Spain's data protection regulator AEPD has ordered Sam Altman's company Worldcoin to delete all iris-scanning data collected since the start of a project that has sparked privacy concerns in several countries. AEPD cited a decision earlier on Thursday by its Bavarian counterpart BayLDA, with whom the agency has cooperated on the case, that found the venture in breach of the EU's General Data Protection Regulation. Worldcoin has said it aims to create a global identity system by getting people to have their irises scanned, in exchange for free cryptocurrency and a digital ID.
[ » Read full article ]
Reuters; Emma Pinedo (December 19, 2024)
APpaREnTLy THiS iS hoW yoU JaIlBreAk AI
The Best-of-N algorithm was able to jailbreak "frontier AI systems across modalities.” Created by researchers at Anthropic, the University of Oxford in the U.K., Stanford University, and the ML Alignment & Theory Scholars (MATS) Program, the algorithm works by repeatedly sampling variations of a prompt with a combination of augmentations, such as random shuffling or capitalization for textual prompts, until a harmful response is elicited. Even small changes to other modalities or methods for prompting AI models, such as speech or images, allowed the bypassing of safeguards.
[ » Read full article *May Require Free Registration ]
404 Media; Emanuel Maiberg (December 19, 2024)
Google Unveils Quantum Chip Willow
Forbes (12/25, Riani) reports that Google has introduced its new quantum computing chip, Willow, featuring 105 qubits. Willow can perform computations in under five minutes that would take classical supercomputers 10 septillion years. This advancement offers significant potential for startups, particularly in pharmaceuticals, renewable energy, and AI, by accelerating problem-solving and enhancing machine learning. However, it also presents cybersecurity challenges, necessitating quantum-resistant protocols. The increased accessibility through cloud platforms could foster collaboration among startups, academia, and tech companies, driving innovation in quantum applications.
dtau...@gmail.com
Apple to Pay $95 Million to Settle Siri Privacy Lawsuit
Apple will pay $95 million to settle a potential class action lawsuit that claimed its voice-activated Siri assistant violated users' privacy. Owners of mobile devices on which Siri was installed complained that Apple routinely recorded private conversations after they activated Siri unintentionally, and shared the information gathered that way with third parties such as advertisers.
[ » Read full article ]
Reuters; Jonathan Stempel (January 2, 2025)
Millions of Fake 'Stars' on GitHub Projects
A study by researchers at cybersecurity platform Socket, Carnegie Mellon University, and North Carolina State University found 4.5 million suspected fake "stars" on GitHub. Stars are similar to “Like” buttons on social media sites; the fake stars are used to artificially boost repository rankings and often to promote malicious content on GitHub.
[ » Read full article ]
BleepingComputer; Bill Toulas (December 31, 2024)
Computers of Senior U.S. Treasury Leaders Accessed in Hack
China-backed hackers broke into the computers of senior U.S. Treasury Department leaders as part of a recent breach of the agency, say insiders, gaining access to drafts and notes for policy decisions, itineraries, and travel planning documents for Treasury leaders, as well as some internal communications. In a Dec. 30 letter to Congress, Treasury characterized the breach as a “major cybersecurity incident” and said the hackers gained access through software provider BeyondTrust.
[ » Read full article *May Require Paid Registration ]
Bloomberg; Jake Bleiberg; Jamie Tarabay (January 2, 2025)
9th Telecom Hacked by Chinese-backed Group
U.S. officials added a ninth telecommunications company to the list of entities compromised by a Chinese-linked cyberespionage operation known as Salt Typhoon. The U.S. Cybersecurity and Infrastructure Security Agency on Dec. 18 urged senior government and political figures to move mobile communications to end-to-end encrypted apps as a result of the breaches. Officials have said "a large number of Americans' metadata was taken" as part of the campaign.
[ » Read full article ]
Reuters; A. J. Vicens (December 27, 2024)
Rules Proposed to Limit Impact of Healthcare Data Leaks
A proposed rule posted to the Federal Register on Friday would require healthcare organizations to boost their cybersecurity to prevent sensitive information from being leaked in breaches. The proposal included requiring the encryption of data so it cannot be accessed even if leaked, and requiring compliance checks to ensure networks meet cybersecurity rules.
[ » Read full article ]
Reuters; A.J. Vicens (December 27, 2024)
dtau...@gmail.com
FCC Launches 'Cyber Trust Mark' for IoT Devices
The U.S. Federal Communications Commission (FCC) launched a cybersecurity safety label for Internet of Things (IoT) consumer devices. The U.S. Cyber Trust Mark includes a logo and a QR code that directs consumers to security information about the product, including the support period, whether automatic software patches and security updates are provided, and information about changing default passwords and ensuring secure device configuration.
[ » Read full article ]
The Hacker News; Ravie Lakshmanan (January 8, 2025)
Taiwan Faced an Average 2.4 Million Cyberattacks per Day in 2024
A report from Taiwan's National Security Bureau revealed that the island's Government Service Network faced an average of 2.4 million cyberattacks per day in 2024, up from 2023's daily average of 1.2 million. Taiwan's telecommunications, transportation, and defense agencies were among those most targeted. The report indicated China's cyber forces were responsible for the majority of the attacks, some of which coincided with Chinese military drills around Taiwan.
[ » Read full article ]
Reuters; Yimou Lee (January 6, 2025)
Engineer Aedan Cullen revealed how he hacked the new Raspberry Pi RP2350 microcontroller at the recent 38th Chaos Communication Congress (38C3), weeks before the winner of the $20,000 Raspberry Pi and Hextree RP2350 Hacking Challenge will be announced on Jan. 14. The sponsors of the challenge hid a secret on RP2350's One Time Programmable (OTP) memory on the chip, said to be a once-set but never-forget binary code. Cullen used a voltage injection glitch attack on pin 53 of the RP2350 chip, which turned on the "permanently disabled" RISC-V cores and their debug access port, enabling him to read the secret.
[ » Read full article ]
Tom's Hardware; Mark Tyson (January 4, 2025)
EU Court Fines EU for Breaching Data Protection Law
The EU General Court has ruled against the European Commission, determining that it transferred the personal data of a German citizen to the U.S. without appropriate safeguards, in violation of the EU's General Data Protection Regulation (GDPR). When registering for a conference, the individual used the "Sign in with Facebook" option on the EU login webpage. The subsequent transfer of the user's IP address to Meta Platforms in the U.S. is not permitted under the GDPR.
[ » Read full article ]
Reuters; Charlotte Van Campenhout (January 8, 2025)
U.S. Sanctions Beijing Cyber Group over Hacks
The U.S. Treasury Department sanctioned the China-based Integrity Technology Group (ITG) for its alleged involvement in hacking incidents targeting critical U.S. infrastructure. Friday's announcement of the sanctions alleged the cybersecurity company’s involvement in a series of attacks attributed to Flax Typhoon, a state-sponsored hacking campaign allegedly linked to the Chinese government.
[ » Read full article ]
Newsweek; Shannon McDonagh (January 3, 2025)
Cybersecurity Expert Amit Yoran Dies at 54
Cybersecurity firm Tenable Holdings said its CEO and Chair Amit Yoran passed away on Jan. 3 at age 54 following a battle with cancer. Yoran co-founded Riptech Inc., a Virginia-based firm that built sensor networks to safeguard corporate and government computers, founded threat detection and response platform NetWitness, and served for a year as director of the U.S. Department of Homeland Security's National Cyber Security Division.
[ » Read full article ]
CNN; Auzinea Bacon (January 4, 2025)
Apple Agrees to $95 Million Settlement Over Siri Privacy Claims
Fox Business (1/3, Revell) reported that Apple agreed to pay $95 million to settle a class action lawsuit alleging Siri violated users’ privacy. The preliminary settlement was filed Tuesday in an Oakland federal court and awaits approval by Judge Jeffrey White. Plaintiffs claimed Siri recorded private conversations, which were disclosed to third parties. Class members may receive up to $20 per device. The settlement covers Siri-enabled devices from Sept. 17, 2014, to Dec. 31, 2024. Apple denied wrongdoing. Lawyers seek $28.5 million in fees and $1.1 million in expenses. A similar lawsuit against Google is pending.
Forthcoming Executive Order Aims To “Plug Holes In Federal Cyber Practices”
NextGov (1/9, Alms, DiMolfetta, Kelley) reports the Administration is planning to “release a swan song cybersecurity executive order that would direct agencies to conform to stricter software procurement procedures, fasten detection response tools onto federal computer systems and much more, according to a draft copy of the order obtained by Nextgov/FCW.” The document has been “in the works for months,” and is “expected to be signed Friday or early next week.” As written, the draft order “directs agencies and their industry clients to think harder about where they get their software and how their softwares’ security is vetted,” and space systems also “get a shoutout in the order.”
Ransomware Attacks On Global Education Sector Declined In 2024
K-12 Dive (1/9) reports that ransomware attacks on the education sector globally decreased from 188 in 2023 to 116 in 2024, according to data released Thursday by Comparitech. Despite the decline, 1.8 million records were affected worldwide, with an average ransom demand of $847,000. Comparitech notes that the total number of confirmed ransomware attacks across all industries also fell, but expects 2024 figures to rise due to delayed reporting. Ransomware incidents in US schools have surged in recent years, increasing by 393% from 2016 to 2022, with 85 additional incidents between November 2022 and October 2024. Notable 2024 attacks include those on Alabama State Department of Education and several school districts, though it’s unclear if ransoms were paid. The FCC’s $200 million pilot program aims to aid schools in covering costs for cybersecurity services and equipment, but demand has far exceeded its capacity, with requests totaling $3.7 billion.
dtau...@gmail.com
Executive Order: New Standards for U.S. Cybersecurity
The Biden administration on Thursday announced an executive order on cybersecurity that imposes new standards for companies selling to the U.S. government and calls for greater disclosure from software providers. As part of the order, the U.S. General Services Administration will have to set policy requiring cloud providers to publish information for clients on how to operate securely. The order further directs the U.S. National Institute of Standards and Technology to develop guidance for handling software updates safely.
[ » Read full article ]
CNBC; Jordan Novet (January 16, 2025)
FBI Wipes Chinese PlugX Malware from Windows PCs in U.S.
The U.S. Federal Bureau of Investigation (FBI), working with law enforcement in France, obtained warrants permitting them to wipe PlugX malware remotely from thousands of Windows-based computers that had been infected. The FBI said a China-linked group called Mustang Panda, also known as Twill Typhoon, had broken into “numerous government and private organizations” in the U.S., Europe, and the Indo-Pacific region. The malware had allowed the threat actors to remotely access and control infected machines, steal files, and deploy additional malware.
[ » Read full article ]
The Register (U.K.); Jessica Lyons (January 14, 2025)
U.S. Bans Russian, Chinese Software, Hardware in Vehicles
A final rule posted on the Federal Register Tuesday bans Russian and Chinese hardware and software from being integrated into U.S. passenger vehicles' connectivity systems and software integrated into automated driving systems. During the rulemaking process, the U.S. Bureau of Industry and Security found that certain technologies originating from the two countries present an undue and unacceptable risk to U.S. national security.
[ » Read full article ]
ABC News; Luke Barr (January 14, 2025)
New NATO Mission to Protect Undersea Cables in Baltic Region
The North Atlantic Treaty Organization (NATO) is launching a new mission to protect undersea cables in the Baltic Sea region, following a string of incidents attributed to sabotage. The Baltic Sentry mission will include naval drones to provide “enhanced surveillance and deterrence," said NATO Secretary-General Mark Rutte. Rutte noted that more than 95% of Internet traffic is secured via undersea cables, and 1.3 million kilometers (808,000 miles) of cables enable an estimated $10 trillion worth of financial transactions daily.
[ » Read full article ]
Associated Press; Lorne Cook; Vanessa Gera (January 14, 2025)
Research Uncovers Major Vulnerability in Wireless Networking Technology
A security flaw in the MU-MIMO (multi-user, multiple input, multiple output) setup procedure could allow threat actors to deploy malicious information on a Wi-Fi network to dramatically slow Internet speeds, according to Northeastern University researchers. MU-MIMO is a key component of Wi-Fi networks, and Northeastern's Francesco Restuccia said the Wi-Fi standard may need to be updated to address the vulnerability.
[ » Read full article ]
Northeastern Global News; Cesareo Contreras (January 9, 2025)
ASML-Backed Dutch University Suspends Classes After Cyber Attack
Eindhoven University of Technology in the Netherlands has suspended classes at least until Tuesday after shutting down its computer network following a cyberattack. The university is a talent feeder for chip machine maker ASML Holding NV, the world’s only producer of advanced lithography machines needed to produce high-end chips. The company last year pledged about $82 million to the university to train doctoral students and upgrade the school’s clean room building, a dust- and contaminant-free environment needed to study chips.
[ » Read full article *May Require Paid Registration ]
Bloomberg; Cagan Koc (January 12, 2025)
National Medal of Science Awarded to ACM Fellow Cynthia Dwork
ACM Fellow Cynthia Dwork, a professor of computer science at Harvard University, is among the 14 recipients of the National Medal of Science presented by President Joe Biden on January 3. She was recognized for her contributions to cryptography, distributed computing, algorithmic fairness, and differential privacy. Dwork previously was awarded the 30-Year Test-of-Time Award at the 2022 ACM Symposium on Theory of Computing, and shared the 2007 Edsger W. Dijkstra Prize in Distributed Computing.
[ » Read full article ]
Harvard University John A. Paulson School of Engineering and Applied Sciences; Anne J. Manning (January 8, 2025)
Biden Signs Executive Order To Boost US Cyber Defenses
CNN (1/16, Lyngaas) reports that President Biden signed an executive order Thursday that is “his final stab at shoring up America’s cyber defenses after a damaging string of cyberattacks on federal networks that US officials have blamed on Chinese and Russian operatives.” According to CNN, “The directive is the product of a monthslong review by US officials of key hacking operations that took place during the Biden administration, from Russia’s alleged disruption of a satellite provider before the Kremlin’s full-scale invasion of Ukraine, to China’s alleged infiltration of US telecom networks to spy on top Republicans and Democrats. The goal is to ‘put the new administration and the country on a path to continued success’ and ‘to make it costlier and harder for China, Russia, Iran and ransomware criminals to hack,’ Anne Neuberger, a senior White House official, told reporters on Wednesday.” Bloomberg (1/16, Bleiberg, Subscription Publication) says Biden’s staff “had been racing to complete the order to federal agencies during their dwindling days in office.”
The Washington Post (1/16, Nakashima) reports that Neuberger “called it the administration’s ‘capstone’ cyber order – ‘designed to put the country on a path to defensible networks across the government and private sector.’ The federal government has learned a lot over the past four years from responding to crises, from Russia’s compromise of the software contractor SolarWinds to China’s hack of the Treasury Department to Russian-speaking criminals’ ransomware attack on Colonial Pipeline, Neuberger said. ‘We’ve spent the better part of a year carefully reviewing incidents to determine exactly how the Chinese and other criminals got through the gate,’ she said.”
CNBC (1/16, Novet) notes that Microsoft “said in 2023 that Chinese attackers had broken into U.S. government officials’ email accounts, prompting a critical federal report and a series of changes at the software maker. Companies selling software to the U.S. government will have to demonstrate that their development practices are secure, according to a statement. There will be ‘evidence that we post on a government website for all software users to benefit from,’ Neuberger said.”
dtau...@gmail.com
White House Disbands Cyber Safety Review Board
The Trump administration has dismissed all members of the Cyber Safety Review Board (CSRB), including those investigating the China-linked hacking group Salt Typhoon. The CSRB was established through an executive order by the previous administration and tasked with reviewing major cyber incidents affecting the U.S. government.
[ » Read full article ]
CSO; John Leyden (January 22, 2025)
FBI Warns Agents of Call Log Thefts by Hackers
The U.S. Federal Bureau of Investigation (FBI) said that months of agents' call and text logs were likely stolen in a cyber breach that hit AT&T in April 2024, in which data from about 109 million customer accounts containing records of calls and texts from 2022 were illegally downloaded. The breach reportedly compromised all FBI devices using its AT&T public safety service. According to an FBI report, the stolen records could connect agents to their confidential sources.
[ » Read full article ]
Reuters; Surbhi Misra; A.J. Vicens (January 16, 2025)
Trump Signs Orders Establishing Cryptocurrency, AI Policy Reviews
Bloomberg (1/23, Subscription Publication) reports President Trump has “signed executive actions related to cryptocurrency and artificial intelligence,” which could bolster both industries. The cryptocurrency order “creates a working group to advise the White House on digital asset policies and will include the involvement of key federal agencies,” and will submit a report “within approximately six months recommending a regulatory framework and legislative proposals, including evaluating the creation of a digital asset stockpile.” However, the order is getting “mixed” reactions, with Bitcoin advocates disappointed that it “didn’t specify that the largest cryptocurrency would be at the center of a national reserve as many had speculated.” Reuters (1/23) reports the action also “ordered that banking services for crypto companies be protected, alluding to industry claims that U.S. regulators have directed lenders to cut crypto companies off from banking services.”
Also reporting is the New York Times (1/23, Yaffe-Bellany).
NORTH KOREAN FAKE IT WORKERS: The U.S. government delivered another blow to North Korea’s fake IT worker scheme Thursday, with the Department of Justice announcing indictments against five men for fraudulently obtaining remote credentials to work with American companies and generate revenue for Pyongyang, CyberScoop reports. The indictments of North Korean nationals Jin Sung-Il and Pak Jin-Song, Mexican national Pedro Ernesto Alonso De Los Reyes, and U.S. nationals Erick Ntekereze Prince and Emanuel Ashtor follow previous DOJ actions targeting related schemes, and come a week after the Treasury Department sanctioned two individuals and four entities for allegedly engaging in similar behavior.
The FBI said the North Korean IT workers' activity is "increasingly malicious" and has recently included data extortion. FBI is warning the public, private sector, and international community about North Korean IT workers' continued victimization of U.S.-based businesses. In recent months, in addition to data extortion, FBI has observed North Korean IT workers leveraging unlawful access to company networks to exfiltrate proprietary and sensitive data, facilitate cyber-criminal activities, and conduct revenue-generating activity on behalf of the regime.
A NEW ATTACK TO TAKE DOWN A POWER GRID?: Renewable energy facilities throughout Central Europe use unencrypted radio signals to receive commands to feed or ditch power into or from the grid that serves some 450 million people throughout the continent, Ars Technica reports. Fabian Bräunlein and Luca Melette stumbled on their discovery largely by accident while working on what they thought would be a much different sort of hacking project. After observing a radio receiver on the streetlight poles throughout Berlin, they got to wondering: Would it be possible for someone with a central transmitter to control them en masse, and if so, could they create a city-wide light installation along the lines of Project Blinkenlights?
After an extensive and painstaking reverse-engineering process that took about a year, Bräunlein and Melette learned that they could indeed control the streetlights simply by replaying legitimate messages they observed being sent over the air previously. They then learned something more surprising—the very same system for controlling Berlin’s lights was used throughout Central Europe to control other regional infrastructure, including switches that regulate the amount of power renewable electric generation facilities feed into the grid.
New GhostGPT AI chatbot facilitates malware creation and phishing
Cybercriminals are selling access to a new malicious generative AI chatbot called GhostGPT. The AI tool is designed to assist with malicious activities such as malware creation and phishing emails. Researchers from Abnormal Security observed the cybercrime tool being sold through Telegram from the end of 2024. They believe GhostGPT uses a wrapper to connect to a jailbroken version of ChatGPT or another open-source large language model (LLM), ensuring uncensored responses for customers. (INFOSECURITY-MAGAZINE.COM)
More than 20% of healthcare organizations changed senior leadership after cyberattack: survey
The attacks more often end in financial losses for the sector. Nearly 70% of healthcare companies reported a cyberattack resulted in financial damage, compared with 60% in other industries. Healthcare organizations faced other consequences after cyberattacks as well. One in five said they experienced a change in senior leadership after an attack, while 19% reported lawsuits. (HEALTHCAREDIVE.COM)
Entire Georgian country population exposed in a massive data leak
A ghost database containing millions of records on Georgian citizens appeared in the cloud and then mysteriously vanished. The concerning leak potentially leaves sensitive personal data vulnerable to malicious actors. Bob Dyachenko, a cybersecurity researcher and owner of SecurityDiscovery.com, and the Cybernews research team discovered an unprotected Elasticsearch index. Elasticsearch is a platform for data analytics and search in near real-time. (CYBERNEWS.COM)
Record number of ransomware attacks in December 2024
NCC Group on Wednesday published its cyber threat intelligence report for December 2024 and pointed out that the number of ransomware attacks seen at the end of the year is the highest of any month since it started tracking such activity in 2021. The cybersecurity firm saw 574 ransomware attacks in December 2024, with a new threat group named FunkSec accounting for more than 100 attacks, or 18% of the total. The group, whose members are likely inexperienced hackers, appears to be involved in both hacktivism and cybercrime. (SECURITYWEEK.COM)
DoD defense contractor Stark AeroSpace potentially breached by INC ransomware
The ransomware gang posted Stark Aerospace on its dark leak blog on Thursday, claiming to have a whopping 4TB of data – including source code, design plans, employee passports, and firmware for all the UAVs produced. Understanding the treasure trove of data allegedly stolen in the attack, INC Ransom posted a note listing the content of the massive cache in question—along with a "proof pack" of close to 40 file samples allegedly exfiltrated from the aerospace company. (CYBERNEWS.COM)
Tesla charger exploits earn hackers $129,000 at Pwn2Own
One team earned $50,000 — the maximum amount for hacking the Tesla Wall Connector — for taking over the device and crashing it. Another team earned $45,000 for what ZDI described as an inventive Tesla charger exploit that leveraged the charging connector. Two other teams earned $22,500 and $12,500 rewards for hacking Tesla EV chargers — the amounts are smaller because the exploits involved previously known bugs. (SECURITYWEEK.COM)
Hundreds of fake Reddit sites push Lumma Stealer malware
Hackers are distributing close to 1,000 web pages mimicking Reddit and the WeTransfer file sharing service that lead to downloading the Lumma Stealer malware. On the fake pages, the threat actor is abusing the Reddit brand by showing a fake discussion thread on a specific topic. The thread creator asks for help to download a specific tool, another user offers to help by uploading it to WeTransfer and sharing the link, and a third thanks him to make everything appear legitimate. (BLEEPINGCOMPUTER.COM)
QakBot-linked BC malware adds enhanced remote access and data gathering features
A notable feature of the QakBot, alongside IcedID, is its BC module that offers the threat actors the ability to use the host as a proxy, as well as offer a remote-access channel by means of an embedded VNC component. Walmart's analysis has revealed that the BC module, besides containing references to old QakBot samples, has been further enhanced and developed to gather system information, more or less acting as an autonomous program to facilitate follow-on exploitation. (THEHACKERNEWS.COM)
Subaru security flaws exposed its system for tracking millions of cars
About a year ago, security researcher Sam Curry bought his mother a Subaru, on the condition that, at some point in the near future, she let him hack it. It took Curry until last November, when he was home for Thanksgiving, to begin examining the 2023 Impreza's internet-connected features and start looking for ways to exploit them. Sure enough, he and a researcher working with him online, Shubham Shah, soon discovered vulnerabilities in a Subaru web portal that let them hijack the ability to unlock the car, honk its horn, and start its ignition, reassigning control of those features to any phone or computer they chose. (WIRED.COM)
Palo Alto firewalls found vulnerable to secure boot bypass and firmware exploits
An exhaustive evaluation of three firewall models from Palo Alto Networks has uncovered a host of known security flaws impacting the devices' firmware as well as misconfigured security features. "These weren't obscure, corner-case vulnerabilities," security vendor Eclypsium said in a report shared with The Hacker News. "Instead these were very well-known issues that we wouldn't expect to see even on a consumer-grade laptop. These issues could allow attackers to evade even the most basic integrity protections, such as Secure Boot, and modify device firmware if exploited." (THEHACKERNEWS.COM)
Cloudflare CDN bug outs user locations on Signal, Discord
A 15-year-old security researcher who goes by only "Daniel" published research on GitHub Gist about the flaw — which he discovered three months ago — as a warning for journalists, activists, and hackers, who could be at physical risk. The flaw allows an attacker to grab the location of any target within a 250-mile radius when a vulnerable app is installed on a target's phone, or even as a background application on their laptop. Using either a one-click or zero-click approach, an attacker can use the app to "send a malicious payload and deanonymize you within seconds — and you wouldn't even know," Daniel wrote. (DARKREADING.COM)
QNAP fixes six Rsync vulnerabilities in NAS backup, recovery app
QNAP has fixed six rsync vulnerabilities that could let attackers gain remote code execution on unpatched Network Attached Storage (NAS) devices. Rsync is an open-source file synchronization tool that supports direct file syncing via its daemon, SSH transfers via SSH, and incremental transfers that save time and bandwidth. It's widely used by many backup solutions like Rclone, DeltaCopy, and ChronoSync, as well as in cloud and server management operations and public file distribution. (BLEEPINGCOMPUTER.COM)
Custom backdoor exploiting magic packet vulnerability in Juniper routers
According to the Black Lotus Labs team at Lumen Technologies, the activity is so named for the fact that the backdoor continuously monitors for a "magic packet" sent by the threat actor in TCP traffic. Evidence gathered by the company shows that the earliest sample of the backdoor dates back to September 2023, with the activity ongoing between mid-2023 and mid-2024. Semiconductor, energy, manufacturing, and information technology (IT) sectors were the most targeted. (THEHACKERNEWS.COM)
War game pits China against Taiwan in all-out cyberwar
If China attacked Taiwan, how could Taiwan defend its critical communications infrastructure from cyberattack? Last year, Dr. Nina A. Kollars and Jason Vogt — both associate professors at the US Naval War College (USNWC) Cyber and Innovation Policy Institute (CIPI) — designed a war game to inspire some novel strategies. They enlisted government and private sector cybersecurity experts at Black Hat and DEF CON to participate, and presented the results at ShmooCon earlier this month. (DARKREADING.COM)
Hackers imitate Kremlin-linked group to target Russian entities
A little-known hacking group has been mimicking the tactics of a prominent Kremlin-linked threat actor to target Russian-speaking victims, according to new research. In its latest campaign, the group being dubbed GamaCopy used phishing documents disguised as official reports about the location of Russian armed forces’ facilities in Ukraine. It also deployed an open-source software called UltraVNC to remotely access victims’ systems. (THERECORD.MEDIA)
Cyber Command’s order creates ‘inflection point’ for DoDIN
The Department of Defense is pushing the responsibility to defend 3.5 million end points to where these devices live. Commanders and directors now are charged with the defensive cyber operations over their network and security operations connected to the DoDIN, with the management of the Cyber Operational Forces securing their networks and data and for operating and defending their mission space. But the DoDIN Command Operational Framework, signed by Gen. Tim Haugh, the commander of U.S. Cyber Command and the National Security Agency, in September that outlines these new responsibilities, doesn’t mean the end of the Joint Force Headquarters-Department of Defense Information Network (JFHQ-DoDIN). Rather, Lt. Gen. Paul Stanton, director of the Defense Information Systems Agency and commander of JFHQ-DoDIN, said this change is a “transformational moment” in the now 10-year history of the cyber operations organization. (FEDERALNEWSNETWORK.COM)
New York fines PayPal $2 million for shoddy security practices
The New York state department of financial services said the seven-figure payout would be part of a settlement deal stemming from the 2022 data breach that saw some customer Social Security numbers exposed to threat actors. The state found that PayPal botched the 2022 rollout of a system designed to help account holders access their 1099 income tax forms. As a result of the faulty portal system, users were able to pull up forms of other account holders, which included, among other data, Social Security numbers. (SCWORLD.COM)
dtau...@gmail.com
Sensitive DeepSeek Data Exposed to Web
Cybersecurity firm Wiz said in a blog post that scans of Chinese AI startup DeepSeek's infrastructure showed that company had inadvertently left more than a million lines of data available unsecured, including digital software keys and chat logs that appeared to capture prompts being sent from users to the company's recently unveiled AI assistant. After alerting DeepSeek of the find, the company quickly secured the data.
[ » Read full article ]
Reuters; Raphael Satter (January 29, 2025)
Apple CPU Side-Channel Attacks Steal Data from Browsers
In separate papers, researchers at the Georgia Institute of Technology and Germany's Ruhr University Bochum detailed new CPU side-channel attacks involving modern Apple processors that can be remotely executed by a Web browser using a malicious webpage containing JavaScript or WebAssembly code. Dubbed False Load Output Prediction (FLOP) and Speculative Load Address Prediction (SLAP), the attacks take aim at features that predict future instructions in an effort to accelerate processing. Apple said it plans to address the vulnerabilities.
[ » Read full article ]
BleepingComputer; Bill Toulas (January 28, 2025)
Mirai Botnet Launched Record 5.6 Tbps DDoS Attack with 13,000+ IoT Devices
Cloudflare said the biggest-ever distributed denial-of-service (DDoS) attack occurred on Oct. 29, 2024, lasting just 80 seconds before being detected and blocked. The 5.6 Terabit per second (Tbps) UDP protocol-based attack originated from a Mirai-variant botnet affecting more than 13,000 Internet of Things (IoT) devices and targeting an unnamed Internet service provider in Eastern Asia. The attack broke the previous record for the biggest volumetric DDoS attack, which occurred earlier in the same month and peaked at 3.8 Tbps.
[ » Read full article ]
The Hacker News; Ravie Lakshmanan (January 22, 2025)
Principles to Reduce NIDS Noise in SOCs
Researchers at the Netherlands' Eindhoven University of Technology have identified actionable solutions to improve the efficiency of security operations centers (SOCs), with a focus on low-noise detection rules for Network Intrusion Detection Systems (NIDS). Their study looked at 290,000 unique rules and 30 million alerts generated at a commercial SOC over an 11-month period. They will present their work at the ACM Asia Conference on Computer and Communications Security (ASIA CCS ’25) in Hanoi this August.
[ » Read full article ]
Cyber Security News; Balaji N (January 20, 2025)
AI, Holograms Create Uncrackable Optical Encryption System
By combining AI with holographic encryption, a team led by Stelios Tzortzakis at the University of Crete in Greece developed an ultra-secure data protection system that uses neural networks to retrieve elaborately scrambled information stored as a hologram. The researchers found the neural network could accurately retrieve encoded images 90-95% of the time.
[ » Read full article ]
Optica (January 30, 2025)
DeepSeek Suffers “Large-Scale” Cyberattack The AP (1/27, Parvini) reports DeepSeek on Monday “said that it had suffered ‘large-scale malicious attacks’ on its services,” which “disrupted users’ ability to register on the site.” In response, Reuters (1/27, Baptista, Kachwala, Bajwa) reports DeepSeek announced it would “temporarily limit registrations.” However, DeekSeek “resolved issues relating to its application programming interface and users’ inability to log in to the website, according to its status page.”
China’s DeepSeek Raises Questions About US Export Controls, Creates AI Urgency For Administration
The New York Times (1/28, Swanson, Tobin) reports that the US “has worked steadily over the past three years to limit China’s access to the cutting edge computer chips that power advanced artificial intelligence systems,” with an aim “to slow China’s progress in developing sophisticated A.I. models.” But now DeepSeek, a Chinese firm, “has created that very technology,” raising “big questions about export controls built by the United States in recent years” and provoking “a fierce debate over whether US technology controls have failed.”
Reuters (1/28, Shalal, Shepardson, Raj Singh) says, “US officials are looking at the national security implications of the Chinese artificial intelligence app DeepSeek, White House press secretary Karoline Leavitt said on Tuesday, while...Trump’s crypto czar said it was possible that intellectual property theft could have been at play.”
Meanwhile, the New York Times (1/28, Yuan) reports, “Inside China, it was called the tipping point for the global technological rivalry with the United States and the ‘darkest hour’ in Silicon Valley, evoking Winston Churchill.” The Times calls it “possibly a breakthrough that could change the country’s destiny.”
Google Warns Hackers In Over 20 Countries Using Gemini AI Tool To Increase Efficiency
The Wall Street Journal (1/29, Volz, McMillan, Subscription Publication) reports Google released findings Wednesday that hackers linked to China, Iran, and over 18 other countries are utilizing Google’s Gemini chatbot for tasks like writing malicious code and researching targets. The report highlights that groups tied to China, Iran, Russia, and North Korea appear to currently use Gemini to increase productivity, not to develop new hacking techniques.
dtau...@gmail.com
DeepSeek Linked to Banned Chinese Telecom
The website of China's DeepSeek, whose chatbot became the most downloaded app in the U.S. shortly after its release, contains computer code that could send some user login information to a Chinese state-owned telecommunications company barred from operating in the U.S. Canadian cybersecurity company Feroot Security identified heavily obfuscated computer script on the Web login page of the chatbot that shows connections to computer infrastructure owned by China Mobile.
[ » Read full article ]
Associated Press; Byron Tau (February 5, 2025)
Global Ransomware Payments Plunge by a Third
Ransomware payments fell by more than a third last year to $813 million, compared to $1.25 billion in 2023, according to research firm Chainalysis. The blockchain analysis firm said payments dropped off sharply in the second half of the year, reflecting the impact of actions taken against cybercriminals by law enforcement and a refusal to pay by those being blackmailed. Chainalysis' Jacqueline Burns Koven said the new figures indicated a “ransomware apocalypse” had been avoided.
[ » Read full article ]
The Guardian (U.K.); Dan Milmo (February 5, 2025)
Researchers Calculate Cyberattack Risk for All 50 U.S. States
University of Maryland researchers have developed a "heat map" of aggregate U.S. cyber risk based on data from 3,065 county governments, which shows a heightened risk of cyberattacks in California, Virginia, and Florida. They also found most counties vulnerable to the attack methods studied are located in the Southeast, and domain-name service misconfigurations and insecure authorizations are the most common threat type.
[ » Read full article ]
Maryland Today; John Tucker (February 4, 2025)
Federated Learning Under Siege
Researchers in the U.S. and China demonstrated a poisoning attack targeting federated unlearning. The attack, BadUnlearn, ensures the unlearned model closely resembles the poisoned one through the strategic injection of malicious model updates that align with aggregation rules. The researchers then introduced a federated unlearning framework intended to maintain a global model's integrity. The framework, UnlearnGuard, uses historical model updates stored by the server to help detect and filter out poisoned updates.
[ » Read full article ]
Devdiscourse (February 3, 2025)
Chinese-Made Patient Monitor Contains a Secret Backdoor
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned of a threat discovered in three firmware versions of a patient monitor made by China-based Contec Medical Systems. The monitor was configured to connect to an IP address for a third-party university with no connection to the manufacturer, enabling the university to remotely download and execute unverified files on the patient monitor, CISA said. The backdoor also automatically sends patient data to the IP address.
[ » Read full article ]
PC Magazine; Michael Kan (January 31, 2025)
International Police Op Takes Down Cybercrime Marketplaces
An international law enforcement operation has taken down two of the largest cybercrime marketplaces. In addition to the arrest of two individuals and confiscation of servers and other devices, the operation resulted in the shutdown of 12 accounts and two domains used by the cybercrime forums known as Cracked and Nulled.
[ » Read full article ]
UPI; Darryl Coote (January 31, 2025)
58% of Ransomware Victims Forced to Shut Down Operations
A report from the Ponemon Institute found that 58% of organizations affected by ransomware attacks last year had to cease operations as a result, up from 45% in 2021. Forty percent of organizations experienced a substantial loss of revenue due to such an attack, up from 22%, while 35% reported brand damage, up from 21%.
[ » Read full article ]
Infosecurity Magazine; James Coker (January 28, 2025)
Republicans Mute Attacks on Cybersecurity Agency
Republican lawmakers appear to be shifting gears when it comes to the U.S. Cybersecurity and Infrastructure Security Agency (CISA), joining with U.S. Homeland Security Secretary Kristi Noem in emphasizing its essential mission in safeguarding critical infrastructure from nation-state hackers and ransomware attacks. U.S. President Donald Trump has maintained former President Joe Biden's last executive order on cybersecurity, which requires federal agencies' software vendors to show their security standards can hold up to cyberattacks like Salt Typhoon.
[ » Read full article *May Require Paid Registration ]
The Washington Post; Joseph Menn (February 3, 2025)
Chinese, Iranian Hackers Use U.S. AI Products to Bolster Cyberattacks
Hackers linked to China, Iran, and other foreign governments are using the latest U.S. AI technology to bolster their cyberattacks, according to U.S. officials and security researchers. Google’s cyber-threat experts say that in the last year, dozens of hacking groups in more than 20 other countries deployed Google's Gemini chatbot to assist with malicious code writing and targeting.
[ » Read full article *May Require Paid Registration ]
The Wall Street Journal; Dustin Volz; Robert McMillan (January 30, 2025)
dtau...@gmail.com
DOGE Hit With Suit Over 'Data Breach'
The Electronic Privacy Information Center is suing the Trump administration’s Department of Government Efficiency (DOGE) and other federal agencies over what it calls “the largest and most consequential data breach in U.S. history.” The suit also targets the U.S. Office of Personnel Management and Treasury Department and their leadership, alleging they administered systems containing “vast quantities” of sensitive personal information while failing to comply with the Federal Information Security Modernization Act, and that they violated the Privacy Act by disclosing that data.
[ » Read full article ]
Bloomberg Law; Sam Skolnik (February 11, 2025)
CISA Election Security Officials Placed on Leave
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has placed members of its election security team on administrative leave. Tricia McLaughlin, assistant secretary of the U.S. Department of Homeland Security, confirmed that CISA employees working on foreign influence operations and disinformation had been placed on administrative leave pending review. The affected staff had worked with election officials to counter a range of cybersecurity threats.
[ » Read full article ]
TechCrunch; Carly Page (February 11, 2025)
Apple Fixes Zero-Day Exploited in 'Extremely Sophisticated' Attacks
Apple issued emergency security updates to fix a zero-day vulnerability that allowed attackers to bypass USB Restricted Mode, which prevents accessories from making a data connection with iPhones and iPads that are locked for more than an hour. The feature is designed to block forensic software from extracting data from locked iOS devices. The vulnerability was an authorization issue now addressed in iOS 18.3.1, iPadOS 18.3.1, and iPadOS 17.7.5 with improved state management.
[ » Read full article ]
BleepingComputer; Sergiu Gatlan (February 10, 2025)
Hackers Expose Iridium Satellite Security Flaws
German white hat hackers demonstrated how to intercept text messages sent via U.S. satellite communication system Iridium and locate users with an accuracy of about 4 kilometers. During a presentation at the Chaos Communication Congress in late December, the hackers highlighted the vulnerabilities, which they said can be exploited using a commercially available Iridium antenna, a software-defined radio receiver, and a basic computer such as the Raspberry Pi.
[ » Read full article ]
IEEE Spectrum; Tereza Pultarova (February 12, 2025)
Keep Hardware Safe by Cutting Out Code's Clues
A security method developed by researchers at the Massachusetts Institute of Technology improves the effectiveness of address space layout randomization against hardware attacks. The "Oreo" method removes random bits of addresses that lead to program instructions and inserts a "masked address space" between virtual and physical memory to re-map code from random virtual addresses to fixed locations before the hardware executes the code.
[ » Read full article ]
MIT News; Alex Shipps (February 11, 2025)
Russia's Zservers Sanctioned for Supporting Ransomware
The U.S. Treasury Department on Tuesday announced a joint effort with the U.K. and Australia to sanction Russian-based Internet hosting provider Zservers for its role in supporting global ransomware outfits like LockBit. Zservers has built a reputation as a safe haven for cybercriminals to evade law enforcement investigators. Officials accuse Zservers of subleasing IP addresses and running the programming interface malware used by LockBit and other Russian-related cybercriminals.
[ » Read full article ]
UPI; Clyde Hughes (February 11, 2025)
Trump Taps RNC Executive as National Cyber Director
U.S. President Trump is nominating Republican National Committee (RNC) executive Sean Cairncross as his national cyber director, marking the first significant cybersecurity nomination of the administration. If confirmed, Cairncross would lead the White House's Office of the National Cyber Director, which was established shortly before former U.S. President Joe Biden took office to be the president's principal adviser on cybersecurity matters.
[ » Read full article ]
Axios; Sam Sabin (February 11, 2025)
U.K. Demands Access to Apple Users' Encrypted Data
The U.K. government has demanded that Apple give it the ability to access encrypted data stored by Apple users in its cloud service. The demand was served by the government’s Home Office under the Investigatory Powers Act and applies to all content stored using "Advanced Data Protection" (ADP). ADP uses end-to-end encryption and is an opt-in service for users.
[ » Read full article ]
BBC News; Zoe Kleinman (February 7, 2025)
Europol Urges Banks to Prepare for Quantum Computer Risks
A group led by the European Union Agency for Law Enforcement Cooperation (Europol) is urging banks to start preparing now for the risks posed by quantum computers to the encryption of sensitive data. "For the financial industry, the advent of quantum computers poses a risk to customer confidentiality and peer communications, authentication processes, and trust in digital signatures," the Quantum Safe Financial Forum said in a call to action.
[ » Read full article ]
Reuters; Toby Sterling (February 7, 2025)
Russian Bot Army Tries to Swing German Election
The German Office of Foreign Affairs attributes an increase in disinformation on X ahead of the country's Feb. 23 election to Russian bots. The office issued a report indicating the Kremlin-backed Doppelgänger campaign is using AI-generated content, pseudo-news websites, and sleeper accounts to disseminate false information. According to the report, activity by ghost accounts on X jumped to more than 3,000 posts in a single day at the end of January after rarely posting more than 50 times per day during the previous two months.
[ » Read full article ]
Politico Europe; Chris Lunday (February 6, 2025)
CISA Orders Agencies to Patch Linux Kernel Bug
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to secure their systems against a high-severity Linux kernel flaw actively exploited in attacks. Tracked as CVE-2024-53104, the bug was first introduced in kernel version 2.6.26 and has been since patched by Google for Android users. According to Google, the vulnerability is caused by an out-of-bounds write weakness in the USB Video Class driver.
[ » Read full article ]
BleepingComputer; Sergiu Gatlan (February 5, 2025)
Cyberattack Disrupts Publication of Newspapers
Newspapers across the U.S. owned by Lee Enterprises last week were unable to print, had problems with their websites, and published smaller issues as a result of a cyberattack. Lee Enterprises is the parent company of more than 70 daily newspapers and nearly 350 weekly and specialty publications in 25 states. Problems, which started last Monday, were still evident as of yesterday on the websites of many of the affected publications.
[ » Read full article *May Require Free Registration ]
The New York Times; Amanda Holpuch (February 9, 2025)
dtau...@gmail.com
Russian Hackers Snoop on Ukrainian Signal Accounts
Google said Russian state-linked hacking groups have gained access to the Signal messenger accounts of some Ukrainian military staffers. The hackers have leveraged the "linked devices" feature to connect victims' accounts to their own devices, or linked the victims' accounts to their interfaces using malicious group invite links or QR codes. Signal has responded by rolling out a new user interface, additional authentication steps, and notifications for new linked devices.
[ » Read full article ]
Politico Europe; Antoaneta Roussi (February 19, 2025)
China Hunts for Ways to Protect Data from Quantum Computers
China's Institute of Commercial Cryptography Standards (ICCS) is developing its own post-quantum cryptography (PQC) algorithms, opting against those created through a project at the U.S. National Institute of Standards and Technology (NIST). ICCS has not commented on the reason for its effort, but some believe China is worried about secret "back doors" in NIST's algorithms or seeks to develop algorithms with its own back doors.
[ » Read full article ]
New Scientist; Matthew Sparkes (February 17, 2025)
Microsoft: Russian-Linked Hackers Using 'Device Code Phishing' to Hijack Accounts
Microsoft researchers have identified a threat cluster, dubbed Storm-2372, that appears tied to Russian-linked hackers and has targeted government agencies, non-governmental organizations, IT services, and technology, defense, telecommunications, health, higher education, and energy/oil and gas sectors in Europe, North America, Africa, and the Middle East. The attacks involve the use of "device code phishing," which allows the threat actor to obtain authentication tokens that can be used to access the user's accounts and data.
[ » Read full article ]
The Hacker News; Ravie Lakshmanan (February 14, 2025)
Virginia Tech Researchers Raise Red Flags About Mixed-Reality Security
Virginia Polytechnic Institute and State University researchers found that mixed-reality systems could be compromised by click redirection attacks, object occlusion attacks, and latency attacks. Their study involved Microsoft's HoloLens 2 headset, which was discontinued last year. The researchers, who acknowledged the HoloLens 2 platform is outdated, called for safety features to be built into mixed-reality headsets so users are aware of the objects around them and are alerted to security threats.
[ » Read full article ]
Computerworld; Agam Shah (February 18, 2025)
U.K. Drops 'Safety' from AI Body
The U.K. has rebranded the AI Safety Institute to the AI Security Institute, signaling a shift away from examining large language models for issues such as bias. Said Secretary of State for Science, Innovation, and Technology Peter Kyle, “The work of the AI Security Institute won’t change, but this renewed focus will ensure our citizens, and those of our allies, are protected from those who would look to use AI against our institutions, democratic values, and way of life.”
[ » Read full article ]
TechCrunch; Ingrid Lunden (February 13, 2025)
U.K. Demand for a Back Door to Apple Data Threatens Americans, Lawmakers Say
American security could be compromised by a U.K. government order, issued under the Investigatory Powers Act, that Apple provide officials with backdoor access to encrypted data, argued congressmen in a note to U.S. National Intelligence Director Tulsi Gabbard. They urged Gabbard to demand the U.K. rescind the order, which could make U.S. citizens' data vulnerable to hackers and expose them to foreign surveillance. If the order is not retracted, U.S. lawmakers may reconsider cooperative efforts with the U.K. on deep intelligence sharing and cybersecurity.
[ » Read full article *May Require Paid Registration ]
Washington Post; Joseph Menn (February 13, 2025)
South Korea Bans Downloads of DeepSeek's AI App
South Korea said on Monday it had temporarily suspended new downloads of an AI chatbot made by China's DeepSeek. Regulators said the app service would resume after they verified it complied with South Korea’s laws on protecting personal information. The app had become one of the country’s most popular downloads in the AI category. Earlier this month, South Korea directed many government employees not to use DeepSeek products on official devices.
[ » Read full article *May Require Paid Registration ]
New York Times; Meaghan Tobin; Jin Yu Young (February 17, 2025)
How AI Can Protect Undersea Pipelines, Cables
AI is being leveraged to protect critical underwater infrastructure, with the ultimate goal of creating an undersea map that can sift through vast amounts of data to identify potential threats in real time. German startup North.io is using technology from Nvidia, IBM, and others to develop systems that can distinguish between natural elements and potential threats to undersea technology. North.io researchers are training AI to analyze data from multiple sources.
[ » Read full article *May Require Paid Registration ]
The Wall Street Journal; William Boston (February 17, 2025)
dtau...@gmail.com
Hackers Steal $1.5 Billion from Exchange Bybit in Biggest-Ever Crypto Heist
Threat actors associated with the North Korean state-sponsored hacking collective Lazarus Group have stolen $1.5 billion from the cryptocurrency exchange Bybit in the biggest crypto heist reported so far. The attackers gained access to Bybit's offline secure storage system, known as a cold wallet. The funds, mainly in ether, were transferred among numerous wallets and then liquidated using several platforms. Tom Robinson of the blockchain analytics firm Elliptic said the hackers' addresses have been labeled in its software to stop cash-outs of the stolen funds via other exchanges.
[ » Read full article ]
CNBC; MacKenzie Sigalos (February 22, 2025)
Apple Pulls Data Protection Tool After U.K. Government Security Row
Apple's Advanced Data Protection (ADP) tool is unavailable to U.K. customers following a request from the Home Office under the Investigatory Powers Act to access user data to which Apple itself has no access. The ADP tool allows account holders to view photos, documents, and other items stored on Apple's iCloud via end-to-end encryption. U.K. Apple users have been unable to activate the ADP service as of Feb. 21, and access for existing users will be disabled at some point.
[ » Read full article ]
BBC; Zoe Kleinman (February 22, 2025)
CISA Adds Palo Alto Networks, SonicWall Flaws to Exploited Vulnerabilities List
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added security vulnerabilities affecting Palo Alto Networks PAN-OS and SonicWall SonicOS SSLVPN to its Known Exploited Vulnerabilities catalog. The two flaws, an authentication bypass vulnerability in the PAN-OS management Web interface and an improper authentication vulnerability in the SSLVPN authentication mechanism, are being actively exploited by threat actors. Federal Civilian Executive Branch agencies have until March 11 to remediate the vulnerabilities and secure their networks.
[ » Read full article ]
The Hacker News; Ravie Lakshmanan (February 19, 2025)
DeepSeek 'Shared User Data' with TikTok Owner ByteDance
South Korea said Chinese AI startup DeepSeek shares user data with TikTok owner ByteDance, but it has "yet to confirm what data was transferred and to what extent." Data protection concerns prompted the removal of DeepSeek from app stores in South Korea. A review of DeepSeek's Android app by U.S. cybersecurity firm Security Scorecard found "multiple direct references to ByteDance-owned" services, "suggest[ing] deep integration with ByteDance's analytics and performance monitoring infrastructure."
[ » Read full article ]
BBC; Imran Rahman-Jones (February 18, 2025)
Chinese Team's Record Transmission Lays Ground for Quantum Internet
Researchers at China's Tsinghua University, the Beijing Academy of Quantum Information Sciences, and the North China University of Technology developed a quasi-quantum secure direct communication (QSDC) protocol, which achieved a record data transmission rate of 2.38 kbps over 104.8 km (65 miles) of standard telecommunications optical fiber. The protocol, which can detect eavesdropping, could help pave the way for a quantum Internet.
[ » Read full article ]
South China Morning Post; Victoria Bela; Holly Chik (February 25, 2025
EU to Spend Nearly a Billion Euros to Protect Undersea Cables
The European Commission's executive vice president in charge of security, Henna Virkkunen, said on Feb. 21 that nearly €1 billion of its budget will be redirected to increasing undersea cable surveillance and assembling a fleet of emergency repair vessels. Said Virkkunen, "We want to make sure Europe is equipped not only to prevent and detect sabotage to cables but also to actively deter, repair, and respond to any threat to critical infrastructure."
[ » Read full article ]
Reuters; Lili Bayer; Anne Kauranen (February 21, 2025)
OpenAI Uncovers Evidence of AI-Powered Chinese Surveillance Tool
OpenAI said it found evidence that a Chinese security operation developed an AI-powered surveillance tool to assemble real-time reports about anti-Chinese posts on Western social media. OpenAI researchers discovered the tool when one of its developers used OpenAI's models to debug its underlying computer code. The researchers also identified another campaign in which Chinese developers used OpenAI's technologies to produce English-language posts that were critical of Chinese dissidents.
[ » Read full article *May Require Paid Registration ]
The New York Times; Cade Metz (February 21, 2025)
Large Language Models Pose Growing Security Risks
In the absence of government policy on the security of large language models (LLMs), companies face new cybersecurity challenges from them, particularly from the unstructured and conversational nature of user interactions. In addition to the possibility of employees inputting sensitive corporate data into LLMs, companies should be concerned that information generated by LLMs could contain malicious code, infringe on intellectual property, or violate copyright. Further, threat actors can use prompt injection attacks to manipulate models to perform certain actions.
[ » Read full article *May Require Paid Registration ]
The Wall Street Journal; Steven Rosenbush (February 20, 2025)
California's Radical Idea for Data Privacy: Enforce the Law
California requires data brokers to register with the state or face fines of $200 per day, a requirement that could give its Delete Act some teeth at a time when noncompliance with state data privacy laws is a significant issue. The state’s privacy watchdog recently filed suit against National Public Data for failure to comply with the registration requirement.
[ » Read full article *May Require Paid Registration ]
The Washington Post; Shira Ovide (February 21, 2025)
Espionage Groups Target Drone Technology Makers, Researchers Say
As drones are used in warfare, the risk of cyber spies gaining access to sensitive data is on the rise. Resecurity Inc. researchers found espionage groups have searched the dark web for stolen files from drone manufacturers with the goal of using it to hijack drones and spy on customers. Drone manufacturers and anti-drone technology vendors reported hacks across Taiwan, North America, Europe, and the Middle East.
[ » Read full article *May Require Paid Registration ]
Bloomberg; Jordan Robertson; Michael Shepard (February 14, 2025)
Chandler District Launches K-12 Cybersecurity Clinic With The University Of Arizona
KNXV-TV Phoenix (2/20, Dao) reported that Chandler Unified School District “says it’s the first K-12 district in the nation to offer access to a Google-sponsored cybersecurity clinic. The clinic is done in partnership with the University of Arizona and about 100 students have signed up to be a part of it.” Students will engage in the clinic during their own time, and upon completion, they will receive an industry certification. This certification could lead to internships, allowing students to perform supervised cybersecurity assessments for various companies.
dtau...@gmail.com
U.S. Charges Chinese Hackers, Government Officials in Broad Cybercrime Campaign
The U.S. Department of Justice has charged 12 Chinese nationals in connection with global cybercrime campaigns. In one indictment, eight leaders and employees of alleged private hacking company I-Soon were charged for computer breaches targeting U.S.-based Chinese dissidents, religious organizations, media outlets, a research university, and the Defense Intelligence Agency. In a separate indictment, two Chinese hackers were charged for a purported for-profit hacking campaign targeting U.S. technology companies, think tanks, defense contractors, and healthcare systems.
[ » Read full article ]
Associated Press; Eric Tucker; Dake Kang (March 6, 2025)
Apple Takes Legal Action in U.K. Data Privacy Row
Apple is trying to overturn a demand by the U.K. government to provide its customers' private data if requested. The tech giant has appealed to the Investigatory Powers Tribunal, an independent court with the power to investigate claims against the Security Service. In January, Apple was issued with a secret order by the Home Office to share encrypted data belonging to Apple users around the world with U.K. law enforcement in the event of a potential national security threat.
[ » Read full article ]
BBC News; Zoe Kleinman (March 4, 2025)
Any Bluetooth Device Can Be Turned into an AirTag
George Mason University researchers demonstrated how remote attackers can exploit a vulnerability in Apple's Find My network to transform any Bluetooth device into an AirTag-like tracker. With "nRootTag," attackers can create public/private key pairs matching the Bluetooth address without requiring root privileges. A rainbow table of matching pairs could be developed using a GPU cluster for only a few dollars. Apple said it would issue patches to fix the loophole.
[ » Read full article ]
cybernews; Ernestas Naprys (February 28, 2025)
Pentagon Denies Report of Halt in Cyber Operations Versus Russia
The Pentagon has denied U.S. Defense Secretary Pete Hegseth ordered a halt in offensive cyber operations against Russia, following a report by cybersecurity publication The Record that Hegseth had ordered U.S. Cyber Command to stand down from all planning against Russia. The story was followed by The Washington Post and The New York Times, which added their own confirmations from unnamed officials. A senior Pentagon official said Hegseth has neither canceled nor delayed any cyber operations directed against malicious Russian targets and there has been no stand-down order.
[ » Read full article *May Require Paid Registration ]
Bloomberg; Anthony Capaccio (March 3, 2025)
dtau...@gmail.com
Volt Typhoon Strikes Massachusetts Power Utility
China-linked advanced persistent threat (APT) actor Volt Typhoon launched a cyberattack on Massachusetts utility Little Electric Light and Water Departments (LELWD) in 2023. A new report by cybersecurity firm Dragos, which assisted federal agents in the ensuing investigation, indicated the Volt Typhoon subgroup Voltzite infiltrated LELWD's infrastructure for more than 300 days and performed "server message block traversal maneuvers and remote desktop protocol lateral movement."
[ » Read full article ]
Dark Reading; Elizabeth Montalbano (March 12, 2025)
NIST Selects HQC as Fifth Algorithm for Post-Quantum Encryption
The U.S. National Institute of Standards and Technology (NIST) has announced the selection of its fifth algorithm for post-quantum encryption. The HQC algorithm will serve as a backup for ML-KEM, the main algorithm for general encryption. HQC is based on different math than ML-KEM, which could be important if a vulnerability were discovered in ML-KEM. NIST plans to issue a draft standard incorporating the HQC algorithm next year, with a finalized standard expected in 2027.
[ » Read full article ]
NIST News (March 11, 2025)
Backdoor Found in Bluetooth Chip Used By a Billion Devices
Researchers at European cybersecurity service provider Tarlogic Security said they had found undocumented commands in the ESP32 microchip made by China's Espressif, used by over 1 billion IoT devices as of 2023, that could be leveraged for attacks. The researchers said a backdoor in the ESP32 microcontroller "would allow hostile actors to conduct impersonation attacks and permanently infect sensitive devices such as mobile phones, computers, smart locks or medical equipment by bypassing code audit controls."
[ » Read full article ]
BleepingComputer; Bill Toulas (March 8, 2025)
Researchers Release Kit to Exploit Vulnerability in Zen Chips
Google researchers found and released the details of an exploit that essentially allows anyone to jailbreak their own AMD CPUs. The so-called EntrySign vulnerability lets users send custom microcode to any AMD CPU using the Zen 1 to Zen 4 architectures to alter how the processor runs, which would enable them to access internal CPU buffers and strengthen or weaken virtual machine (VM) security, among other things.
[ » Read full article ]
Tom's Hardware; Dallin Grimm (March 7, 2025)
Cybercrime's Cobalt Strike Use Plummets 80%
Since 2023, there has been an 80% decline in malicious use of Fortra's Cobalt Strike, a red-teaming tool legitimately used to simulate threats and find weaknesses in target systems. Over that period, cybersecurity solutions firm Fortra, working with Microsoft's Digital Crimes Unit and the nonprofit Health Information Sharing and Analysis Center, have seized hundreds of servers tied to cracked versions of Cobalt Strike.
[ » Read full article ]
Dark Reading; Nate Nelson (March 7, 2025)
How the Biggest Crypto Heist in History Went Down
The Lazarus Group achieved the biggest cryptocurrency heist in history by taking advantage of security flaws at the cryptocurrency exchange Bybit, according to the U.S. Federal Bureau of Investigation (FBI), which said the North Korean state-backed hackers stole $1.5 billion in Ethereum by breaking into a computer belonging to a developer at Safe, which offers a free storage tool used by Bybit.
[ » Read full article *May Require Paid Registration ]
The New York Times; David Yaffe-Bellany (March 7, 2025)
Additional free news story about this event: https://www.elliptic.co/blog/bybit-hack-largest-in-history
Report: Most K-12 Schools Experienced Cybersecurity Threats In Recent Years
K-12 Dive (3/10, Merod) reports that a recent report from the Center for Internet Security (CIS) reveals that 82% of K-12 schools experienced a cyber incident between July 2023 and December 2024. More than 9,300 confirmed cyber incidents were recorded across approximately 5,000 institutions. The report identifies ransomware, phishing, and social engineering as the primary threats, stating that schools are “prime targets for cybercriminals.” The fallout from these attacks can disrupt essential services like meal programs and special education. The report emphasizes that schools often lack the resources and expertise to combat these threats effectively. In response, the Biden administration initiated federal cybersecurity resources for schools, while state legislatures introduced 28 cybersecurity bills across 16 states last year. CIS advocates for prioritizing cybersecurity, noting that “with the right strategies in place, schools can build resilience against these threats.”
Texas A&M University Students Launch High-Tech Defense System For Nuclear Reactors
Interesting Engineering (UK) (3/10, Khollam) reported that a group of engineering students from Texas A&M University’s College of Engineering developed an innovative security solution for Small Modular Reactors (SMRs) as part of a challenge from Los Alamos National Laboratory. The team, named Intrux, secured first place with their multi-layered security framework that integrates technologies like RFID tracking, AI-powered surveillance, and LiDAR sensors. Team member Vobugari Raja Karthik said, “We realized that many existing security approaches face challenges... This shaped our approach by emphasizing the need for multi-layered verification, sensor fusion, and real-time adaptability.” The estimated cost for implementation is $17,000, highlighting its commercial viability.
dtau...@gmail.com
CISA Warns of Active Exploitation in GitHub Action Supply Chain Compromise
A vulnerability tied to the supply change compromise of the GitHub Action tj-actions/changed-files has been added to the U.S. Cybersecurity and Infrastructure Security Agency (CISA) Known Exploited Vulnerabilities catalog. A CISA alert said a malicious code vulnerability embedded in the tj-actions/changed-files GitHub Action lets a remote attacker view action logs to obtain valid AWS access keys, GitHub personal access tokens, npm tokens, private RSA keys, and more.
[ » Read full article ]
The Hacker News; Ravie Lakshmanan (March 19, 2025)
U.K. Cybersecurity Agency Warns of Quantum Hacking Risks
Guidance from the U.K.'s National Cyber Security Centre calls on large organizations, critical national infrastructure operators, and companies with bespoke IT systems to implement "post-quantum cryptography" to guard against future quantum hackers. These entities were urged to identify services in need of an upgrade by 2028. The guidance indicated that the most important upgrades should be completed by 2031, with migration to a new encryption system by 2035.
[ » Read full article ]
The Guardian (U.K.); Dan Milmo (March 19, 2025)
Google to Buy Cybersecurity Firm Wiz for $32 Billion
Google on Tuesday said it has reached a deal to buy Wiz, an Israeli IT security company, for $32 billion. The deal, if approved by regulators, would be the biggest acquisition in the tech giant's 26-year history. The proposed takeover is part of Google’s expansion into cloud computing, as AI drives demand for datacenters. If the deal goes through, Wiz will join Google Cloud, the division that sells computing services to other businesses.
[ » Read full article ]
Associated Press; Michael Liedtke; Wyatte Grantham-Philips (March 18, 2025)
Europol Warns of AI-Driven Crime Threats
Europol said in a report released Tuesday that organized crime gangs are moving their recruitment, communication, and payment systems online and leveraging AI to scale up their operations across the globe and prevent detection. According to the report, criminals are using AI to produce messages in different languages and create realistic impersonations of individuals, among other acts. The EU law enforcement agency said fully autonomous AI "could pave the way for entirely AI-controlled criminal networks, marking a new era in organized crime."
[ » Read full article ]
Reuters; Michal Aleksandrowicz (March 18, 2025)
Cybersecurity Officials Warn Against Medusa Ransomware Attacks
In an advisory posted last week, U.S. cybersecurity officials warned of a ransomware-as-a-service software called Medusa, which uses phishing campaigns as its main method for stealing victims’ credentials. Active since 2021, Medusa actors use a double extortion model, where they “encrypt victim data and threaten to publicly release exfiltrated data if a ransom is not paid,” according to the advisory. Since February, Medusa actors have hit more than 300 victims across various industries.
[ » Read full article ]
Associated Press; Sarah Parvini (March 15, 2025)
China Creates Hacker-Proof Quantum Satellite Communication Link with South Africa
University of Science and Technology of China's Yin Juan announced the first quantum satellite communication link between Beijing and South Africa at the National People's Congress recent annual plenary meeting. The demonstration, which spanned 12,800 kilometers (7,954 miles), marked the southern hemisphere's first secure quantum key distribution experiment. Yin attributed the success of the demonstration to "achieving real-time secure communication between low-cost quantum micro-nano satellites and mobile ground stations."
[ » Read full article ]
South China Morning Post; Victoria Bela (March 13, 2025)
Google Paid $12 Million in Bug Bounties Last Year
Last year, 660 security researchers who reported security bugs through Google's Vulnerability Reward Program (VRP) received a total of nearly $12 million in bug bounty rewards. The company says it has awarded $65 million in bug bounties since its first vulnerability reward program went live in 2010.
[ » Read full article ]
BleepingComputer; Sergiu Gatlan (March 10, 2025)
Russia, China Use 'Massive Digital Arsenal' to Manipulate Democracies, Says EU
In a report released Tuesday, the European Union warned that China and Russia are using a "massive digital arsenal" to interfere with and manipulate democracies. "Information manipulation and interference are major threats to EU security," EU High Representative and Vice-President for Foreign Affairs and Security Policy Kaja Kallas (pictured) said in the report, which documented disinformation attacks against more than 80 countries and over 200 organizations last year.
[ » Read full article ]
The Brussels Times (Belgium) (March 18, 2025)
Paragon Spyware Tool Linked to Canadian Police
Researchers at the University of Toronto's Citizen Lab in Canada said Ontario Provincial Police appear to have deployed spyware from Israel's Paragon on computers under its control. Spyware victims were Android phone users who were added to a WhatsApp group, where a malicious PDF file was sent to compromise devices via "zero click" intrusion. The researchers said Paragon's Graphite spyware has been linked to users in Australia, Canada, Cyprus, Denmark, Israel, and Singapore.
[ » Read full article *May Require Paid Registration ]
Bloomberg; Ryan Gallagher (March 19, 2025)
'Doxxing' Scandal Casts Shadow Over Baidu's AI Model Release
Chinese tech giant Baidu is facing criticism over a "doxxing" scandal that has overshadowed the launch of its new AI models. The daughter of Baidu Vice President Xie Guangjun shared social media users' real names, ID numbers, phone numbers, and other personal information during an online argument over a K-pop singer. The incident has raised concerns among social media users across various platforms about whether Baidu is leaking users' personal data.
[ » Read full article *May Require Paid Registration ]
Nikkei Asia; Cissy Zhou (March 18, 2025)
States Vie for Federal Cyber Workers
According to the Computing Technology Industry Association (CompTIA), about 1,700 cybersecurity positions or other cyber-related jobs have been posted by state and municipal governments across the U.S. over the past three months. States are vying for laid-off federal workers, especially those with cybersecurity experience, offering fast-track promotions, advanced skills training, and other perks. CompTIA's Tim Herbert said alignment with the U.S. government's NICE Workforce Framework for Cybersecurity could make many states and municipalities "a good fit with former federal cybersecurity workers in sharing a common cyber lexicon."
[ » Read full article *May Require Paid Registration ]
WSJ Pro Cybersecurity; Angus Loten (March 17, 2025)
College Board Introduces AP Courses In Cybersecurity And Business
Education Week (3/19, Klein) reports that the College Board is collaborating with industry leaders like the US Chamber of Commerce and IBM to develop new Advanced Placement (AP) courses aimed at providing high school students with job-relevant skills. The initiative, called AP Career Kickstart, introduces courses in cybersecurity and business principles/personal finance. David Coleman, CEO of the College Board, mentioned that “high schools had a crisis of relevance far before AI,” emphasizing the need for “the next generation of coursework.” The new courses are designed to offer students practical skills and may help them earn college credit or appeal to employers. The cybersecurity course is being piloted in 200 schools and aims to expand to 800 next year. Neil Bradley from the Chamber of Commerce stated, “This course is going to give people a leg up both when they’re applying for jobs, and then once they get the job.”
Speaking to Education Week (3/19, Klein) last month, Coleman said, “AI-powered tools can already pass nearly every AP test,” highlighting the need for courses that prepare students for AI-dominated workplaces. The first courses will launch in the 2026-27 school year. Coleman emphasized the importance of equipping students with skills such as creativity and critical thinking through courses like AP Seminar, which integrates collaboration into its grading. The College Board is also considering teacher training in AI and cybersecurity.
dtau...@gmail.com
Private Data and Passwords of Senior U.S. Security Officials Found Online
Private contact details of senior U.S. security officials, including National Security Adviser Mike Waltz, Director of National Intelligence Tulsi Gabbard, and Secretary of Defense Pete Hegseth, were found on the Web by reporters at Der Spiegel. The reporters were able to find mobile phone numbers, email addresses, and some passwords belonging to the officials using commercial search engines along with hacked customer data that had been published.
[ » Read full article ]
Der Spiegel (Germany); Patrick Beuth; Jörg Diehl; Roman Höfner (March 27, 2025); et al.
Encryption Breakthrough Lays Groundwork for Privacy-Preserving AI Models
A framework developed by researchers at New York University brings fully homomorphic encryption (FHE) to deep learning, allowing AI models to operate directly on encrypted data without needing to decrypt it first. Using the Orion framework, the researchers demonstrated the first-ever high-resolution FHE object detection using YOLO-v1, a deep learning model with 139 million parameters.
[ » Read full article ]
NYU Tandon School of Engineering (March 25, 2025)
Gen AI Browser Assistant Extensions Beam Data to the Cloud
Computer scientists led by Yash Vekaria at the University of California, Davis, found that generative AI browser extensions generally harvest users' sensitive data and share it with their own servers and third-party trackers. In some cases, this violates the browser extensions' privacy commitments and U.S. regulations governing health and student data. The study of 10 generative AI Chrome extensions found that some collect sensitive information from Web forms or full document object models of pages visited by users.
[ » Read full article ]
The Register (U.K.); Thomas Claburn (March 25, 2025)
Over 3 Million Applicants' Data Leaked on NYU's Website
A hacker infiltrated the New York University (NYU) website for at least two hours on March 22, exposing data on more than 3 million applicants dating back to at least 1989. The exposed data included applicants' names, test scores, majors, zip codes, and information related to family members and financial aid. The hacker also posted charts claiming to be the admitted SAT scores, ACT scores, and GPAs for the 2024-25 admissions cycle.
[ » Read full article ]
Washington Square News; Dharma Niles; Krish Dev; Yezen Saadah (March 22, 2025)
Security Protocol Protects Wireless Medical Implants from Cyberthreats
An authentication protocol developed by Rice University researchers was designed to protect wireless implants from cyber threats while enabling emergency access. The magnetoelectric datagram transport layer security (ME-DTLS) protocol leverages a flaw in wireless power transfers in which lateral or side-to-side movements trigger a signal misalignment. Explained Rice's Kaiyuan Yang, "We turned it into a security feature by transmitting binary values to specific movements with full awareness of the patient."
[ » Read full article ]
Rice University News; Silvia Cernea Clark (March 20, 2025)
Ransomware Attacks Surged 50% in February
Global ransomware levels increased by 50% last month compared to January, driven primarily by attacks from the cybercriminal operation dubbed Clop, according to a report by cybersecurity company NCC Group. February attacks reached an all-time monthly high of 886, compared to 590 in January, with nearly 40% of the incidents attributed to Clop activities.
[ » Read full article ]
CFO Dive; Alexei Alexis (March 20, 2025)
China Issues Facial Recognition Technology Guidelines
The Cyberspace Administration of China and that nation’s Ministry of Public Security on Friday jointly issued detailed measures for the application of facial recognition technology. Due to take effect on June 1, the measures stipulate that use of the technology should have a specific purpose and sufficient necessity, while minimizing the impact on personal rights and implementing strict protective measures.
[ » Read full article ]
Global Times (China); Yin Yeping (March 21, 2025)
Computer Scientists Oppose BSI-Google Cloud Deal
The German Informatics Society (GI) opposes a cooperation agreement between the German Federal Office for Information Security (BSI) and Google to create "secure and sovereign cloud solutions for public authorities." An analysis by GI working groups concluded that the agreement raises "significant security and economic policy as well as competition and data protection issues" and "is a potential booster for Germany's digital dependence on and blackmailability by the USA."
[ » Read full article ]
Heise Online (Germany); Stefan Krempl (March 21, 2025)
Why Government Workers, Military Planners Use Signal Now
This week's revelation that U.S. officials planned a recent military attack in Yemen on Signal highlights increasing use of the messaging app by U.S. government workers to communicate with colleagues, journalists, and family members without fear of monitoring or retaliation. The switch to Signal among federal workers and top government officials has raised concerns about transparency and the preservation of government correspondence and internal communications.
[ » Read full article *May Require Paid Registration ]
The Washington Post; Shira Ovide; Danielle Abril; Hannah Natanson (March 25, 2025); et al.
U.S. Adds Export Restrictions to More Chinese Tech Firms over Security Concerns
The Trump administration added 80 companies and organizations on March 25 to a list of those prohibited from purchasing U.S. technology and other exports due to national security concerns. Among the 80 are 54 Chinese companies and organizations, including Nettrix Information Industry, which manufactures servers used to produce AI, and the Beijing Academy of Artificial Intelligence, which reportedly has attempted to acquire AI models and chips to bolster China's military modernization.
[ » Read full article *May Require Paid Registration ]
The New York Times; Ana Swanson (March 25, 2025)
dtau...@gmail.com
Australian Superannuation Funds Hit by Cyberattacks
Several Australian superannuation funds have been hit with suspected cyberattacks, with members of one fund losing a total of A$500,000 in retirement savings. AustralianSuper confirmed on Friday afternoon that members had been struggling to get into their accounts, and that some accounts were showing zero funds. The Association of Superannuation Funds of Australia said that other funds also had experienced attempted cyberattacks over the weekend.
[ » Read full article ]
Australian Broadcasting Corporation; Emilia Terzon; Tony Ibrahim (April 4, 2025)
Poland PM Says His Party was Targeted in Cyberattack Ahead of Election
Polish Prime Minister (PM) Donald Tusk said his Civic Platform party’s computer system had been targeted by a cyberattack. “Foreign interference in elections begins. Services point to eastern trace,” Tusk said. Jan Grabiec, the head of Tusk’s office, said the cyberattack consisted of an attempt to take control of computers of employees of the Civic Platform office and the election staff over about a dozen hours on Wednesday. Poland is weeks away from the first round of a presidential election.
[ » Read full article ]
Associated Press (April 2, 2025)
France Fines Apple 150 Million Euros over Privacy Feature
The French Competition Authority on Monday fined Apple 150 million euros ($162 million) over privacy features of its app tracking software that require apps to obtain user consent through a pop-up window before tracking their activity across other apps and websites. The regulator said the way Apple implemented its App Tracking Transparency (ATT) software was "neither necessary nor proportionate to the company's stated goal to protect user data;" it also penalized third-party publishers.
[ » Read full article ]
France 24 (March 31, 2025)
Gemini Hackers Can Deliver Potent Attacks With Help from... Gemini
Researchers at the universities of Wisconsin and California, San Diego created computer-generated prompt injections against Gemini that have much higher success rates than manually crafted ones. The new method abuses fine-tuning, a feature offered by some closed-weights models for training them to work on large amounts of private or specialized data, which Google makes available free of charge. The researchers' technique provides an algorithm for discrete optimization of working prompt injections.
[ » Read full article ]
Ars Technica; Dan Goodin (March 28, 2025)
Cybersecurity Firm Hacks Ransomware Group
Cybersecurity firm Resecurity infiltrated the BlackLock ransomware gang by exploiting a flaw in the group's site on the Dark Web. The Local File Inclusion-related flaw enabled the company to retrieve IP addresses for the network infrastructure behind the gang’s data leak site, along with configuration files and account credentials. The access exposed a logged history of commands the gang used when managing the server for the data leak site.
[ » Read full article ]
PC Mag; Michael Kan (March 27, 2025)
Solar Inverter Flaws Could Be Exploited to Attack Power Grids
Security researchers at Forescout's Vedere Labs identified 46 flaws in solar inverters from major manufacturers Sungrow, Growatt, and SMA, that could be leveraged by hackers to influence power grid stability, breach user privacy, and even create an imbalance between power generation and demand that could damage or disrupt power grids. The researchers said these vulnerabilities could enable unauthorized access to resources in cloud platforms, remote code execution, device takeover, information disclosure, physical damage, and denial of service.
[ » Read full article ]
BleepingComputer; Ionut Ilascu (March 27, 2025)
JPMorgan Says Quantum Experiment Generated Truly Random Numbers
A team including researchers at JPMorgan Chase & Co. says it used a quantum computer to generate truly random numbers. JPMorgan cryptographers created an algorithm to generate random numbers and ran it on Honeywell’s Quantinuum quantum computer. Supercomputers at the U.S. Department of Energy's Argonne and Oak Ridge national laboratories certified that the output was truly random, which is significant because most random number generators used for encrypting sensitive data are not truly random.
[ » Read full article *May Require Paid Registration ]
Bloomberg; Isabella Ward; Charles Capel (March 26, 2025)
Oracle Warns Health Customers of Patient Data Breach
Hackers who breached Oracle’s computer systems stole patient data in an attempt to extort U.S. medical providers, say sources. Oracle in March alerted some healthcare customers that hackers had accessed company servers earlier in the year and copied patient data to an outside location. The Federal Bureau of Investigation is investigating the matter.
[ » Read full article *May Require Paid Registration ]
Bloomberg; Jake Bleiberg; Margi Murphy; Brody Ford (March 28, 2025)
Oracle Tells Clients of Second Recent Hack
Oracle has told customers that a hacker broke into a computer system and stole old client log-in credentials, the second cybersecurity breach the software company has acknowledged to clients in the last month. Oracle staff informed some clients this week that the attacker gained access to usernames, passkeys, and encrypted passwords, according to sources, who added that the attacker sought an extortion payment from the company.
[ » Read full article *May Require Paid Registration ]
Bloomberg; Jake Bleiberg (April 2, 2025)
dtau...@gmail.com
Leak Exposes Black Basta's Influence Tactics
Researchers at security firm Trustwave's SpiderLabs analyzed 190,000 Russian-language chat messages among members of the Black Basta ransomware group that were leaked last month. The analysis revealed the group is highly structured and efficient, with members having experience in exploit development, infrastructure optimization, social engineering, and other specialties. The chat records were recently leaked to file-sharing site MEGA, which coincided with the unexplained outage of the Black Basta site on the dark web; the site has remained down ever since.
[ » Read full article ]
Ars Technica; Dan Goodin (April 8, 2025)
Hackers Spied on 100 U.S. Bank Regulators' Emails for Over a Year
The U.S. Office of the Comptroller of the Currency (OCC) has disclosed a cybersecurity incident in which hackers gained access to the emails of 103 bank regulators. According to a draft letter to Congress by OCC CIO Kristen Baldwin, hackers accessed around 150,000 emails in the mailboxes of senior deputy comptrollers, international banking supervisors, and other staff from May 2023 until the breach was discovered earlier this year.
[ » Read full article *May Require Paid Registration ]
Bloomberg; Margi Murphy; Jake Bleiberg; Daniel Flatley (April 8, 2025)
NIST Calls Time on Older Vulnerabilities Amid Surging Disclosures
The U.S. National Institute of Standards and Technology (NIST) said all common vulnerabilities and exposures (CVEs) in its National Vulnerability Database (NVD) published before Jan. 1, 2018, will be marked in the NVD dataset as "deferred," and will no longer provide updates on them. NIST said, "We are assigning this status to older CVEs to indicate that we do not plan to prioritize updating NVD enrichment or initial NVD enrichment data due to the CVE's age."
[ » Read full article ]
ComputerWeekly.com; Alex Scroxton (April 7, 2025)
Apple's Encryption Row with U.K. Should Not Be Secret, Court Rules
A judge sided with a coalition of civil liberties groups and news organizations in ruling that a legal scuffle between the U.K. and Apple over data privacy cannot be held in secret. The U.K. wants to be able access information secured by Apple's Advanced Data Protection (ADP) system. Such access would require Apple to create a "backdoor," which it said it does not want to do over concerns it would eventually be exploited by hackers and criminals.
[ » Read full article ]
BBC News; Tom Singleton; Liv McMahon (April 7, 2025)
Researchers Investigate AI Threats in Software Development
Researchers led by University of Texas at San Antonio computer science doctoral student Joe Spracklen analyzed the security risks associated with package hallucinations, in which large language models (LLMs) generate code that links to a third-party software library that does not exist. This would enable a hacker to create a new package with the same name as the hallucinated package and inject malicious code. The researchers found that open-source LLMs are four times more likely than GPT-series models to produce package hallucinations, and JavaScript is more susceptible to hallucinations than Python.
[ » Read full article ]
UTSA Today; Ari Castañeda (April 7, 2025)
Critical Vulnerability Found in Canon Printer Drivers
Canon recently published an advisory that said drivers associated with several of its production printers, office multifunction printers, and laser printers were affected by an out-of-bounds vulnerability. The security hole is tracked as CVE-2025-1268 and it has a CVSS severity score of 9.4. Canon told users exploitation of the vulnerability can allow an attacker to prevent printing or potentially execute arbitrary code “when the print is processed by a malicious application."
[ » Read full article ]
Security Week; Eduard Kovacs (April 4, 2025)
Researchers Uncover Hidden Patterns Behind $3.5-Billion Cryptocurrency Collapse
Researchers from the U.K.'s Queen Mary University of London and Pometry, a university spinoff company, developed software that identified patterns behind the May 2022 collapse of the TerraUSD stablecoin and its associated currency, LUNA. The researchers used temporal multilayer graph analysis to map the relationships between different cryptocurrencies traded on the Ethereum blockchain. They found five or six traders accounting for nearly all the trading activity on key days, which they said indicated the traders likely colluded to trigger the collapse.
[ » Read full article ]
Queen Mary University of London (U.K.) (April 4, 2025)
Companies Ignore Your Privacy Demands
Consumer Reports researchers found that companies may not be complying with state laws allowing residents to opt out of letting websites sell or share their personal information. The researchers used software that made it look like they were in Colorado or California, where residents can use Web browsers to complete privacy opt-out forms. Despite opting out, the researchers still saw highly targeted ads on at least 12 of 40 relatively well-known websites.
[ » Read full article *May Require Paid Registration ]
The Washington Post; Shira Ovide (April 1, 2025)
dtau...@gmail.com
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) said Wednesday the U.S. has extended MITRE's funding to ensure no continuity issues occur with the critical Common Vulnerabilities and Exposures (CVE) program. The announcement follows a warning from MITRE Vice President Yosry Barsoum that government funding for the CVE programs had been set to expire Wednesday. MITRE maintains the CVE program with funding from the U.S. Department of Homeland Security.
[ » Read full article ]
BleepingComputer; Sergiu Gatlan (April 16, 2025)
China Accuses U.S. of 'Advanced' Cyberattacks
China has accused the U.S. National Security Agency (NSA) of launching "advanced" cyberattacks against it during the Asian Winter Games in February that targetted essential industries. China’s foreign ministry confirmed the attacks, which a local report that cited police in the northeastern city of Harbin said had "the intention of sabotaging China's critical information infrastructure, causing social disorder, and stealing important confidential information."
[ » Read full article ]
Reuters; Laurie Chen; Farah Master; Liz Lee (April 15, 2025)
Internet messageboard 4chan has been hacked, according to posts circulating online, some of which said that identifying details of the site's moderators have been made public. 4chan over the years has served as an incubator for viral memes and a range of subcultures, including Internet vigilante group Anonymous. The alleged hack first came to light when a defunct section of the site sprang back to life with the words "U GOT HACKED" emblazoned across the top.
[ » Read full article ]
Reuters; Raphael Satter (April 15, 2025)
Safeguarding Sensitive AI Training Data
A framework developed by Massachusetts Institute of Technology researchers to balance AI model performance and data security has been improved so it can privatize essentially any algorithm without requiring access to its inner workings. The PAC Privacy framework estimates the amount of noise that must be added to an algorithm to achieve the targeted privacy level using only the output variances. The updated algorithm estimates anisotropic noise, so less overall noise is needed to reach the same level of privacy.
[ » Read full article ]
MIT News; Adam Zewe (April 11, 2025)
Banks Limit Information Sharing with OCC After Hack
JPMorgan Chase & Co. and Bank of New York Mellon Corp. are limiting the sharing of information with the U.S. Office of the Comptroller of the Currency (OCC) over concerns of potential security risks to their computer networks. The lenders paused sharing information with the OCC following revelations that hackers had breached its email system to spy on more than 100 accounts over the course of more than a year.
[ » Read full article *May Require Paid Registration ]
Bloomberg; Jordan Robertson; Jake Bleiberg; Hannah Levitt (April 14, 2025); et al.
IBM Announced New z17 Mainframe With AI, Security Enhancements
American Banker (4/11, Subscription Publication) reported that IBM unveiled its latest mainframe model, the z17, at an event in New York on Tuesday. The z17 features advanced AI capabilities and quantum-grade encryption, aiming to enhance fraud detection and security. According to Tina Tarquinio, IBM Z Chief Product Officer, the z17 can process up to 35 billion transactions daily, utilizing the new Telum II chip with improved AI accelerators. IBM fellow Elpida Tzortzatos highlighted the importance of integrating AI into transaction processing for effective fraud prevention. Anne Dames, an IBM engineer, emphasized the mainframe’s “quantum-safe” features against future cyber threats. The z17 is scalable for various banking needs, with companies like Bank of Montreal planning to leverage its capabilities. The new IBM z17 “could also help banking core providers such as the London-based core banking platform Hogan, according to Duncan Alexander, product director of Hogan at DXC Technology.”
dtau...@gmail.com
South Korea Says DeepSeek Transferred User Data to U.S., China Without Consent
South Korea’s Personal Information Protection Commission (PIPC) said Chinese AI startup DeepSeek collected personal information from local users and transferred it to China and the U.S. without their permission. The PIPC released the findings of its privacy and security review of DeepSeek on Thursday. DeepSeek removed its chatbot application from South Korean app stores in February at the recommendation of the watchdog.
[ » Read full article ]
CNBC; Dylan Butts (April 24, 2025)
FBI Says Cybercrime Costs Surpassed $16 Billion in 2024
The Internet Crime Complaint Center of the U.S. Federal Bureau of Investigation (FBI) said global cybercrime costs topped $16 billion in 2024, up a third from the prior year. Low-tech, tech support, and romance scams accounted for much of the losses, according to an FBI report based on almost 860,000 complaints, most from the U.S. The FBI noted that its calculations were incomplete, especially regarding ransomware.
[ » Read full article ]
Reuters; Raphael Satter (April 23, 2025)
North Koreans Use Real-time Deepfakes to Secure Remote Jobs
Researchers at Palo Alto Networks' Unit 42 found North Korean threat actors are shifting from the use of static fake profiles and stolen credentials to real-time deepfake technology to secure remote IT jobs at companies across the globe. The technology could enable a single threat actor to interview for the same position several times through the use of multiple synthetic personas.
[ » Read full article ]
Cyber Security News; Tushar Subhra Dutta (April 21, 2025)
Classic Hacking Technique Works on Some Quantum Computers
Researchers at the University of Gdansk in Poland and Northwestern University separately used row-hammer attacks to hack IBM quantum computers. With quantum computers, such attacks involve changing the states of qubits. University of Gdansk researchers ran numerous short programs that manipulated the qubits, triggering crosstalk between the affected qubits and an adjacent qubit whose stored information was changed. The Northwestern researchers achieved a similar result by developing a method to alter the microwave pulses that control and direct qubits.
[ » Read full article *May Require Paid Registration ]
New Scientist; Karmela Padavic-Callaghan (April 17, 2025)
Microsoft Warns Cybercriminals Embracing Generative AI For Scams
TechRadar (4/22, Fadilpasic) reports Microsoft’s latest Cyber Signals report on AI assisted scams “said that cybercriminals are using GenAI for more than ‘just’ phishing email copy,” and claimed they are using it to “create deepfakes (usually fake videos of celebrities endorsing a project), and create AI-generated ‘sham websites’ mimicking legitimate businesses.”
dtau...@gmail.com
Apple Airplay-Enabled Devices Can Be Hacked via Wi-Fi
Researchers at Israeli cybersecurity firm Oligo identified numerous vulnerabilities impacting devices enabled by Apple's AirPlay radio-based protocol for local wireless communications. Dubbed AirBorne, these vulnerabilities in the AirPlay software development kit for third-party devices could enable hackers to gain control of speakers, receivers, set-top boxes, and smart TVs on the same Wi-Fi network as the hackers.
[ » Read full article ]
Ars Technica; Lily Hay Newman; Andy Greenberg (April 30, 2025)
Harrods Latest U.K. Retailer Hit by Cyberattack
Luxury department store Harrods says it is the latest U.K. retailer to be targeted by a cyberattack. The firm said it had "restricted Internet access at our sites" following an attempt to gain access to its systems. The announcement came a day after the co-op shut down parts of its IT systems to fend off a hack. Retailer Marks & Spencer continues to deal with a cyberattack that, it says, has cost it millions of pounds in lost sales.
[ » Read full article ]
BBC News; Tom Gerken; Lucy Hooker (May 2, 2025)
North Korean Cyber Spies Created U.S. Firms to Dupe Crypto Developers
North Korean cyber spies created two businesses in the U.S. to infect developers working in the cryptocurrency industry with malicious software, according to researchers at cybersecurity firm Silent Push. Blocknovas LLC and Softglide LLC were set up using fake personas and addresses, said the researchers. The hackers sought to infect applicants for fake jobs with at least three strains of known malware previously linked to North Korean cyber operations.
[ » Read full article ]
Reuters; A.J. Vicens; Anton Zverev; James Pearson (April 24, 2025)
AI Impact on Data Breach Outcomes Remains ‘Limited’
Verizon’s latest Data Breach Investigations Report states that the recent waves of AI uptake have yet to require a cybersecurity overhaul in the corporate world. While AI-generated text in malicious e-mails has doubled in the last year, the report found that the rate of successful phishing breaches remained stable.
[ » Read full article ]
CIO Dive; Lindsey Wilkinson (April 23, 2025)
France Blames Russia for Years of Cyberattacks
France on Tuesday accused Russian military intelligence of orchestrating nearly a decade of cyberattacks against its government ministries, defense contractors, media outlets, and even the 2024 Paris Olympics with the aim of gathering intelligence and sowing division. France's cybersecurity agency said Russian hackers were behind more than a dozen attacks in France since 2021. France’s Foreign Ministry directly linked the hackers with Russia’s GRU military intelligence organization and blamed the Kremlin for their attacks.
[ » Read full article *May Require Paid Registration ]
The Wall Street Journal; Sam Schechner (April 30, 2025)
Hackers Could 'Vandalize' Quantum Computers Without People Noticing
University of Texas at Austin researchers identified a technique that could enable hackers to interfere with the results of various programs run by different users on the same quantum computer. The attack depends on interference in the microwave signals used to control qubits, with one qubit possibly picking up a signal intended for another. The researchers tested the proof-of-principle attack on five IBM cloud-based quantum computers, and found it altered other users' outputs 40% of the time.
[ » Read full article *May Require Paid Registration ]
New Scientist; Matthew Sparkes (April 25, 2025)
Chatbots Can Hide Secret Messages in Seemingly Normal Conversations
A system developed by researchers at Norway's University of Oslo could allow people to conceal secret messages within chatbot conversations and share the text though any messaging platform without detection. The researchers altered a large language model to embed the next character of an encrypted message in generated text at specific intervals. The AI will backtrack and try again if it cannot insert the next character while ensuring the sentence sounds like normal conversation.
[ » Read full article *May Require Paid Registration ]
New Scientist; Matthew Sparkes (April 25, 2025)
Georgia Tech Researchers Urge White House To Require “Strong Cybersecurity Controls” For Advanced AI Development
Inside Cybersecurity (4/28, Mitchell) reports researchers at Georgia Tech “are urging the White House to build strong cybersecurity controls around development of advanced artificial intelligence ‘frontier models’ while simultaneously promoting commercial applications, under the Trump administration’s upcoming AI action plan intended to seal U.S. dominance over the technology.” The researchers also “cite cyber attacks from China targeting development of the advanced models and pitch a role for the Cybersecurity and Infrastructure Security Agency in countering the threat.”
dtau...@gmail.com
Signal Clone Used by Trump Adviser Hacked
A hacker accessed customer data from TeleMessage, an Israeli company that sells modified versions of Signal and other messaging apps to the U.S. government to archive messages. TeleMessage was recently the center of media coverage after former national security adviser Mike Waltz accidentally revealed he used the tool in a cabinet meeting with President Trump. The hacker reportedly did not obtain messages from Waltz or others with whom he spoke.
[ » Read full article ]
404 Media; Joseph Cox; Micah Lee (May 4, 2025)
TikTok Fined €530M for Sending Users’ Data to China
TikTok was penalized €530 million (U.S.$600 million) because it sent the personal data of Europeans to China illegally and wasn’t transparent about it with users. The Irish Data Protection Commission (DPC) said TikTok breached the EU General Data Protection Regulation since it couldn’t guarantee that the data sent were protected under China’s surveillance laws. DPC also said TikTok had breached transparency rules between 2020 and 2022 because it didn’t tell users their personal data was being transferred to China.
[ » Read full article ]
Politico Europe; Ellen O'Regan (May 2, 2025)
DOD Shakes Up Software Procurement
In a recent memo published online, U.S. Department of Defense CIO Katherine Arrington introduced the Software Fast-Track (SWFT) initiative to reform software acquisition, authorization, and testing. Arrington explained the SWFT Framework will define "clear" and "specific" cybersecurity and supple chain risk management requirements, strict software security verification processes, and secure information sharing mechanisms. Arrington also noted the use of open source software "presents a significant and ongoing challenge," with a lack of visibility into the origins and security of software code particularly troubling.
[ » Read full article ]
TechRadar; Craig Hale (May 7, 2025)
Eye-Scanning ID Project Launches in U.S.
On May 1, World (formerly Worldcoin) opened six U.S. retail locations where individuals can have their eyes scanned to create a unique "IrisCode." World's goal is to establish a global identify verification system that protects against fraud and bots using iris scans and the blockchain. People who submit to the iris scans will be able to sign into Minecraft, Reddit, Telegram, Shopify, Discord, and other integrated platforms using their World ID.
[ » Read full article ]
CNBC; Riya Bhattacharjee; Hayden Field (April 30, 2025)
NSO Ordered to Pay $167 Million for Hacking WhatsApp
A federal jury on Tuesday ordered Israeli spyware maker NSO Group to pay $167 million for hacking more than 1,000 people through WhatsApp messages. U.S. District Judge Phyllis J. Hamilton granted WhatsAppʼs motion for summary judgment against NSO for violating the U.S. Computer Fraud and Abuse Act and a similar California law with its Pegasus spying program.
[ » Read full article *May Require Paid Registration ]
The Washington Post; Joseph Menn (May 6, 2025)
dtau...@gmail.com
Researchers Discover New Security Vulnerability in Intel Processors
A new class of vulnerabilities in all Intel processors identified by computer scientists at Switzerland's ETH Zurich can be exploited to misuse the central processing unit's (CPU) prediction calculations to gain access to information from other users of the same CPU. The vulnerabilities enable the incorrect assignment of privileges during the few nanoseconds when the CPU switches between prediction calculations for two users with different permissions. ETH Zurich's Sandro Rüegge said quickly repeating the attack can result in a more than 5,000-bytes-per-second readout speed, allowing attackers to read the entire memory over time.
[ » Read full article ]
ETH Zurich (Switzerland); Daniel Meierhans (May 13, 2025)
Attack Steals Cryptocurrency by Planting False Memories in Chatbots
A "context manipulation" exploit developed by Princeton University researchers leverages prompt injection attacks against the open source framework ElizaOS to steal cryptocurrency. ElizaOS uses large language models to undertake blockchain-based transactions for users based on predefined rules. The attacks depend on a feature of ElizaOS in which past conversations are stored in an external database, which allows anyone authorized to transact with an agent to create a false memory that triggers an override of security defenses.
[ » Read full article ]
Ars Technica; Dan Goodin (May 13, 2025)
EU Security Bug Database Fully Operational
The European Union Agency for Cybersecurity has rolled out the European Vulnerability Database (EUVD). Updated in real time and now fully operational, the database identifies disclosed bugs with their U.S. Common Vulnerabilities and Exposures (CVE)-assigned IDs and EUVD identifiers, details their criticality and exploitation status, and provides links to available advisories and patches.
[ » Read full article ]
The Register (U.K.); Jessica Lyons (May 13, 2025)
CISA Mutes Website, Shifts Routine Cyber Alerts to X, RSS, Email
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) said its Cybersecurity Alerts and Advisories website will post only urgent alerts associated with major cyber activity or emerging threats. "CISA wants this critical information to get the attention it deserves and ensure it is easier to find," the agency said. Going forward, routine updates, guidance, and other notifications will be shared via email, RSS, and X.
[ » Read full article ]
The Register (U.K.); Iain Thomson (May 12, 2025)
U.S. Disrupts Proxy-for-Hire Botnet
The U.S. Federal Bureau of Investigation (FBI) advised consumers to get rid of old routers from Linksys, Ericsson, and Cisco due to their increased vulnerability to hacking. The warning came as the U.S. Department of Justice unsealed indictments against three Russian nationals and a Kazakhstani associate who allegedly exploited outdated routers in a long-running proxy-for-hire network. The botnet operators charged $9.95 to $110 per month for access to more than 7,000 residential proxies, receiving more than $46 million since 2004.
[ » Read full article ]
The Register (U.K.); Iain Thomson (May 10, 2025)
Google Identifies New Malware Linked to Russia-based Hackers
Google identified new malware called "LOSTKEYS" tied to hacking group Cold River, which has previously been linked to Russia's Federal Security Service. The malware can steal files and send system information to attackers. Cold River is primarily known for stealing login credentials for high-profile targets, including those within NATO governments, non-governmental organizations, and former intelligence and diplomatic officers, with the goal of supporting Russian interests.
[ » Read full article ]
Reuters; Deborah Sophia; A.J. Vicens (May 7, 2025)
Tech Company Responsible for Global IT Outage to Cut Jobs, Citing AI
Cybersecurity firm CrowdStrike, whose faulty software update brought down 8.5 million Windows systems worldwide last July, said AI efficiencies will result in the loss of 500 jobs in the company globally, amounting to about 5% of its workforce. CEO George Kurtz said, “We’re operating in a market and technology inflection point, with AI reshaping every industry, accelerating threats, and evolving customer needs.”
[ » Read full article ]
The Guardian (U.K.); Josh Taylor (May 9, 2025)
Spain Investigates Cyber Weaknesses in Blackout Probe
Spain's National Cybersecurity Institute is requesting information from small electricity generators in that nation regarding their cyber defenses as it investigates an April blackout, during which the country lost 15 gigawatts of electricity, or 60% of its supply, in just five seconds. The root cause of the blackout has not been determined, and the government has not ruled out a cyberattack. The government, which said last week that Spain suffered 100,000 cyberattacks across all sectors last year, announced a €1.1-billion (US$1.23-billion) investment to reinforce cybersecurity.
[ » Read full article *May Require Paid Registration ]
Financial Times; Barney Jopson (May 13, 2025)
US Scrutinizes Chinese Inverters For Security Risks
Reuters (5/14, McFarlane) reports that US energy officials are reassessing security risks posed by Chinese-made power inverters after discovering undocumented communication devices in some units. These inverters connect solar panels and wind turbines to electricity grids and are predominantly produced in China. The rogue devices create additional communication channels, potentially bypassing firewalls and posing threats to grid stability. Mike Rogers, former NSA director, noted, “We know that China believes there is value in placing at least some elements of our core infrastructure at risk of destruction or disruption.” The Department of Energy is working to ensure full understanding of product capabilities through improved disclosure requirements.
dtau...@gmail.com
U.S., Europe Crack Down on Hacking Tool Used Worldwide
Global authorities on Wednesday announced a crackdown on the Lumma hacking tool that has been exploited by cybercriminals to attack airlines, universities, banks, hospitals and U.S. state governments. The U.S. Justice Department said it had seized the computer systems hackers used to access the tool, while Microsoft used a court order to seize or take offline 2,300 Web domains connected to the cybercriminal activity. Microsoft found some 394,000 computers around the world with Windows software infected by Lumma.
[ » Read full article ]
CNN; Sean Lyngaas (May 21, 2025)
Microsoft Brings Post-Quantum Cryptography to Windows, Linux
Microsoft has released early support for post-quantum cryptography algorithms standardized by the U.S. National Institute of Standards and Technology (ML-KEM for key exchanges and ML-DSA for digital signatures) in the Windows Insider Canary Channel (Build 27852 and above) and in version 1.9.0 of SymCrypt-OpenSSL on Linux. This will enable organizations to experiment with quantum-resistant algorithms in their own operational environments.
[ » Read full article ]
Quantum Insider; Matt Swayne (May 21, 2025)
Russia Accused of Trying to Hack Border Security Cameras to Disrupt Ukraine Aid
The U.K. National Cyber Security Center said Russia tried to hack into border security cameras to spy on and disrupt the flow of aid entering Ukraine. A unit of Russia’s military intelligence services is accused of using a host of methods to target organizations delivering “foreign assistance" by hacking into cameras at crossings and railway stations and near military installations.
[ » Read full article ]
The Guardian (U.K.); Daniel Boffey (May 21, 2025)
Major Flaws Found in VW's Connected Car App
Cybersecurity researcher Vishal Bhaskar discovered serious vulnerabilities in Volkswagen's My Volkswagen app that could have exposed users' personal information. Bhaskar determined the app lacked a lockout mechanism for failed password attempts and wrote a Python script that was able to brute-force the password. Additionally, Bhaskar identified API endpoints that exposed telematics data and customer information. Volkswagen said it fixed the issues this month.
[ » Read full article ]
Computing; Tom Allen (May 20, 2025)
Vulnerability Exploitation Probability Metric Proposed by NIST, CISA
A cybersecurity metric developed by researchers at the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the U.S. National Institute of Standards & Technology (NIST) calculates the likelihood a vulnerability has been exploited. The Likely Exploited Vulnerabilities (LEV) metric could help estimate the comprehensiveness of KEV lists and enhance KEV- and EPSS-based vulnerability remediation prioritization.
[ » Read full article ]
Security Week; Eduard Kovacs (May 20, 2025)
Trump Order Targets Barcodes on Ballots
An executive order signed by U.S. President Donald Trump states that voting equipment should not use ballots that include barcodes or QR codes. Although election officials say such equipment is secure and routinely tested for accuracy, University of Michigan computer scientist J. Alex Halderman testified in a Georgia case that attackers could tamper with the QR codes to change votes or install malware. The order, which is being challenged in court, exempts voting equipment used by voters with disabilities.
[ » Read full article ]
Associated Press; Charlotte Kramon; Christina A. Cassidy (May 19, 2025)
VMware Hack Earns $150,000 Prize
Hackers attending Pwn2Own in Berlin successfully deployed a zero-day exploit against VMware ESXi, marking the first time in Pwn2Own’s 18-year history the hypervisor has been successfully exploited. Nguyen Hoang Thach deployed a single integer overflow exploit to earn his STARLabs SG team a $150,000 prize. The competition also saw three zero-days compromising Windows 11.
[ » Read full article ]
Forbes; Davey Winder (May 17, 2025)
Your Next Password Could Be a Piece of Plastic
University of Texas at Austin (UT Austin) researchers stored and decoded an 11-character password encoded in the molecular makeup of a piece of plastic. The researchers designed molecules that contain sequences of electrochemical information, which could be read using electrical signals. “Molecules can store information for very long periods without needing power," explained UT Austin's Praveen Pasupathy, adding that his team's work "takes us a step closer to storing information in an everyday material.”
[ » Read full article ]
Gizmodo; Natalia Mesa (May 16, 2025)
Japan's Parliament passed a bill last week to allow the government to take proactive steps to prevent serious cyberattacks. Under the new law, the government will analyze communications between foreign countries via Japan, and between Japan and other countries during peacetime. If there is a sign of a cyberattack, police and Japan’s Self-Defense Forces will take steps to neutralize threats.
[ » Read full article ]
The Japan Times (May 16, 2025)
College Student Charged In Connection With Ed Tech Data Breach
K-12 Dive (5/21, Merod) reports that a Massachusetts college student, Matthew Lane, “agreed to plead guilty on Tuesday for allegedly hacking and extorting an unnamed ed tech company for $2.85 million in Bitcoin in December 2024, according to the US Attorney’s Office for the District of Massachusetts.” Lane accessed PowerSchool’s network using an employee’s credentials in September 2024 and transferred stolen data to a server in Ukraine. Lane, “a student at Assumption University in Worcester, Mass., could face up to 17 years in prison and a fine up to $250,000 or ‘twice the gross gain or loss,’ whichever is higher.” US Attorney Leah Foley said, “Cyber extortion is a serious attack on our economy and on all of us.” The breach affected more than 60 million students and 10 million teachers, with more than 100 districts suing PowerSchool. This month, PowerSchool “confirmed that it paid a ransom to threat actors as a result of last year’s data breach.”
Microsoft Build Disruption Leads To Accidental Leak Of Walmart AI Strategy
The Verge (5/21, Warren) reports Microsoft Head of AI Security Neta Haiby accidentally revealed Walmart’s confidential AI deployment plans during a Build conference session disrupted by protesters. While sharing her screen after the incident, Haiby exposed internal Microsoft Teams messages showing that “Walmart is ready to rock and roll with Entra Web and AI Gateway,” and quoting a Walmart AI engineer who said, “Microsoft is WAY ahead of Google with AI security.” Walmart, already a major user of Azure OpenAI, is one of Microsoft’s largest corporate customers.
Colleges And Schools Experience Delays In Reporting Data Breaches, Study Finds
Higher Ed Dive (5/22, Merod) reports, “Colleges and schools had the highest average reporting time for ransomware data breaches when compared to the business, government and healthcare sectors, Comparitech found in its analysis of over 2,600 US ransomware attacks.” The Comparitech study revealed that the education sector takes “4.8 months on average to report data breaches following ransomware attacks,” the longest among sectors analyzed. Education companies, distinct from schools, take even longer, averaging 6.3 months. The report highlights that “waiting months to disclose a data breach is dangerous,” as stolen data can circulate on the dark web before victims are aware. Comparitech noted the Alvin Independent School District in Texas took months to confirm a June 2024 breach affecting 48,000 individuals.
dtau...@gmail.com
Czech Republic Accuses China of 'Malicious Cyber Campaign' Against Foreign Ministry
The Czech Republic is attributing cyberattacks against its Foreign Ministry's communication network to the Advanced Persistent Threat 31 (APT31) hacking group associated with the Chinese Ministry of State Security. According to the Foreign Ministry, the attacks, which began in 2022, targeted the nation's critical infrastructure, but a new communication system has been implemented already.
[ » Read full article ]
Associated Press; Karel Janicek; Sam McNeil (May 28, 2025)
Dutch Intelligence Agencies Say Russian Hackers Stole Police Data
Intelligence agencies in the Netherlands are accusing a previously unknown hacking group of a cyberattack last year on the Dutch police. The group, dubbed Laundry Bear, reportedly is actively trying to steal sensitive data from EU and NATO countries and is “extremely likely Russian state-supported.”
[ » Read full article ]
Associated Press; Mike Corder (May 27, 2025)
Database of 184 Million Records Exposes Vast Array of Login Credentials
Security researcher Jeremiah Fowler discovered an exposed Elastic database comprised of more than 184 million records that include an ID tag for account type, a URL for each website or service, usernames, and plaintext passwords. Fowler said there was no information about who owns the data or where it was obtained, but it appears to be a compilation, possibly maintained by researchers investigating cybercrimes or stolen from attackers via infostealer malware.
[ » Read full article ]
Wired; Matt Burgess; Lily Hay Newman (May 22, 2025)
FCC Bars Chinese Labs Deemed Security Risks from Testing U.S. Electronics
The U.S. Federal Communications Commission (FCC) voted to finalize rules barring Chinese labs deemed risks to U.S. national security from testing electronic devices for use in the U.S. The FCC says about 75% of all electronics are tested in labs located inside China and that many of those labs could have close ties to the Chinese Communist Party. These labs have tested thousands of devices bound for the U.S. market over the last several years, the agency added.
[ » Read full article ]
Reuters; David Shepardson (May 22, 2025)
Virgin Media O2 Network Flaw Allowed Customer Phones to Be Tracked
IT specialist Dan Williams discovered that Virgin Media O2's failure to correctly configure its 4G calling software exposed the locations of tens of millions of its mobile customers for as long as two years. The network security flaw allowed anyone with a Virgin Media O2 sim card to track the location of any Virgin Media O2 mobile customer to the nearest mobile mast. Virgin Media O2 said the problem has been resolved.
[ » Read full article *May Require Paid Registration ]
Financial Times; Kieran Smith (May 29, 2025)
dtau...@gmail.com
FBI Helps Takes Down AVCheck Site Used to Test Malware
The U.S. Federal Bureau of Investigation (FBI), in conjunction with law enforcement in the Netherlands and Finland, have seized and taken offline AVCheck.net, a website operating as a counter antivirus service. Marketed as a "high-speed antivirus scantime checker," the agencies said AVCheck enabled cybercriminals to test their malware against multiple antivirus engines prior to deployment, scanning files, domains, and IP addresses without alerting antivirus vendors.
[ » Read full article ]
TechRadar; Sead Fadilpasic (June 3, 2025)
Hackers Abuse Modified Salesforce App to Steal Data
Hackers are tricking employees at companies in Europe and the Americas into installing a modified version of a Salesforce-related app that allows them to steal data, access other corporate cloud services, and extort those companies. The hackers convince employees via voice calls to install a modified version of Salesforce’s Data Loader, a proprietary tool used to bulk-import data into Salesforce. Some 20 organizations have been affected by the campaign.
[ » Read full article ]
Reuters; A.J. Vicens (June 4, 2025)
Meta Pauses Mobile Port Tracking After Researchers Disclose Practice
Computer scientists at Spain's IMDEA Networks, Netherlands' Radboud University, and Belgium's KU Leuven discovered that native Android apps were used by social media giant Meta and Russian search engine Yandex to listen in on localhost ports. This enabled the companies to connect Web browsing data to user identities, skirting Google Play's privacy protections. Following the disclosure, the researchers observed that Meta's Pixel script stopped sending data to localhost and that the tracking code was largely removed.
[ » Read full article ]
The Register (U.K.); Thomas Claburn (June 3, 2025)
U.K. Commits £1bn to Cyber, Digital Defense
The U.K. on Monday unveiled plans to invest more than £1 billion (more than $1.3 billion) in cyber and digital capabilities over the coming years, announcing those plans alongside the release of the Strategic Defense Review. A cornerstone of the cyber initiative is the establishment of a Cyber and Electromagnetic Command, which will be tasked with defending U.K. Ministry of Defence networks against what officials described as "sub-threshold" cyberattacks.
[ » Read full article ]
Computing (U.K.); Dev Kundaliya (June 3, 2025)
Cyber Companies Hope to Untangle Hacker Nicknames
Microsoft, CrowdStrike, Palo Alto, and Google on Monday said they would create a public glossary of state-sponsored hacking groups and cybercriminals, in a bid to ease confusion over their nomenclature. Vasu Jakkal at Microsoft Security said the new initiative will "accelerate our collective response and collective defense against these threat actors."
[ » Read full article ]
Reuters; Raphael Satter; A.J. Vicens (June 2, 2025)
A person calling himself GangExposed leaked key data about the Russia-linked Conti and Trickbot ransomware gangs. The leaks include thousands of chat logs, personal videos, and ransom negotiations tied to the cyber gangs, who have extorted billions of dollars from companies, hospitals, and other victims worldwide. GangExposed said he's not interested in the $10-million bounty the U.S. offered for information about one key Conti leader that he named. "I simply enjoy solving the most complex cases," he said.
[ » Read full article ]
The Register (U.K.); Jessica Lyons (May 31, 2025)
Researchers from Paderborn University in Germany and the Technology Innovation Institute in Abu Dhabi demonstrated how Internet censorship can be circumvented by modifying encryption protocols. Their "Censor Scanner" open source tool encrypts Internet requests in such a way that censorship systemsf cannot recognize or block them.
[ » Read full article ]
Paderborn University (Germany) (May 30, 2025)
Billions of Cookies Up for Grabs
NordVPN found more than 93.7 billion stolen cookies are available for sale online, an average of 7% to 9% of which are active. Of these stolen cookies, 90.25% contain ID data, while only about 0.5% contain names, home or email addresses, passwords, phone numbers, and genders.
[ » Read full article ]
The Register (U.K.); Connor Jones (May 29, 2025)
New Rules in India Aimed at Chinese Surveillance
New security rules in India that went into effect in April require CCTV camera manufacturers to submit their hardware, software, and source code for government assessment before they can be sold in the country. Among other things, CCTV cameras are required to have tamper-proof enclosures, strong malware detection, and encryption. A top Indian official said the rules are a response to the government's concerns about China's advanced surveillance capabilities.
[ » Read full article ]
Reuters; Aditya Kalra; Shivangi Acharya; Anushree Fadnavis (May 28, 2025); et al.
A new age verification app will be rolled out in the EU in July, ahead of the bloc's 2026 launch of its digital identity wallet. The app will enable online platform users to verify their ages without disclosing other personal information. The EU is also considering measures to ensure minors' accounts are set as private by default.
[ » Read full article *May Require Paid Registration ]
Financial Times; Barbara Moens (May 30, 2025)
Do-It-Yourself Cyberattack Tools Are Booming
Subscription-based software platforms offering phishing kits are proliferating on the dark web, typically operated by a mix of cybercriminals and state-sponsored hackers. More than 190,000 phishing attacks were reported to the U.S. Federal Bureau of Investigation last year, more than the combined number of extortion and personal data breach complaints. The phishing services’ increasing ease-of-use and AI-fueled sophistication is driving demand.
[ » Read full article *May Require Paid Registration ]
WSJ Pro Cybersecurity; Angus Loten (May 29, 2025)
Microsoft Launches Free Cybersecurity Program For European Governments
Reuters (6/4, Mukherjee) reports that Microsoft has introduced a free cybersecurity initiative for European governments to enhance defenses against AI-augmented cyber threats. This program, announced on Wednesday, aims to improve intelligence-sharing and mitigate attacks amid a rise in cyberattacks linked to state-sponsored actors from China, Iran, North Korea, and Russia. Microsoft President Brad Smith stated that expanding U.S.-developed cybersecurity resources to Europe will “strengthen cybersecurity protection.” Smith noted AI’s defensive capabilities, saying, “Our goal needs to be to keep AI advancing as a defensive tool faster than it advances as an offensive weapon.”
Anthropic Debuts Custom AI Models For US National Security Applications
TechCrunch (6/5, Wiggers) reports Anthropic says that it has “released a new set of AI models tailored for U.S. national security customers.” The new models, a custom set of “Claude Gov” models, were “built based on direct feedback from our government customers to address real-world operational needs,” Anthropic wrote in a blog post. Anthropic “says that its new custom Claude Gov models better handle classified material, ‘refuse less’ when engaging with classified information, and have a greater understanding of documents within intelligence and defense contexts. The models also have ‘enhanced proficiency’ in languages and dialects critical to national security operations, Anthropic says, as well as ‘improved understanding and interpretation of complex cybersecurity data for intelligence analysis.’”
dtau...@gmail.com
Cyberattacks on Smartphones Hit New High
Kaspersky security researchers reported a 27% increase in detected malware samples on mobile devices from the fourth quarter of 2024 to the first quarter of 2025. The samples were blocked on more than 12 million smartphones in the first quarter, up 36% from the prior quarter. Said Kaspersky's Anton Kivva, “Users may mistakenly believe their smartphones are inherently more secure than PCs, but the reality is that mobile malware, like the sophisticated Trojans we explored over the last months, are increasingly active.”
[ » Read full article ]
TechRadar; Sead Fadilpasic (June 9, 2025)
NIST Offers 19 Ways to Build Zero Trust Architectures
The U.S. National Institute of Standards and Technology's (NISE) National Cybersecurity Center of Excellence has published guidance to help organizations build their own zero trust architectures (ZTAs). The publication, developed in partnership with 24 industry collaborators, provides 19 examples of ZTAs implemented using commercial, off-the-shelf technologies. It includes implementation details and test results based on real-world scenarios common among large organizations.
[ » Read full article ]
NIST (June 11, 2025)
EU Launches DNS Resolver That Can Filter Dangerous Traffic
The EU has launched the DNS4EU domain name system (DNS) resolver as an alternative to Google, Cloudflare, and other U.S.-based public DNS services. DNS4EU, available at no cost to home users, has a built-in filter to block malicious domains and offers add-on filters to block ads, malware, and adult content. A dedicated version for EU government entities and telecom providers is also available.
[ » Read full article ]
TechRadar; Chiara Castro (June 10, 2025)
Largest-Ever Data Leak Exposes Over 4 Billion User Records
Bob Dyachenko of cybersecurity company Security Discovery, and researchers at independent media outlet cybernews uncovered a 631-gigabyte database without a password that contained 4 billion records, marking what could be China's largest-ever data breach. The database included WeChat data, Alipay card and token information, residential data with geographic identifiers, banking information, IDs, phone numbers, and usernames. The database was taken down quickly, preventing the researchers from identifying the database owners.
[ » Read full article ]
cybernews; Vilius Petkauskas (June 10, 2025)
U.K. News Org Launches Secure Messaging to Protect Sources
A new tool developed by The Guardian's product and engineering team and computer science researchers at the U.K.'s University of Cambridge allows individuals to share stories and tips with the publication's journalists safely through the Guardian app. With Secure Messaging, the communication cannot be distinguished from data sent to and from the app by regular users, helping protect The Guardian's sources. The technology's source code also has been published so other organizations can embed secure messaging within their apps.
[ » Read full article ]
The Guardian (June 8, 2025)
Trump Executive Order Takes Aim at Cybersecurity
U.S. President Trump on Friday signed an executive order rolling back cybersecurity policies set in place by previous administrations. Trump's order removed requirements around testing the use of AI to defend energy infrastructure, funding federal research programs around AI security, and directing the Pentagon to “use AI models for cyber security.” Trump’s order also removed requirements that agencies start using quantum-resistant encryption “as soon as practicable” and that federal contractors attest to the security of their software.
[ » Read full article ]
TechCrunch; Anthony Ha (June 7, 2025)
Bypassing Deepfake Detection with Replay Attacks
A team of researchers from German, Polish, and Romanian universities and vendor Resemble AI found that re-recording deepfake audio with natural acoustics in the background allows the audio to bypass detection models. By generating synthetic speech, playing it, and rerecording it with background noise, researchers found "significant vulnerability" with equal error rates in the top-performing detection model jumping from 4.7% to 18.2%. The reason, according to the researchers, is that replaying audio "removes key artifacts relied upon by detection models."
[ » Read full article ]
Dark Reading; Alexander Culafi (June 4, 2025)
OpenAI Says Significant Number of Recent ChatGPT Misuses Likely Came From China
OpenAI's latest report on malicious uses of its AI models states that a “significant number” of recent violations came from China. The ChatGPT developer said it had disrupted several attempts to leverage its models for cyber threats and covert influence operations in the three months since Feb. 21.
[ » Read full article *May Require Paid Registration ]
The Wall Street Journal; Mauro Orru (June 6, 2025)
Honeywell Introduces Suite Of AI-Powered Cybersecurity Solutions For Operational Technology Environments
Security Info Watch (6/9) reports Honeywell has introduced a suite of AI-powered cybersecurity solutions aimed at enhancing the security of operational technology (OT) environments, announced at the 49th annual Honeywell Users Group. The new offerings, including Honeywell Cyber Proactive Defense and Honeywell OT Security Operations Center, are designed to mitigate cyber threats and support continuous operations in industrial settings. Additionally, Honeywell has expanded its Digital Prime platform to include a comprehensive set of solutions for testing and modifying engineering projects, reducing plant downtime. Pramesh Maheshwari, President of Honeywell Process Solutions, stated, “As we guide our customers on the path from automation to autonomy, Honeywell’s domain expertise is poised to help them rethink how they use technology to drive innovation and gain a competitive edge.”
dtau...@gmail.com
Hacker Group Exposes Source Code for Iran's Cryptocurrency
Israel-linked hacker group Gonjeshke Darande (Predatory Sparrow) released the source code and internal information of Nobitex, Iran’s largest cryptocurrency exchange. According to the group, the company assists the regime in funding Iranian terrorism and uses virtual currencies to bypass sanctions. Gonjeshke Darande previously announced that it stole $48 million in cryptocurrency from the exchange, and claimed responsibility for a cyberattack on the Islamic Revolutionary Guard Corps-controlled Bank Sepah.
[ » Read full article ]
The Jerusalem Post (Israel); Amichai Stein (June 19, 2025)
Websites Track Users via Browser Fingerprinting
Texas A&M University researchers developed a fingerprinting-based user tracking measurement framework that shows websites are using browser fingerprinting to track users across browser sessions and sites, even when users clear or delete cookies. FPTrace goes beyond scanning websites for fingerprinting code by analyzing ad systems' responses to changes in browser fingerprints. The researchers found browser fingerprints were used to track users even if they explicitly opted out of tracking.
[ » Read full article ]
Texas A&M University Engineering (June 18, 2025)
Iran Asks Citizens to Delete WhatsApp from Devices
Iranian state television has called on citizens to delete WhatsApp from their smartphones, claiming the app collects user information to send to Israel. In response, WhatsApp, which employs end-to-end encryption to prevent service providers in the middle from reading messages, issued a statement that read, "We do not track your precise location, we don't keep logs of who everyone is messaging, and we do not track the personal messages people are sending one another."
[ » Read full article ]
Associated Press; Kelvin Chan; Barbara Ortutay (June 17, 2025)
U.S. Seizes $7.74M in Crypto Tied to North Korea's Global Fake IT Worker Network
The U.S. Department of Justice (DOJ) seized more than $7.74 million in cryptocurrency and other digital assets allegedly tied to a North Korean-backed global IT worker scheme. According to DOJ, the funds originally were restrained in connection with the April 2023 indictment against North Korean Foreign Trade Bank representative Sim Hyon-Sop, who allegedly conspired with IT workers to secure employment at U.S. cryptocurrency companies using false identities.
[ » Read full article ]
The Hacker News; Ravie Lakshmanan (June 16, 2025)
Images Hidden in Text Data Embedded into DNS TXT Records
Cybersecurity researcher Asher Falcon demonstrated a data concealment approach that enables digital images to be embedded seamlessly within DNS TXT records. The technique, called "dnsimg," turns domain name infrastructure into an image storage system. It involves converting image files into hexadecimal or Base64 encoded text strings capable of being stored within DNS TXT records. Individual TXT records must adhere to a 2,048-character maximum, requiring larger images to be divided into smaller segments, a process that Falcon automated using a sophisticated Python script.
[ » Read full article ]
Cyber Security News; Guru Baran (June 16, 2025)
Security researchers have identified two flaws in Secure Boot that enable attackers to bypass the industry-standard protocol. Microsoft has patched the first flaw, affecting a DT Research-created module used by more than 50 original equipment manufacturers' devices, which could let attackers completely skip Secure Boot. The second flaw, not yet addressed by Microsoft, involves the igel-flash-driver Linux kernel module and could enable attackers to skirt Secure Boot's bootkit protections.
[ » Read full article ]
Computing (U.K.); Tom Allen (June 13, 2025)
Cyberattack on Washington Post Strikes Journalistsʼ Email Accounts
The email accounts of several journalists at The Washington Post were compromised in a cyberattack potentially linked to a foreign government, officials at the media company told affected staffers. The officials said the intrusions compromised journalistsʼ Microsoft accounts and could have granted the intruder access to work emails they sent and received. Targets included those on the national-security and economic-policy teams, including some who write about China.
[ » Read full article *May Require Paid Registration ]
The Wall Street Journal; Dustin Volz ; Isabella Simonetti; Robert McMillan (June 16, 2025)
Software Vulnerabilities Pile Up at Government Agencies
A report by application security company Veracode found around 80% of government agencies have unresolved software vulnerabilities (security debt) that have not been addressed for at least a year, and 55% have even longer-standing security debt. Third-party and open-source software account for 70% of critical security debt but only 10% of overall security debt. Veracode indicated some of this security debt is associated with the use of applications built on legacy frameworks that are no longer supported by developers.
[ » Read full article ]
Cybersecurity Dive; David Jones (June 12, 2025)
Quantum Mechanics Tapped to Make a Factory for Random Numbers
The Colorado University Randomness Beacon (CURBy), developed by researchers at the U.S. National Institute of Standards and Technology (NIST) and the University of Colorado Boulder, is the first random number generator that produces verifiable random numbers using quantum entanglement. The researchers also developed the Twine protocol, a set of quantum-compatible blockchain technologies that mark each set of data for CURBy with a hash that allows them to be traced and verified.
[ » Read full article ]
NIST News (June 11, 2025)
Denmark to Replace Microsoft Office with Open Source Alternatives
Denmark's Agency for Digital Government said it will being transitioning next month from Microsoft Office software to LibreOffice, a suite of office tools developed by German non-profit The Document Foundation. The move comes amid increasing concerns in Europe about data sovereignty and U.S.-based tech giants' control of digital infrastructure and software ecosystems.
[ » Read full article ]
Computing (U.K.); Dev Kundaliya (June 17, 2025)
China Unleashes Hackers Against Russia
Since the beginning of the war in Ukraine, groups linked to the Chinese government have repeatedly hacked Russian companies and government agencies. While China appears to have plenty of domestic scientific and military expertise, Chinese military experts have lamented that its troops lack battlefield experience. Some defense insiders say China sees Russia’s war in Ukraine as a chance to collect information about modern warfare tactics and Western weaponry, and what works against them.
[ » Read full article ]
The New York Times; Megha Rajagopalan (June 19, 2025)
Tiny Middleman Could Access Two-Factor Login Codes from Tech Giants Concerns are being raised about the middlemen that send two-factor authentication codes to consumers via text on behalf of Big Tech companies, popular apps, banks, encrypted chat platforms, and other senders. An industry whistleblower has revealed around 1 million such messages have passed through Fink Telecom Services, a Swiss company that cybersecurity researchers have linked to incidents in which the codes were intercepted and used to infiltrate private online accounts. Critics of the industry point to a lack of regulation allowing such companies to operate without a license. |
[ » Read full article *May Require Paid Registration ] |
Bloomberg; Ryan Gallagher; Crofton Black; Gabriel Geiger (June 16, 2025) |
Lawmakers Introduce Bill Tasking NSA To Create AI “Security Playbook” To Protect Tech From Foreign Adversaries
NextGov (6/13, Graham) reported Rep. Darin LaHood (R-IL) introduced legislation on Thursday to “require the National Security Agency to create an artificial intelligence ‘security playbook’ to protect sensitive U.S. technologies from foreign adversaries like China.” Reps. John Moolenaar (R-MI), the Chair of the Select Committee on China, as well as Raja Krishnamoorthi, its ranking member, and Josh Gottheimer (D-NJ) co-sponsored the bill. The lawmakers “said...the legislation was needed ‘to address vulnerabilities, threat detection, cyber and physical security strategies, and contingency plans for highly sensitive AI systems,’” and claimed “evidence that Chinese-based startup DeepSeek’s AI chatbot ‘used illegal distillation techniques to steal insights from U.S. AI models to accelerate their own technology development.’” MeriTalk (6/13, Hansen) reported the Advanced AI Security Readiness Act “would create paths to identify and neutralize security threats targeting advanced AI systems.”
Data Privacy Questions Arise As State Health Exchanges Share Sensitive Information With Tech Companies
The Boston Globe (6/17, Lecher, Apodaca) reports state-run healthcare exchanges in New England, designed to facilitate insurance shopping, have been found sharing sensitive user health data with companies like Google, LinkedIn, and Snapchat. The data, including prescription details and personal health information, were inadvertently shared due to the presence of web trackers on these exchanges. After being exposed by The Markup and CalMatters, some states like Nevada and Massachusetts halted the data sharing, while others reviewed their practices. The incident has raised significant privacy concerns, prompting legal actions and scrutiny from federal lawmakers over the compliance of these exchanges with privacy laws like HIPAA.
dtau...@gmail.com
AI Code Exposing Companies to Mounting Security Risks
In a survey by software supply chain platform Cloudsmith, 42% of 307 developers polled said AI-generated code populates much of their codebases, but just 67% said they review the code before deployment. Another 29% of respondents said they are "very confident" they can identify vulnerabilities in AI-generated or AI-assisted code. Only 20% said they trust AI-generated code completely, and more than half (59%) said they subject such code to additional scrutiny.
[ » Read full article ]
Computing (U.K.); Dev Kundaliya (June 24, 2025)
Quantum Risk Is Already Changing Cybersecurity
A recent Cyber Threat Alliance (CTA) report encourages organizations to prepare for quantum risk, the threat that quantum computers will overpower current cryptographic methods, by "embedding [cryptographic] agility within compliant frameworks." The report recommends modular architectures that enable algorithm changes with minimal disruption. CTA encourages post-quantum cryptography (PQC) solutions over Quantum Key Distribution, which it argues "remains constrained by significant scalability, infrastructure, and integration limitations."
[ » Read full article ]
Help Net Security; Mirko Zorz (June 23, 2025)
Dutch Government Says Pro-Russian Hackers Targeted Municipalities Linked to NATO Summit
The Netherlands' National Cybersecurity Center said several municipalities and organizations tied to this week's NATO summit were targeted by pro-Russian hackers with a series of denial-of-service attacks on June 23. The center said a group known as NoName057(16) claimed responsibility for many of the attacks.
[ » Read full article ]
Associated Press (June 23, 2025)
New ACM Journal to Focus on AI Security, Privacy
The new journal ACM Transactions on AI Security and Privacy (TAISAP) will focus on the development of methods for assessing the security and privacy of AI models, AI-enabled systems, and broader AI environments. Its launch is part of a broader initiative by ACM to add a new suite of journals covering various facets of AI.
[ » Read full article ]
ACM Media Center (June 24, 2025)
WhatsApp Banned on House Staffers' Devices
The U.S. House Chief Administrative Officer (CAO) has banned the use of Meta's WhatsApp on government devices used by congressional staffers. In a June 23 email to staffers, the CAO said WhatsApp has been deemed high-risk by the Office of Cybersecurity "due to the lack of transparency in how it protects user data, absence of stored data encryption, and potential security risks involved with its use."
[ » Read full article ]
Axios; Andrew Solender (June 23, 2025)
Tesla Wall Connector Charger Hacked Through Charging Port
Researchers at French computer security company Synacktiv demonstrated an attack on Tesla's Wall Connector Gen 3 home charging system in just 18 minutes at the Pwn2Own Automotive competition earlier this year. The attack used the charging cable as the primary entry point and exploited communication over the Control Pilot line using the Single-Wire CAN protocol. The attack leveraged custom hardware, a custom Tesla car simulator, and a Raspberry Pi.
[ » Read full article ]
Cyber Security News; Guru Baran (June 20, 2025)
Experts Count Staggering Costs Incurred by U.K. Retail Amid Cyberattack Hell
The U.K. Cyber Monitoring Centre (CMC) said cyberattacks affecting major U.K. retailers, including Marks & Spencer, the Co-op, and Harrods, cost an estimated £270 million to £440 million ($362 million to $591 million). The CMC's model revealed the cyberattacks cost retailers around £1.3 million ($1.74 million) per day by preventing them from fulfilling normal sales.
[ » Read full article ]
The Register (U.K.); Connor Jones (June 23, 2025)
Voice-Altering Tech Jams 'Vishing' Schemes
A speech recognition jamming system developed by researchers at Israel's Ben-Gurion University of the Negev and India's Amrita Vishwa Vidyapeetham leverages the EchoGuard sound modification algorithm to ward off "vishing" attacks. The ASRJam system protects against vishing attacks through the real-time use of EchoGuard to modify the human voice using reverberation, microphone oscillation, and transient acoustic attenuation. This speech distortion confuses automatic speech recognition systems. The researchers found their tool outperformed all other baseline jammers.
[ » Read full article ]
The Register (U.K.); Thomas Claburn (June 19, 2025)
China Tightens Internet Controls with Centralized Form of Virtual ID
China is introducing a state-issued national Internet ID that will allow users to sign in across different social media apps and websites. The rules for the new system, currently voluntary, were released in late May and will be implemented in mid-July. It aims to “protect citizens’ identity information, and support the healthy and orderly development of the digital economy,” according to the published rules. Critics warn that it could also further erode personal liberties.
[ » Read full article ]
CNN; John Liu (June 20, 2025)
Potential Cyberattack Scrambles Columbia University Computer Systems
Columbia University is investigating the cause of widespread computer system outages that began June 24 when all systems at the university’s Morningside campus requiring a university ID to access were shut down, including Zoom, internal emails, and coursework. While many services had been restored by the following day, the main course catalog and library catalogs were among the services that remained down.
[ » Read full article *May Require Paid Registration ]
The New York Times; Sharon Otterman (June 25, 2025)
One of the Best Hackers in the Country Is an AI Bot
Xbow is the first AI product to rank No. 1 on HackerOne's U.S. leaderboard, which tracks who has identified and reported the most vulnerabilities in software from large companies. Founded by GitHub veteran Oege de Moor (pictured), Xbow automates penetration testing. Xbow has raised $75 million as de Moor seeks to sell the tool, a cost-effective alternative to red teaming, so companies can perform more frequent penetration testing.
[ » Read full article *May Require Paid Registration ]
Bloomberg; Dina Bass (June 24, 2025)
Canada Says Network Devices Compromised in China-Linked Hack
The Canadian Centre for Cyber Security said recent malicious activity targeting the nation's telecommunications infrastructure is likely tied to threat actors backed by China, specifically Salt Typhoon. The Centre said investigations indicate the cyber campaign "is broader than just the telecommunications sector," and hackers likely will continue infiltration attempts at Canadian companies, particularly in the telecoms sector, during the next two years.
[ » Read full article *May Require Paid Registration ]
Bloomberg; Layan Odeh; Thomas Seal (June 21, 2025)
Hackers Turn Tech Support Into a Threat
In recent months, hackers have targeted outsourced call centers, gaining access to the corporate networks of U.K. retailers and stealing hundreds of millions from customers of the cryptocurrency firm Coinbase Global. Hackers persuaded tech-support workers to provide them with network access by impersonating high-level executives at U.K. retailers, including Marks & Spencer and Harrods. The Coinbase hackers, meanwhile, bribed call-center workers in India to turn over customer information, then posed as legitimate Coinbase workers to convince those customers to create new cryptocurrency wallets with encryption keys the hackers would then use to steal their cryptocurrency.
[ » Read full article *May Require Paid Registration ]
The Wall Street Journal; Robert McMillan (June 19, 2025)
Iran Hijacking Security Cameras in Israel to Spy
Refael Franco, a former Israeli cybersecurity official who now heads the cybersecurity crisis firm Code Blue, warned on public radio last week that Iran is collecting real-time intelligence on Israel by hacking into private security cameras. Franco said Iran is using the cameras to assess the damage from its ballistic missiles in Tel Aviv in hopes of improving their precision. After the Oct. 7, 2023, Hamas attack, the Israeli government issued nonbinding directives urging citizens to strengthen the information security on their personal security cameras.
[ » Read full article *May Require Paid Registration ]
Bloomberg; Marissa Newman (June 20, 2025)
dtau...@gmail.com
Malware Tries to Manipulate AI into Declaring It Harmless
Security vendor Check Point said it detected the first documented case of "AI Evasion" malware, which uses "prompt injection" aimed at tricking AI systems into labeling it as non-malicious. The malware, which was accurately classified by Check Point's AI-powered MCP system, featured a hardcoded plain-text C++ string intended to instruct the AI analyzing it rather than the infected system. "This is not an isolated issue; it is a challenge every security provider will soon confront," said Check Point.
[ » Read full article ]
Computing (U.K.); Dev Kundaliya (June 26, 2025)
Denmark’s Plan to Thwart Deepfakes
The Danish government wants to grant its citizens property rights over their likenesses and voices in a bid to battle deepfakes. Proposed legislation would give Danish citizens whose features were used to create a deepfake the right to ask platforms hosting that content to take it down. Said Danish Culture Minister Jakob Engel-Schmidt, “I think we should not accept a situation where human beings can be run through, if you would have it, a digital copy machine and misused for all sorts of purposes.”
[ » Read full article ]
CNN; Jack Guy (June 30, 2025)
More Than 25% of U.K. Businesses Hit by Cyberattack in Last Year
A survey by the U.K.’s Royal Institution of Chartered Surveyors found an increase in the share of U.K. businesses experiencing a cyberattack in the last year from 16% in 2024 to around 27%. Nearly three-quarters (73%) of respondents to the survey expect a cybersecurity incident to impact their operations in the next one to two years. Risk areas identified by the survey include building management systems, CCTV networks, Internet of Things devices, access control systems, and other operational technologies.
[ » Read full article ]
The Guardian (U.K.); Julia Kollewe (June 30, 2025)
North American Airlines Targeted by Cyberattacks
WestJet and Hawaiian airlines said they were responding to cyberattacks, while American Airlines experienced a technical issue on Friday, although it’s unclear if it was related or caused in any way by hackers. Google and Palo Alto Networks said Friday they observed a cybercriminal group nicknamed Scattered Spider that tries to hack companies involved in aviation. The FBI posted a warning Friday evening that Scattered Spider was targeting the aviation industry.
[ » Read full article ]
NBC News; Kevin Collier (June 27, 2025)
U.S. Lawmakers Urge Action on Cybersecurity in Face of Quantum Threat
During a June 25 hearing of the U.S. House Subcommittee on Cybersecurity, Information Technology, and Government Innovation, federal officials called for the urgent modernization of cybersecurity infrastructure to prepare for the possibility that quantum computing could one day crack cryptographic protocols. U.S. Government Accountability Office's Marisol Cruz Cain emphasized the importance of government investments to develop a skilled workforce, fund basic research, and formulate long-term strategies to protect against quantum-enabled attacks. IBM's Scott Crowder said full adoption of post-quantum cryptographic standards by industries and the government could take more than 10 years.
[ » Read full article ]
Quantum Insider; Matt Swayne (June 26, 2025)
Laptops, Bank Accounts Linked to North Korean Fake IT Workers Scheme Seized
The U.S. Department of Justice (DOJ) seized hundreds of financial accounts, fraudulent websites, and laptops connected to a scheme in which North Korean operatives infiltrated tech companies by posing as remote workers and sent money back to North Korea to support its weapons program. These agents also reportedly stole virtual currency and intellectual property from the companies they infiltrated. DOJ said about 100 U.S. companies unknowingly hired workers involved in the scheme.
[ » Read full article ]
Politico; Maggie Miller (June 30, 2025)
Smart Tractors Vulnerable to Takeover
Researchers at Austria- and Germany-based Limes Security came up with a method to simultaneously spy on tens of thousands of smart tractors around the world and take full control over any of them. The method relies on vulnerabilities in FJD AT2, an aftermarket steering system developed by Chinese manufacturer FJDynamics. According to Limes Security, FJDynamics has not yet patched the issues it identified.
[ » Read full article ]
Dark Reading; Nate Nelson (June 27, 2025)
Qantas Data Breach Exposes up to 6 Million Customer Profiles
Qantas is contacting customers after a cyberattack targeted its third-party customer service platform. The Australian airline on June 30 detected "unusual activity" on a platform used by its contact center to store the personal data of 6 million people. The attack came days after the FBI warned that the airline sector was a target of cybercriminal group Scattered Spider. U.S.-based Hawaiian Airlines and Canada's WestJet have both been impacted by similar cyberattacks in the past two weeks.
[ » Read full article *May Require Paid Registration ]
BBC News; Tabby Wilson (July 2, 2025)
Cyberattack on U.K. Health Firm Contributed to Patient Death
A June 2024 cyberattack affecting Synnovis, which provides blood testing, transfusion, and other pathology services to the U.K. National Health Service (NHS), was confirmed to have contributed to a patient's death. The King's College Hospital NHS Foundation Trust in London said that a long wait for a blood test as a result of the cyberattack was a contributing factor in the patient's death. The attack, perpetrated by a hacking gang linked to Russia, resulted in more than 10,000 postponed appointments and more than 1,700 canceled elective procedures, the NHS said.
[ » Read full article *May Require Paid Registration ]
Bloomberg; Ryan Gallagher (June 25, 2025)
Quantum Computing Gains Momentum As Major Tech Firms Invest Heavily
CNBC (6/27, Leswing) reported quantum computing is attracting significant investment from tech giants like Amazon, Google, Microsoft, and IBM, alongside the US government, as they race to develop practical applications. Startups in the sector raised $2 billion last year, though revenue remains under $750 million. Amazon showcased its error-correcting quantum processor, while IBM aims to build a meaningful quantum computer by 2029. Microsoft VP of Advanced Quantum Development Krysta Svore said quantum computers will excel in material science and chemistry, which underpin 96 percent of manufactured goods. Encryption remains a key focus due to national security concerns, with fears quantum computers could crack current systems. Amazon’s Ocelot chip features 14 qubits, but experts estimate millions may be needed for practical use.
Tech Firms Warn ‘Scattered Spider’ Hacks Are Targeting Aviation Sector
Reuters (6/27, Satter) reported, “Tech companies Google and Palo Alto Networks are sounding the alarm over the ‘Scattered Spider’ hacking group’s interest in the aviation sector.” Charles Carmakal, an executive with Google’s Mandiant unit, “said his company was ‘aware of multiple incidents in the airline and transportation sector which resemble the operations of UNC3944 or Scattered Spider.’” Sam Rubin, an executive at Palo Alto’s Unit 42, “said his company had ‘observed Muddled Libra (also known as Scattered Spider) targeting the aviation industry.’”
US Lawmakers Introduce Bill To Bar Federal Use Of China-Linked AI Tools Like DeepSeek
South China Morning Post (HKG) (6/25) reported that a bipartisan group of lawmakers has introduced the No Adversarial AI Act, which would bar federal agencies from procuring or deploying AI tools developed in China, Russia, Iran, or North Korea. The bill specifically targets platforms such as DeepSeek, a Chinese-developed AI system. “Artificial intelligence controlled by foreign adversaries poses a direct threat to our national security, our data and our government operations,” said Rep. Raja Krishnamoorthi (D-IL), who co-sponsored the bill in the House alongside Rep. John Moolenaar (R-MI). A companion version was introduced in the Senate by Sen. Rick Scott (R-FL) and Sen. Gary Peters (D-MI). The move marks the latest escalation in the US-China tech rivalry.
Columbia Cyberattack Targets Student Data. The New York Times (7/1, Otterman) reports that Columbia University experienced a cyberattack on June 24, leading to a shutdown of its computer systems. A Columbia official described the attack as the work of a “hacktivist” who stole student data to scrutinize the university’s affirmative action policies. The hacker provided Bloomberg News with 1.6 gigabytes of data, including details on 2.5 million student applications. Columbia has yet to determine the full extent of the data theft, which could take weeks or months. The attack occurred shortly after Columbia’s chief information officer, Gaspare LoDuca, announced his departure. The university’s acting president, Claire Shipman, expressed concern over maintaining research excellence. The hacker reportedly accessed Columbia’s servers “for more than two months,” extracting 460 gigabytes of data, including sensitive financial and personal information.
Columbia University Student Data Stolen In Cyberattack
The AP (7/2, Offenhartz) reports in continuing coverage that Columbia University experienced a cyberattack last week, resulting in the theft of student documents and temporary shutdown of its computer systems. The breach occurred on June 24, causing network outages that disrupted email, coursework, and video conferencing. Images of President Donald Trump appeared on campus monitors the same day, though a Columbia spokesperson “declined to elaborate on the political motivations behind the attack.” The university described the perpetrator as a “highly sophisticated ‘hacktivist’” with political motives. Negotiations for a settlement are ongoing, with the university agreeing to several changes. A similar cyberattack occurred at New York University in March, with “student admission records briefly appearing on the school’s website.” A hacker “said the intent was to prove the university was not in compliance with the Supreme Court decision banning affirmative action in college admissions.”
Vermont College Offers Dual-Enrollment Cybersecurity Certificate
Inside Higher Ed (7/2, Mowreader) reports that Champlain College, in partnership with NuHarbor Security, is offering a 12-credit cybersecurity certificate program for Vermont high school juniors and seniors. This initiative aims to provide career exploration and workforce development opportunities. CyberStart program director Adam Goldstein said, “We saw a need for something in the middle,” emphasizing the program’s synchronous learning model. The CyberStart program, launched in 2024, consists of four courses, including two internships. The first internship is led by Champlain faculty, while the second involves working with NuHarbor professionals. The program follows a flipped classroom model, enhancing students’ active learning experiences. Goldstein said, “Regardless of where they head into the digital age, having an understanding of cybersecurity is a really, really critical skill set.” The program also offers conditional acceptance to Champlain and potential scholarships.
dtau...@gmail.com
'Cybersecurity' Behind Decision to End Defense Satellite Sharing of Hurricane Data
The U.S. National Oceanic and Atmospheric Administration (NOAA) said the U.S. Department of Defense is ending its Defense Meteorological Satellite Program (DMSP), which provides data for hurricane forecasting, by the end of July "to mitigate a significant cybersecurity risk" to government "high performance computing environments." Meanwhile, NOAA's National Hurricane Center (NHC), Google DeepMind, and Google Research have agreed to explore how a new AI weather forecast model can improve the forecasting of hazardous weather.
[ » Read full article ]
The Register (U.K.); Lindsay Clark (July 7, 2025)
Call of Duty Takes PC Game Offline After Reports of RCE Attacks on Players
The PC version of Call of Duty: World War 2 was removed from the Microsoft Store on July 5 while "reports of an issue" were being investigated, according to the video game's X account. Players using Xbox's GamePass service posted videos indicating a remote code execution (RCE) vulnerability was being exploited to take over their PCs during live multiplayer matches. Cybersecurity firm MalwareBytes attributes the issue to the transition of older games from dedicated servers to peer-to-peer networking by many video game companies.
[ » Read full article ]
CyberScoop; Derek B. Johnson (July 7, 2025)
DragonForce, a ransomware-as-a-service group associated with recent cyberattacks against U.K. retailers, is engaged in a turf war with one of its biggest competitors, RansomHub. Researchers at U.K. computer security company Sophos said DragonForce is also believed to be responsible for attacks on the sites of other rivals. Google Threat Intelligence Group's Genevieve Stark said, "Instability within the extortion ecosystem can have serious implications for ransomware and data theft extortion victims."
[ » Read full article *May Require Paid Registration ]
Financial Times; Kieran Smith (July 7, 2025)
FDA Calls On Medical Device Manufacturers To Prioritize Cybersecurity Into Products
MeriTalk (7/3, Hansen) reported the Food and Drug Administration “urg[ed] medical device makers to build cybersecurity into devices from the start as part of new guidance that outlines protections across the entire product lifecycle” amid “surges in cyberattacks against hospitals, medical facilities, and health-related industries across the United States.” MeriTalk explained while the guidance “covers a variety of medical systems and devices, it also deals with what the agency referred to as ‘cyber devices’ which enable internet connectivity.” The FDA “stressed transparency standards, saying that manufacturers should provide users with cybersecurity-related information such as software bill materials, update procedures, and known risks,” while “other controls encouraged by FDA include multi-factor authentication, encrypted communications, and documenting security events.”
NSA To Partner With Cyber Command On FY2026 Planned AI Project
Defense Scoop (7/7, Pomerleau) reports US Cyber Command has requested $5 million in fiscal 2026 to launch a new artificial intelligence project. The fiscal 2023 defense policy bill charged the Pentagon, Cyber Command, and DARPA to work with the NSA to “jointly develop a five-year guide and implementation plan for rapidly adopting and acquiring AI systems, applications, supporting data and data management processes for cyber operations forces.” The initiative “aims to develop core data standards in order to curate and tag collected data that meet those standards to effectively integrate data into AI and machine learning solutions while more efficiently developing artificial intelligence capabilities to meet operational needs.”