The Worsening State of Ransomware
Suddenly, you have people with limited ability using powerful software to discover, exfiltrate, and encrypt files. They wind up with many of the same capabilities that sophisticated cybercriminals have.
Read MoreCyberSecurity
Computer Security, CyberSecurity or Information Technology Security (IT Security) is the protection of computer systems from theft or damage to their hardware, software or electronic data, as well as from disruption or misdirection of the services they provide. CyberSecurity also refers to a set of techniques used to protect the integrity of networks, programs and data from attack, damage or unauthorized access.
The SolarWinds Hack
The SolarWinds affair is simply another incident in a long pattern of intrusions.
Read More
Implementing Insider Defenses
Classical approaches to cyber-security—isolation, monitoring, and the like—are a good starting point for defending against attacks, regardless of perpetrator. But implementations of those approaches in hardware and/or software can invariably be circumvented by insiders, individuals who abuse privileges and access their trusted status affords.
Read More
CISA Releases Guidance: IPv6 Considerations for TIC 3.0
These documents cover enhancing the Trusted Internet Connections (TIC) program to fully support the implementation of IPv6 in federal IT systems. This information is also applicable to the private business sector and those interested in improving Internet security.
Read More
Better Security Through Obfuscation
Last year, three mathematicians published a viable method for hiding the inner workings of software. The paper was a culmination of close to two decades of work by multiple teams around the world to show that concept could work. The quest now is to find a way to make indistinguishability obfuscation (iO) efficient enough to become a practical reality.
Read More
Fixing the Internet
Aftab Siddiqui, senior manager of Internet technology at the Internet Society, says the initial BGP protocol was conceived by experts at research institutions, defense organizations, and equipment vendors. “When they designed [BGP], it was based on the premise that everybody trusts each other,” Siddiqui says. “Fast-forward 30 years, I’m pretty sure we cannot claim that anymore.”
Read More
Oh Behave! The Annual Cybersecurity Attitudes and Behaviors Report 2021
In honor of Cybersecurity Awareness Month 2021, the National Cyber Security Alliance and CybSafe have launched the world’s first Cybersecurity Attitudes & Behaviors Report. The research report is the first of its kind. It examines cybersecurity attitudes and behaviors of the general public, shedding light on one of the most important aspects of cyber risk – the human factor.
Read More
How America Can Reliably Resist Ransomware
So, what can government and business leaders do to combat these attacks? And who’s responsible for improving our cybersecurity?
Read More
SolarWinds and the Holiday Bear Campaign: A Case Study for the Classroom
Author’s Note: Have you been looking for a detailed-but-accessible case study of the Russian cyberespionage campaign that targeted SolarWinds (among others)? The following piece is adapted from my newly-released eCasebook “Cybersecurity Law, Policy, and Institutions” (v.3.1).
Read More
Facebook Catches Iranian Spies Catfishing US Military Targets
The hackers posed as recruiters, journalists, and hospitality workers to lure their victims.
Read More
How China’s Hacking Entered a Reckless New Phase
China has increasingly relied on contractors for its hacking, which opens the door to all kinds of criminal behavior.
Read More
China’s and Russia’s Spying Sprees Will Take Years to Unpack
The full extent of the SolarWinds hack and Hafnium’s attack on Microsoft Exchange Server may never be known.
Read More
Chinese Hacking Spree Hit an ‘Astronomical’ Number of Victims
A single group appears to have infiltrated tens of thousands of Microsoft Exchange servers in an ongoing onslaught.
Read More
Microsoft Password Guidance
This paper provides Microsoft’s recommendations for password management based on current research and lessons from our own experience as one of the largest Identity Providers (IdPs) in the world. It covers recommendations for end users and identity administrators.
Read More
Hacker Lexicon: What Is the Signal Encryption Protocol?
As the Signal protocol becomes the industry standard, it’s worth understanding what sets it apart from other forms of end-to-end encrypted messaging.
Read More
The Incredible Rise of North Korea’s Hacking Army
The country’s cyber forces have raked in billions of dollars for the regime by pulling off schemes ranging from A.T.M. heists to cryptocurrency thefts. Can they be stopped?
Read More
StopRansomware.gov website – The U.S. Government’s One-Stop Location to Stop Ransomware
This website is the U.S. Government’s official one-stop location for resources to tackle ransomware more effectively.
Read More
All the Ways Amazon Tracks You—and How to Stop It
The retail empire is obsessed with your data. But is the convenience worth giving up your personal information?
Read More
Google’s cookie ban and FLoC, explained
At some point next year, Google Chrome will stop using third-party cookies. It’s a move that could upend the global advertising and publishing industries – and it has major implications for your privacy.
Read More
Securing Internet Applications from Routing Attacks
This article provides a new perspective by showing that routing attacks on Internet applications can have even more devastating consequences for users—including uncovering users (such as political dissidents) trying to communicate anonymously, impersonating websites even if the traffic uses HTTPS, and stealing cryptocurrency. This article argues that the security of Internet applications and the network infrastructure should be considered together, as vulnerabilities in one layer led to broken assumptions (and new vectors for attacks) in the other.
Read More