Display ALL Posts in Cybersecurity

Newest posts are at the top.Category: CyberSecurity
Date is date posted here in Internet Salmagundi, not date originally published.


icons and names of IoT sensor types, illustration - Credit: Metamorworks Standards to Secure the Sensors That Power IoT (9/30/2023) Tagged: Internet of Things (IoT), Security Standards   |   Yet as IoT adoption increases, IoT sensors and devices also are becoming more popular targets for cybercriminals.
refrigerator-freezer in a home appliance store - Credit: Alicia Kubista / Andrij Borys Associates Security by Labeling (9/29/2023) Tagged: Internet of Things (IoT), Consumer Labelling, Government Regulation   |   Consumer cybersecurity can no longer be ignored.
colored umbrellas in flight - Credit: Tewan Banditrakkanka A Turning Point for Cyber Insurance (9/10/2023) Tagged: Cyber Insurance   |   Going forward cyber-insurance providers will thrive by succeeding in: rewarding security; generating knowledge; and punishing insecurity.
The publication cover of the CISA Strat Plan CISA Cybersecurity Strategic Plan (8/12/2023) Tagged: CISA (CyberSecurity & Infrastructure Security Agency)   |   The Cybersecurity and Infrastructure Security Agency’s (CISA) 2023-2025 Strategic Plan is the agency’s first, comprehensive strategic plan since CISA was established in 2018. This is a major milestone for the agency.
Logo - Cybersecurity and Infrastructure Security Agency CISA Develops Factsheet for Free Tools for Cloud Environments (7/24/2023) Tagged: Cloud Computing, Security Guidance, CISA (CyberSecurity & Infrastructure Security Agency), Cloud Security   |   CISA has developed and published a factsheet, Free Tools for Cloud Environments, to help businesses transitioning into a cloud environment identify proper tools and techniques necessary for the protection of critical assets and data security.
Book Cover - The Cybersecurity Dilemma: Hacking, Trust and Fear Between Nations The Cybersecurity Dilemma: Hacking, Trust and Fear Between Nations (7/21/2023) Tagged: Security Dilemma, CyberSecurity   |   Why do nations break into one another's most important computer networks? There is an obvious answer: to steal valuable information or to attack. But this isn't the full story.
honey and honey stick - Credit: Slawomir Zelasko Lamboozling Attackers: A New Generation of Deception (6/30/2023) Tagged: Honey Pot / Watering Hole, Deceptive Environments   |   Imagine a world in which developers and operators of systems exploit attackers as much as attackers exploit defenders. By leveraging system-design knowledge and modern computing to deploy deception environments, software engineering teams can successfully bamboozle attackers for fun and profit while deepening systems resilience.
Selman Design The secret police: Cops built a shadowy surveillance machine in Minnesota after George Floyd’s murder (6/17/2023) Tagged: Surveillance - Mass, Government Policy, Civil Liberties, Domestic Intelligence   |   An investigation by MIT Technology Review reveals a sprawling, technologically sophisticated system in Minnesota designed for closely monitoring protesters.
Illustration: Tameem Sankari The Untold Story of the Boldest Supply-Chain Hack Ever (6/8/2023) Tagged: Supply Chain Attack, SolarWinds   |   The attackers were in thousands of corporate and government networks. They might still be there now. Behind the scenes of the SolarWinds investigation.
The SolarWinds Corp. logo is seen on a sign at the headquarters - Photograph: SUZANNE CORDEIRO/Getty Images The DOJ Detected the SolarWinds Hack 6 Months Earlier Than First Disclosed (6/8/2023) Tagged: Supply Chain Attack, SolarWinds   |   In May 2020, the US Department of Justice noticed Russian hackers in its network but did not realize the significance of what it had found for six months.
closeup of a hand holding the handset of an old red telephone - Photograph: Juan Moyano/Getty Images The Bold Plan to Create Cyber 311 Hotlines (6/7/2023) Tagged: Cybersecurity Clinics, Community Cyber Defense   |   UT-Austin will join a growing movement to launch cybersecurity clinics for cities and small businesses that often fall through the cracks.
One unlocked orange padlock surrounded by locked green padlocks - Photograph: MirageC/Getty Images Google Is Rolling Out Password-Killing Tech to All Accounts (6/6/2023) Tagged: Passwords, Passkeys   |   The tech industry’s transition to passkeys gets its first massive boost with the launch of the alternative login scheme for Google’s billions of users.
Closeup of a person's hand holding an Apple AirTag - Photograph: Melina Mara/Getty Images Are You Being Tracked by an AirTag? Here’s How to Check (6/6/2023) Tagged: Personal Security, Bluetooth-based Wireless Beacons   |   If you’re worried that one of Apple’s trackers is following you without consent, try these tips.
Car - Image: DiMaggio/Kalish New Tool Shows if Your Car Might Be Tracking You, Selling Your Data (6/6/2023) Tagged: Vehicle Data Collection, Security Tools   |   The free tool from Privacy4Cars provides some insight on whether your vehicle is collecting and sharing location and other types of data.
Isolated black snake on red backdrop - Photograph: EduardHarkonen/Getty Images The Underground History of Russia’s Most Ingenious Hacker Group (6/6/2023) Tagged: Russia, Espionage - Cyber, Advanced Persistent Threats (APT), Espionage - State-Sponsored   |   From USB worms to satellite-based hacking, Russia’s FSB hackers known as Turla have spent 25 years distinguishing themselves as “adversary number one.”
Stairs leading up to an open door in a wall with yellow glowing digital binary code - Illustration: BeeBright/Getty Images Millions of PC Motherboards Were Sold With a Firmware Backdoor (6/5/2023) Tagged: Backdoor, Firmware   |   Hidden code in hundreds of models of Gigabyte motherboards invisibly and insecurely downloads programs—a feature ripe for abuse, researchers say.
pop-up alert stating 'That's totally not a virus, Don't tell your sysadmin' - Credit: Local_Doctor / Shutterstock Hidden Malware Ratchets Up Cybersecurity Risks (5/14/2023) Tagged: Artificial Intelligence, Machine Learning, Malware, Deep Learning Neural Network (DNN)   |   What if cybercriminals could hide pernicious payloads in places where commercial cybersecurity software were unable to detect it? Unfortunately, this approach is both possible and increasingly viable.
Book Cover - A Hacker's Mind How the Powerful Bend Society's Rules, and How to Bend them Back A Hacker’s Mind: How the Powerful Bend Society’s Rules, and How to Bend them Back (4/4/2023) Tagged: Hackers & Hacking, History - Computing   |   It’s not just computers―hacking is everywhere.
Book Cover - The Ransomware Hunting Team A Band of Misfits' Improbable Crusade to Save the World from Cybercrime The Ransomware Hunting Team: A Band of Misfits’ Improbable Crusade to Save the World from Cybercrime (4/4/2023) Tagged: Hackers & Hacking, Ransomware, History - Computing   |   A real-life technological thriller about a band of eccentric misfits taking on the biggest cybersecurity threats of our time.
numeric codes and shining lights, illustration - Credit: Carlos Castilla Cybersecurity as Illuminator for the Future of Computing Research (1/27/2023) Tagged: Cybersecurity Research and Development   |   Security is still viewed by much of the computing research community in a narrow technical context, leading to results poorly aligned with motivating real-world needs.
A viewfinder points at the Google logo. - Illustration: Elena Lacey Europe’s Move Against Google Analytics Is Just the Beginning (12/20/2022) Tagged: Google (Firm), General Data Protection Regulation (GDPR), Privacy   |   Austria’s data regulator has found that the use of Google Analytics is a breach of GDPR. In the absence of a new EU-US data deal, other countries may follow.
What is GDPR The summary guide to GDPR compliance in the UK - iStock / art-sonik What is GDPR? The summary guide to GDPR compliance in the UK (12/20/2022) Tagged: Privacy & Data Protection, General Data Protection Regulation (GDPR)   |   General Data Protection Regulation, or GDPR, have overhauled how businesses process and handle data. Our need-to-know GDPR guide explains what the changes mean for you
CTRL ALT DEL—Rebooting the Role of Technology in Geo-Politics The Future of Tech Is Here. Congress Isn’t Ready for It (12/16/2022) Tagged: Technology Policy Activism, Technology & Society, Technology & Politics   |   In a conversation with WIRED, former representative Will Hurd talked AI, the metaverse, China, and how ill-prepared legislators are to grapple with any of it.
person resting on bed with mobile phone - Photograph: Carol Yepes/Getty Images 6 Ways to Delete Yourself From the Internet (12/16/2022) Tagged: How To, Personal Security   |   You’ll never be able to get a clean slate—but you can significantly downsize your digital footprint.
Underwater fiber optic internet cable lying on the ocean floor. - Photograph: imaginima/Getty Images The Most Vulnerable Place on the Internet (12/16/2022) Tagged: Internet Connectivity, Fiber-optic Cable   |   Underwater cables keep the internet online. When they congregate in one place, things get tricky.
Photo illustration by Cristiana Couceiro The Battle for the World’s Most Powerful Cyberweapon (12/8/2022) Tagged: NSO, Cyber Weapons, Pegasus, Zero-Click / Interactionless Attacks   |   A Times investigation reveals how Israel reaped diplomatic gains around the world from NSO’s Pegasus spyware — a tool America itself purchased but is now trying to ban.
Image: Daniel Zender Fraud Is Flourishing on Zelle. The Banks Say It’s Not Their Problem. (12/8/2022) Tagged: Cyber Crime   |   Zelle, the payments platform used by millions of customers, is a popular target of scammers. But banks have been reluctant to make fraud victims whole — despite owning the system.
North Korea on a map glitches with a 404 error code. - Illustration: Elena Lacey; Getty Images North Korea Hacked Him. So He Took Down Its Internet (12/8/2022) Tagged: Hacktivism   |   Disappointed with the lack of US response to the Hermit Kingdom's attacks against US security researchers, one hacker took matters into his own hands.
This image may contain James Clapper Tie Accessories Accessory Human Person and Text America’s Top Spy Talks Snowden Leaks and Our Ominous Future (12/8/2022) Tagged: Surveillance, History - Cyber   |   America's top spy and the future of surveillance.
A satellite eyes the moon. - Illustration: Elena Lacey The Feds Want These Teams to Hack a Satellite—From Home (12/7/2022) Tagged: Hacker Culture, Capture-the-Flag Hacking Events (CTFs)   |   Meet the hackers who, this weekend, will try to commandeer an actual orbiter as part of a Defcon contest hosted by the Air Force and the Defense Digital Service.
An illustration showing the outline of a person walking, with various parts of their body "tracked" by Amazon devices - Tyler Comrie / The Atlantic The Rise of ‘Luxury Surveillance’ (12/6/2022) Tagged: Surveillance - Mass, Surveillance Capitalism, Surveillance - Online, Ambient Intelligence, Luxury Surveillance   |   Surveillance isn’t just imposed on people: Many of us buy into it willingly.
August Pfluger - Photograph: Bill Clark/Getty Images Autonomous Vehicles Join the List of US National Security Threats (12/6/2022) Tagged: Autonomous Systems, China, National Security (US)   |   Lawmakers are growing concerned about a flood of data-hungry cars from China taking over American streets.
Thin red metal wires surrounding a black hole in the center eye concept - Photograph: Sven Hagolani/Getty Images Spyware Scandals Are Ripping Through Europe (12/6/2022) Tagged: Spyware, NSO, Surveillance for Hire, Targeted Surveillance Industry   |   The latest crisis that rocked the Greek government shows the bloc’s surveillance problem goes beyond the notorious NSO Group.
a ball peeking out from the corner - Photograph: Serg Myshkovsky/Getty Images Open Source Intelligence May Be Changing Old-School War (12/6/2022) Tagged: Ukraine, Open Source Intelligence (OSINT), Russia   |   Intelligence collected from public information online could be impacting traditional warfare and altering the calculus between large and small powers.
Image credit: Ariel Davis The hacker-for-hire industry is now too big to fail (10/16/2022) Tagged: Hacking for Hire   |   This is a big moment of turbulence and change for the hacking business. But the demand is here to stay.
October is Cybersecurity Awareness Month About Cybersecurity Awareness Month 2022 (9/30/2022) Tagged: CyberSecurity Education, CISA (CyberSecurity & Infrastructure Security Agency), Cyber Safety   |   Cybersecurity Awareness Month – observed every October – was created as a collaborative effort between government and industry to ensure every American has the resources they need to stay safer and more secure online.
colorful shapes visible in keyhole The Long Road Ahead to Transition to Post-Quantum Cryptography (9/8/2022) Tagged: Quantum Cryptography, Quantum CyberSecurity, Quantum Resistance   |   Much of the post-quantum transition work that needs to be done can start now, even while we wait for algorithm and protocol standards to be updated.
image of a lock over hands on a keyboard - Credit: Shutterstock Even If Users Do Not Read Security Directives, Their Behavior Is Not So Catastrophic (9/8/2022) Tagged: Cybersecurity Research and Development   |   When we eventually started to analyze the obtained data after the third survey round, we discovered surprising results that led to heated discussions among the research team members.
diptych illustration with a line drawing with organic shapes on the left and sand dune eye and galaxy on the right - Illustration: Mark Pernice Dune Foresaw—and Influenced—Half a Century of Global Conflict (8/11/2022) Tagged: Human Psychology, Science Fiction, Technology & War   |   From Afghanistan to cyberattacks, Frank Herbert’s novel anticipated and shaped warfare as we know it.
binoculars - Credit: DestroLove Cyber Reconnaissance Techniques (7/26/2022) Tagged: Cyber Reconnaissance & Countermeasures, Cyber Reconnaissance Techniques and Sources   |   The evolution of and countermeasures for existing reconnaissance techniques.
A hand throws away a facebook branded wad of paper. - Illustration: Elena Lacey; Getty Images How to Permanently Delete Your Facebook Account (7/24/2022) Tagged: Facebook, How To   |   If you've finally hit your breaking point, here's how to say goodbye to Mark Zuckerberg's empire.
A collage of images including servers and a hand holding a seed. - Illustration: Eduardo Ramón Trejo; Getty Images; Alamy The Full Story of the Stunning RSA Hack Can Finally Be Told (7/4/2022) Tagged: China, Espionage - State-Sponsored   |   In 2011, Chinese spies stole the crown jewels of cybersecurity—stripping protections from firms and government agencies worldwide. Here’s how it happened.
Book Cover - We Are Bellingcat: Global Crime, Online Sleuths, and the Bold Future of News We Are Bellingcat: Global Crime, Online Sleuths, and the Bold Future of News (6/6/2022) Tagged: Open Source Intelligence (OSINT)   |   The page-turning inside story of the global team wielding the internet to fight for facts and combat autocracy-revealing the extraordinary ability of ordinary people to hold the powerful to account.
Skyscrapers in the Moscow-City business center in Moscow on April 29. (Maxim Shemetov/Reuters) Hacking Russia was off-limits. The Ukraine war made it a free-for-all (5/1/2022) Tagged: Hackers & Hacking, Russia   |   Experts anticipated a Moscow-led cyber-assault; instead, unprecedented attacks by hacktivists and criminals have wreaked havoc in Russia
How Democracies Spy on Their Citizens (4/30/2022) Tagged: Spyware, Pegasus, NSO, Targeted Surveillance Industry, Israel   |   The inside story of the world’s most notorious commercial spyware and the big tech companies waging war against it.
The Pegasus Project (4/30/2022) Tagged: Pegasus, NSO   |   Working with new data from the journalism nonprofit Forbidden Stories and human rights group Amnesty International, OCCRP and 16 media partners around the world worked to uncover who might have fallen victim to Pegasus, and tell their stories.
Electrical powerlines on pylons in Ukraine - Photograph: Joseph Sywenkyj/Bloomberg/Getty Images Russia’s Sandworm Hackers Attempted a Third Blackout in Ukraine (4/18/2022) Tagged: Wiper, Malware, Ukraine, Sandworm   |   The attack was the first in five years to use Sandworm's Industroyer malware, which is designed to automatically trigger power disruptions.
U.S. President Joe Biden delivers remarks on developments in Ukraine and Russia to reporters - Photograph: Drew Angerer/Getty Images How Russia’s Invasion Triggered a US Crackdown on Its Hackers (4/18/2022) Tagged: Malware, Russia, Ukraine, Sandworm, Cyber Warfare   |   The Biden White House is using “all of the levers of national power” to counter—or preempt—cyberattacks by Russia’s most dangerous hacker groups.
Russian soldiers sitting on a tank - Photograph: Sefa Karacan/Getty Images Russia Is Leaking Data Like a Sieve (4/13/2022) Tagged: Ethics, Information Warfare, Russia, Ukraine, Hacktivism, Doxing   |   Ukraine claims to have doxed Russian troops and spies, while hacktivists are regularly leaking private information from Russian organizations.
How Bellingcat uncovered Russias secret network of assassins - Bellingcat / Getty Images / WIRED How Bellingcat uncovered Russia’s secret network of assassins (4/7/2022) Tagged: Russia, Bellingcat, Open Source Intelligence (OSINT)   |   From Sergei Skripal to Alexei Navalny, Russia’s attempts to silence its enemies have been forensically exposed. At the centre of these revelations has been investigative unit Bellingcat
home routers stacked on top of each other - Photograph: Getty Images Russia’s Sandworm Hackers Have Built a Botnet of Firewalls (3/31/2022) Tagged: Russia, Sandworm, Hackers & Hacking, Malware   |   Western intelligence services are raising alarms about Cyclops Blink, the latest tool at the notorious group’s disposal.
KYIV, UKRAINE - People hold signs and chant slogans during a protest outside the Russian Embassy on February 22, 2022 in Kyiv in anticipation of an invasion from Russia. (Photo by Chris McGrath/Getty Images) Second Wiper Attack Strikes Systems in Ukraine and Two Neighboring Countries (3/31/2022) Tagged: Malware, Ukraine, Wiper   |   The wiper, dubbed HermeticWiper, struck a bank in Ukraine as well as machines in Latvia and Lithuania belonging to two contractors that work with the Ukrainian government.
Illustration of Ukrainian flag made of code - Illustration by Nicholas Konrad / The New Yorker The Threat of Russian Cyberattacks Looms Large (3/28/2022) Tagged: CyberConflict, Ukraine, Russia   |   So far, the Russian invasion of Ukraine has not involved the sort of devastating cyberattacks that many anticipated. But it’s not clear why, or whether that pattern will hold.
Ukrainian troops. (Official photo by the Ministry of Defense of Ukraine) Cyber Realism in a Time of War (3/28/2022) Tagged: Cyber Warfare, Russia, CyberConflict, Ukraine   |   “For all the talk about ‘cyber war’, today shows that when conflict escalates to this point it is secondary. If you want to take out infrastructure then missiles are more straightforward than using computer code. Cyber’s main role now is perhaps to sow confusion about events.”
An illustration of a hacker wearing a Putin mask. - Illustration: WIRED; Getty Images Leaked Ransomware Docs Show Conti Helping Putin From the Shadows (3/19/2022) Tagged: Cyber Crime, Russia, Advanced Persistent Threats (APT)   |   Members of the hacker gang may act in Russia’s interest, but their links to the FSB and Cozy Bear hackers appear ad hoc.
a woman walking - Photograph: DIMITAR DILKOFF/Getty Images The Russian Disinfo Operation You Never Heard About (3/18/2022) Tagged: Russia, Active Measures, Disinformation (Coordinated Inauthentic Behavior)   |   The campaign known as Secondary Infektion appears to be a distinct effort from the meddling of the IRA and GRU—and it went undetected for years.
Person working in Intel laboratory with computer equipment - Photograph: Shlomo Shoham Inside the Lab Where Intel Tries to Hack Its Own Chips (3/18/2022) Tagged: Vulnerabilities, Computer Chip Manufacture   |   Researchers at iSTARE have to think like the bad guys, finding critical flaws before processors go to production.
A collage with a demonstrator waving a Ukrainian flag. - Illustration: Elena Lacey; Getty Images Hacktivists Stoke Pandemonium Amid Russia’s War in Ukraine (3/18/2022) Tagged: Hacktivism, Hackers & Hacking, Russia, Ukraine   |   A wave of cyberattacks meant to make a statement and particularly buoy Ukraine could have unintended consequences.
Collage of images of Putin proUkraine protesters Russian soldiers and cracked computer screen - Photo-Illustration: Sam Whitney; Getty Images The Spectacular Collapse of Putin’s Disinformation Machinery (3/12/2022) Tagged: Disinformation (Coordinated Inauthentic Behavior), Propaganda, Social Media, Ukraine, Rusia   |   A few critical errors have brought down Russia's complex and objectively brilliant war of influence in the West.
Illustration of wifi symbol made of fortified metal - Illustration: Sam Whitney; Getty Images How Ukraine’s Internet Can Fend Off Russian Attacks (3/12/2022) Tagged: Internet Access, Russia, Cyber-Resilience, Ukraine   |   The besieged country's complex internet infrastructure has evolved to promote resiliency.
Young girl seen reading news on cell phone at a bomb shelter in Kyiv Ukraine - Photograph: SOPA Images/Getty Images When War Struck, Ukraine Turned to Telegram (3/12/2022) Tagged: Disinformation (Coordinated Inauthentic Behavior), Social Media, Misinformation, Social Media – Novel & Beneficial Uses, Ukraine, Telegram   |   As Russian troops surround Kyiv, millions of Ukrainians have relied on the messaging platform for government information.
Logo - National Security Agency / Central Security Service Network Infrastructure Security Guidance (3/7/2022) Tagged: Security Guidance, Network Security   |   This report presents best practices for overall network security and protection of individual network devices, and will assist administrators in preventing an adversary from exploiting their network. This guidance is current as of March, 2022
building cyber at large scale concept - Ms Tech | Twenty20 How China built a one-of-a-kind cyber-espionage behemoth to last (3/4/2022) Tagged: Cyber Warfare, China, Hackers & Hacking, Malware, Zero-Day Exploits   |   A decade-long quest to become a cyber superpower is paying off for China.
Security in High-Performance Computing Environments, illustrative photo - Credit: Gorodenkoff Visuals Security in High-Performance Computing Environments (3/4/2022) Tagged: High Performance Computing, Alternative Security Frameworks for HPC   |   Historically, security for HPC systems has not necessarily been treated as distinct from general-purpose computing, except, typically, making sure that security does not get in the way of performance or usability. While laudable, this article argues that this assessment of HPC's distinctiveness is incomplete.
President Joe Biden speaks from the Treaty Room in the White House - AP Photo/Andrew Harnik, Pool The $1 billion Russian cyber company that the US says hacks for Moscow (3/2/2022) Tagged: Hackers & Hacking, Cyber Weapons, Russia, Hacking for Hire   |   Washington has sanctioned Russian cybersecurity firm Positive Technologies. US intelligence reports claim it provides hacking tools and runs operations for the Kremlin.
Close up of typing on laptop - Getty How to avoid sharing bad information about Russia’s invasion of Ukraine (3/2/2022) Tagged: Disinformation (Coordinated Inauthentic Behavior), How To, Misinformation   |   Even well-meaning attempts to participate in the news can play into bad actors’ campaigns.
NSA research concept - Ms Tech | Getty, NSA Meet the NSA spies shaping the future (3/1/2022) Tagged: National Security (US), National Security Agency, Cybersecurity Research and Development   |   In his first interview as leader of the NSA's Research Directorate, Gil Herrera lays out challenges in quantum computing, cybersecurity, and the technology American intelligence needs to master to secure and spy into the future.
Russian servicemen take part in a military drills - AP Photo How a Russian cyberwar in Ukraine could ripple out globally (3/1/2022) Tagged: Cyber Warfare, Malware, Russia, Ukraine   |   Soldiers and tanks may care about national borders. Cyber doesn't.
Belarus government building. Photograph: Ekaterina Loginova/Getty Images ‘Ghostwriter’ Looks Like a Purely Russian Op—Except It’s Not (2/28/2022) Tagged: Hackers & Hacking, Russia, Belarus, Disinformation (Coordinated Inauthentic Behavior)   |   Security researchers have found signs that the pervasive hacking and misinformation campaign comes not from Moscow but from Minsk.
If these cyber threats seem confusing and overwhelming, that’s exactly the point, and that’s exactly what makes the threat against Ukraine so grave. Photograph: KIRILL KUDRYAVTSEV/Getty Images Russia’s Cyber Threat to Ukraine Is Vast—and Underestimated (2/27/2022) Tagged: Hackers & Hacking, Cyber Crime, Russia, CyberConflict, Hacking for Hire, Ukraine   |   The Kremlin's web of nonstate hackers can wreak just as much havoc as Putin's government.
Roman Dobrokhotov is founder and editor in chief of the Insider, a Russian news site that's played a key role in identifying Moscow's most brazen alleged military spies and killers. Photo: Max Avdeev The Russian Sleuth Who Outs Moscow’s Elite Hackers and Assassins (2/26/2022) Tagged: Open Source Intelligence (OSINT), Hackers & Hacking, Russia, Bellingcat   |   Roman Dobrokhotov has been playing a dangerous game for a Russian reporter: identifying agents of the GRU military intelligence agency.
Russian President Vladimir Putin and Defense Minister Sergei Shoigu arrive for a reception ceremony at the Kremlin in Moscow, Russia, June 28, 2017. Photo: Alexei Druzhinin/Sputnik/Reuters A Guide to Russia’s High Tech Tool Box for Subverting US Democracy (2/26/2022) Tagged: Cyber Crime, National Security (US), Russia, Espionage - Cyber, Active Measures, Ukraine   |   Understanding just how extensive and coordinated Russia’s operations against the West are represents the first step in confronting—and defeating—Putin’s increased aggression, particularly as it becomes clear that the 2016 election interference was just a starting point.
Anne Neuberger, Deputy National Security Advisor for Cyber and Emerging Technology, center, speaks with reporters in the James Brady Press Briefing Room at the White House, Friday, Feb. 18, 2022, in Washington. - Source: AP The US is unmasking Russian hackers faster than ever (2/24/2022) Tagged: Hackers & Hacking, Russia, Cyber Attribution   |   The White House was quick to publicly blame Russia for a cyberattack against Ukraine, the latest sign that cyber attribution is a crucial tool in the American arsenal.
Book Cover - The Cuckoo's Egg The Cuckoo’s Egg: Tracking a Spy Through the Maze of Computer Espionage (2/23/2022) Tagged: Computer Networks - Security, Espionage - Cyber, Privacy & Data Protection   |   An astronomer-turned-sleuth traces a German trespasser on our military networks, who slipped through operating system security holes and browsed through sensitive databases. Was it espionage?
WordPress Logo Hackers Planted Secret Backdoor in Dozens of WordPress Plugins and Themes (1/22/2022) Tagged: Supply Chain Risk, WordPress, WordPress Third-Party Plugins & Themes, Backdoor, WordPress Security   |   Site owners who have installed the plugins directly from AccessPress Themes' website are advised to upgrade immediately to a safe version, or replace it with the latest version from WordPress[.]org. Additionally, it necessitates that a clean version of WordPress is deployed to revert the modifications done during the installation of the backdoor.
Screenshots of Phishing SMSs reported to Citizen Lab in 2016 A deep dive into an NSO zero-click iMessage exploit: Remote Code Execution (1/21/2022) Tagged: Zero-Click / Interactionless Attacks, NSO, Pegasus   |   Based on our research and findings, we assess this to be one of the most technically sophisticated exploits we've ever seen, further demonstrating that the capabilities NSO provides rival those previously thought to be accessible to only a handful of nation states.
iPhone store - Photograph: Budrul Chukrut/Getty Images How to Read Your iOS 15 App Privacy Report (1/20/2022) Tagged: How To, Security Guidance, Privacy & Personal Information, Privacy & Data Protection, iOS (Apple Operating System)   |   Your iPhone now gives you lots of transparency into what your downloads are up to. Here's what to look out for.
people in a stadium on their phones - Photograph: Getty Images Sneaky Zero-Click Attacks Are a Hidden Menace (1/20/2022) Tagged: Hackers & Hacking, Zero-Click / Interactionless Attacks   |   Hacks that can play out without any user interaction may be more common than we realize, in part because they’re so difficult to detect.
Man using tablet to make a video call with other people at dusk - Photograph: Alistair Berg/Getty Images ‘Zero-Click’ Zoom Vulnerabilities Could Have Exposed Calls (1/20/2022) Tagged: Zero-Click / Interactionless Attacks, Zoom Videoconferencing   |   The flaws are now fixed, but they speak to the growing concerns around interactionless attacks.
Man walking along cliff next to ocean while looking at phone - Photograph: Cavan Images/Getty Images NSO Group Spyware Targeted Dozens of Reporters in El Salvador (1/19/2022) Tagged: Zero-Click / Interactionless Attacks, NSO, Targeted Surveillance Industry, Spyware, Pegasus   |   The newly disclosed campaign shows how little the company has done to curb abuses of its powerful surveillance tools.
person on phone walking in the shadows - Photograph: James D. Morgan Meta Removes 7 Surveillance-for-Hire Operations From Its Platforms (1/18/2022) Tagged: Hacking for Hire, NSO, Surveillance for Hire, Targeted Surveillance Industry   |   While NSO Group gets most of the attention, the takedowns underscore how insidious the industry has become.
Mobile Device Cybersecurity Checklist for Consumers - CISA Mobile Device Cybersecurity Checklist for Consumers (1/17/2022) Tagged: Best Practices, CISA Security Tip, Mobile Device Security   |   Simple cyber hygiene steps consumers can take to improve the cybersecurity of their mobile devices.
In this Aug. 24, 2021 file photo, a logo adorns a wall on a branch of the Israeli NSO Group company, near the southern Israeli town of Sapir. (Sebastian Scheiner/AP) Commerce Department announces new rule aimed at stemming sale of hacking tools to Russia and China (1/17/2022) Tagged: Government Regulation, Hackers & Hacking, Technology Policy, Hacking for Hire, NSO   |   “We’re trying to walk the line between not impairing legitimate cybersecurity collaboration across borders, but trying to make sure these pieces of hardware and software technology aren’t obtained and used by repressive governments,” the senior official said.
Exterior of NSO Group building - Photograph: Amir Levy/Getty Images Google Warns That NSO Hacking Is On Par With Elite Nation-State Spies (1/16/2022) Tagged: Surveillance - Electronic, Spyware, Pegasus, Hacking for Hire, Zero-Click / Interactionless Attacks, NSO   |   ForcedEntry is “one of the most technically sophisticated exploits” Project Zero security researchers have ever seen.
Conceptual - Ms Tech / source imagery: Unsplash, Wikimedia commons Inside the Microsoft team tracking the world’s most dangerous hackers (1/8/2022) Tagged: National Security (US), Hackers & Hacking   |   From Russian Olympic cyberattacks to billion-dollar North Korean malware, how one tech giant monitors nation-sponsored hackers everywhere on earth.
Google office - Unsplash Google’s top security teams unilaterally shut down a counterterrorism operation (1/8/2022) Tagged: Ethics, Stockpiling of Vulnerabilities, Zero-Day Exploits, Vulnerabilities Equities Process   |   The decision to block an “expert” level cyberattack has caused controversy inside Google after it emerged that the hackers in question were working for a US ally.
DHS logo glitch - Ms Tech The US is worried that hackers are stealing data today so quantum computers can crack it in a decade (1/8/2022) Tagged: Post-Quantum Cryptographic Algorithms, Stockpiling of Sensitive Data, Cryptography, Stockpiling of Vulnerabilities   |   The US government is starting a generation-long battle against the threat next-generation computers pose to encryption.
Hackers for hire - Ariel Davis The hacker-for-hire industry is now too big to fail (12/28/2021) Tagged: NSO, Hackers & Hacking, Surveillance - Online, Spyware, Hacking for Hire   |   This is a big moment of turbulence and change for the hacking business. But the demand is here to stay.
proliferating cyber surveillance concept - Ms Tech | Getty “A grim outlook”: How cyber surveillance is booming on a global scale (12/28/2021) Tagged: Technology Policy, Surveillance - Online, Spyware, Hacking for Hire, NSO   |   New data paints a detailed picture of the ways Western companies are selling cyber weapons and surveillance technology to NATO’s enemies.
Book Cover - Countdown to Zero Day Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon (12/27/2021) Tagged: Hackers & Hacking, Cyber Weapons, Geopolitics, History - Military   |   A top cybersecurity journalist tells the story behind the virus that sabotaged Iran’s nuclear efforts and shows how its existence has ushered in a new age of warfare—one in which a digital attack can have the same destructive capability as a megaton bomb.
Image credit: Ariel Davis Inside NSO, Israel’s billion-dollar spyware giant (12/22/2021) Tagged: Surveillance - Electronic, Hackers & Hacking, Spyware, Pegasus, Hacking for Hire, NSO   |   The world’s most notorious surveillance company says it wants to clean up its act. Go on, we’re listening.
NSO headquarters - Ms Tech | Source: AP Photo/Daniella Cheslow, File The man who built a spyware empire says it’s time to come out of the shadows (12/22/2021) Tagged: Cyber Intelligence, Espionage - Cyber, Spyware, NSO, Cyber Warfare   |   Shalev Hulio, co-founder and CEO of NSO, says his industry is full of companies trying to avoid scrutiny.
conceptual illustration showing a police evidence board with reference to various people, places, and things in the story - max-o-matic Inside the FBI, Russia, and Ukraine’s failed cybercrime investigation (12/22/2021) Tagged: Hackers & Hacking, Cyber Crime, Cyber Investigation   |   Russia and Ukraine promised to cooperate and help catch the world’s most successful hackers. But things didn’t quite go to plan.
Data Privacy Week 2022 Data Privacy Week – 2022 (12/13/2021) Tagged: CyberSecurity at Home, CyberSecurity at Work, CyberSecurity Education   |   Data Privacy Week helps spread awareness about online privacy and educates citizens on how to manage their personal information and keep it secure. Data Privacy Week also encourages businesses to respect data and be more transparent about how they collect and use customer data.
truck assembly line - Credit: Humphery / Shutterstock Quantum-Safe Trust for Vehicles: The Race Is Already On (12/5/2021) Tagged: Quantum CyberSecurity, Quantum Vulnerability   |   Now that it seems quantum-computing capabilities could become commercially available within the next decade or two—likely in the form of cloud-based services—security professionals have turned with an intensified sense of urgency to the challenge of how to respond to the threat of quantum-powered attacks. One domain where this is particularly true is in the automotive industry, where cars now coming off assembly lines are sometimes referred to as "rolling datacenters" in acknowledgment of all the entertainment and communications capabilities they contain.
pattern of blue dots, illustration - Credit: Scott Webb / Unsplash The Complex Path to Quantum Resistance (12/4/2021) Tagged: Quantum Vulnerability, Quantum Technologies, Cryptography, Quantum Resistance, Information Communication Technology (ICT)   |   This article provides a series of recommendations for [ICT executive] decision-makers, including what they need to know and do today. It will help them in devising an effective quantum transition plan [to quantum-resistance] with a holistic lens that considers the affected assets in people, process, and technology.
Windows 11 Security — Our Hacker-in-Chief Runs Attacks and Shows Solutions Windows 11 Security — Our Hacker-in-Chief Runs Attacks and Shows Solutions (11/26/2021) Tagged: Microsoft, Windows Operating System, Windows 11 Security   |   Many of the optional or high-end security controls from Windows 10 are now on by default and required on new machines with Windows 11.
Illustration: Tyler Comrie Amazon’s Dark Secret: It Has Failed to Protect Your Data (11/22/2021) Tagged: Information Security, Privacy & Data Protection   |   Voyeurs. Sabotaged accounts. Backdoor schemes. For years, the retail giant has handled your information less carefully than it handles your packages.
Cover Image - Microsoft Digital Defense Report Microsoft Digital Defense Report (2021) (11/22/2021) Tagged: Disinformation (Coordinated Inauthentic Behavior), Cyber Crime, Internet of Things (IoT), Multilevel Security, Multi-factor Authentication, Advanced Persistent Threats (APT), Supply Chain Attack   |   Knowledge is powerful. This report encompasses learnings from security experts, practitioners, and defenders at Microsoft to empower people everywhere to defend against cyberthreats.
RE:WIRED 2021: Tinker Hacker Sailor Sp0y: The Scourge of Ransomeware Jen Easterly Wants Hackers to Help US Cyber Defense (11/14/2021) Tagged: Hackers & Hacking, Misinformation, CISA (CyberSecurity & Infrastructure Security Agency)   |   The new director of the US Cybersecurity & Infrastructure Security Agency, Jen Easterly, joined WIRED contributing editor Garrett Graff to talk about hacking and misinformation on a global scale and how to combat the ever-evolving nature of cyberattacks.
It's not hackers.Photograph: Nina Riggio/Bloomberg/Getty Images Why Facebook, Instagram, and WhatsApp All Went Down Today (11/14/2021) Tagged: Facebook, Border Gateway Protocol (BGP), Colossal Ooops!   |   A Facebook, Instagram, WhatsApp, and Oculus outage knocked every corner of Mark Zuckerberg’s empire offline on Monday. It’s a social media blackout that can most charitably be described as “thorough” and seems likely to prove particularly tough to fix.
Logo - Known Exploited Vulnerabilities Catalog Known Exploited Vulnerabilities Catalog (11/14/2021) Tagged: Vulnerabilities, CISA (CyberSecurity & Infrastructure Security Agency)   |   This is a CISA-managed catalog of known exploited vulnerabilities that carry significant risk to the federal enterprise.
blue shield hovering over desert landscape, illustration - Credit: Andrij Borys Associates, Shutterstock Cyber Security Research in the Arab Region: A Blooming Ecosystem with Global Ambitions (10/31/2021) Tagged: Geopolitics, Cybersecurity Research and Development, Cybersecurity Knowledge   |   In this article, we will survey the main initiatives related to cyber security in the Arab region, report on the evolution of the cyber security posture, and point to possible Pan-Arab and international collaboration avenues in cyber security research.
alert stating: Your Files Are Encrypted - Credit: JMiks / Shutterstock The Worsening State of Ransomware (10/23/2021) Tagged: Ransomware   |   Suddenly, you have people with limited ability using powerful software to discover, exfiltrate, and encrypt files. They wind up with many of the same capabilities that sophisticated cybercriminals have.
John Arquilla - Credit: Naval Postgraduate School The SolarWinds Hack (10/22/2021) Tagged: Hackers & Hacking, National Security (US), Prioritizing Cybersecurity, SolarWinds   |   The SolarWinds affair is simply another incident in a long pattern of intrusions.
worker portraits on a shield, illustration - Credit: Peter Crowther Associates, Shutterstock Implementing Insider Defenses (10/19/2021) Tagged: Insider Threats, Trustworthy Behavior, Human Psychology   |   Classical approaches to cyber-security—isolation, monitoring, and the like—are a good starting point for defending against attacks, regardless of perpetrator. But implementations of those approaches in hardware and/or software can invariably be circumvented by insiders, individuals who abuse privileges and access their trusted status affords.
CISA Releases Guidance: IPv6 Considerations for TIC 3.0 (10/14/2021) Tagged: National Security (US), Best Practices, Security Guidance, CISA (CyberSecurity & Infrastructure Security Agency), Trusted Internet Connections   |   These documents cover enhancing the Trusted Internet Connections (TIC) program to fully support the implementation of IPv6 in federal IT systems. This information is also applicable to the private business sector and those interested in improving Internet security.
gold box with circuit board exterior, illustration - Credit: Arleksey / Shutterstock Better Security Through Obfuscation (10/9/2021) Tagged: Encryption, Indistinguishability Obfuscation, Virtual Black Box (VBB) Obfuscation   |   Last year, three mathematicians published a viable method for hiding the inner workings of software. The paper was a culmination of close to two decades of work by multiple teams around the world to show that concept could work. The quest now is to find a way to make indistinguishability obfuscation (iO) efficient enough to become a practical reality.
lock in electronic pattern, illustration - Credit: Diyajyoti / Shutterstock Fixing the Internet (10/9/2021) Tagged: Internet Architecture, Internet Security, Border Gateway Protocol (BGP), Resource Public Key Infrastructure (RPKI), Route Origin Validation (ROV)   |   Aftab Siddiqui, senior manager of Internet technology at the Internet Society, says the initial BGP protocol was conceived by experts at research institutions, defense organizations, and equipment vendors. "When they designed [BGP], it was based on the premise that everybody trusts each other," Siddiqui says. "Fast-forward 30 years, I'm pretty sure we cannot claim that anymore."
Cover Logo - Oh Behave! The Annual Cybersecurity Attitudes and Behaviors Report 2021 Oh Behave! The Annual Cybersecurity Attitudes and Behaviors Report 2021 (10/8/2021) Tagged: Psychology and Usability, Multi-factor Authentication, Cybersecurity Knowledge, Cybersecurity Risk, Password Managers, Cyber Crime, Psychology and UX, Internet of Things (IoT), Identity Theft   |   In honor of Cybersecurity Awareness Month 2021, the National Cyber Security Alliance and CybSafe have launched the world’s first Cybersecurity Attitudes & Behaviors Report. The research report is the first of its kind. It examines cybersecurity attitudes and behaviors of the general public, shedding light on one of the most important aspects of cyber risk - the human factor.
A laptop displays a message after being infected by a ransomware as part of a worldwide cyberattack on in Geldrop. ROB ENGELAAR/ANP/AFP via Getty Images How America Can Reliably Resist Ransomware (9/27/2021) Tagged: Ransomware, CyberSecurity at Home, CyberSecurity at Work   |   So, what can government and business leaders do to combat these attacks? And who's responsible for improving our cybersecurity?
"Hackers (pt. 2)" by Ifrah Yousuf is licensed under CC BY 4.0 (https://cybervisuals.org/visual/hackers-pt-2/). SolarWinds and the Holiday Bear Campaign: A Case Study for the Classroom (9/26/2021) Tagged: Espionage - Cyber, Supply Chain Attack, SolarWinds   |   Author's Note: Have you been looking for a detailed-but-accessible case study of the Russian cyberespionage campaign that targeted SolarWinds (among others)? The following piece is adapted from my newly-released eCasebook “Cybersecurity Law, Policy, and Institutions” (v.3.1).
Chinese emblem on a building with a reflection of the Chinese flag - Photograph: PETER PARKS/Getty Images How China’s Hacking Entered a Reckless New Phase (7/26/2021) Tagged: Hackers & Hacking, Cyber Crime, Russia, North Korea, China   |   China has increasingly relied on contractors for its hacking, which opens the door to all kinds of criminal behavior.
microsoft building - Photograph: Jeenah Moon/Getty Images China’s and Russia’s Spying Sprees Will Take Years to Unpack (7/26/2021) Tagged: China, Russia, Zero-Day Exploits, Espionage - State-Sponsored, Supply Chain Attack, SolarWinds   |   The full extent of the SolarWinds hack and Hafnium’s attack on Microsoft Exchange Server may never be known.
microsoft building - Photograph: David Paul Morris/Bloomberg/Getty Images Chinese Hacking Spree Hit an ‘Astronomical’ Number of Victims (7/26/2021) Tagged: China, Zero-Day Exploits, Espionage - State-Sponsored, Microsoft Exchange Servers   |   A single group appears to have infiltrated tens of thousands of Microsoft Exchange servers in an ongoing onslaught.
flags - Photograph: Ali Mohammadi/Bloomberg/Getty Images Facebook Catches Iranian Spies Catfishing US Military Targets (7/26/2021) Tagged: Hackers & Hacking, Facebook, Iran, Social Engineering   |   The hackers posed as recruiters, journalists, and hospitality workers to lure their victims.
Microsoft - Research Microsoft Password Guidance (7/25/2021) Tagged: Privacy & Personal Information, Password Managers, Passwords, Cryptography, Security Guidance   |   This paper provides Microsoft’s recommendations for password management based on current research and lessons from our own experience as one of the largest Identity Providers (IdPs) in the world. It covers recommendations for end users and identity administrators.
Graphic illustration of text bubbles and letters. - Illustration: Elena Lacey Hacker Lexicon: What Is the Signal Encryption Protocol? (7/23/2021) Tagged: Encryption, End-to-End Encryption   |   As the Signal protocol becomes the industry standard, it's worth understanding what sets it apart from other forms of end-to-end encrypted messaging.
Hackers - Illustration by Anuj Shrestha The Incredible Rise of North Korea’s Hacking Army (7/20/2021) Tagged: Russia, North Korea, Money Laundering, Advanced Persistent Threats (APT), China, Hackers & Hacking, Cyber Crime, National Security (US)   |   The country’s cyber forces have raked in billions of dollars for the regime by pulling off schemes ranging from A.T.M. heists to cryptocurrency thefts. Can they be stopped?
Logo - CISA Stop Ransomeware StopRansomware.gov website – The U.S. Government’s One-Stop Location to Stop Ransomware (7/15/2021) Tagged: Ransomware, CISA (CyberSecurity & Infrastructure Security Agency)   |   This website is the U.S. Government's official one-stop location for resources to tackle ransomware more effectively.
amazon logo - Photograph: SAJJAD HUSSAIN/Getty Images All the Ways Amazon Tracks You—and How to Stop It (7/13/2021) Tagged: Privacy & Personal Information, Limiting Data Collection, Privacy & Data Protection   |   The retail empire is obsessed with your data. But is the convenience worth giving up your personal information?
Googles cookie ban and FLoC explained - Hans Neleman / WIRED Google’s cookie ban and FLoC, explained (7/13/2021) Tagged: Tracking Cookies, Online Advertising, Privacy & Personal Information   |   At some point next year, Google Chrome will stop using third-party cookies. It’s a move that could upend the global advertising and publishing industries – and it has major implications for your privacy.
complex traffic signals - Credit: Palm Jumeirah Guides Securing Internet Applications from Routing Attacks (7/11/2021) Tagged: Bitcoin Network, CyberSecurity Engineering, Border Gateway Protocol (BGP), Routing Attacks, Tor Network (The Onion Router), Certificate Authorities   |   This article provides a new perspective by showing that routing attacks on Internet applications can have even more devastating consequences for users—including uncovering users (such as political dissidents) trying to communicate anonymously, impersonating websites even if the traffic uses HTTPS, and stealing cryptocurrency. This article argues that the security of Internet applications and the network infrastructure should be considered together, as vulnerabilities in one layer led to broken assumptions (and new vectors for attacks) in the other.
Photo of the author Bruce Schneier We Have Root: Even More Advice from Schneier on Security (7/11/2021) Tagged: Privacy, National Security Agency, Hackers & Hacking, Security Economics, CyberSecurity, Human Aspects of Security, Cyber Crime, Surveillance - Online, National Security (US), Terrorism - Prevention, Internet of Things (IoT), Law & Policy, Election Security, Surveillance, Leaks (Disclosure of Information)   |   We Have Root: Even More Advice from Schneier on Security By Bruce Schneier Published by John Wiley & Sons, Inc., September 2019. ISBN: 978-1-119-64301-2 “A collection of popular essays from security guru Bruce Schneier ”   In his latest collection of …
computers at edge of crator, illustration - Credit: Novikov Aleksey Cybersecurity: Is It Worse than We Think? (7/10/2021) Tagged: Prioritizing Cybersecurity   |   [In this article, we] seek to complement the myriad security research notes by investigating specific cybersecurity practices within organizations to evaluate where organizations are showing improvement, where they are stagnant, and what may be influencing these changes. Our results confirm that cyber-security continues to receive attention on the surface, but when looking beyond surface-level impressions a surprising lack of progress is being made.
The Dark Triad, illustration - Credit: Alicia Kubista / Andrij Borys Associates The Dark Triad and Insider Threats in Cyber Security (7/9/2021) Tagged: Human Psychology, Insider Threats, Personality Traits, Insider Cyber Sabotage   |   In this article, we focus on a set of pathological personality traits known as the dark triad. Evidence from recent insider threat cases leads us to believe these traits may correlate with intentions to engage in malicious behavior.23 After discussing insider threats and the dark triad traits, we present results from an empirical study that illustrate the relationship between the dark triad traits and malicious intent. We then discuss the importance of these results and make recommendations for security managers and practitioners based on our findings.
envelope and key on smartphone display, illustration - Credit: Shutterstock.com Security Analysis of SMS as a Second Factor of Authentication (7/8/2021) Tagged: Multi-factor Authentication, SMS (Short Message Service)   |   This article provides some insight into the security challenges of SMS-based multifactor authentication: mainly cellular security deficiencies, exploits in the SS7 (Signaling System No. 7) protocol, and the dangerously simple yet highly efficient fraud method known as SIM (subscriber identity module) swapping. Based on these insights, readers can gauge whether SMS tokens should be used for their online accounts. This article is not an actual analysis of multifactor authentication methods and what can be considered a second (or third, fourth, and so on) factor of authentication; for such a discussion, the author recommends reading security expert Troy Hunt's report on the topic.
Robin K. Hill - Credit: University of Wyoming Protecting Computers and People From Viruses (7/5/2021) Tagged: Computer Viruses   |   The really interesting question is what a strong successful analogy, matching computer viruses to organic viruses, would mean.
laptop - Courtesy of Microsoft Windows 11’s Security Push Puts Microsoft on a Collision Course (7/3/2021) Tagged: Trusted Platform Module, Windows 11 Security, Microsoft, Windows Operating System   |   An attempt to boost the security of Windows devices may leave millions of them more vulnerable in the long run.
blocks connected by chains and locks - Credit: Weibel Christophe / Shutterstock Secure Multiparty Computation (7/1/2021) Tagged: Multiparty Computation, Distributed Computing / Distributed Systems   |   Over the past three decades, many different techniques have been developed for constructing MPC [MultiParty Computation] protocols with different properties, and for different settings.
zero day and trolley car, illustration The Ethics of Zero-Day Exploits: The NSA Meets the Trolley Car (7/1/2021) Tagged: Stockpiling of Vulnerabilities, Zero-Day Exploits, Central Intelligence Agency (CIA), Ethics, National Security Agency   |   This article [takes] two basic approaches to evaluating the ethics of stockpiling zero-day exploits.
mobile phone with facial recognition feature - Credit: Andrij Borys Associates, Shutterstock The Identity in Everyone’s Pocket (6/30/2021) Tagged: Privacy, Digital Identities, Mobile Device Security, Attestation, Identity Management   |   Proving the authenticity of a device is one of the major challenges facing developers today, but it's critical for them to complete the enrollment process and decide if they trust the device to hold on to a secret for normal use.
die with molten circuitry, illustration - Credit: dgtl.escapism The Die is Cast (6/30/2021) Tagged: Integrated Circuits, CyberSecure Systems, Supply Chain Risk, Hardware Security, Hardware Trojans   |   While globalization has drastically reduced industry costs by tapping inexpensive labor markets and economies of scale, it has simultaneously opened many windows of opportunity for attackers to maliciously modify hardware without the knowledge of original device manufacturers (ODMs) or their customers.
Credit: Bankinfosecurity.com Spoofing the Spoofers (5/29/2021) Tagged: Artificial Intelligence, Honey Pot / Watering Hole, Deep Learning Neural Network (DNN), Security Deception Software   |   Essentially, the software enables a security professional or system administrator to study and react to, hacker activity with much greater sophistication…
Credit: Shutterstock Cybersecurity Research for the Future (5/29/2021) Tagged: Artificial Intelligence Research, Cybersecurity Research and Development   |   Nonetheless, while the dark side is daunting, emerging research, development, and education across interdisciplinary topics addressing cybersecurity and privacy are yielding promising results. The shift from R&D on siloed add-on security, to new fundamental research that is interdisciplinary, and positions privacy, security, and trustworthiness as principal defining objectives, offer opportunities to achieve a shift in the asymmetric playing field.
abstract cyber security graphic A moment of reckoning: the need for a strong and global cybersecurity response (12/20/2020) Tagged: Defending Democracy, Espionage - Cyber   |   It requires that we look with clear eyes at the growing threats we face and commit to more effective and collaborative leadership by the government and the tech sector in the United States to spearhead a strong and coordinated global cybersecurity response.
Logo - NSA CSS Telework and Mobile Security Guidance (12/17/2020) Tagged: Security Tips, Security Guidance   |   End User Telework and Network Security Guides
Logo - NSA CSS Cybersecurity Advisories & Technical Guidance (12/17/2020) Tagged: Security Tips, Security Guidance, Security Advisories   |   Browse or search our [NSA] repository of advisories, info sheets, tech reports, and operational risk notices.
Logo - The White House - Barack Obama Presidential Policy Directive 41 – United States Cyber Incident Coordination (12/16/2020) Tagged: Cyber Incident Response, Government Policy, United States   |   While the vast majority of cyber incidents can be handled through existing policies, certain cyber incidents that have significant impacts on an entity, our national security, or the broader economy require a unique approach to response efforts. These significant cyber incidents demand unity of effort within the Federal Government and especially close coordination between the public and private sectors.
photo illustration of Paul Nakasone - Illustrations: Geoff Kim; Getty Images The Man Who Speaks Softly—and Commands a Big Cyber Army (12/15/2020) Tagged: Cyber Warfare, Government Policy, Persistent Engagement, U.S. Cyber Command   |   Meet General Paul Nakasone. He reined in chaos at the NSA and taught the US military how to launch pervasive cyberattacks. And he did it all without you noticing.
Nakasone testifying in Washington, D.C., February 2019 - U.S. Cyber Command How to Compete in Cyberspace (12/15/2020) Tagged: Government Policy, China, Russia, Persistent Engagement, U.S. Cyber Command, North Korea, Iran, Cyber Warfare   |   We learned that we cannot afford to wait for cyber attacks to affect our military networks. We learned that defending our military networks requires executing operations outside our military networks. The threat evolved, and we evolved to meet it.
lemon as warranty certificate - Credit: Shutterstock / Andrij Borys Associates Cyber Warranties: Market Fix or Marketing Trick? (12/10/2020) Tagged: Information Security, Market Liability, Ethics   |   Will cyber warranties better align incentives in the market for information security products? Or are they marketing tricks riddled with coverage exclusions hidden in the fine print of the terms and conditions?
hand turning knobs on console - Credit: Getty Images Why Is Cybersecurity Not a Human-Scale Problem Anymore? (11/29/2020) Tagged: Cyber-Resilient Distributed Systems Design, CyberSecurity Education, Breach Risk, Security Posture, Cyber-Resilience   |   In this Viewpoint, we show why cybersecurity is a very difficult problem. The enterprise attack surface is massive and growing rapidly. There are practically unlimited permutations and combinations of methods by which an adversary can attack and compromise our networks. There is a big gap between our current tools and methods, and what is needed to get ahead of cyber-adversaries.
Chris Krebs - Photograph: Tom Williams/Getty Images Firing Christopher Krebs Crosses a Line—Even for Trump (11/20/2020) Tagged: National Security (US), United States - Politics & Government   |   The president dismissed the widely respected cybersecurity agency director Tuesday night for pushing back against election disinformation.
circuit board with Spectre and Meltdown icons - Credit: Golubovy / Andrij Borys Associates Meltdown: Reading Kernel Memory from User Space (11/11/2020) Tagged: CyberSecurity, Security of Hardware Optimizations, Meltdown Vulnerability, Spectre Vulnerability   |   This article presents Meltdown, a novel attack that exploits a vulnerability in the way the processor enforces memory isolation.
Beware a New Google Drive Scam Landing in Inboxes - Illustration: Sam Whitney; Getty Images Beware a New Google Drive Scam Landing in Inboxes (11/1/2020) Tagged: Malicious Links, Digital Spam, Phishing   |   Scammers just found a new phishing lure to play with: Google Drive. A flaw in the Drive is being exploited to send out seemingly legitimate emails and push notifications from Google that, if opened, could land people on malicious websites.
Libht Blue Touchpaper Light Blue Touchpaper (9/30/2020) Tagged: Cryptography, Computer Security, Formal Methods, Hardware Design, Distributed Computing / Distributed Systems, Biometrics   |   "Light Blue Touchpaper" is the blog of the University of Cambridge Computer Laboratory and is written by researchers in the Security Group. Read here brief and timely essays on recent developments and topics related to computer security.
It's CyberSecurity Awareness Month National CyberSecurity Awareness Month – October 2020 (9/28/2020) Tagged: CyberSecurity at Home, CyberSecurity at Work, Internet Safety   |   October is CyberSecurity Awareness Month, a time to focus on why cybersecurity is important and what we can do to protect our personal and business information.
SANS Security Awareness Work-from-Home Deployment Kit SANS Security Awareness Work-from-Home Deployment Kit (8/16/2020) Tagged: Security Tips, Work From Home Securely, CyberSecurity at Home, CyberSecurity at Work, CyberSecurity for Video Conferencing, CyberSecurity for Kids Online   |   Everything you need to create a secure work-from-home environment during the COVID-19 pandemic and beyond.
Book Cover - Dark Mirror by Barton Gellman Dark Mirror: Edward Snowden and the American Surveillance State (8/2/2020) Tagged: Surveillance - Electronic, Government Policy, Electronic Intelligence, Domestic Intelligence, Leaks (Disclosure of Information), National Security Agency   |   Edward Snowden touched off a global debate in 2013 when he gave Barton Gellman, Laura Poitras and Glenn Greenwald each a vast and explosive archive of highly classified files revealing the extent of the American government’s access to our every communication. They shared the Pulitzer Prize that year for public service. For Gellman, who never stopped reporting, that was only the beginning.
teapot on crystals - Illustration: Natalja Kent Worried About Privacy at Home? There’s an AI for That (7/21/2020) Tagged: Artificial Intelligence   |   How edge AI will provide devices with just enough smarts to get the job done without spilling all your secrets to the mothership.
Photograph: Ramona Rosales The Confessions of Marcus Hutchins, the Hacker Who Saved the Internet (7/8/2020) Tagged: Cyber Warfare, Hackers & Hacking, Computer Crimes   |   At 22, he single-handedly put a stop to the worst cyberattack the world had ever seen. Then he was arrested by the FBI. This is his untold story.
Cover: Security Engineering: A Guide to Building Dependable Distributed Systems, 3rd Ed. Security Engineering: A Guide to Building Dependable Distributed Systems, 3rd Ed. (6/7/2020) Tagged: Multilevel Security, Network Attack & Defense, Physical Protection, Psychology and Usability, Side Channels, Economics, Distributed Computing / Distributed Systems, Biometrics, Security Economics, Security Engineering, Cryptography, Copyright and Digital Rights Management, Electronic and Information Warfare   |   Cambridge University professor Ross Anderson updates his classic textbook and teaches readers how to design, implement, and test systems to withstand both error and attack. The third edition brings it up to date for 2020. As people now go online from phones more than laptops, most servers are in the cloud, online advertising drives the Internet and social networks have taken over much human interaction, many patterns of crime and abuse are the same, but the methods have evolved. Ross Anderson explores what security engineering means in 2020.
Book cover - The Hacker and the State The Hacker and the State: Cyber Attacks and the New Normal of Geopolitics (6/6/2020) Tagged: North Korea, Cyber Warfare, China, Hackers & Hacking, National Security (US), Cyber Terrorism, Cyberspace Operations, Russia, Geopolitics, Cyber Intelligence   |   Few national-security threats are as potent—or as nebulous—as cyber attacks. Ben Buchanan reveals how hackers are transforming spycraft and statecraft, catching us all in the crossfire, whether we know it or not.
a protestor holding up a sign that reads Black Lives Matter - Photograph: MARK FELIX/Getty Images How to Protest Safely in the Age of Surveillance (6/2/2020) Tagged: Privacy, Surveillance, Surveillance - Online   |   Law enforcement has more tools than ever to track your movements and access your communications. Here's how to protect your privacy if you plan to protest.
esearcher working in lab - Photograph: Misha Friedman/Getty Images The US Says Chinese Hackers Went Too Far During the Covid-19 Crisis (6/2/2020) Tagged: Hackers & Hacking, Coronavirus-Covid19, Espionage - Cyber   |   The FBI and DHS say that Beijing's hacking “jeopardizes” the delivery of much-needed Covid-19 treatment options.
coronavirus fish hook and gmail icon - Illustration: Casey Chin; Getty Images Google Sees State-Sponsored Hackers Ramping Up Coronavirus Attacks (6/2/2020) Tagged: Hackers & Hacking, Coronavirus-Covid19, Phishing, Espionage - Cyber   |   More than 12 government-backed groups are using the pandemic as cover for digital reconnaissance and espionage, according to a new report.
person on stretcher inside of an hospital - Photograph: Robert Nickelsberg/Getty Images The Covid-19 Pandemic Reveals Ransomware’s Long Game (6/2/2020) Tagged: Ransomware, Coronavirus-Covid19   |   Hackers laid the groundwork months ago for attacks. Now they're flipping the switch.
a shredded dollar bill - Photograph: Daniel Grizelj/Getty Images The Nigerian Fraudsters Ripping Off the Unemployment System (6/1/2020) Tagged: Identity Theft, Coronavirus-Covid19, Phishing   |   Security researchers have spotted the “Scattered Canary” group scamming vital benefits programs amid the Covid-19 pandemic.
blue network cables - Photograph: Volker Schlichting/Getty Images Coronavirus Sets the Stage for Hacking Mayhem (5/23/2020) Tagged: Ransomware, Coronavirus-Covid19, Phishing   |   As more people work from home and anxiety mounts, expect cyberattacks of all sorts to take advantage.
conceptual illustration of eyes behind pipes - Daniel Zender Imagine the US was just hit with a cyberattack. What happens next? (5/16/2020) Tagged: Cyber Warfare, China, Russia, North Korea, Iran   |   An oral history of a devastating strike that hasn’t happened yet.
cyber shield, illustration - Credit: VectorStock Engineering Trustworthy Systems: A Principled Approach to Cybersecurity (5/11/2020) Tagged: Trustworthy Systems, CyberSecurity Engineering   |   Students of cybersecurity must be students of cyberattacks and adversarial behavior.
Snake Oil Salesman - The Banning Museum Bruce Schneier’s List of Snake Oil Warning Signs (5/6/2020) Tagged: Cryptography, Security Tips, Encryption   |   The term we use for bad cryptography products is "snake oil," which was the turn-of-the-century American term for quack medicine.
National Initiative for Cybersecurity Education National Initiative for Cybersecurity Education Cybersecurity Workforce Framework (5/6/2020) Tagged: CyberSecurity Workforce   |   The NIST NICE National Cybersecurity Workforce Framework is a nationally focused resource that establishes a taxonomy and common lexicon to describe cybersecurity work, and workers, regardless of where, or for whom, the work is performed. The NICE Framework is intended to be applied in the public, private, and academic sectors.
Imagery of numbered locks Passwords, passwords everywhere: How password blacklists can help your users to make sensible password choices (5/5/2020) Tagged: Passwords, Password Re-use, Password Blacklists   |   A list of 100,000 passwords from Troy Hunt's "Have I Been Pwned" data set. If you see a password that you use in this list you should change it immediately.
key, illustration - Credit: Credit: Andrij Borys Associates, Shutterstock Encryption and Surveillance (5/3/2020) Tagged: Encryption, End-to-End Encryption, Key Escrow   |   Is the increasing use of encryption an impediment in the fight against crime or an essential tool in the defense of personal privacy, intellectual property, and computer security?
shadow of hand on keyboard - Credit: Lisa S / Shutterstock Enterprise Wi-Fi: We Need Devices That Are Secure by Default (5/3/2020) Tagged: Wireless Communications, WPA2 Enterprise, Wi-Fi, Credential Stealing   |   We need to raise the awareness on a fundamental security technology [WPA2 Enterprise] that is very often deployed by violating its requirements, which creates important risks to users.
skull and crossbones, illustration - Credit: Inked Pixels Deep Insecurities: The Internet of Things Shifts Technology Risk (5/2/2020) Tagged: Internet - Government Policy, Internet of Things (IoT), Social Interest, Political Interest   |   The technical resources largely exist to address the risk of a hyperconnected world, but the political, economic, and social impetus is lagging. "The fundamental problem is that companies are interested in getting products to market quickly. The market does not reward security," Schneier says.
John Arquilla - Credit: Naval Postgraduate School. The COVID Catalyst (4/29/2020) Tagged: CyberSecurity   |   Progress in [environmental protection, education, and global health research], however, is wholly dependent upon robust cybersecurity. Without a solid virtual foundation, the ability to move forward in any of these areas will always be held at risk.
bands of color in fuzzy photo- Credit: Irina Vinnikova Fuzzing: Hack, Art, and Science (4/25/2020) Tagged: Software Security, Security Testing   |   Fuzzing, or fuzz testing, is the process of finding security vulnerabilities in input-parsing code by repeatedly testing the parser with modified, or fuzzed, inputs. Fuzzing is commonly used as a shorthand for security testing because the vast majority of its applications is for finding security vulnerabilities.
similar figures representing digital doppelgangers, illustration - Credit: HackRead Dark Web’s Doppelgängers Aim to Dupe Antifraud Systems (4/24/2020) Tagged: Cyber Crime, Identity Theft, Deepfakes / Digital Fakes   |   Credit card fraudsters can use these doppelgängers [detailed fake user profiles] to attempt to evade the machine-learning-based anomaly-detecting antifraud measures upon which banks and payments service providers have come to rely.
Cover Image: I Work for N.S.A. We Cannot Afford to Lose the Digital Revolution I Work for N.S.A. We Cannot Afford to Lose the Digital Revolution. (4/22/2020) Tagged: CyberConflict, Fourth Industrial Revolution, Digital Revolution, National Security Agency, Artificial Intelligence, Security, Government Policy, CyberInsecurity   |   The digital revolution has urgent and profound implications for our federal national security agencies. It is almost impossible to overstate the challenges. If anything, we run the risk of thinking too conventionally about the future.
How the Iranian Government Shut Off the Internet - WIRED.com - AFP/Getty Images How the Iranian Government Shut Off the Internet (12/22/2019) Tagged: Internet Censorship   |   Amid widespread demonstrations over rising gasoline prices, Iranians began experiencing internet slowdowns over the past few days that became a near-total internet and mobile data blackout on Saturday. The government is apparently seeking to silence protesters and quell unrest. So how does a country like Iran switch off internet access to a population of more than 80 million? It's not an easy thing to do.
NYTimes - The Privacy Project The Privacy Project (12/19/2019) Tagged: Internet - Government Policy, Privacy - Right of, Surveillance - Electronic, Surveillance - Mass, Privacy, Social Control, Social Media, Ethics   |   The boundaries of privacy are in dispute, and its future is in doubt. Citizens, politicians and business leaders are asking if societies are making the wisest tradeoffs. The Times is embarking on this monthslong project to explore the technology and where it’s taking us, and to convene debate about how it can best help realize human potential.
CyberSecure My Business - Logo CyberSecure My Business (12/18/2019) Tagged: Guidance, Information Security, Securing My Business, Internet Safety, Computer Security   |   The National Cyber Security Alliance’s (NCSA’s) CyberSecure My Business™ is a national program helping small and medium-sized businesses (SMBs) learn to be safer and more secure online.
Sandworm - Cover Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin’s Most Dangerous Hackers (12/15/2019) Tagged: Computer Security, Cyber Terrorism, Russia, World Politics, Ukraine, Sandworm, Cyber Warfare, Hackers & Hacking, Computer Crimes   |   From Wired senior writer Andy Greenberg comes the true story of the most devastating cyberattack in history and the desperate hunt to identify and track the elite Russian agents behind it.
WIRED.com - Logo WIRED.com – Security (12/14/2019) Tagged: CyberSecurity News, Security News   |   Security – Your daily briefing on security, freedom, and privacy in the WIRED world.
The New York Times - Logo The New York Times – Computer Security / Cybersecurity News (12/14/2019) Tagged: Computer Security, CyberSecurity News   |   News about Computer Security (Cybersecurity), including commentary and archival articles published in The New York Times.
How to Update All Your Gear (For Safety!) How to Update All Your Gear (For Safety!) (12/14/2019) Tagged: Computer Security, Guidance, Personal Security, How to Update   |   Advice on how to stay safe with iOS, Android, MacOS, Windows, Your TV, and Routers.
Dont Let Pirates Slice-N-Dice Your iDevice Don’t let pirates slice-n-dice your iOS Device (12/14/2019) Tagged: Computer Security, How to Update   |   Before you go in search of that next sassy cat photo, pressing meme or joke about the Art of the Deal from OccDems make sure your OS is current.
No More Ransom Project (12/14/2019) Tagged: Ransomware, Ransomware Decryptors, Decryption Tools, Ransomware Q&A   |   The “No More Ransom” website is an initiative by the National High Tech Crime Unit of the Netherlands’ police, Europol’s European Cybercrime Centre and McAfee with the goal to help victims of ransomware retrieve their encrypted data without having to pay the criminals.
Schneier on Security - Masthead Schneier on Security – “Crypto-Gram” Newsletter (12/14/2019) Tagged: Cyber Terrorism, Surveillance - Electronic, Books, Privacy, CyberSecurity News, Internet - Government Policy, Classics, Internet Safety, CyberSecurity, Cryptography, Internet Security, Computer Crimes, Computer Security   |   I am a public-interest technologist, working at the intersection of security, technology, and people. I’ve been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998. I’m a Special Advisor to IBM Security, a fellow and lecturer at Harvard’s Kennedy School, and a board member of EFF. This personal website expresses the opinions of none of those organizations.
CyberScoop Logo CyberScoop (12/14/2019) Tagged: CyberSecurity News, Security News   |   CyberScoop is the leading public sector media company reaching top cybersecurity leaders both online and in-person through breaking news, newsletters, events, radio and TV.
Communications of the Association for Computing Machinery Communications of the ACM – Security (12/14/2019) Tagged: Computer Security   |   The latest news, opinion and research in security, from Communications of the ACM online.
National Public Radio - Fresh Air - Logo The 5G Network & The Possible Threat To Cybersecurity (12/14/2019) Tagged: Interviews, Cyber Warfare, National Security (US), Information Warfare   |   ‘New York Times’ reporter David Sanger says the world’s leading producer of telecom equipment, China’s Huawei, will be central to the spread of a global 5G network — which could pose a major threat to U.S. national security. “The 5G …
The SANS Institute Logo SANS Webinars & Information Security Resources (12/14/2019) Tagged: Information Security, Security Certification, Security Training, Webinars, Computer Science Education, CyberSecurity, Internet Security   |   The SANS Institute was established in 1989 as a cooperative research and education organization.
Krebs on Security Krebs on Security (12/14/2019) Tagged: Cyber Crime, Computer Security   |   “KrebsOnSecurity.com is a daily blog dedicated to investigative stories on cybercrime and computer security.”
Thou Shalt Not Depend on Me Thou Shalt Not Depend on Me (12/14/2019) Tagged: JavaScript Libraries, Coding Security   |   “Most websites use JavaScript libraries, and many of them are known to be vulnerable. Understanding the scope of the problem, and the many unexpected ways that libraries are included, are only the first steps toward improving the situation. The goal here is that the information included in this article will help inform better tooling, development practices, and educational efforts for the community.”
CyberLaw Podcast Logo CyberLaw Podcast (12/14/2019) Tagged: Privacy, Security, Government Policy, Government Regulation   |   The Cyberlaw Podcast is a weekly interview series and discussion on the latest events in technology, security, privacy, and government. The podcast is hosted by Steptoe & Johnson LLP partner Stewart Baker, who is joined by a wide variety of guests including academics, politicians, authors, and reporters. You can subscribe to the podcast here. It is also available on iTunes, Google Play, Spotify and other podcast platforms.
The Lawfare Podcast Logo Lawfare Podcast (12/14/2019) Tagged: Politics & Government, National Security (US), Law & Policy, United States   |   The Lawfare Podcast is the weekly audio production of the Lawfare staff in cooperation with the Brookings Institution. Podcast episodes include interviews with policymakers, scholars, journalists, and analysts; events and panel discussions.
Lawfare Blog Cybersecurity Logo Lawfare Blog – Cybersecurity (12/14/2019) Tagged: Law & Policy, CyberSecurity News, Law of Armed Conflict, International Governance, Espionage - Cyber, CyberSecurity, Cyber Crime   |   As our lives become increasingly dependent upon computer systems and cyber technologies grow ever more sophisticated, the internet has emerged as the new battleground of the 21st century. From criminals' stealing credit card and social security number information to foreign governments' hacking into American companies’ information systems, cyber attacks can take on myriad forms, prompting the government to formulate new measures to protect online security. Since cyberwarfare knows no territorial bounds, ensuring cybersecurity will also require international cooperation and an updated understanding of jus ad bellum, as it applies to cyber attacks.
DayZero: Cybersecurity Law and Policy (12/13/2019) Tagged: Cyber Crime, Podcast, Vulnerabilities, Law & Policy, Espionage - Cyber   |   DayZero dives deep in cybersecurity vulnerabilities, and the crime, espionage, and warfare taking place on networked computers. We look at legislation, practice, and litigation over how to keep our networks and critical infrastructure secure; new and emerging threats and how the policy process responds to them; the relationship between cybersecurity other security goods; and cybersecurity in American relations with foreign adversaries and allies.
U.S. Dept. of Homeland Security - CyberSecurity and Infrastructure Security Agency - Logo Protecting Against Ransomware (12/13/2019) Tagged: Guidance, CISA Security Tip, Ransomware   |   Ransomware is a type of malware threat actors use to infect computers and encrypt computer files until a ransom is paid. If the threat actor’s ransom demands are not met, the files or encrypted data will usually remain encrypted and unavailable to the victim.
U.S. Dept. of Homeland Security - CyberSecurity and Infrastructure Security Agency - Logo Home Network Security (12/13/2019) Tagged: Passwords, Computer Networks - Security, Guidance, CISA Security Tip, Home Network Security   |   Word to the Wise: A router comes configured with many vendor default settings. Many of these settings are public knowledge and make your router susceptible to attacks. Remember to change your router default log-in password during your initial setup!
U.S. Dept. of Homeland Security - CyberSecurity and Infrastructure Security Agency - Logo Before You Connect a New Computer to the Internet (12/13/2019) Tagged: Computer Security, Guidance, CISA Security Tip, Computer Configuration   |   Computers are an essential part of our everyday lives. It’s important to properly configure your home or work computer before connecting it to the internet to keep it, and your information, secure.
U.S. Dept. of Homeland Security - CyberSecurity and Infrastructure Security Agency - Logo Cybersecurity for Electronic Devices (12/13/2019) Tagged: Guidance, CISA Security Tip, Mobile Device Security   |   “Actually, the issue is not that cybersecurity extends beyond computers; it is that computers extend beyond traditional laptops and desktops. Many electronic devices are computers—from cell phones and tablets to video games and car navigation systems.”
U.S. Dept. of Homeland Security - CyberSecurity and Infrastructure Security Agency - Logo Securing the Internet of Things (12/13/2019) Tagged: CyberSecurity, Computer Security, Guidance, CISA Security Tip, Internet of Things (IoT)   |   “Internet of Things: One way to look at it — Smart Home, Smart Assistant, Smart City, Smart Car, Smart Device — anything “Smart.”” CISA Security Tip – Securing the Internet of Things DHS, Cybersecurity and Infrastructure Security Agency CISA Security …
U.S. Dept. of Homeland Security - CyberSecurity and Infrastructure Security Agency - Logo Proper Disposal of Electronic Devices (12/13/2019) Tagged: Mobile Device Security, Computer Disposal, Computer Security, Guidance, CISA Security Tip   |   “While environmental considerations are important, this is about your Data! The cell phone may be old and worthless to you, but your contact list and whatever else you have on your phone has value to criminals.” —WWD Webmaster
Krebs on Security Krebs’s 3 Basic Rules for Online Safety (12/13/2019) Tagged: Guidance, Personal Security   |   “Yes, I realize that’s an ambitious title for a blog post about staying secure online, but there are a handful of basic security principles that — if followed religiously — can blunt the majority of malicious threats out there today.”
Center for Internet Security - Logo Security Event Primer – Malware (12/13/2019) Tagged: Guidance, Security Tips, Malware, Computer Security   |   “While this is beyond the scope of the average daily home-user, it nonetheless provides good information about what you can do to minimize your chances of your computer becoming infected. You can benefit from it even if you don’t understand everything in it.” —WWD Webmaster
U.S. Dept. of Homeland Security - CyberSecurity and Infrastructure Security Agency - Logo Protecting Against Malicious Code (12/13/2019) Tagged: Malware, Computer Security, Guidance, CISA Security Tip   |   “Threats to your computer will continue to evolve. Although you cannot eliminate every hazard, by using caution, installing and using antivirus software, and following other simple security practices, you can significantly reduce your risk and strengthen your protection against malicious code.”
U.S. Dept. of Homeland Security - CyberSecurity and Infrastructure Security Agency - Logo Keeping Children Safe Online (12/13/2019) Tagged: Guidance, CISA Security Tip, Children - Protecting   |   “Children present unique security risks when they use a computer—not only do you have to keep them safe, you have to protect the data on your computer. By taking some simple steps, you can dramatically reduce the threats. ”
U.S. Dept. of Homeland Security - CyberSecurity and Infrastructure Security Agency - Logo Reporting Cyber Incidents, Phishing, Malware or Vulnerabilities (12/12/2019) Tagged: Guidance, Reporting Online Criminal Activity   |   How to report online criminal activity including incidents, phishing attempts, malware, and vulnerabilities to federal United States agencies.
U.S. Dept. of Homeland Security - CyberSecurity and Infrastructure Security Agency - Logo Cyber Safety for Students (12/12/2019) Tagged: Guidance, Children - Protecting   |   “Children present unique security risks when they use a computer—not only do you have to keep them safe, you have to protect the data on your computer. By taking some simple steps, you can dramatically reduce the threats. ”
U.S. Dept. of Homeland Security - CyberSecurity and Infrastructure Security Agency - Logo Privacy and Mobile Device Apps (12/12/2019) Tagged: Guidance, CISA Security Tip, Mobile Device Security   |   “Mobile apps may gather information from your mobile device for legitimate purposes, but these tools may also put your privacy at risk. Protect your data by being smart with the apps you install and reviewing the permissions each app has.”
Essential Eight Explained (12/11/2019) Tagged: Guidance, Security Tips, Strategies to Mitigate Cyber Threats   |   “There are an overwhelming number of cyber security strategies published that tailor to all sorts of infrastructures, market categories and cyber threats. The ACSC has compiled a list of mitigation strategies that organisations can use as starting points to improve …
Book Cover: Mindf*ck: Cambridge Analytica and the Plot to Break America Mindf*ck: Cambridge Analytica and the Plot to Break America (11/18/2019) Tagged: Behavioral Futures Markets, Social Control, Behavioral Modification, Disinformation (Coordinated Inauthentic Behavior), Propaganda, Social Media, Human Psychology   |   For the first time, the Cambridge Analytica whistleblower tells the inside story of the data mining and psychological manipulation behind the election of Donald Trump and the Brexit referendum, connecting Facebook, WikiLeaks, Russian intelligence, and international hackers.
The Untold Story of the 2018 Olympics Cyberattack, the Most Deceptive Hack in History (10/26/2019) Tagged: Cyber Warfare, China, Russia, North Korea   |   The message shared perhaps the worst possible news Oh could have received at that exact moment: Something was shutting down every domain controller in the Seoul data centers, the servers that formed the backbone of the Olympics' IT infrastructure.
Workers at the Idaho National Laboratory’s Critical Infrastructure Test Range. (Flickr/Idaho National Laboratory, CC BY 2.0) The Myth of Consumer-Grade Security (10/5/2019) Tagged: Government Policy, Encryption, Going Dark, National Security Policy, Security Engineering   |  

Schneier on Security, August 28, 2019
By Bruce Schneier

“The Department of Justice wants access to encrypted consumer devices but promises not to infiltrate business products or affect critical infrastructure. Yet that's not possible, because there is no longer any difference between those categories of devices. Consumer devices are critical infrastructure. They affect national security. And it would be foolish to weaken them, even at the request of law enforcement.”

Book Cover: Permanent Record Permanent Record (9/30/2019) Tagged: Privacy, Surveillance - Electronic, Surveillance - Mass   |  

Permanent Record
By Edward Snowden
Published by Metropolitan Books, September 17, 2019

“Edward Snowden, the man who risked everything to expose the US government’s system of mass surveillance, reveals for the first time the story of his life, including how he helped to build that system and what motivated him to try to bring it down.”

Before You Use a Password Manager (9/8/2019) Tagged: Password Managers, Passwords   |  

Medium.. June 5, 2019
By Stuart Schechter

“I cringe when I hear self-proclaimed experts implore everyone to “use a password manager for all your passwords” and “turn on two-factor authentication for every site that offers it.” As most of us who perform user research in security quickly learn, advice that may protect one individual may harm another. Each person uses technology differently, has a unique set of skills, and faces different risks.”

The Internet Has Made Dupes—and Cynics—of Us All (8/31/2019) Tagged: Social Control, Propaganda   |  

Wired, June 24, 2019
By Zeynep Tufekci

“Online fakery runs wide and deep, but you don’t need me to tell you that. New species of digital fraud and deception come to light almost every week, if not every day: Russian bots that pretend to be American humans. American bots that pretend to be human trolls. Even humans that pretend to be bots. Yep, some “intelligent assistants,” promoted as advanced conversational AIs, have turned out to be little more than digital puppets operated by poorly paid people. ”

Digital Spring Cleaning for Small and Medium Businesses Digital Spring Cleaning for Small and Medium Businesses (8/31/2019) Tagged: Internet Safety   |  

National Cyber Security Alliance – Stay Safe Online

“A few proactive steps to declutter, get organized and establish good practices will help safeguard your business against disruptive issues, which can cause chaos if your company’s data is compromised.”

National CyberSecurity Awareness Month National CyberSecurity Awareness Month – October 2019 (8/29/2019) Tagged: Internet Safety   |  

National Cyber Security Alliance

“Under the overarching theme of ‘Own IT. Secure IT. Protect IT.’, the 16th annual National Cybersecurity Awareness Month (NCSAM) is focused on encouraging personal accountability and proactive behavior in security best practices and digital privacy. It is also focused on drawing attention to careers in cybersecurity. ”

Fully Device Independent Quantum Key Distribution (8/15/2019) Tagged: Device-Independent Quantum Key Distribution, Quantum Cryptography   |  

Communications of the ACM, April 2019
Research Highlights : "Technical Perspective: Was Edgar Allan Poe Wrong After All?"
By Gilles Brassard

Research Highlights : "Fully Device Independent Quantum Key Distribution"
By U­mesh Vazirani, Thomas Vidick

“Artur Ekert realized as early as 1991 that a different kind of quantum cryptography was possible by harnessing entanglement, which is arguably the most nonclassical manifestation of quantum theory. Even though Ekert's original protocol did not offer any security above and beyond my earlier invention with Bennett, he had planted the seed for a revolution. It was realized by several researchers in the mid-2000s that entanglement-based protocols could lead to unconditional security even if they are imperfectly implemented—even if the QKD apparatus is built by the eavesdropper, some argued. For a decade, these purely theoretical ideas remained elusive and seemed to require unreasonable hardware, such as an apparatus the size of the galaxy! Vazirani and Vidick's paper provides an unexpectedly simple and elegant solution, indeed one that is almost within reach of current technology. Once it becomes reality, codemakers will have won the definitive battle, Poe's prophecy notwithstanding.”

Cyber Security in the Quantum Era (8/15/2019) Tagged: Quantum Computing, Quantum CyberSecurity, Quantum Technologies, Cybersecurity Research and Development   |  

Communications of the ACM, April 2019
By Petros Wallden, Elham Kashefi

“The ability to communicate securely and compute efficiently is more important than ever to society. The Internet and increasingly the Internet of Things, has had a revolutionary impact on our world. Over the next 5-10 years, we will see a flux of new possibilities, as quantum technologies become part of this mainstream computing and communicating landscape. Future networks will certainly consist of both classical and quantum devices and links, some of which are expected to be dishonest, with functionalities of various sophistication, ranging from simple routers to servers executing universal quantum algorithms. The realization of such a complex network of classical and quantum communication must rely on a solid novel foundation that, nevertheless, is able to foresee and handle the intricacies of real-life implementations and novel applications.”

DoD Cyber Strategy - 2018 DoD Cyber Strategy – 2018 (4/28/2019) Tagged: Cyber Warfare, Government Policy, China, Russia, North Korea, Iran   |  

Cyber Strategy: Summary, 2018
U.S. Department of Defense

“American prosperity, liberty, and security depend upon open and reliable access to information.  The Internet empowers us and enriches our lives by providing ever-greater access to new knowledge, businesses, and services.  Computers and network technologies underpin U.S. military warfighting superiority by enabling the Joint Force to gain the information advantage, strike at long distance, and exercise global command and control.”

Security Engineering, 2nd Ed. Security Engineering: A Guide to Building Dependable Distributed Systems, 2nd Ed. (4/17/2019) Tagged: Cryptography, Copyright and Digital Rights Management, Electronic and Information Warfare, Multilevel Security, Network Attack & Defense, Physical Protection, Psychology and Usability, Distributed Computing / Distributed Systems, Economics, Biometrics, Security Engineering   |   “The world has changed radically since the first edition of this book was published in 2001. Spammers, virus writers, phishermen, money launderers, and spies now trade busily with each other in a lively online criminal economy and as they specialize, they get better. In this indispensable, fully updated guide, Ross Anderson reveals how to build systems that stay dependable whether faced with error or malice. Here's straight talk on critical topics such as technical engineering basics, types of attack, specialized protection mechanisms, security psychology, policy, and more."
William Hugh Murray An Interview with William Hugh Murray – A discussion of the rapidly evolving realm of practical cyber security (4/14/2019) Tagged: End-to-End Encryption, File Systems, Malware, Trusted Computing Base, CyberSecurity, Passwords   |  

Communications of the ACM, March 2019
By Peter J. Denning

“What has changed over those years is not the need for security, but the risks and costs of insecurity. It should be clear to a casual reader of the news, let alone those with access to intelligence sources, that what we are doing is not working. It is both costly and dangerous… Most of the resistance to using these practices comes from loss of convenience. Good security is not convenient. But it is absolutely necessary for the security of our assets and the reliability of the many critical systems on which we all depend.”

Krebs on Security The Market for Stolen Account Credentials (4/13/2019) Tagged: Cyber Crime   |  

Krebs on Security, December 18, 2017
By Brian Krebs

“Today’s post looks at the price of stolen credentials for just about any e-commerce, bank site or popular online service, and provides a glimpse into the fortunes that an enterprising credential thief can earn selling these accounts on consignment.”

Krebs on Security The Value of a Hacked Email Account (4/13/2019) Tagged: Cyber Crime, Krebs-The Value of Series   |  

Krebs on Security, July 10, 2013
By Brian Krebs

“This post aims to raise awareness about the street value of a hacked email account, as well as all of the people, personal data, and resources that are put at risk when users neglect to properly safeguard their inboxes. ”

Krebs on Security The Value of a Hacked Company (4/13/2019) Tagged: Cyber Crime, Krebs-The Value of Series   |  

Krebs on Security, July 14, 2016
By Brian Krebs

“If you help run an organization, consider whether the leadership is investing enough to secure everything that’s riding on top of all that technology powering your mission: Chances are there’s a great deal more at stake than you realize.”

New Girl Scout badges focus on cyber crime, not cookie sales (4/12/2019) Tagged: STEM & STEAM Education, Youth in Cybersecurity, Computer Science Education   |  

Reuters, June 21, 2017
Reporting by Barbara Goldberg

“Palo Alto Networks and Girl Scouts of the USA Announce Collaboration for First-Ever National Cybersecurity Badges: With the introduction of 18 new Cybersecurity badges, Girls Scouts of all ages will be able to explore opportunities in STEM while developing problem-solving and leadership skills.”

The Big Picture (4/5/2019) Tagged: Secure Systems, Trustworthy Systems   |  

Communications of the ACM, November 2018
By Steven M. Bellovin, Peter G. Neumann

"Cryptography is an enormously useful concept for achieving trustworthy systems and networks; unfortunately, its effectiveness can be severely limited if it is not implemented in systems with sufficient trustworthiness.

It is time to get serious about the dearth of trustworthy systems and the lack of deeper understanding of the risks that result from continuing on a business-as-usual course.”

Deception, Identity, and Security: The Game Theory of Sybil Attacks (4/4/2019) Tagged: Privacy, Cyber Identity, Cyber-Social Systems, Game Theory   |  

Communications of the ACM, January 2019
By William Casey, Ansgar Kellner, et al.

"Along with the low cost of minting and maintaining identities, a lack of constraints on using identities is a primary factor that facilitates adversarial innovations that rely on deception. With these factors in mind, we study the following problem: Will it be possible to engineer a decentralized system that can enforce honest usage of identity via mutual challenges and costly consequences when challenges fail?"

The End of Encryption? NSA & FBI Seek New Backdoors Against Advice from Leading Security Experts (4/4/2019) Tagged: Privacy, Encryption, National Security (US)   |  

Democracy Now!, July 8, 2015
By Juan González & Amy Goodman
Guest: Bruce Schneier

"FBI Director James Comey is set to testify against encryption before the Senate Intelligence Committee today, as the United States and Britain push for “exceptional access” to encrypted communications. Encryption refers to the scrambling of communications so they cannot be read without the correct key or password. The FBI and GCHQ have said they need access to encrypted communications to track criminals and terrorists. Fourteen of the world’s pre-eminent cryptographers, computer scientists and security specialists have issued a paper arguing there is no way to allow the government such access without endangering all confidential data, as well as the broader communications infrastructure. We speak with one of the authors of the paper, leading security technologist Bruce Schneier.."

Quantum Computing: The End of Encryption? (4/1/2019) Tagged: Encryption, Cryptography, Quantum Computing   |  

Communications of the ACM, March 6, 2018
By Joe Dysart

"Many of us are likely to become victims of technology's ongoing evolution if a solution to security in the age of quantum computers is not found."

The Perfect Weapon The Perfect Weapon: War, Sabotage, and Fear in the Cyber Age (3/6/2019) Tagged: Cyber Warfare, China, National Security (US), Cyber Weapons, Russia, North Korea, Iran   |  

Published by Penguin Random House, June 19, 2018
By David E. Sanger

"The Perfect Weapon is the startling inside story of how the rise of cyberweapons transformed geopolitics like nothing since the invention of the atomic bomb. Cheap to acquire, easy to deny, and usable for a variety of malicious purposes—from crippling infrastructure to sowing discord and doubt—cyber is now the weapon of choice for democracies, dictators, and terrorists."

Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice (3/1/2019) Tagged: Cryptography, Internet Security   |  

Communications of the ACM, January 2019, Vol. 62 No. 1, Pages 106-114
Research Highlights: “Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice”
By David Adrian, Karthikeyan Bhargavan, et al.

"We investigate the security of Diffie-Hellman key exchange as used in popular Internet protocols and find it to be less secure than widely believed."

Click Here to Kill Everybody: Security and Survival in a Hyper-connected World (2/24/2019) Tagged: Internet Security, Computer Crimes, Internet - Government Policy, Internet Safety   |  

"From driverless cars to smart thermostats, from autonomous stock-trading systems to drones equipped with their own behavioral algorithms, the internet now has direct effects on the physical world.."

Book Cover - Zucked Zucked: Waking Up to the Facebook Catastrophe (2/24/2019) Tagged: Privacy, Security, Disinformation (Coordinated Inauthentic Behavior), Propaganda, Facebook, Online Social Networks, United States - Politics & Government, Zuckerberg (Mark) - Influence   |  

"The New York Times bestseller about a noted tech venture capitalist, early mentor to Mark Zuckerberg, and Facebook investor, who wakes up to the serious damage Facebook is doing to our society – and sets out to try to stop it. "

Roger McNamee has been a Silicon Valley investor for 35 years. He co-founded successful funds in venture, crossover and private equity. His most recent fund, Elevation, included U2’s Bono as a co-founder. He holds a B.A. from Yale University and…

Data & Goliath Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World (2/23/2019) Tagged: Surveillance - Electronic, Social Control, Computer Security, Privacy - Right of, IT - Social Aspects   |  

You are under surveillance right now.

Your cell phone provider tracks your location and knows who’s with you. Your online and in-store purchasing patterns are recorded, and reveal if you’re unemployed, sick, or pregnant. Your e-mails and texts expose your intimate and casual friends. Google knows what you’re thinking because it saves your private searches. Facebook can determine your sexual orientation without you ever mentioning it.

Cover: Beyond Fear Beyond Fear: Thinking Sensibly about Security in an Uncertain World (2/23/2019) Tagged: Security, Terrorism - Prevention, War on Terrorism   |  

"Drive awareness to increase engagement hit the ground running value prop and even dead cats bounce. Reach out we need to future-proof this. Not the long pole in my tent productize but get six alpha pups in here for a focus group."

Secrets & Lies Secrets & Lies: Digital Security in a Networked World (2/23/2019) Tagged: Computer Security, Computer Networks - Security   |  

Welcome to the businessworld.com. It's digital: Information is more readily accessible than ever. It's inescapably connected: businesses are increasingly--if not totally--dependent on digital communications. But our passion for technology has a price: increased exposure to security threats. Companies around the world need to understand the risks associated with doing business electronically. The answer starts here.

Applied Cryptography Applied Cryptography: Protocols, Algorithms, and Source Code in C (2/23/2019)   |  

This second edition of the cryptography classic provides you with a comprehensive survey of modern cryptography. The book details how programmers and electronic communications professionals can use cryptography -- the technique of enciphering and deciphering messages -- to maintain the privacy of computer data. It describes dozens of cryptography algorithms, gives practical advice on how to implement them in cryptographic software, and shows how they can be used to solve security problems. Covering the latest developments in practical cryptographic techniques, this new edition shows programmers who design computer applications, networks, and storage systems how they can build security into their software and systems.