Articles tagged with Cybersecurity
Researchers at Ruhr-University Bochum discovered a security gap in the LTE mobile network, enabling eavesdropping on calls. The vulnerability affected 80% of radio cells across Germany, but has been fixed by manufacturers and mobile phone providers.
A survey by WMG, University of Warwick found that UK consumers are unconvinced about the privacy and security of smart home devices, with anxiety about potential breaches. The study suggests that businesses must address these concerns to increase consumer trust and adoption.
A £19,000 government grant will fund a project to educate the public about posting sensitive personal information on social media. The initiative aims to teach individuals how to secure their Personal Identifiable Information (PII) and make informed choices about their online presence.
A Florida Tech student discovered systemic design flaws in several internet-connected doorbell and security camera systems, allowing malicious actors to retain access to camera systems indefinitely. The vulnerabilities could lead to substantial invasions of privacy or instances of electronic stalking.
Researchers successfully demonstrated the feasibility of quantum key distribution systems to enhance cybersecurity and extend range, ensuring compatibility across different vendors. This technology provides a secure solution for utilities without administrative headaches, simplifying operations.
A new cybersecurity study found that people are more likely to fall for phishing scams because they underestimate their own risk and overestimate others', despite having access to base rate information. This self-enhancement bias can lead to a false sense of security and increase vulnerability to online attacks.
A critical 'Starbleed' vulnerability in FPGA chips has been discovered, allowing attackers to gain complete control over the chips and their functionalities. The bug is integrated into the hardware and can only be removed by replacing the chips.
A team of researchers led by Gang Tan aims to create parsers that provide provable guarantees about safety and are resistant to bugs. The SPARTA system focuses on securely opening PDFs, but the goal is to apply this technology to other formats as well.
Researchers investigated how users choose their mobile phone PINs and found that six-digit PINs do not provide more security than four-digit ones. The study also showed that Apple's blacklist could be optimized and would make sense on Android devices.
Professor Gregory Ditzler is developing mathematical models and algorithms to recognize patterns and identify relevant features in machine learning. His research aims to prevent security threats in autonomous vehicles and other applications.
DEEP-Dig ushers intruders into a decoy site to learn from hackers' tactics, then trains computers to recognize and stop future attacks. The approach advances deception technology, which sets traps for hackers, providing valuable data to improve cybersecurity defenses.
A Wayne State University research team will develop algorithms to detect and prevent cyberattacks on chemical process control systems, enhancing production efficiency and safety. The three-year project aims to create stronger safeguards against automation system attacks.
The University of Kansas is launching a center to improve IoT security, partnering with private firms to develop secure products and practices. The center aims to provide frameworks for companies to address IoT cybersecurity threats, with potential follow-on research on proprietary projects.
A new study reveals that cultural values and human behavior shape cybersecurity regulations, with competitive nations like China enforcing stricter rules than the US or UK. The Global Cybersecurity Index assesses country commitments to regulation in five areas.
The CUHK faculty developed a browser-based analysis framework, Observer, to detect three types of click interception techniques. The research found that third-party scripts intercept user clicks on popular websites, leading to malicious activities such as ad click frauds and malware downloads.
Researchers at North Carolina State University found that companies that disclose their cybersecurity risk management efforts fare better than those that don't after a breach. By implementing voluntary reporting guidelines, companies can reduce the impact of the 'contagion effect' and increase investor attractiveness.
Companies can mitigate risks by strengthening every vendor handling their data, according to new research from American University. High-profile breaches have shown that even strong cybersecurity measures are not enough if vendors are weak.
The University of Arizona's two-year AZSecure Cybersecurity Fellowship program will continue to train students in cybersecurity, covering tuition and fees, with a stipend of $34,000 per year. The renewal funding will help about 20 more students over the next five to seven years.
Researchers are developing a form of cybersecurity inspired by human biological systems, detecting and addressing threats in their earliest stages. The team is also offering training and research opportunities to students from underrepresented backgrounds.
West Virginia University is creating 40 annual scholarships to support students in cybersecurity roles. The program aims to address the growing demand for cybersecurity experts amid escalating cyber threats and unfilled positions globally.
The University of Arkansas has received a $4.6 million award to train the next generation of cybersecurity professionals. The program will provide education and job training for students, focusing on critical industries such as transportation and energy, and addressing a national shortage of skilled cybersecurity experts.
Researchers developed an AI program called Pluribus that defeated leading professionals in six-player no-limit Texas hold'em poker. The AI uses a limited-lookahead search algorithm to develop strategies for situations with incomplete information.
The new framework helps government and industry organizations visualize their ability to out-maneuver attacks by scoring their agility. Researchers used a honeypot system to attract and analyze malicious traffic, allowing them to better understand how cyberattacks evolve over time.
The University of Texas at San Antonio (UTSA) has developed the first cyber agility framework to score the agility of cyber attackers and defenders. This framework uses a honeypot to analyze malicious traffic over time, allowing defenders to visualize how well they out-maneuver attacks.
Researchers at UBC have developed a program to improve the security of smart meters and protect against software-interference attacks. The method addresses vulnerabilities that can be carried out by an attacker with low-cost equipment, found nine types of attacks within an hour through code-level analysis.
Researchers at the US Army Research Laboratory identified a new strategy to improve cybersecurity by compressing network traffic without losing malicious activity detection capabilities. The technique stops transmitting data after a set number of messages, reducing bandwidth usage and increasing security alert reliability.
Fanny Ye aims to design methods and algorithms for automating the analysis of online underground markets. She will also develop a novel framework for cross-market user identification and profiling to gain insights into cybercriminal social networks and secure cyberspace.
Researchers developed the free software 'CoinEater', which recognises and blocks crypto mining on websites without user approval. The software scans over 100,000 pages daily to detect cryptojacking and pop-up scams.
A multicenter study by Brigham and Women's Hospital found that hospital employees are susceptible to phishing attacks, with a high click rate of 14.2%, but also showed improvement in response rates with increasing campaigns and phishing awareness training.
The Goethe University co-ordinates a mega-project on cybersecurity and data protection, with a total grant of €16 million. The project aims to establish international standards in cybersecurity and boost the effectiveness of Europe's security capacities.
The University of Texas at San Antonio has developed a framework using deep neural networks to classify and detect malware. This system was recognized as the top prize winner in the AICS 2019 Challenge sponsored by Crowdstrike Foundation and MIT Lincoln Laboratory, showcasing UTSA's expertise in cybersecurity.
Virginia Tech has received a $3 million grant from the US Department of Energy to develop comprehensive solutions for electric vehicle charging infrastructure cybersecurity. The team will focus on mitigating threats and ensuring the reliability of EV transportation, including fast charging systems and user privacy.
A team of researchers has developed a new proactive defense technique called moving target defense (MTD) to protect computer systems from cyberattacks. MTD involves changing the IP address of computers frequently enough to confuse attackers and make it harder for them to exploit vulnerabilities.
Akatosh, a new security analysis tool, provides deeper context to existing IT infrastructure, automating the process of sorting through intrusion detection system (IDS) alerts. This reduces the time and cost required to identify the source of a security incident and neutralize threats.
A series of articles and commentaries highlights the importance of process improvements, team culture, and enterprise cybersecurity in preventing cyberattacks. Healthcare executives discuss key components of effective cybersecurity strategies, including organization-wide training and shared responsibility.
Researchers at Ruhr-University Bochum discovered vulnerabilities in IPsec's IKEv1 protocol, which enable attackers to intercept specific information. The Bleichenbacher attack was successful against four network equipment providers, prompting manufacturers to eliminate security gaps.
The study finds that both state and non-state actors face similar decisions when it comes to claiming credit for cyberattacks, but their strategies diverge due to different optics. The researchers highlight the importance of understanding how attackers' motives and identity can be revealed through credit claims.
Researchers at UTSA created an authorization framework for connected cars to prevent cyber attacks and unauthorized access to sensors and data. The framework provides a conceptual overview of various access control decision and enforcement points needed for dynamic interaction in smart car ecosystems.
A multidisciplinary team at KU is tackling the fundamental science underpinning IoT security, focusing on solutions to side-channel attacks and securing information in the cloud. The team aims to improve resilience and trust between computers, essential for addressing growing cybersecurity concerns.
The use of digital recordings in medical visits holds great promise for improving healthcare outcomes, including enhanced patient engagement, shared decision-making, and education. However, the authors caution that there are pressing need to develop new policies on data collection, management, and storage.
Researchers demonstrated that two common email encryption standards are vulnerable to attacks, compromising secure communication. The S/MIME standard is not suitable for secure communication due to outdated cryptography, while OpenPGP can be configured securely but often isn't.
Researchers at UCSB are developing a chip that uses ionic memristor technology to create a physically unclonable device, rendering it vulnerable to cyber attacks. The technology aims to prevent cloning and hijacking of devices in networks, making them ideal for securing IoT devices.
Cybersecurity risks exist in cardiac devices due to software integration and wireless communications, according to the American College of Cardiology's Electrophysiology Council. The potential consequences include device malfunction, battery depletion, and interruptions in life-saving therapies.
Researchers from UC3M and CSIC have developed a system to analyze electromagnetic emissions from smartphones for security vulnerabilities. The study focuses on lateral movement attacks, where attackers try to exploit the energy emitted by devices to breach encryption.
The NSF Secure and Trustworthy Cyberspace program aims to address the growing cybersecurity challenge through foundational research and education. The $74.5 million investment will support a wide range of research areas, including access control, cryptography, and human interaction, to develop safer and more secure cyber systems.
The University of Texas at San Antonio has received a $5 million grant to create a multidisciplinary center focusing on cybersecurity and cloud computing. The Center for Security and Privacy Enhanced Cloud Computing (C-SPECC) aims to develop well-trained professionals in the industry and strengthen San Antonio as a cybersecurity hub.
Berkeley Lab is developing algorithms to monitor the grid for irregularities and dispatch safe settings to counter potential cyber attacks. The project aims to enhance grid resilience while maintaining security. It partners with industry leaders and utilities to leverage best practices and standards.
Experts outline steps hospitals can take to reduce risk, including workforce training, patching operating systems, and reporting attacks promptly. However, full security is unlikely to be achievable due to the complexity of modern hospital systems.
Researchers are working on a method to distribute processing power to programs based on their needs, enabling computers to cope with future requirements. This approach aims to prevent unpredictable delays and frequent interruptions by providing accurate information regarding application needs.
Researchers found security gaps in open-source DNA processing programs, allowing unauthorized access to computer systems and potentially manipulated DNA results. They recommend strengthening computer security and privacy protections through best practices, adversarial thinking, and monitoring.
A nationwide team of security experts, led by Clemson University's Hongxin Hu, is developing a new operating system to fundamentally change how large computer and network systems are built, making data more secure. The S2OS system could be transformative for cloud computing, protecting users' data from cyber threats.
Lenvio Inc. has exclusively licensed Hyperion, a malware behavior detection technology from Oak Ridge National Laboratory (ORNL), to quickly identify malicious software behavior. This technology improves upon traditional signature detection methods, providing a new class of cyber protection against large-scale cybersecurity threats.
Virginia Tech researchers discovered that Android apps collude to mine user information, compromising security. The study found thousands of pairs of apps that could leak sensitive data, with the biggest risks coming from seemingly innocuous apps like ringtones and widgets.
CISPA researchers have developed an early warning system to detect and prevent mass cyber attacks, including DDoS attacks. The system uses honeypots to track and analyze attack patterns, providing valuable insights into the motivations behind these attacks.
Researchers from Michigan Technological University highlight the vulnerability of power grids to cyberattacks, citing a 'gap' between physical equipment and software. They propose using quantitative methods to prioritize cybersecurity protection and establishing metrics for grid 'health'.
The study proposes a new approach to designing cyber-physical systems by integrating machine learning, real-time sensors, and effective communication interfaces. The team encourages combining model-based design with data-based learning to establish a durable design methodology for these complex systems.
A new light-based technique creates secure, invisible watermarks that can be used to detect and prosecute counterfeiting. The technique uses a complex pattern of light as a unique watermark, which is embedded into the content to be protected.
Researchers have developed a tool to visualize network traffic data, allowing analysts to identify key changes and patterns. The tool has been used to inspect network traffic during DDoS attacks and map out malware distribution networks.
A study by NIST researchers found that security fatigue leads users to adopt risky computing behavior, causing costs to businesses. The study defines security fatigue as weariness or reluctance to deal with computer security.
Saarland University's IT security team, saarsec, won the top European prize in an international competition that tested their skills in finding vulnerabilities and defending against cyber attacks. The team, comprising students with varying levels of education and expertise, demonstrated exceptional knowledge of IT security and encryption.