September 22

News/Trends

• Krebs Website Hit By 620 Gbps DDoS Attack
• Social Media and BYOD Are Biggest Internal Security Threats
• Bad Security Habits Persist Despite Rising Awareness

• Don’t Plug it In! Scammers Post Infected USB Sticks Through Letterboxes

• New Guidelines: Cybersecurity, Privacy and Your Self-Driving Car

• How One Man Could Have Deleted any Facebook Page

• House Intel Panel: Edward Snowden ‘Was No Whistleblower’

• This Tool Lets You Check If Your Personal Info Is on the Dark Web

• Kennesaw State Student Hacks System, Changes Grades, Steals Data: Police

Law/Policy

• House Dem Unveils Election Hacking Bill

• For the Sake of Transparency, Let’s Protect Privacy

• House to Vote on Cyber Bill for Small Businesses

• New York Financial Cber Regs a ‘Good First step,’ Says Expert

Technical

• Insider Threats in Emerging Mobility-as-a-Service Scenarios

• Privacy-Friendly Mobility Analytics using Aggregate Location Data

• Optimal Quantitative Cryptanalysis of Permutation-Only Multimedia Ciphers Against Plaintext Attacks

• A Novel Approach to Implement Message Level Security in RESTful Web Services

Reports, Blogs, Etc.

• Bug that Hit Firefox and Tor Browsers was Hard to Spot—Now We Know Why
• Thanks, Internet! Messing with Elections Not Just for the CIA Anymore
• Researchers Wirelessly Hit the Brakes in a Model S, Tesla Patches Quickly
• SWIFT Hopes to Thwart Fraudsters with Detection System in Wake of Bank Heist

• Two Good Essays on the NSA’s “Upstream” Data Collection under Section 702

• Periscope ATM Skimmers

• Ransomware Getting More Targeted, Expensive

• Student Cybervandal Earns $300,000 for Hacking US Airlines

August 25

News/Trends

• Ashley Madison Failed on Authentication and Data Security
• Cloud Use Increases Attack Surface, But Security Not Keeping Up

• “Highly invasive” Plan to Collect Traveler Social Media Details Criticized by Group

• Alleged NSA Hackers Probably Gave Away a Small Fortune by Leaking Exploits

• 98 things Facebook Knows About You

• Has Your Internet Provider been Compromised? Malicious Insiders are Helping Cybercriminals Hack Telecoms Firms

• HTTPS and OpenVPN Face New Attack that can Decrypt Secret Cookies
• Malicious QuadRooter Apps Discovered in Google Play Store

Law/Policy

• Snooped-on Man Free to Sue Spyware Maker

• Person and Personality in Cyber Space: A Legal Analysis of Virtual Identity
• Policy Surveillance: A Vital Public Health Practice Comes of Age

• Sixth Circuit Allows Lawsuit to Proceed Against Electronic Monitoring Software Company

Technical

• Privacy Amplification Against Active Quantum Adversaries

• Multivariate Cryptography with Mappings of Discrete Logarithms and Polynomials

• Privacy-preserving Analysis of Correlated Data

• Analysis of Bayesian Classification based Approaches for Android Malware Detection

Reports, Blogs, Etc.

• A Life or Death Case of Identity Theft?

• Interesting Internet-Based Investigative Techniques

• Privacy Implications of Windows 10

• Anatomy Of A Social Media Attack

• HTTPS and OpenVPN Face New Attack that can Decrypt Secret Cookies
• Groups Oppose U.S. Plan to Collect Social Media Info from Visitors
• How the NSA Snooped on Encrypted Internet Traffic for a Decade

• Who Needs Software Vulnerabilities When You Can Find Lame Passwords?

• Baltimore Cops Using Private Company’s Aerial Cameras to Conduct Secret Surveillance 

August 19

News/Trends

• Powerful NSA Hacking Tools Have Been Revealed Online

• Not Just Credit Cards, Hackers Are Now Stealing Medical Records

• People Like Using Passwords Way More than Biometrics

• Twitter Takes Down 235K Extremist Accounts

• Why You STILL Can’t Trust Password Strength Meters

• Bitcoin Targeted by State-Sponsored Attackers
• The NSA’s Hoard of Cyber Weapons Makes Some Experts Nervous

• Alleged NSA Data Dump Contains Hacking Tools Rarely Seen

Law/Policy

• Security Experts: Much to Learn from NSA Leak

•  DHS Offers States Cybersecurity Help for Voting Machines

• Report: ‘Several Hundred’ Reasons to Believe NSA Auction Code is Real

• ‘Ghoul’ Hackers Targeting Industrial Businesses: Report

Technical

• Secret Sharing With Trusted Third Parties Using Piggy Bank Protocol

• Know Your Enemy: Stealth Configuration-Information Gathering in SDN

• Safe Serializable Secure Scheduling: Transactions and the Trade-off Between Security and Consistency

• SALVE: Server Authentication with Location VErification

Reports, Blogs, Etc.

• Social Security Retreats From Cellphone-Based Online Security

• Massive Email Bombs Target .Gov Addresses

• Darknet: Where Your Stolen Identity Goes to Live

• More on Election Security

• Powerful Bit-Flipping Attack

• Confirmed: Hacking Tool Leak Came from “Omnipotent” NSA-Tied Group
• Snowden Speculates Leak of NSA Spying Tools is Tied to Russian DNC Hack

• 5 Strategies For Enhancing Targeted Security Monitoring

August 12

News

• Use the Internet? This Linux Flaw could Open You Up to Attack
• Twitter Found not Liable for ISIS Activity on its Service
• Security Community: Cybercriminals Are Affecting US Election
• Democratic, GOP Leaders Got a Secret Briefing on DNC Hack Last Year
• Insider Threats Behind a Sharp Rise in Data Theft

• LinkedIn Suffers Huge Bot Attack that Steals Members’ Personal Data

• Hitler Ransomware Deletes Users Files

• Visual Hacking is Successful 91% of the Time

Law/Policy

• DNC Creates Cybersecurity Board

• Former DHS Head: Apple, Microsoft must ‘Check the Excesses of Governments’

• Text Messages Aren’t Private, Judge Rules

• White House Releases Presidential Policy Directive on U.S. Cyber Incident Response

Technical

• A Step Towards Checking Security in IoT

• Given Enough Eyeballs, All Bugs Are Shallow? Revisiting Eric Raymond with Bug Bounty Programs

• Two-Party Privacy Games: How Users Perturb When Learners Preempt

• Formal Analysis of Vulnerabilities of Web Applications Based on SQL Injection (Extended Version)

Reports, Blogs, Etc.

• Road Warriors: Beware of ‘Video Jacking’

• Spearphishing: It’s Curiosity That Makes Them Click

• Personal Information for Hundreds of People Found along CLE Roadside

• Almost Every Volkswagen Sold Since 1995 Can be Unlocked with an Arduino

• The Internet Of Tiny Things: What Lurks Inside

• Cyberattacks via Submarine

• The Future Of ATM Hacking

• Here’s The Business Side Of Thwarting A Cyberattack

August 5

News

• Snowden Solicits Friends and Acquaintances for Biography

• HTTP/2 Bugs Could Deny Service for Millions
• Supercomputers Offer a Look at Cybersecurity’s Automated Future
• Stealing Payment Card Data and PINs from POS Systems is Easy

• Bitcoin Robber Offers $600K “Giveaway”

• Beware of Ransomware Hiding in Shortcuts

• How to Keep Facebook, Twitter from Being Terrorists’ Hunting Grounds

• Apple Will Pay a ‘Bug Bounty’ to Hackers Who Report Flaws

Law/Policy

• FCC Should Consider Wireless Car Tech, Say Sens.

• Today’s Important Deadline in the ACLU’s Targeted-Killing Transparency Case

•  Comcast: The FCC Shouldn’t Touch Charges to Keep Data Private

Technical

• Security Monitoring of the Cyber Space

• Personal Information Leakage During Password Recovery of Internet Services

• Implementation of Association Rule Mining for Network Intrusion Detection

• High Accuracy Android Malware Detection Using Ensemble Learning

Reports, Blogs, Etc.

• Frequent Password Changes Is a Bad Security Idea

• Hacking the Vote

• What Facebook Plans to do Next will SHOCK You!!!

• How Hacking Brainwaves Could Reveal our Deeply Guarded Secrets

• 6 High-Tech Ways Thieves Can Steal Connected Cars

• Apple Rushes out iOS Update, Shuts Out Jailbreakers

• Why Most People Won’t Use a Smartphone Iris Scanner (a la the Galaxy Note 7’s)

• Researcher Hides Stealthy Malware Inside Legitimate Digitally Signed Files

• The Reincarnation of a Bulletproof Hoster

July 29

News

• Official Black Hat USA App Allows Spying, Attendee Impersonation

• WhatsApp May Leave Deleted Chats Behind in Your iCloud Backups

• Citibank IT Guy Deliberately Wiped Routers, Shut Down 90% of Firm’s Networks across America

• Update: FTC Approves Final Order in ASUS Privacy Case

• IRS Get Transcript Scam Duo Get Jail Time
• Microsoft Mandates Windows 10 Hardware Change for PC Security

• Trump’s Hacking Comments Rattle Cybersecurity Pros

• What does the U.S. Government Know about Russia and the DNC Hack?

Technical

• Product Offerings in Malicious Hacker Markets

• Android Malware Detection: an Eigenspace Analysis Approach

• N-opcode Analysis for Android Malware Classification and Categorization

• Android Malware Detection Using Parallel Machine Learning Classifiers

Reports / Blogs / Etc.

• Google Beefs Linux Up Kernel Defenses in Android

• The Security of Our Election Systems

• Real-World Security and the Internet of Things

• The Good, Bad and Ugly of Vulnerability Markets
• Dark Patterns are Designed to Trick You (And They’re All Over the Web)
• Whistleblower Edward Snowden Questions WikiLeaks’ Methods
• Ransomware Crime Wave Gets its Guardian Angels

• Would You Use This ATM?

July 22

News

• Snowden Proposes Smartphone Privacy Introspection Engine
• Three Quarters of US Firms Have Failed to Detect Breach – Report
• Banking, Porn and Pokémon Go: Republican Convention Attendees Sloppy With Wi-Fi Security
• A Hackable Election? 5 Things to Know about E-Voting
• CompTIA Launches New Training Program To Combat Human Error Data Breaches
• Indie Record Label Admits To Data Breach Following Hack
• Petition Urges Apple Not to Release Technology for Jamming Phone Cameras

• Donald Trump’s Take on Cyberwarfare Makes Concerning Reading

Law/Policy

• EFF: Controversial Copyright Law Unconstitutional

• Markey Floats Bill Bringing Internet to Developing World

• After 4-day Cyberattack, Library of Congress Returning to Normal

• GOP Platform Attempts Middle Ground on Encryption Debate

Technical

• Strong Hardness of Privacy from Weak Traitor Tracing

• Jamming in the Internet of Things: A Game-Theoretic Perspective

• Aggregation Architecture for Data Reduction and Privacy in Advanced Metering Infrastructure

• Analyzing HTTPS Encrypted Traffic to Identify User Operating System, Browser and Application

Reports / Blogs / Etc.

• Stealing Money from ISPs Through Premium Rate Calls

• Futuristic Cyberattack Scenario

• Software Flaw Puts Mobile Phones and Networks at Risk of Complete Takeover
• Auto Industry Develops Security Best Practices

• WeWork Battling Another Data Leak

• REPORT: 2015 Sees Big Jump in Ransomware Attacks

• Auto Industry ISAC Releases Best Practices For Connected Vehicle Cybersecurity

• Your Router Won’t Protect You When Smartphones Attack Smart Homes