April 19

News/Trends

• LinkedIn Data Found in Unsecured Databases
• Fraudsters Exploit Sympathies Surrounding Notre Dame Tragedy

• Did ransomware claim a victim or did two doctors just make a poor decision?

• Serious Security: Ransomware you’ll never find – and how to stop it

• Facebook: we logged 100x more Instagram plaintext passwords than we thought

• Third-Party Cyber-Risk by the Numbers

• Hackers could read non-corporate Outlook.com, Hotmail for six months

• Why We Need a ‘Cleaner Internet’

Law/Policy

• FCC chairman cites national security, opposes China Mobile’s bid to access US market

• Millions of Instagram passwords exposed within Facebook, company says

• DHS wants to use facial recognition on 97 percent of departing air passengers by 2023

• Microsoft denies facial recognition request from Calif. law enforcement

Technical

• Gotta Catch ‘Em All: Using Concealed Trapdoors to Detect Adversarial Attacks on Neural Networks

• Intrusion Detection Mechanism Using Fuzzy Rule Interpolation

• Erasing Data from Blockchain Nodes

• Ekiden: A Platform for Confidentiality-Preserving, Trustworthy, and Performant Smart Contract Execution

Reports, Blogs, Etc.

• Facebook hoovered up 1.5 million users’ email contacts without permission… “unintentionally”

• Man fried over 50 college computers with weaponized USB stick

• China Spying on Undersea Internet Cables

• ‘Land Lordz’ Service Powers Airbnb Scams

• Iranian Cyberespionage Tools Leaked Online

• New DNS Hijacking Attacks

• A “Department of Cybersecurity”

• More on the Triton Malware

Advertisements

April 12

News/Trends

• Majority of Hotel Websites Leak Guest Booking Info

• 25% of Phishing Emails Sneak into Office 365: Report

• Feds say Russian 2016 election meddling spanned all US states

• Flickr tackling online image theft with new AI service

• Android phones transformed into anti-phishing security tokens

• Toddler locks father out of iPad for 25.5 MILLION minutes, or until 2067

• Russia Plans to Cut Users Off From Global Internet
• US Government Warns of New North Korean Malware

Law/Policy

• Russian lawmakers approve measure to expand control of internet

• Nielsen’s departure raises questions about cyber plans

• Facebook struggling to deal with cybercrime on its platform, researchers say

• Lawmaker alleges political payback in failed ‘deepfakes’ measure

Technical

• Trusted CI Experiences in Cybersecurity and Service to Open Science

• Parallel Algorithms Development for Programmable Devices with Application from Cryptography

• What Storage Access Privacy is Achievable with Small Overhead?

• Smart Home Survey on Security and Privacy

Reports, Blogs, Etc.

• New Version of Flame Malware Discovered

• TajMahal Spyware

• Hear me speak about how to make a billion dollars through cybercrime

• The Samsung Galaxy S10’s ultrasonic fingerprint scanner is hacked

• The scourge of stalkerware

• Android 7.0+ Phones Can Now Double as Google Security Keys

• A Year Later, Cybercrime Groups Still Rampant on Facebook

• Cloudy with a Chance of Security Breach

April 5

News/Trends

• Attackers Target Home Routers with DNS Hijacking

• Nvidia patches severe bugs in edge computing modules

• “Team_Orangeworm” issues new threats to CarePartners

• Woman from China, with malware in tow, illegally entered Trump’s Mar-a-Lago
• Facebook Home to 74 Black Market Groups
• US Web Servers Hosted 10 Malware Families

• Is a third-party incident about to fuel a health insurance fraud ring?

• Serious Security: GPS week rollover and the other sort of “zero day”

Law/Policy

• Lawmaker alleges political payback in failed ‘deepfakes’ measure

• Senators reintroduce bipartisan bill aimed at preventing Russian interference in elections

• Cyber criminals using tactic to spread to other connected networks, research finds

• DOJ watchdog: FBI not tracking whether all cyber crime victims were notified

Technical

• White-to-Black: Efficient Distillation of Black-Box Adversarial Attacks

• GAN-based method for cyber-intrusion detection

• Malware Detection using Machine Learning and Deep Learning

• ScriptNet: Neural Static Analysis for Malicious JavaScript Detection

Reports, Blogs, Etc.

• Unpatched D-Link routers targeted in malicious DNS hijacking campaign

• Unsecured databases found leaking half a billion resumes on the net

• 540 million Facebook users left exposed due to sloppy third-party developer security

• Unhackable Cryptography?

• How Political Campaigns Use Personal Data

• OceanLotus, Russia, & Google – Paul’s Security Weekly #599

• llusive Networks – Enterprise Security Weekly #131

• 540 Million Facebook User Records Found On Unprotected Amazon Servers

• The Matrix at 20: A Metaphor for Today’s Cybersecurity Challenges

March 29

News/Trends

• New Shodan Tool Warns Organizations of Their Internet-Exposed Devices

• FTC slams the phone down on quartet of robocallers

• How blockchain is becoming the 5G of the payment industry

• Ex-NSA contractor pleads guilty to vast classified data leak, faces 9 years in prison

• IT Security Pros Slam State-Backed Encryption Backdoors

• Vulnerabilities in Pydio 8 Allow Escalated Admin Access

• And speaking of refusals to reimburse for breaches….

• ICO Fines Pensions Firm for Spamming Millions of Users

Law/Policy

• Bipartisan bill would create cyber advisory panel at DHS

• China offering major concessions on tech issues in trade talks: report

• Top Dems press voting vendors over election security concerns

• Revamping cyber at the DNC

Technical

• Tool Support of Formal Methods for Privacy by Design

• Differential Privacy of Aggregated DC Optimal Power Flow Data

• Botnet fingerprinting method based on anomaly detection in SMTP conversations

• Simple and tight device-independent security proofs

Reports, Blogs, Etc.

• NSA-Inspired Vulnerability Found in Huawei Laptops

• Programmers Who Don’t Understand Security Are Poor at Security

• Personal Data Left on Used Laptops

• Mail Fishing

• Office Depot fined millions for tricking customers into believing their PCs were infected with malware

• Hackers poison Asus software updates, may have infected one million PCs

• Facebook Stored Hundreds of Millions of User Passwords in Plain Text for Years

• First Look Media Shutting Down Access to Snowden NSA Archives

March 21

News/Trends

• Russian State Hackers Phish Euro Governments Ahead of Elections

• Flaw in popular PDF creation library enabled remote code execution

• Opera brings back free VPN service to its Android browser

• Nation-States Have Right to Hack Back, Survey Says

• The Lawyer’s Duty When Client Confidential Information is Hacked From the Law Firm

• Attacks Target AmEx, NetFlix Users with Phishing

• Researcher finds new way to sniff Windows BitLocker encryption keys

Law/Policy

• Nielsen calls for greater public-private collaboration on cyber threats

• Nearly 40 advocacy groups press lawmakers over NSA call records program

• Nielsen warns US ‘not prepared’ for foreign cyberattacks

• 4 in 5 Americans say they support net neutrality: poll

Technical

• A Stream-based Query System for Efficiently Detecting Abnormal System Behaviors for Enterprise Security

• Gamification Techniques for Raising Cyber Security Awareness

• Exploring Adversarial Examples in Malware Detection

• Information Set Decoding in the Lee Metric with Applications to Cryptography

Reports, Blogs, Etc.

• Google Play is flooded with hundreds of unsafe anti-virus products

• First Look Media Shutting Down Access to Snowden NSA Archives

• Zipcar Disruption

• An Argument that Cybersecurity Is Basically Okay

• Why Phone Numbers Stink As Identity Proof

• Google Photos Bug Let Criminals Query Friends, Location

• How to Get and Set Up a Free Windows VM for Malware Analysis

March 15

News/Trends

• On Norman Castles and the Internet

• MI: High school students hack system to change grades, attendance

• Unsecured Gearbest server exposes millions of shoppers and their orders

• Hackers Love to Strike on Saturday – Redscan report

• Orgs Say Yes to AI Use But Ask “What Is It

• You left WHAT on that USB drive?!

• How to make DuckDuckGo your default Chrome search engine

Law/Policy

• House Dem introduces bill requiring public firms to disclose cybersecurity expertise in leadership

• Wyden, Cotton call for policy alerting senators of cyber breaches

• Lawmakers introduce bipartisan bill for ‘internet of things’ security standards

• Shuttering of NSA surveillance program emboldens privacy groups

Technical

• Fuzzy Rough Set Feature Selection to Enhance Phishing Attack Detection

• ETGuard: Detecting D2D Attacks using Wireless Evil Twins

• Analysis of Privacy Policies to Enhance Informed Consent

• A Secure and Privacy-preserving Protocol for Smart Metering Operational Data Collection

Reports, Blogs, Etc.

• DARPA Is Developing an Open-Source Voting System

• Judging Facebook’s Privacy Shift

• On Surveillance in the Workplace

• Russia Is Testing Online Voting

• Ad Network Sizmek Probes Account Breach

• Online training site says it is spamming insecure printers with adverts

• Man arrested for selling one million Netflix, Spotify, Hulu passwords

March 8

News/Trends

• Researchers Hack the ‘Unhackable’ Smart Car Alarm
• Now you can buy police-grade iPhone hacking tools on eBay

• Firefox picks up advertiser-dodging tech from Tor

• Serious Security: When randomness isn’t – and why it matters

• Zuck says Facebook is becoming more “privacy focused”

• #RSAC: How Machine Learning Can Bolster Email Threat Detection
• Breaches and Leaks Soared 424% in 2018

Law/Policy

• Security researchers identify Chinese hacking group

• Senate panel accuses Equifax of neglecting cybersecurity ahead of 2017 breach

• Security firm links extensive cyber espionage campaign to North Korean hacker group

• Tech mobilizes K Street in privacy fight

Technical

• Security Issues in Language-based Sofware Ecosystems

• Only Connect, Securely

• The Privacy Blanket of the Shuffle Model

• On the security of a Loidreau’s rank metric code based encryption scheme

Reports, Blogs, Etc.

• Hackable car alarms leave three million cars at risk of hijack

• Facebook Messenger bug made it possible for hackers to see who you have been chatting with
• Facebook isn’t letting you opt-out of having people search for you by your phone number

• Detecting Shoplifting Behavior

• Letterlocking

• Digital Signatures in PDFs Are Broken

• Hackers Sell Access to Bait-and-Switch Empire