April 9

News/Trends

• US Jails Cyber-stalker Who Targeted Attack Survivor
• Learning from Recent Insider Data Breaches
• #COVID19 Fraud Surge Threatens to Overwhelm Banks
• Hackers Hacked as Underground Carding Site is Breached
• Too slow! Booking.com fined for not reporting data breach fast enough
• Criminals send out fake “census form” reminder – don’t fall for it!
• Digging Into the Third Zero-Day Chrome Flaw of 2021

Law/Policy

• Biden budget request calls for major investments in cybersecurity, emerging technologies
• Major DC insurance provider hacked by ‘foreign cybercriminals’
• Commerce blacklists seven Chinese supercomputing groups
• Key House leader to press for inclusion of cybersecurity in infrastructure bill

Technical

• Differentially Private Histograms in the Shuffle Model from Fake Users
• Lower Bounds Implementing Mediators in Asynchronous Systems
• Bayesian adversarial multi-node bandit for optimal smart grid protection against cyber attacks
• On the Applicability of Synthetic Data for Face Recognition

Report, Blogs, etc.

• A new headache for ransomware-hit companies. Extortionists emailing your customers
• Facebook isn’t sorry for letting someone steal personal details of half a billion users
• Check you own the website before you send out the press release
• Are You One of the 533M People Who Got Facebooked?
• Ransom Gangs Emailing Victim Customers for Leverage
• Google’s Project Zero Finds a Nation-State Zero-Day Operation
• Signal Adds Cryptocurrency Support
• Phone Cloning Scam

April 2

News/Trends

• Intelligence Analyst Fed Secrets to Reporter
• Troll Fined $81 After Victim Kills Herself
• Microsoft Suffers Second Outage in Two Weeks
• Trustwave Uncovers Vulnerability in Popular Website CMS
• Good Luck Explaining to HHS Why Your PHI is in GitHub’s Vault for the Next 1,000 Years
• University of Maryland, Baltimore responds to Accellion breach
• Enterprises Remain Riddled With Overprivileged Users — and Attackers Know It
• US Tech Dominance Rides on Securing Intellectual Property

Law/Policy

• Lawmakers urge Education Department to take action to defend schools from cyber threats
• Lack of cyber funds in Biden infrastructure plan raises eyebrows
• DHS chief lays out actions to strengthen cybersecurity in wake of major hacks
• Iranian hackers targeting US, Israeli medical researchers: analysis

Technical

• Qualitative Planning in Imperfect Information Games with Active Sensing and Reactive Sensor Attacks: Cost of Unawareness
• Too Expensive to Attack: A Joint Defense Framework to Mitigate Distributed Attacks for the Internet of Things Grid
• High-Dimensional Differentially-Private EM Algorithm: Methods and Near-Optimal Statistical Guarantees
• The best laid plans or lack thereof: Security decision-making of different stakeholder groups

Reports, Blogs, etc.

• Malware Hidden in Call of Duty Cheating Software
• Fugitive Identified on YouTube By His Distinctive Tattoos
• System Update: New Android Malware
• Federal agencies given five days to find hacked Exchange servers
• US nuclear command agency’s gibberish tweet was sent by a child
• Whistleblower: Ubiquiti Breach “Catastrophic”
• No, I Did Not Hack Your MS Exchange Server
• US Tech Dominance Rides on Securing Intellectual Property

March 26

News/Trends

• Al Jazeera: The Business of Surveillance
• How Azure Active Directory helps manage identity for remote users
• Text authentication is even worse than almost anyone thought
• Microsoft, we need to have a talk
• Burned Out Employees Put Corporate Security at Risk
• Data Loss Impacts 40% of SaaS App Users
• Alan Turing’s £50 banknote officially unveiled

Law/Policy

• Senators urge Energy chief to prioritize cybersecurity amid growing threats
• Cyber Command chief says dozens of cyber operations carried out to defend 2020 elections
• Facebook takes action against Chinese hackers targeting Uyghurs
• Lawmakers reintroduce legislation to secure internet-connected devices

Technical

• Deepfake Forensics via An Adversarial Game
• CHIMERA: A Hybrid Estimation Approach to Limit the Effects of False Data Injection Attacks
• Recent Advances in Large Margin Learning
• HufuNet: Embedding the Left Piece as Watermark and Keeping the Right Piece for Ownership Verification in Deep Neural Networks

Reports, Blogs, Etc.

• Determining Key Shape from Sound
• Details of a Computer Banking Scam
• Average ransomware payouts shoot up 171% to over $300,000
• Businesses! Beware The Vengeful IT Contractor!
• Bank loses customers’ social security numbers after ransomware attack
• Moving from DevOps to CloudOps: The Four-Box Problem
• In Secure Silicon We Trust

March 18

News/Trends

• Apple lives by its own privacy rules
• Stuck on Windows 10 1909? Some workarounds on moving forward
• Dropbox to Make Password Manager Feature Free for All Users
• Serious Security: The Linux kernel bugs that surfaced after 15 years
• Line app allowed Chinese firm to access personal user data
• Playing ‘Price is Right’-style game, GR doctors post operating room photos online
• Futility or Fruition? Rethinking Common Approaches To Cybersecurity

Law/Policy

• Biden administration convenes government, private sector groups to respond to Microsoft vulnerabilities
• Teen responsible for major Twitter hack to serve three years in prison
• US intel says Russia, Iran sought to influence 2020 election
• China blasts Biden administration over new restrictions on Huawei

Technical

• Blockchain Networks: Data Structures of Bitcoin, Monero, Zcash, Ethereum, Ripple and Iota
• A Central Limit Theorem for Differentially Private Query Answering
• Embedding Code Contexts for Cryptographic API Suggestion:New Methodologies and Comparisons
• One-Time Pads from the Digits of Pi

Reports, Blogs, Etc.

• Ransomware attack forces college to tell students to stay at home
• Police raid apartment of alleged Verkada hacker, as questions asked about employees’ access to customer video feeds
• On the Insecurity of ES&S Voting Machines’ Hash Code
• Security Analysis of Apple’s “Find My…” Protocol
• Microsoft Releases Mitigation Tool for On-Premises Exchange Servers
• 4 Strategies to Mitigate Pass-the-Cookie Attacks
• Best Practices for Securing Service Accounts

March 12

News/Trends

• Netflix Introduces Measures to Prevent Password Sharing
• Darkside 2.0 Ransomware Promises Fastest Ever Encryption Speeds
• Another 210,000 Americans Affected by Netgain Ransomware Attack
• Power Equipment: A New Cybersecurity Frontier
• F5 Networks Urges Customers to Update to New Versions of Its App Delivery Tech
• How confidential are your calls? This iPhone app shared them with everyone
• 150,000 security cameras allegedly breached in “too much fun” hack
• Compliance – The Invisible Hand of Cybersecurity

Law/Policy

• Microsoft warns of new threat to ‘unpatched’ networks
• Lawmakers roll out bill to protect critical infrastructure after Florida water hack
• Federal agencies warn Microsoft vulnerabilities pose ‘serious risk’ to government, private sector
• House approves cyber funds in relief package as officials press for more

Technical

• Learning-Based Vulnerability Analysis of Cyber-Physical Systems
• TANTRA: Timing-Based Adversarial Network Traffic Reshaping Attack
• A Survey on Limitation, Security and Privacy Issues on Additive Manufacturing
• The Curse of Correlations for Robust Fingerprinting of Relational Databases

Reports, Blogs, Etc.

• Metadata Left in Security Agency PDFs
• Fast Random Bit Generation
• More on the Chinese Zero-Day Microsoft Exchange Hack
• On Not Fixing Old Vulnerabilities
• Warning the World of a Ticking Time Bomb
• A Basic Timeline of the Exchange Mass-Hack
• 150,000 security cameras are hacked exposing jails, hospitals, and well-known firms
• Criminals arrested after trusting encrypted chat app cracked by police

February 26

News/Trends

• After a Year of Quantum Advances, the Time to Protect Is Now
• Inside Strata’s Plans to Solve the Cloud Identity Puzzle
• USA Third Most Affected by Stalkerware
• Iraqi MP Suffers Online Extortion
• Keybase secure messaging fixes photo-leaking bug – patch now!
• The massive coronavirus IT blunder with a funny side
• 10 Database Security Best Practices You Should Know
• Black History Month: Diversity in Cybersecurity Is More Important than Technology

Law/Policy

• Lawmakers blame SolarWinds on ‘collective failure’ to prioritize cybersecurity
• Huawei backs supply chain security standards in wake of SolarWinds breach
• DHS Secretary Mayorkas announces new initiative to fight ‘epidemic’ of cyberattacks
• Biden CIA pick pledges to confront China if confirmed, speak ‘truth to power’

Technical

• Analyzing Confidentiality and Privacy Concerns: Insights from Android Issue Logs
• Discrete Distribution Estimation with Local Differential Privacy: A Comparative Analysis
• File fragment recognition based on content and statistical features
• Blockchained Federated Learning for Threat Defense

Reports, Blogs, Etc.

• The Problem with Treating Data as a Commodity
• On Chinese-Owned Technology Platforms
• Twelve-Year-Old Vulnerability Found in Windows Defender
• Dependency Confusion: Another Supply-Chain Vulnerability
• Npower scraps app, and urges customers to change passwords, after data breach
• Recorded Future’s free Cyber Daily newsletter brings trending threat insights straight to your inbox
• NurseryCam suffers data breach after security concerns raised
• How $100M in Jobless Claims Went to Inmates
• Checkout Skimmers Powered by Chip Cards

February 19

News/Trends

• Apple publishes in-depth M1, Mac, and iOS security guide
• Can Apple Watch boost your endpoint security?
• The massive coronavirus pandemic IT blunder with a funny side
• US names three North Koreans in laundry list of cybercrime charges
• “ScamClub” gang outed for exploiting iPhone browser bug to spew ads
• Kia Denies Ransomware Attack
• Healthcare Data Breaches Halved in January

Law/Policy

• Senate Intelligence panel to hold hearing on SolarWinds breach next week
• Groups launch $22 million effort to battle disinformation targeting Latinos
• DOJ charges North Korean hackers with stealing $1.3 billion in cryptocurrency
• Senate Intel leader demands answers on Florida water treatment center breach

Technical

• Scanning the Cycle: Timing-based Authentication on PLCs
• Towards Adversarial-Resilient Deep Neural Networks for False Data Injection Attack Detection in Power Grids
• Classically Verifiable (Dual-Mode) NIZK for QMA with Preprocessing
• Robust and Differentially Private Mean Estimation

Reports, Blogs, Etc.

• Router Security
• Browser Tracking Using Favicons
• Malicious Barcode Scanner App
• US Cyber Command Valentine’s Day Cryptography Puzzles
• US charges North Koreans in relation to global cyber attacks
• Breaking news: Facebook breaks news (and other pages) for Australian users
• U.S. Indicts North Korean Hackers in Theft of $200 Million
• Bluetooth Overlay Skimmer That Blocks Chip

February 12

News/Trends

• Three Charged Over Fraudulent Vaccine Website
• Nearly Two-Thirds of CVEs Are Low Complexity
• General Tips for Children & Teens on Safer Internet Day
• Social Media Best Practices for Safer Internet Day
• Can Apple Watch boost your endpoint security?
• Apple wants Safari in iOS to be your private browser
• Fallen victim to online fraud? Here’s what to do…

Law/Policy

• Lawmakers introduce bipartisan bill to allow for increased use of internet-connected devices
• Biden to sign executive order addressing chip shortage
• Krebs, other officials urge Congress to take strong action to tamp down cyber threats
• Katko calls for bipartisanship on cyber issues as threats intensify

Technical

• A firefly algorithm for power management in wireless sensor networks (WSNs)
• SN4KE: Practical Mutation Testing at Binary Level
• Differential Privacy Dynamics of Langevin Diffusion and Noisy Gradient Descent
• Adversarial Poisoning Attacks and Defense for General Multi-Class Models Based On Synthetic Reduced Nearest Neighbors

Reports, Blogs, Etc.

• What’s most interesting about the Florida water system hack? That we heard about it at all.
• Arrest, Raids Tied to ‘U-Admin’ Phishing Kit
• The Taxman Cometh for ID Theft Victims
• Eight men arrested following celebrity SIM-swapping attacks
• Hackers publish patient data stolen from two US hospital chains
• Thanks for finding a critical bug. Have a $1.5 million bounty, and our CTO will get a tattoo of anything you like
• Ransomware Profitability
• Web Credit Card Skimmer Steals Data from Another Credit Card Skimmer

February 5

News/Trends

• Data Sharing Critical to AI’s Use in Cybersecurity
• Automated Tools Increasingly Used to Launch Cyber-Attacks
• IBM Announces Cybersecurity Grants for US Schools
• Chrome zero-day browser bug found – patch now!
• Free coffee! Belgian researcher hacks prepaid vending machines
• Cybercrime Goes Mainstream
• AI and APIs: The A+ Answers to Keeping Data Secure and Private
• Google’s Payout to Bug Hunters Hits New High

Law/Policy

• Biden: US taking ‘urgent’ steps to improve cybersecurity
• IBM rolls out $3M grant program for schools to defend against cyberattacks
• House Armed Services panel establishes new cybersecurity subcommittee
• Federal cyber agency reevaluating its role in countering election disinformation

Technical

• A Historical and Statistical Study of the Software Vulnerability Landscape
• Discovering Physical Interaction Vulnerabilities in IoT Deployments
• TAD: Trigger Approximation based Black-box Trojan Detection for AI
• Provably Secure Federated Learning against Malicious Clients

Reports, Blogs, Etc.

• Presidential Cybersecurity and Pelotons
• Another SolarWinds Orion Hack
• Georgia’s Ballot-Marking Devices
• Including Hackers in NATO Wargames
• Fake WhatsApp app may have been built to spy on iPhone users – what you need to know
• Test Amber Alert accidentally sent out warning of Chucky from the Child’s Play horror movies
• Facebook, Instagram, TikTok and Twitter Target Resellers of Hacked Accounts
• ‘ValidCC,’ a Major Payment Card Bazaar and Looter of E-Commerce Sites, Shuttered

January 29

News/Trends

• GA: Crisp Regional Health Services falls victim to ransomware attack
• UKRI issues statement about ransomware attack
• US Breach Volumes Fell 19% in 2020 as Ransomware Surges
• Social Media Influencer Charged with Election Interference
• The mystery of the missing Perl website
• Cybersecurity tips for university students
• Apple critical patches fix in-the-wild iPhone exploits – update now!

Law/Policy

• Democrats introduce measure to boost privacy, security of health data during pandemic
• Lawmakers introduce legislation to massively expand mail-in voting
• International authorities disrupt ‘world’s most dangerous malware’
• Google: Hackers backed by North Korea tried to steal cyber research

Technical

• Analyzing the Overhead of Filesystem Protection Using Linux Security Modules
• Dopamine: Differentially Private Secure Federated Learning on Medical Data
• SimBle: Generating privacy preserving real-worldBLE traces with ground truth
• An Analytics Framework for Heuristic Inference Attacks against Industrial Control Systems

Reports, Blogs, Etc.

• New iMessage Security Features
• Police Have Disrupted the Emotet Botnet
• Insider Attack on Home Surveillance Systems
• Arrest, Seizures Tied to Netwalker Ransomware
• International Action Targets Emotet Crimeware
• DDoS-Guard To Forfeit Internet Space Occupied by Parler
• Hackers could live-stream your home through your LifeShield security camera