October 20

News/Trends

• How to Talk to the C-Suite about Malware Trends

• The Future of Democratic Threats is Digital

• 10 Social Engineering Attacks Your End Users Need to Know About

• Anatomy of a spambot

• Ransomware On The Rise: Dark Web Market Demand Up 2,500%

• How Russian firm may have siphoned tools from the NSA

• Gas pump skimmers are still a thing

• 70% of US Employees Lack Security and Privacy Awareness

Law/Policy

• FBI Seeks DDoS Attack Evidence from Victims

• FERC proposes new cyber controls for power grid

• Frustrated senators demand cyber war strategy from Trump

• George W. Bush: US must confront ‘new era of cyber threats’

Technical

• Differentially Private Query Learning: from Data Publishing to Model Publishing

• Malware Lineage in the Wild

• Data-Driven and Deep Learning Methodology for Deceptive Advertising and Phone Scams Detection

• The Devils in The Details: Placing Decoy Routers in the Internet

Reports, Blogs, Etc.

• Anatomy of a spambot

• What You Should Know About the ‘KRACK’ WiFi Security Weakness

• IoT Cybersecurity: What’s Plan B?

• IRS chief: assume your identity has been stolen

• Facebook is struggling to meet the burden of securing itself, security chief says

• How individuals can use online ad buying to spy on you

• Encryption chip flaw afflicts huge number of computers

• Kids’ smartwatches harbouring major security flaws

• Security & Skills Biggest Concerns for Orgs Investing in New Tech
• Amazon wants to deliver groceries to your car trunk — not a good idea
  

Advertisements

October 12

News/Trends

• Making the Lives of Cybercriminals and Spies Harder Online

• Phishing Emails that Invoke Fear, Urgency, Get the Most Clicks

• Data Breach Notification Most Clicked Subject in Phishing Tests
• Early reports of myriad Microsoft Patch Tuesday problems

• Equifax: up to 15 million more at risk

• How Systematic Lying Can Improve Your Security
• North Korean Threat Actors Probe US Electric Companies
• Latest ATM Malware is Lightweight and Simple

• All for One, One for All: MENA Cyber-criminals Have a Spirit of Sharing Mindset

Law/Policy

• Opposition mounts against bill to renew surveillance program

• House Intel Committee plans to release Russian Facebook ads

• House approves bill to bolster small business cybersecurity

• Election hacking report: US ‘has a lot to do in a short period of time’

Technical

• Unity 2.0: Secure and Durable Personal Cloud Storage

• Involving Users in the Design of a Serious Game for Security Questions Education

• Understanding Organizational Approach towards End User Privacy

• Approaches to Modeling the Impact of Cyber Attacks on a Mission

Reports, Blogs, Etc.

• Changes in Password Best Practices

• White House Chief of Staff John Kelly’s Cell Phone was Tapped

• Replacing Social Security Numbers

• Fear Not: You, Too, Are a Cybercrime Victim!

• North Korean Threat Actors Probe US Electric Companies

• IoT: Insecurity of Things or Internet of Threats?

• US government calls for “responsible” – as in breakable – encryption

• Watch out for these high-pressure Apple malware scams

• What’s the fuzz about? Microsoft unveils its latest security tool

October 5

News/Trends

• URL Obfuscation: Still a Phisher’s Phriend

• Chips in iPhone 7s, Androids, smart TVs vulnerable to rogue Wi-Fi

• Facebook Faces Increasing Scrutiny Over Election-Related Russian Ads
• Machine learning-based threat detection is coming to your smartphone

• Email fraudsters foiled by a smiley

• Chrome turns the screw ever tighter in Google’s encryption crusade

• Less Than Half of Consumers Take Protective Steps Post-Breach

• A forum on DarkNet is selling data stolen from over 6,000 Indian businesses including ISPs: QuickHeal

Law/Policy

• Joint Letter Concerning Bill C-59, National Security, and Human Rights

• GOP chairman backs national data breach notification standard

• Intel Dem: Panel will have ‘stronger partnership’ with social media firms

• Wall Street regulator needs to ‘better protect’ cyber data: inspector report

Technical

• Validating Computer Security Methods: Meta-methodology for an Adversarial Science

• Cloaker Catcher: A Client-based Cloaking Detection System

• Memory DoS Attacks in Multi-tenant Clouds: Severity and Mitigation

• Rényi Differential Privacy Mechanisms for Posterior Sampling

Reports, Blogs, Etc.

• HP Shared ArcSight Source Code with Russians

• E-Mail Tracking

• Fear Not: You, Too, Are a Cybercrime Victim!

• Uber, Facebook Messenger Top List of Riskiest Apps in the Enterprise
• Accenture: Utility Grids Brace for Cyberattacks—with Poor Defenses
• #Infosec17: Forget What You Think You Know About IoT Security

• All 3 Billion Yahoo Accounts Were Affected by 2013 Attack

• Remote Malware Attacks on ATMs

September 29

News/Trends

• One-Fifth of IoT Device Owners Unaware of Mirai
• Phishers Use Private Banking Messages to Lure Victims

• iPhone X Face ID baffled by kids, twins, siblings, doppelgängers

• Firewalls Don’t Stop Hackers. AI Might.

• Whole Foods Investigates Payment Card Breach

• FTC Twitter Chat: Influencers 101

• Opinion: NIST Guidelines make Digital Identity all about Risk

• Hole in Mobile Apps Leave Home Automation Systems Vulnerable to Hacking

Law/Policy

• Senate passes small business cybersecurity legislation

• Obama DHS officials pitch election cybersecurity fixes to Congress

• Transnational Responses to Cyber Crimes Challenges in the 21st Century: An Appraisal of Existing Treaties, a Call for a General Multi-Lateral Treaty

• Senate Intel panel asks Google to cooperate in Russia probe

Technical

• Release Connection Fingerprints in Social Networks Using Personalized Differential Privacy

• Botnet in the Browser: Understanding Threats Caused by Malicious Browser Extensions

• Providing Privacy, Safety, and Security in IoT-Based Transactive Energy Systems using Distributed Ledgers

• Changing users’ security behaviour towards security questions: A game based learning approach

Reports, Blogs, Etc.

• New Internet Explorer Bug

• Department of Homeland Security to Collect Social Media of Immigrants and Citizens

• GPS Spoofing Attacks

• New Locky Ransomware Phishing Attacks Beat Machine Learning Tools

• What Face ID means for iOS and device access

• Companies Push to Decode Cloud Encryption

• Facebook Faces Increasing Scrutiny Over Election-Related Russian Ads

• All Your Equifax Breach Questions
  (and Some Answers) in One Place

September 22

News/Trends

• Azure Confidential Computing will keep data secret, even from Microsoft

• Get Serious about IoT Security

• Massive Wave of Ransom DDoS Threats Sweeps Globe
• Heads up: Malware found in Piriform’s CCleaner installer

• GDPR & the Rise of the Automated Data Protection Officer

• Where Do Security Vulnerabilities Come From?
• Ransomware Analysis Promises Bleak Future with No Recovery
• iPhone X’s Face ID Inspires Privacy Worries — But Convenience May Trump Them

Law/Policy

• Transnational Responses to Cyber Crimes Challenges in the 21st Century: An Appraisal of Existing Treaties, a Call for a General Multi-Lateral Treaty
• Cyber Warfare and International Humantarian Law

• Senate Dems call for enhanced transparency for online ads

• Zuckerberg vows to make Facebook political advertising more transparent

Technical

• Practical Machine Learning for Cloud Intrusion Detection: Challenges and the Way Forward

• Covert Wireless Communication with Artificial Noise Generation

• Automatic Detection of Malware-Generated Domains with Recurrent Neural Models

• Android Inter-App Communication Threats and Detection Techniques

Reports, Blogs, Etc.

• ISO Rejects NSA Encryption Algorithms

• What the NSA Collects via 702

• Apple’s FaceID

• Bluetooth Vulnerabilities

• Experian Site Can Give Anyone Your Credit Freeze PIN

• 1.4 Million New Phishing Sites Launched Each Month

• 10 Security Product Flaw Scares

• S.E.C. Says It Was a Victim of Computer Hacking Last Year

September 15

News/Trends

• Protect your Digital Presence with Secure Accounts
• Leak of >1,700 valid passwords could make the IoT mess much worse
• Secret chips in replacement parts can completely hijack your phone’s security
• We Need to Know More About Government Searches of Traveler’s Electronic Devices

• Hackers attacking US and European energy firms could sabotage power grids

• NY: Sheriffs warn of hackers after brute force attack

• Phishers Spread Malicious Links Via Hacked LinkedIn Accounts
• ExpensiveWall Android Malware Slips Past Google Play Filters

Law/Policy

• Dems propose data security bill after Equifax hack

• FTC launches investigation into Equifax breach

• ‘We Only Spy on Foreigners’: The Myth of a Universal Right to Privacy and the Practice of Foreign Mass Surveillance
• Internet Surveillance, Regulation, and Chilling Effects Online: A Comparative Case Study

Technical

• Enemy At the Gateways: A Game Theoretic Approach to Proxy Distribution

• HitFraud: A Broad Learning Approach for Collective Fraud Detection in Heterogeneous Information Networks

• Models and Framework for Adversarial Attacks on Complex Adaptive Systems

• On labeling Android malware signatures using minhashing and further classification with Structural Equation Models

Reports, Blogs, Etc.

• Hacking Robots

• Hacking Voice Assistant Systems with Inaudible Voice Commands

• The Equifax Breach: What You Should Know

• The Hunt for IoT: The Rise of Thingbots

• Experts Weigh Pros, Cons of FaceID Authentication in iPhone X

• Your Social Security Number Isn’t a Secret

• The Terrifying Power of Internet Censors

• Azure Confidential Computing will keep data secret, even from Microsoft
• iPhone X & Face ID: Everything you need to know

September 8

News/Trends

• Equifax Says Cyberattack May Have Affected 143 Million Customers

• Threat Intelligence Collaboration on the Rise
• Leak of >1,700 valid passwords could make the IoT mess much worse

• Is Public Sector Cybersecurity Adequate?

• SANS: Ransomware is Biggest Threat to Data Security
• MobileIron adds Apple security along with support for iOS 11
• Ultrasonic “DolphinAttack” Could Hack Voice Assistants
• Mexican VAT Refund Giant Exposes Half-Million Passports, Credit Cards Online

Law/Policy

• How Much Should We Spend to Protect Privacy?: Data Breaches and the Need for Information We Do Not Have

• Google: No evidence of Russian propaganda ads on our platforms

• House panel advances measure to guard U.S. ports from cyberattacks

• Industrial Cyber Vulnerabilities: Lessons from Stuxnet and the Internet of Things

Technical

• A Non-commutative Cryptosystem Based on Quaternion Algebras

• Secure Full-Duplex Device-to-Device Communication

• Device-independent Randomness Amplification and Privatization

• Use Privacy in Data-Driven Systems: Theory and Experiments with Machine Learnt Programs

Reports, Blogs, Etc.

• How to Protect Your Information Online

• Hackers Can Use Ultrasounds to Take Control of Alexa, Siri, Cortana, Others

• Security Vulnerabilities in AT&T Routers

• Twitter Bots Use Likes, RTs for Intimidation

• Another victim of TheDarkOverlord comes forward

• Workplace IoT Puts Companies on Notice for Smarter Security

• New Techniques in Fake Reviews

• Attacking Data Integrity & Hacking Radiation Monitoring Devices