July 13

News/Trends

• Will ‘Right to Repair’ imperil IoT Security?

• The Big Dark: Motive, not Means, is what holds back a Crippling Grid Hack

• New SQL Injection Tool Makes Attacks Possible from a Smartphone

• Dark Web Hosting Service Hacked, Some Data Was Stolen

• Spyware in Mexico Targeted Investigators Seeking Students

• Unclear on the concept, plastic edition

• The Growing Danger of IP Theft and Cyber Extortion

• Hackers Are Targeting Nuclear Facilities, Homeland Security Dept. and F.B.I. Say

Law/Policy

• Russia: Joint cybersecurity group with US unlikely to be formed soon

• Internet companies launch offensive against FCC’s net neutrality rollback

• Dems introduce bill to block cybersecurity team up with Russia

• Is it Time to Can the CAN-SPAM Act?

Technical

• Malware in the Future? Forecasting Analyst Detection of Cyber Events

• Estimation Efficiency Under Privacy Constraints

• Maximizing the effectiveness of an advanced persistent threat

• A Composite-Metric Based Path Selection Technique for the Tor Anonymity Network

Reports, Blogs, Etc.

• More on the NSA’s Use of Traffic Shaping

• How I learned to stop worrying (mostly) and love my threat model
• Black Code Available for Streaming

• IoT Devices Plagued by Lesser-Known Security Hole

• How Code Vulnerabilities Can Lead to Bad Accidents

• Now It’s Easier than Ever to Steal Someone’s Keys

• Researchers find chinks in the armour of satellite phone calls

• Two-factor via your mobile phone – should you stop using it?

July 7

News/Trends

• HTTPS Certificate Revocation is broken, and it’s time for some new tools

• Update your Android now – many holes fixed including ‘BroadPwn’ Wi-Fi bug

• Facebook fights gag prohibiting it from alerting users to search warrants

• Why doctors using SnapChat to send scans is not the problem

• Exit Scam Fears as Darknet Giant AlphaBay Goes Offline
• SLocker Variant Nabs WannaCry Tactic for Mobile

• Hackers Find ‘Ideal Testing Ground’ for Attacks: Developing Countries

• Confidence in Security Tools Hits a Low

Law/Policy

• Russians suspected to be behind hacks of nuclear plant

• Lawmakers sound alarm about Russian cybersecurity firm

• Latest malware attack exposes cybersecurity weaknesses

• Reno at 20: The Packingham Decision and the Supreme Court on Online Speech

Technical

• Three-Pass Protocol Implementation in Vigenere Cipher Classic Cryptography Algorithm with Keystream Generator Modification

• Achieving Secure and Differentially Private Computations in Multiparty Settings

• Internet of Things: Survey on Security and Privacy

• Analysis of the Rising Threat of Subverting Privacy Technologies

Reports, Blogs, Etc.

• Daily Report: The Ugly Aftermath of a Cyberattack

• The ancient Microsoft networking protocol at the core of the latest global malware attack

• IRS to Launch Educational Phishing Series

• IoT Physical Attack Exploit to be Revealed at Black Hat

• A Man-in-the-Middle Attack against a Password Reset System

• Now It’s Easier than Ever to Steal Someone’s Keys

• The paranoid Mac traveler’s 10-point data protection checklist

• Is it Time to Can the CAN-SPAM Act?

June 30

News/Trends

• Facial Recognition May Boost Airport Security But Raises Privacy Worries
• Tuesday’s massive ransomware outbreak was, in fact, something much worse

• Hacks Raise Fear Over N.S.A.’s Hold on Cyberweapons

• More Android apps from dangerous Ztorg family sneak into Google Play

• Hacker Steals Millions of Accounts from Internet Radio Service 8tracks

• Computer Scientists: Passwords Can be Acquired from Brain Waves

• KR: Financial firms on guard for cyberattack threats

• This Windows Defender bug was so gaping its PoC exploit had to be encrypted

Law/Policy

• Senators introduce ‘cyber hygiene’ bill

• Mexican politicians targeted with spyware, research shows

• Creator of original Petya ransomware offers help against global cyberattack

• Massive ransomware attack not actually ransomware: report

Technical

• Practical Differential Privacy for SQL Queries Using Elastic Sensitivity

• Improvement Of Email Threats Detection By User Training

• Stealthy Deception Attacks Against SCADA Systems

• Loophole: Timing Attacks on Shared Event Loops in Chrome

Reports, Blogs, Etc.

• How Facebook Uses Technology To Block Terrorist-Related Content
• The paranoid Mac traveler’s 10-point data protection checklist
• The price of security: surprisingly affordable

• Petya’ Ransomware Outbreak Goes Global

• Got Robocalled? Don’t Get Mad; Get Busy

• The Women of Bletchley Park

• CIA Exploits Against Wireless Routers

• Hacking Factory Robot Arms for Sabotage, Fun & Profit

June 23

News/Trends

• ‘Our Phones Are Being Monitored’: How a Hacking Story Unfurled

• Electronic Setups of Driverless Cars Vulnerable to Hackers

• How Facebook Uses Technology To Block Terrorist-Related Content
• Cyber Essentials ‘Breach’ Exposes Firms to Phishers

• NSA failed to implement security measures, says damning report

• Hungry for Cyber Warriors, Military Weighs Image, Lifestyle Changes

• Google Play is fighting an uphill battle against Android adware

• A Cyberattack ‘the World Isn’t Ready For’

Law/Policy

• Dems push for more action on power grid cybersecurity

• Bipartisan push to prioritize cyber advice for small businesses

• GOP rep fears Russian interference turning cybersecurity partisan

• Lawmakers told of growing cyber threat to election systems

Technical

• Geo-Encryption Protocol For Mobile Networks

• The Capacity of Cache Aided Private Information Retrieval

• All Your Bulbs Are Belong to Us: Investigating the Current State of Security in Connected Lighting Systems

• The Evaluation of Circuit Selection Methods on Tor

Reports, Blogs, Etc.

• Amazon Patents Measures to Prevent In-Store Comparison Shopping

• NSA Insider Security Post-Snowden

• New Technique to Hijack Social Media Accounts

• Following the Money Hobbled vDOS Attack-for-Hire Service

• Skype Suffers Outage Amid Claims of Cyber-Attack

• Google Will Now Remove Private Medical Records From Search Results

• 8 reasons why you should strengthen your iOS passcode today
• The price of security is eternal phone calls

 

June 9

News/Trends

• Half of ICS Firms Suffered Security Incident Last Year
• Thousands of Orgs Still Run Outdated OS, Post-WannaCry
• Internet cameras have hard-coded password that can’t be changed
• The Internet Of Things Is Becoming More Difficult To Escape

• Data enrichment records for 200 million people up for sale on the Darknet

• Electronic Setups of Driverless Cars Vulnerable to Hackers

• Firms stockpiling Bitcoins ready to pay off ransomware crooks

• Apple’s Safari is going to use AI to track who’s tracking you

Law/Policy

• DHS pledges to review ‘bug bounty’ cyber legislation

• Federal task force: Here’s how to fix healthcare cybersecurity

• Hacking in Qatar Highlights a Shift Toward Espionage-for-Hire

• It is not OK to break the law to catch criminals, judge rules

Technical

• Pain-Free Random Differential Privacy with Sensitivity Sampling

• Accessing Data while Preserving Privacy

• Stateless Puzzles for Real Time Online Fraud Preemption

• Optimal Attack against Cyber-Physical Control Systems with Reactive Attack Mitigation

Reports, Blogs, Etc.

• Safety and Security and the Internet of Things

• Surveillance Intermediaries

• Spear Phishing Attacks

• Drilling for Answers: Cyberattacks on the Rise in the Oil and Gas Industry

• Balancing the Risks of the Internet of Things

• Your Information Isn’t Being Hacked, It’s Being Neglected

• Following the Money Hobbled vDOS Attack-for-Hire Service

• OneLogin: Breach Exposed Ability to Decrypt Data

June 2

News/Trends

• OneLogin warns that attacker could be able to decrypt data

• Thousands of enterprise apps exposing data on back-end servers

• Chrome bug that lets sites secretly record audio and video is not a flaw Google says

• Cloud Security Alliance Releases Guidance for Securing Connected Vehicles

• Jaff Ransomware Tied to Extensive Data Harvesting Operation
• 250K Photos Leaked in Cosmetic Surgery Extortion Attack
• Dark Web Hackers Are Attacking Each Other Relentlessly
• Fireball Malware Infects 20% of Corporate Networks Worldwide

Law/Policy

• Bid to crowdfund access to NSA leaks withdrawn over legal concerns

• Democrats ask FBI to probe reported FCC cyberattack

• Sens submit bill to ‘Hack the DHS’

• Tech giants urge Congress to revise foreign surveillance law

Technical

• Static Exploration of Taint-Style Vulnerabilities Found by Fuzzing

• A new method of verification of security protocols

• When to Invest in Security? Empirical Evidence and a Game-Theoretic Approach for Time-Based Security

• The Dead Cryptographers Society Problem

Reports, Blogs, Etc.

• OneLogin: Breach Exposed Ability to Decrypt Data

• WannaCry and Vulnerabilities

• Passwords at the Border

• Hackers Demand Ransom for Stolen Surgery Photos
• Kmart Point of Sale Hacked with ‘Undetectable’ Malware
• Fireball Malware Infects 20% of Corporate Networks Worldwide

• Inmates Secretly Build and Network Computers while in Prison

• Dual biometrics may just be the authentication answer we need
  

May 19

News/Trends

• U.S. and E.U. Confer on Possible Laptop Ban on Trans-Atlantic Flights

• From Kill Switch To Bitcoin, ‘WannaCry’ Showing Signs Of Amateur Flaws
• Op-ed: It’s time for Google to take responsibility for Android’s security updates

• Walk this way: how you roll could become how you log in

• Facebook is losing the fight against the spread of fake news

• Backdoors: When Good Intentions Go Bad

• Inside the Motivations Behind Modern Cyberattackers

• Sleep trackers: more of a data nightmare than a data dream?

• 10 Free or Low-Cost Security Tools

Law/Policy

• NSA warned Microsoft about vulnerability connected to ‘Wanna Cry’: report

• IT modernization bill passes House

• Report finds weak cybersecurity at Mar-a-Lago

• Lawmakers move to boost transparency of government’s cyber vulnerability disclosure

Technical

• Detecting Cyber-Physical Attacks in Additive Manufacturing using Digital Audio Signing

• Protecting Against Untrusted Relays: An Information Self-encrypted Approach

• Privacy-Preserving Social Media Data Publishing

• Automated Cryptographic Analysis of the Pedersen Commitment Scheme

Reports, Blogs, Etc.

• Who you gonna call?: Getting ready for the next cyber disaster

• Keylogger Found in HP Laptop Audio Drivers

• Victims Call Hackers’ Bluff as Ransomware Deadline Nears

• Global ‘Wana’ Ransomware Outbreak Earned Perpetrators $26,000 So Far

• Breach at DocuSign Led to Targeted Email Malware Campaign

• #WannaCry hits Medical Devices in US
• WannaCry Ransomware
• Secure Disposal Remains Elusive for Documents of All Stripes

• Amazon Tops Darknet Exposure Index