November 25

News/Trends

• FBI in Threat Warning After Surge in Spoofed Domains
• E-Commerce Biz and CEO Charged with Investor Fraud
• US Proposes Funding to Clear Risk Assessment Backlog
• Prevention Is Better Than the Cure When Securing Cloud-Native Deployments
• Why Security Awareness Training Should Be Backed by Security by Design
• Latest Version of TrickBot Employs Clever New Obfuscation Trick
• Gift card hack exposed – you pay, they play
• Facebook patches Messenger audio snooping bug – update now!

Law/Policy

• FCC denies ZTE request to reverse national security threat designation
• Federal authorities warn of increased cyber targeting during upcoming holiday season
• Leadership changes at top cyber agency raise national security concerns
• Senate passes bill to secure internet-connected devices against cyber vulnerabilities

Technical

• MacLeR: Machine Learning-based Run-Time Hardware Trojan Detection in Resource-Constrained IoT Edge Devices
• Nudge Attacks on Point-Cloud DNNs
• Differentially Private Learning Needs Better Features (or Much More Data)
• When Machine Learning Meets Privacy: A Survey and Outlook

Reports, Blogs, Etc.

• Fake Minecraft mods installed on over one million Android devices
• FBI warns of criminals spoofing its website domain names
• Robot vacuum cleaners can eavesdrop on your conversations, researchers reveal
• Egregor Ransomware Attack Hijacks Printers to Spit Out Ransom Notes
• Cyber Public Health
• More on the Security of the 2020 US Election
• Indistinguishability Obfuscation

November 20

News/Trends

• Deciphering (and understanding) Microsoft’s patch management options
• Online privacy: Best browsers, settings, and tips
• Mitsubishi Electric again falls victim to cyberattack
• Google is adding end-to-end encryption to its Android Messages app
• How Cyberattacks Work
• ISP Security: Do We Expect Too Much?
• Cybercriminals Get Creative With Google Services
• Facebook patches Messenger audio snooping bug – update now!

Law/Policy

• Senate passes bill to secure internet-connected devices against cyber vulnerabilities
• House approves legislation providing $750 million to boost US 5G efforts
• Underwood plans to focus on election security, ransomware as chair of House cyber panel
• Twitter hires famous hacker to head security operations

Technical

• Experimental implementation of secure anonymous protocols on an eight-user quantum network
• Strong Data Augmentation Sanitizes Poisoning and Backdoor Attacks Without an Accuracy Tradeoff
• Leaky Buddies: Cross-Component Covert Channels on Integrated CPU-GPU Systems

Reports, Blogs, Etc.

• Symantec Reports on Cicada APT Attacks against Japan
• The US Military Buys Commercial Location Data
• Michael Ellis as NSA General Counsel
• On Blockchain Voting
• Get the free Security Intelligence Handbook from Recorded Future
• Egregor Ransomware Attack Hijacks Printers to Spit Out Ransom Notes
• Convicted SIM Swapper Gets 3 Years in Jail
• Be Very Sparing in Allowing Site Notifications

November 13

News/Trends

• Ethical Hacker’s Comic Dream Gets Backing
• Cyber-Mercenaries Sell Espionage Campaigns
• Most Americans Reuse Passwords for Work Devices
• “Instant bank fraud” hoax is back – don’t spread fake news!
• Smishing attack tells you “mobile payment problem” – don’t fall for it!
• Black Friday – stay safe before, during and after peak retail season
• “Email Appender” Implants Malicious Emails Directly Into Mailboxes
• More drama on a forum, and a slew of new databases dumped

Law/Policy

• House report says lawmakers could securely cast remote votes amid pandemic
• Pressure grows to reinstall White House cyber czar
• Biden’s hard stand on foreign election interference signals funding fight
• Zoom to implement heightened security program in settlement with the FTC

Technical

• Privacy Preservation in Federated Learning: Insights from the GDPR Perspective
• Proof of Authenticity of Logistics Information with Passive RFID Tags and Blockchain
• On Polynomial Approximations for Privacy-Preserving and Verifiable ReLU Networks
• Differentially Private Synthetic Data: Applied Evaluations and Enhancements

Reports, Blogs, Etc.

• Ransomware Group Turns to Facebook Ads
• Why Paying to Delete Stolen Data is Bonkers
• “Privacy Nutrition Labels” in Apple’s App Store
• The Security Failures of Online Exam Proctoring
• 2020 Was a Secure Election
• DARPA and Academia Jumpstart 5G IoT Security Efforts
• 5 Steps Every Company Should Take to Avoid Data Theft Risk
• Like the Energizer Bunny, Trickbot Goes On and On

November 5

News/Trends

• Researchers Uncover New Malspam Campaign Exploiting #Election2020 Controversy
• Over Half of Organizations Still Operating Without a BYOD Policy
• Over 70,000 Personal Files Found on 100 Second-Hand USBs
• Gaming Giant Capcom Suffers Security Breach
• Police open case into leak of 500 soldiers’ personal data
• Don ‘t pay ransom on the promise your data will be deleted, because it won’t be — Coveware
• Bug Bounty Hunters’ Pro Tips on Chasing Vulns & Money
• Digital Transformation Means Security Must Also Transform

Law/Policy

• Officials on alert for potential cyber threats after a quiet Election
• Officials warn delayed vote count could lead to flood of disinformation
• New York AG announces probe into robocalls allegedly designed to mislead voters
• Cyberattack targets networks of Vermont, New York hospitals

Technical

• A Scalable Approach for Privacy-Preserving Collaborative Machine Learning
• Online Discoverability and Vulnerabilities of ICS/SCADA Devices in the Netherlands
• Face Morphing Attack Generation & Detection: A Comprehensive Survey
• A Survey on Contact Tracing: the Latest Advancements and Challenges

Reports, Blogs, Etc.

• Following Ubisoft cyber attack, hackers claim to leak Watch Dogs: Legion code online
• Maze ransomware gang says it has quit the cybercrime business
• Why Paying to Delete Stolen Data is Bonkers
• Two Charged in SIM Swapping, Vishing Scams
• FBI, DHS, HHS Warn of Imminent, Credible Ransomware Threat Against U.S. Hospitals
• Determining What Video Conference Participants Are Typing from Watching Shoulder Movements
• New Windows Zero-Day
• The Legal Risks of Security Research

October 30

News/Trends

• US Sanctions Russian Institute Linked to TRITON
• Number of “Breached” Records Hits 36 Billion in 2020
• Scammers Spoof MAGA Hat Vendors to Steal $2.3m from Republicans
• Adobe Flash – it’s the end of the end of the end of the road at last
• Facebook “copyright violation” tries to get past 2FA – don’t fall for it!
• The New Normal: When work-from-home means the boss is watching
• JavaScript Obfuscation Moves to Phishing Emails
• Public Safety & Cybersecurity Concerns Elevate Need for a Converged Approach

Law/Policy

• Cyberattack targets networks of Vermont, New York hospitals
• Hacker releases Georgia county’s election-related files
• Federal agencies warn hackers targeting U.S. hospitals with ransomware attacks
• House Democrats introduce bill to invest $900 billion in STEM research and education

Technical

• Construction Payment Automation Using Blockchain-Enabled Smart Contracts and Reality Capture Technologies
• Scalable Attack-Resistant Obfuscation of Logic Circuits
• Smart Homes: Security Challenges and Privacy Concerns
• Federated Transfer Learning: concept and applications

Reports, Blogs, Etc.

• FBI, DHS, HHS Warn of Imminent, Credible Ransomware Threat Against U.S. Hospitals
• Google Mending Another Crack in Widevine
• Japanese nuclear agency warns of cyber attack, turns off email systems
• Become a security intelligence expert, with these free tools from Recorded Future
• The Legal Risks of Security Research
• Tracking Users on Waze
• The NSA is Refusing to Disclose its Policy on Backdooring Commercial Products

October 22

News/Trends

• Retail, Hospitality and Travel Hit by 64 Billion Credential Stuffing Attacks
• DOJ Says Iran Targeted American Voters with Threatening Emails
• The 5 Best Ways to Handle Sensitive Data
• Need for ‘Guardrails’ in Cloud-Native Applications Intensifies
• Implementing Proactive Cyber Controls in OT: Myths vs. Reality
• Virtual learning company admits releasing student data in bid to expand in Missouri
• Ensuring Transparency: Language to Avoid in HIPAA Breach Notifications
• Opinion: Staying Secure Through 5G Migration

Law/Policy

• Big tech companies team up with DEA for opioid drop-off day
• Streaming service Quibi shutting down
• Sweden bans use of Huawei, ZTE equipment in new 5G networks
• Justice Department charges Google with illegally maintaining search monopoly

Technical

• Mitigating Sybil Attacks on Differential Privacy based Federated Learning
• Mascara: A Novel Attack Leveraging Android Virtualization
• Private Weighted Sum Aggregation
• DuetSGX: Differential Privacy with Secure Hardware

Reports, Blogs, Etc.

• Over one million WordPress sites receive forced update to security plugin after severe vulnerability discovered
• Sopra Steria hit by cyber attack. IT services group suspected of falling victim to ransomware
• The Recorded Future Express browser extension – elite security intelligence for zero cost
• NSA Advisory on Chinese Government Hacking
• Cybersecurity Visuals
• Split-Second Phantom Images Fool Autopilots
• US Cyber Command and Microsoft Are Both Disrupting TrickBot
• QAnon/8Chan Sites Briefly Knocked Offline

October 16

News/Trends

• Academia Adopts Mitre ATT&CK Framework
• Cybercrime Losses Up 50%, Exceeding $1.8B
• Is Windows the greatest cyberthreat to the 2020 US election?
• Apple’s T2 Mac security chip may be vulnerable, researcher claims
• Iran Reports Two Major Cyber-Attacks
• Senator Questions US Healthcare Giant Over Cyber-Attack
• BA GDPR Data Breach Fine Lowered to £20m Due to COVID-19
• Cosmote reveals cyber attack exposed telephone data from thousands of customers

Law/Policy

• Google launches features to locate voting places, ballot drop-offs
• Twitter revises hacked materials policy after banning NY Post story
• Black scholars launch project to fight disinformation
• Trump refuses to disavow QAnon

Technical

• Intelligent Reflecting Surface-Assisted Wireless Key Generation for Low-Entropy Environments
• Chasing Your Long Tails: Differentially Private Prediction in Health Care Settings
• Local Differential Privacy for Bayesian Optimization
• BFT Protocol Forensics

Reports, Blogs, Etc.

• US Cyber Command and Microsoft Are Both Disrupting TrickBot
• Google Responds to Warrants for “About” Searches
• Hacking Apple for Profit
• Beware COVID-19 Charity Fraudsters, Warns the FBI
• Barnes & Noble warns customers it has been hacked, customer data may have been accessed
• Elite security intelligence for zero cost. Meet the Recorded Future Express browser extension
• Android ransomware learns new tricks to lock devices
• Microsoft Uses Trademark Law to Disrupt Trickbot Botnet

October 9

News/Trends

• 8 tips to tighten up your work‑from‑home network
• Gone phishing: workplace email security in five steps
• If you connect it, protect it
• Parents Using School Payment Service Have Card Details Compromised
• Global Privacy Control Launched to Offer Users Greater Internet Trust
• Amid an Embarrassment of Riches, Ransom Gangs Increasingly Outsource Their Work
• Apple’s T2 Mac security chip may be vulnerable, researcher claims
• Wire targets Zoom, Teams and others with secure video upgrades

Law/Policy

• Defense Department designates $600 million for 5G testing at military sites
• DOJ bans use of grant funds for certain foreign-made drones
• Justice Department rolls out report detailing cryptocurrency security threats
• US seizes 92 domains used by Iran for ‘global disinformation campaign

Technical

• Adversarial Attacks to Machine Learning-Based Smart Healthcare Systems
• Privacy and Data Balkanization: Circumventing the Barriers
• 5G Network Slice Isolation with WireGuard and Open Source MANO: A VPNaaS Proof-of-Concept
• Transcending Transcend: Revisiting Malware Classification with Conformal Evaluation

Reports, Blogs, Etc.

• New Privacy Features in iOS 14
• On Risk-Based Authentication
• Amid an Embarrassment of Riches, Ransom Gangs Increasingly Outsource Their Work
• Attacks Aimed at Disrupting the Trickbot Botnet
• Ransomware Victims That Pay Up Could Incur Steep Fines from Uncle Sam
• Hackers disguise malware attack as new details on Donald Trump’s COVID-19 illness
• Recorded Future Express gives you elite security intelligence at zero cost
• Google warns of security holes in other vendors’ Android phones

October 1

News/Trends

• To hunt hackers, FBI works more closely with spy agencies
• These hackers have spent months hiding out in company networks undetected
• LinkedIn Password Thief Jailed
• Critical Vulnerabilities Found in Remote Access Software
• Lessons learned: Provisioning new employees during a pandemic
• How to fix Android’s Smart Lock Trusted Places feature
• Dual biometrics for banking: Double trouble or super-secure?
• Pandemic gives VDI a new lease on life

Law/Policy

•  Privacy, civil rights groups demand transparency from Amazon on election data breaches
• House approves legislation to send cybersecurity resources to state, local governments
• House panel says US intelligence community not equipped to address evolving Chinese threats
• House passes bills to secure energy sector against cyberattacks

Technical

•  Decentralized Patient Centric e-Health Record Management System using Blockchain and IPFS
• The General Law Principles for Protection the Personal Data and their Importance
• Toward Privacy and Utility Preserving Image Representation
• Uncertainty-Matching Graph Neural Networks to Defend Against Poisoning Attacks

Reports, Blogs, Etc.

•  Detecting Deep Fakes with a Heartbeat
• Negotiating with Ransomware Gangs
• Hacking a Coffee Maker
• Who’s Behind Monday’s 14-State 911 Outage?
• What to do first when your company suffers a ransomware attack
• A Complete Stranger Controlled This Woman’s Home Security System, but They’re Not the One She’s Angry With
• Should your company know who you’re dating *outside* work?
• The Windows XP and Windows Server 2003 source code leaks online

September 24

News/Trends

• SMS phishing scam pretends to be Apple “chatbot” – don’t fall for it!
• A real-life Maze ransomware attack – “If at first you don’t succeed…”
• US Customs and Border Protection Failed to Safeguard Data
• America Moves to Protect Free Speech Online
• Bug Fixes Take Twice as Long for Manufacturing Firms
• Computer Programmer Pleads Guilty to Lying about Silk Road Involvement
• Shopify Discloses Security Incident Involving Some Merchants’ Data

Law/Policy

•  Treasury sanctions individuals, groups tied to Russian malign influence activities
• House Republican introduces legislation to set standards for self-driving cars
• Government watchdog recommends creation of White House cyber director position
• FBI, DHS warn that foreign hackers will likely spread disinformation around election results

Technical

•  Distributed Differentially Private Mutual Information Ranking and Its Applications
• Pocket Diagnosis: Secure Federated Learning against Poisoning Attack in the Cloud
• Fundamental Limits of Byzantine Agreement
• FastSecAgg: Scalable Secure Aggregation for Privacy-Preserving Federated Learninghttps://arxiv.org/abs/2009.11248

Reports, Blogs, Etc.

•  Iranian Government Hacking Android
• Documented Death from a Ransomware Attack
• Amazon Delivery Drivers Hacking Scheduling System
• Former NSA Director Keith Alexander Joins Amazon’s Board of Directors
• Microsoft warns hackers are actively targeting Zerologon vulnerability. Patch pronto!
• Instagram photo flaw could have helped malicious hackers spy via users’ cameras and microphones
• Solving the Problem With Security Standards
• Since Remote Work Isn’t Going Away, Security Should Be the Focus