February 8

News/Trends

• Phishers Use Google Translate to Boost Success
• Android Users Exposed to Remote Hack via PNG File
• Ransomware Sees Further Decline, Banking Trojan Use Steps Up

• Android vulnerabilities open Pie to booby-trapped image attacks

• iPhone apps record your screen sessions without asking

• Student gets creative with data accidentally blasted out by university

• How to stay as private as possible on Apple’s iPad and iPhone
• Microsoft: Watch out for zero days; deferred patches, not so much

Law/Policy

• Microsoft extends free program to protect political campaigns from cyberattacks to Canada

• DHS cyber office hosting webinars with company stakeholders to discuss Chinese cyber threats

• Lawmakers put Pentagon’s cyber in their sights

• Report urges government, private firms collaborate to prevent fallout from major cyberattack

Technical

• Enhanced Performance for the encrypted Web through TLS Resumption across Hostnames

• A Manually-Curated Dataset of Fixes to Vulnerabilities of Open-Source Software

• Distributed Ledger Privacy: Ring Signatures, Möbius and CryptoNote

• Constructive Non-Linear Polynomial Cryptanalysis of a Historical Block Cipher

Reports, Blogs, Etc.

• China’s AI Strategy and its Security Implications

• Using Gmail “Dot Addresses” to Commit Fraud

• Major Zcash Vulnerability Fixed

• Facebook’s New Privacy Hires

• Update your iOS devices now against the FaceTime eavesdropping bug

• Google Chrome extension warns if your password has been leaked

• Phishers Target Anti-Money Laundering Officers at U.S. Credit Unions

• More Alleged SIM Swappers Face Justice

Advertisements

February 1

News/Trends

• Execs Remain Weak Link in Cybersecurity Chain

• Linux user? Check those patches! Public exploit published for systemd security holes…

• Why All Users Should Change Passwords Today

• Microsoft Azure data deleted because of DNS outage

• Hacker talks to baby through Nest security cam, jacks up thermostat

• China, Russia Drive Increased Cyber-Threats to US

• FaceTime bug, eavesdropping and digital snooping – what to do? [VIDEO]

Law/Policy

• Cyberattack fears on the rise after shutdown, intel testimony

• Facebook, Twitter remove thousands of accounts linked to Iran

• Ex-US intel agents helped UAE hack phones of critics: report

• Cyber firm says Iranian-linked espionage group targeting telecom, high-tech industries

Technical

• The Secure Link Prediction Problem

• An Extensive Formal Security Analysis of the OpenID Financial-grade API

• AnomiGAN: Generative adversarial networks for anonymizing private medical data

• Smart contracts for the Internet of Things: opportunities and challenges

Reports, Blogs, Etc.

• Security Flaws in Children’s Smart Watches

• Security Analysis of the LIFX Smart Light Bulb

• iPhone FaceTime Vulnerability

• 250 Webstresser Users to Face Legal Action

• Twitter follow bots cut off from API, as accounts disabled for spreading misinformation from Iran and elsewhere
• Smashing Security #113: FaceTime, Facebook, faceplant

• Exposed! Facebook pays teenagers to install app that harvests personal data

January 25

News/Trends

• Sneaky Malvertisers Target Apple Users with Hidden Malware

• #DeleteFacebook? #DeleteTwitter? #FatLotOfGood that will do you

• Scamming the Scammers: How a Security Biz Tricked Social Media Phishers

• Millions of bank loan and mortgage documents have leaked online (UPDATED)

• Cybercrime More Common than Offline Theft

• ‘Worst’ Ransomware Attack Hits Salisbury Police Department in Maryland

• Facebook debuts scam ads reporting tool

• Bomb threat spam may stem from GoDaddy DNS weakness

Law/Policy

• Survey: Businesses’ security investments lessening impact of data breaches

• Obama-era officials warn of shutdown’s damage to national security

• New intelligence strategy identifies emerging tech as major threat

• Washington fears new threat from ‘deepfake’ videos

• US gov issues emergency directive after wave of domain hijacking attacks

Technical

• LWeb: Information Flow Security for Multi-tier Web Applications

• PINPOINT: Efficient and Effective Resource Isolation for Mobile Security and Privacy

• Adaptive Quantum Image Encryption Method Based on Wavelet Transform

• Deep Adversarial Learning in Intrusion Detection: A Data Augmentation Enhanced Framework

Reports, Blogs, Etc.

• How the U.S. Govt. Shutdown Harms Security

• 773M Password ‘Megabreach’ is Years Old

• Stole $24 Million But Still Can’t Keep a Friend”

• Hacking the GCHQ Backdoor

• Military Carrier Pigeons in the Era of Electronic Warfare

• The Evolution of Darknets

• Hacking Construction Cranes

• Business Payroll Compromise – a New Way for Criminals to Steal from Your Company

January 17

News/Trends

• WEF: Cyber-Attacks a Major Global Risk for Next Decade
• MS Word Documents Spreading .Net RAT Malware
• Bugs Rack Web Host Sites and Flight-Booking System

• Email crooks swindle woman out of $150K from home sale

• Change your password! VoIP provider leaves huge database exposed online

• Are you sure those WhatsApp messages are meant for you?

• ‘We need new privacy laws,’ urges Apple CEO Tim Cook

Law/Policy

• Researchers identify malware that can dismantle cloud security protections

• US charges traders for hacking into SEC database

• Mobile providers at center of privacy storm

• Dem senator presses IRS on cyber risks for taxpayers during shutdown

Technical

• Translation Validation for Security Properties

• VeriSign: A Secure Contract Consensus Platform on the Blockchain with Amendment Functionality

• Secure Cloud-Edge Deployments, with Trust

• Statistical Models for the Number of Successful Cyber Intrusions

Reports, Blogs, Etc.

• “Stole $24 Million But Still Can’t Keep a Friend”

• Secret Service: Theft Rings Turn to Fuze Cards

• Smashing Security #111: When rivals hack, and ‘extreme’ baby monitors

• Why I Think the NSA is Releasing a Free Reverse Engineering Tool This Year at RSA

• A Remarkably Clear Overview of The Border Security Situation

• Alex Stamos on Content Moderation and Security

• Why Internet Security Is So Bad

January 11

News/Trends

• New Windows 10 build silences Cortana, brings passwordless accounts
• US Shutdown Plays into Hackers’ Hands
• Phishing Attacks Bypass Two-Factor Authentication
• Enterprise iPhones will soon be able to use security dongles

• Old tweets reveal hidden secrets

• 2FA codes can be phished by new pentest tool

• You can’t delete Facebook from some Androids and people aren’t happy

• Attributions Have Consequences: The Danger of Calling Out Cyberattackers

Law/Policy

• Security firm says worldwide cyber campaign targeting dozens of domains linked to Iran

• Worries mount as cybersecurity agency struggles amid shutdown

• National security center launches program to help US firms guard against foreign hackers

• Lawmakers make second bipartisan push to elevate federal IT official

Technical

• Secure and Computationally-Efficient Cryptographic Primitive based on Cellular Automation

• Artificial Intelligence and Location Verification in Vehicular Networks

• Extending Adversarial Attacks and Defenses to Deep 3D Point Cloud Classifiers

• Dynamic Multiparty Authentication of Data Analytics Services within Cloud Environments

Reports, Blogs, Etc.

• Secret Service: Theft Rings Turn to Fuze Cards

• Reddit users locked out of accounts after “security concern”

• Smashing Security #110: What? You can get paid to leave Facebook?

• Automated phishing attack tool bypasses 2FA protection

• Using a Fake Hand to Defeat Hand-Vein Biometrics

• Security Vulnerabilities in Cell Phone Systems

• Machine Learning to Detect Software Vulnerabilities

• New Attack Against Electrum Bitcoin Wallets

January 4

News/Trends

• Ransomware, phishing attacks top new HHS list of cyberthreats in healthcare

• Apple wants to stop you using dangerous USB-C devices

• Nearly 5 million passengers’ data leaked from online train ticketing platforms

• Cryptography failure leads to easy hacking for PlayStation Classic

• Managing Security in Today’s Compliance and Regulatory Environment

• Hackers Threaten to Release 9/11 Data ‘Trove’

• Emotet Malware Gets More Aggressive

• US Cloud Hoster Receives Christmas Ransomware ‘Gift’

Law/Policy

• Obama security adviser: US leadership needed to defeat global cyber threats

• Zuckerberg touts progress in fixing Facebook’s issues

• Cyber attack causes distribution delays at prominent US newspapers: report

• Election agency prepares to tackle foreign interference

Technical

• The Price of Free Illegal Live Streaming Services

• Towards Thwarting Social Engineering Attacks

• A Secure and Persistent Memory System for Non-volatile Memory

• Scalable Information-Flow Analysis of Secure Three-Party Affine Computations

Reports, Blogs, Etc.

• Long-Range Familial Searching Forensics

• Massive Ad Fraud Scheme Relied on BGP Hijacking

• Apple Phone Phishing Scams Getting Better

• Cloud Hosting Provider DataResolution.net Battling Christmas Eve Ransomware Attack

• The Difference Between Security and Privacy

• It Appears China is Building a Massive Espionage Database on America

• The Difference Between Decompilers, Disassemblers, Debuggers, and Hex Editors

• The Differences and Similarities Between IoT and ICS Security

December 20

News/Trends

• Click2Gov Breach Payment Cards Sold on Dark Web
• Hackers Depart from Large Dark Web Markets
• NASA Staff at Risk After Server Breach

• Drones shut down major international airport

• Most home routers lack simple Linux OS hardening security

• Serious Security: When cryptographic certificates attack

• Hackers Bypass Gmail, Yahoo 2FA at Scale

Law/Policy

• Congressional Report on the 2017 Equifax Data Breach

• DOJ charges Chinese nationals in cyber espionage campaign

• Treasury sanctions Russians over alleged election interference, nerve-agent attack

• US tech giant has been offering cybersecurity to terrorist groups: report

Technical

• Deep Transfer Learning for Static Malware Classification

• Detecting Standard Violation Errors in Smart Contracts

• Fast Botnet Detection From Streaming Logs Using Online Lanczos Method

• Preventing Attacks on Anonymous Data Collection

Reports, Blogs, Etc.

• Fraudulent Tactics on Amazon Marketplace

• New Shamoon Variant

• Real-Time Attacks Against Two-Factor Authentication

• Microsoft Issues Emergency Fix for IE Zero Day

• A Chief Security Concern for Executive Teams

• Spooked by a speaking security camera? Polite hacker tells owner how to fix his IoT security

• Facebook waited months before admitting privacy bug exposed millions of users’ unposted photos
• International email bomb hoax proves to be a spectacular failure