January 10

News/Trends

• Facebook Improves Political Ad Transparency but Refuses Ban
• Amazon Ring Workers Fired After Watching Users’ Videos
• What the newly released Checkra1n jailbreak means for iDevice security

• AWS Issues ‘Urgent’ Warning for Database Users to Update Certs

• Mozilla patches Firefox zero-day as attackers exploit flaw

• Chinese Malware Found Preinstalled on US Government-Funded Phones

• Apple wants privacy laws to protect its users

• Study Points to Lax Focus on Cybersecurity

Law/Policy

• Voting equipment companies throw weight behind enhanced disclosures

• FBI, DHS issue bulletin warning of potential Iranian cyberattacks

• Microsoft takes legal action against North Korean cybercrime group

• Lawmakers close to finalizing federal strategy to defend against cyberattacks

Technical

• Short-Range Audio Channels Security: Survey of Mechanisms, Applications, and Research Challenges

• Architecture and Security of SCADA Systems: A Review

• Is Cryptojacking Dead after Coinhive Shutdown?

• Shallow Encoder Deep Decoder (SEDD) Networks for Image Encryption and Decryption

Reports, Blogs, Etc.

• Lawmakers Prod FCC to Act on SIM Swapping

• Tricky Phish Angles for Persistence, Not Passwords

• The Hidden Cost of Ransomware: Wholesale Password Theft

• New SHA-1 Attack

• USB Cable Kill Switch for Laptops

• Mailbox Master Keys

• Stop everything. Update Firefox now

• Just one month later, the Currys PC World/Dixons Travel hack would have cost them a heck of a lot more

January 3

News/Trends

• What the newly released Checkra1n jailbreak means for iDevice security
• Why big ISPs aren’t happy about Google’s plans for encrypted DNS
• US Soldiers Banned from Using TikTok

• Resolve to fix your Online Security Mess in 2020. Here’s how.

• Cryptocurrency exchange Poloniex issues password reset warning

• Python is dead. Long live Python!

• 7 types of virus – a short glossary of contemporary cyberbadness

• Study finds Chinese Hardware Powers U.S. Voting Machine

Law/Policy

• Lawmakers close to finalizing federal strategy to defend against cyberattacks

• Election security, ransomware dominate cyber concerns for 2020

• CyberCom mulls aggressive tactics if Russia interferes in next election: report

• Twitter removes 88K accounts tied to Saudi Arabia

Technical

• Differentially Private M-band Wavelet-Based Mechanisms in Machine Learning Environments

• User Acceptance of Usable Blockchain-Based Research Data Sharing System: An Extended TAM Based Study

• Erase and Restore: Simple, Accurate and Resilient Detection of L2 Adversarial Examples

• Web APIs in Android through the Lens of Security

Reports, Blogs, Etc.

• Chrome Extension Stealing Cryptocurrency Keys and Passwords

• Mysterious Drones Are Flying over Colorado

• Hacking School Surveillance Systems

• Smashing Security #159: Rap, robbery, and IoT holiday hell

• 49% of workers, when forced to update their password, reuse the same one with just a minor change

• Ransomware Gangs Now Outing Victim Businesses That Don’t Pay Up

• Inside ‘Evil Corp,’ a $100M Cybercrime Menace

December 6

News/Trends

• Mega Breaches Are Forcing Us to a Passwordless World. Are We Finally Ready?

• What the newly released Checkra1n jailbreak means for iDevice security
• All’s clear to install Microsoft’s November patches
• How blockchain will kill fake news (and four other predictions for 2020)
• 7 mobile security threats that may catch you by surprise

• Staying Safe when Shopping this Holiday Season: Bricks and Clicks Edition

• Major data center provider hit by ransomware attack, claims report

Law/Policy

• US sanctions Russian group over $100M cyber hack

• Senators want FERC to protect critical infrastructure from Huawei threats

• Senators sound alarm on dangers of ransomware attacks after briefing

• Advocates rally on Capitol Hill for self-driving car legislation

Technical

• A Survey of Game Theoretic Approaches for Adversarial Machine Learning in Cybersecurity Tasks

• Gobi: WebAssembly as a Practical Path to Library Sandboxing

• Catch Me (On Time) If You Can: Understanding the Effectiveness of Twitter URL Blacklists

• FMPC: Secure Multiparty Computation from Fourier Series and Parseval’s Identity

Reports, Blogs, Etc.

• Banking Trojans Are Top Financial Services Threat

• Andy Ellis on Risk Assessment

• Becoming a Tech Policy Activist

• The Story of Tiversa

• Cameras that Automatically Detect Mobile Phone Use

• Apple Explains Mysterious iPhone 11 Location Requests

• Data Center Provider CyrusOne Confirms Ransomware Attack

November 27

News/Trends

• Google Sends 12,000 State Phishing Warnings in Three Months

• Parents say creep hacked their baby monitor to tell toddler they ‘love’ her

• New Free Emulator Challenges Apple’s Control of iOS

• Analysis of Jira Bug Stresses Impact of SSRF in Public Cloud

• New Bill Could Cost US Companies Data

• Splunk customers should update now to dodge Y2K-style bug

• Firefox gets tough on tracking tricks that sneakily sap your privacy

Law/Policy

• China issues directive to ‘intensify’ protections around intellectual property rights

• Facebook unveils market research app that pays users to take surveys

• FCC votes to bar use of its funds to purchase Huawei, ZTE equipment

• DHS cyber agency invests in election auditing tool to secure 2020 elections

Technical

• Secure Sketch for All Noisy Sources

• Real-time Analysis of Privacy-(un)aware IoT Applications

• PAC learning with stable and private predictions

• When NAS Meets Robustness: In Search of Robust Architectures against Adversarial Attacks

Reports, Blogs, Etc.

• It’s Way Too Easy to Get a .gov Domain Name

• Sale of 4 Million Stolen Cards Tied to Breaches at 4 Restaurant Chains

• Hidden Cam Above Bluetooth Pump Skimmer

• Facebook and Twitter warn some users’ private data was accessed via third-party app SDK

• Smash-and-grab car thieves use Bluetooth to target cars containing tech gadgets

• The NSA Warns of TLS Inspection

• Iran Has Shut Off its Internet

• GPS Manipulation

November 15

News/Trends

• What you need to know about new data-security rules for business travel
• Why you should begin using Sign in with Apple
• Boom in Lookalike Retail Domains
• Healthcare Malware Infections Soar 60% from 2018
• Alleged $20M Carding Forum Mastermind Faces US Charges
• What the newly released Checkra1n jailbreak means for iDevice security
• Hackers are now targeting councils and governments, threatening to leak citizen data

• How ransomware attacks

Law/Policy

• Bipartisan bill to secure election tech advances to House floor

• China hacked US manufacturing group amid trade talks: report

• Lawmaker warns TikTok could pose national security risk

• Key Republican senator points to Chinese IP theft as holding up trade deal

Technical

• Machine Learning Based Network Vulnerability Analysis of Industrial Internet of Things

• By the user, for the user: A user-centric approach to quantifying the privacy of websites

• Systematic Classification of Attackers via Bounded Model Checking

• Enabling Efficient Privacy-Assured Outlier Detection over Encrypted Incremental Datasets

Reports, Blogs, Etc.

• Orcus RAT Author Charged in Malware Scheme

• Only after running out of hard disk space did firm realise hacker had stolen one million users’ details

• BlueKeep: What you Need to Know

• Technology and Policymakers

• NTSB Investigation of Fatal Driverless Car Accident

• Identifying and Arresting Ransomware Criminals

• xHelper Malware for Android

• Details of an Airbnb Fraud

November 8

News/Trends

• Phishing Campaign Used Subpoena-Themed Email to Deliver Infostealer

• Thunder on the Horizon: 4 Security Threats for the Cloud

• Amazon Doorbell Camera Lets Hackers Access Household Network

• Bugcrowd Pays Out Over $500K in Bounties in One Week

• Ring Flaw Underscores Impact of IoT Vulnerabilities

• Escaping the Egregious Eleven – Part One

• US Company Accused of Selling Flawed Chinese Tech as “Made in USA” to US Military

Law/Policy

• Wyden urges FCC to secure 5G networks against cyber threats

• Administration officials say election security is a ‘top priority’ ahead of 2020

• Senators introduce cybersecurity workforce expansion bill

• TikTok faces lawmaker anger over China ties

Technical

• PAIRS: Control Flow Protection using Phantom Addressed Instructions

• Data Poisoning Attacks to Local Differential Privacy Protocols

• Intriguing Properties of Adversarial ML Attacks in the Problem Space

• Privacy Preserving Threat Hunting in Smart Home Environments

Reports, Blogs, Etc.

• Study: Ransomware, Data Breaches at Hospitals tied to Uptick in Fatal Heart Attacks

• Mac users warned that disabling all Office macros doesn’t actually disable all Office macros

• Nikkei worker tricked into transferring $29 million into scammer’s bank account

• xHelper Malware for Android

• Eavesdropping on SMS Messages inside Telco Networks

• Details of an Airbnb Fraud

• Obfuscation as a Privacy Tool

• Homemade TEMPEST Receiver

November 1

News/Trends

• Think you’re anonymous online? A third of popular websites are ‘fingerprinting’ you.
• Facebook Removes Russian Networks Targeting African Users

• Tripwire Patch Priority Index for October 2019

• Man Admits Role in Identity Theft Plot that Targeted U.S. Military Persons

• Google Patches Chrome Zero-Day Under Active Attack

• Fraudsters Use Salary Increase Scam to Steal Employees’ Credentials

• Details of Attack on Electric Utility Emerge

• Fakes, Privacy Awareness and Disaster Relief Predicted for 2020

Law/Policy

• New Pennsylvania law gives counties $90M for election security efforts

• Government officials worldwide targeted in WhatsApp hack: report

• Almost 100 former officials, members of Congress urge Senate action on election security

• Senators introduce bill to strengthen cybersecurity of local governments

Technical

• Chasing Accuracy and Privacy, and Catching Both: A Literature Survey on Differentially Private Histogram Publication

• Secure Logging with Security against Adaptive Crash Attack

• Robust and Undetectable White-Box Watermarks for Deep Neural Networks

• Outsourcing Computation: the Minimal Refereed Mechanism

Reports, Blogs, Etc.

• Men paid $100K by Uber to hush up hack plead guilty to extortion scheme

• Smashing Security #152: Cats, hoodies, and rent

• Medical data is being leaked by NHS pagers, and then broadcast for the world to see…

• How Facebook helps an abusive ex-partner find out your new identity, even after you’ve blocked them

• Resources for Measuring Cybersecurity

• A Broken Random Number Generator in AMD Microcode

• ICT Supply-Chain Security

• Former FBI General Counsel Jim Baker Chooses Encryption Over Backdoors