June 14

News/Trends

• Hackers can summon Cortana to break into Windows 10 PCs

• Email Threats Increase, Impact Productivity
• Crypto-Mining Malware Tops Charts, Targets Apps

• Mobile App Threats Continue to Grow

• Four Faces of Fraud: Identity, ‘Fake’ Identity, Ransomware & Digital

• A host of new security enhancements is coming to iOS and macOS
• Which Android phones get regular security updates? Here’s a hint

Law/Policy

• Security experts warn hackers will target Americans traveling to Russia for World Cup

• Senate confirms Trump Homeland Security cyber pick

• Dems question FCC’s claim of cyberattack during net neutrality comment period

• Facebook faces new data firestorm

Technical

• Static Malware Detection & Subterfuge: Quantifying the Robustness of Machine Learning and Current Anti-Virus

• Android Malware Detection using Large-scale Network Representation Learning

• Interpretable Machine Learning for Privacy-Preserving Pervasive Systems

• Accurate and Robust Neural Networks for Security Related Applications Exampled by Face Morphing Attacks

Reports, Blogs, Etc.

• Ranking the most influential computer security papers ever published

• From Westworld to Best World for the Internet of Things

• New iPhone OS May Include Device-Unlocking Security

• Router Vulnerability and the VPNFilter Botnet

• Apple confirms it’s closing security loophole that police were using to crack iPhones

• Tens of thousands of Android devices are leaving their debug port exposed

• Librarian Sues Equifax Over 2017 Data Breach, Wins $600

Advertisements

June 7

News/Trends

• A host of new security enhancements is coming to iOS and macOS
• DNA Site MyHeritage Spills Data on 92m Users
• Malware Targets Users of Online Banking Service
• In Pursuit of Cryptography’s Holy Grail

• Hackable CloudPets pulled from Target, Walmart, Amazon and more

• Global Business Leaders Eschew Proactive Security Investment

• From Westworld to Best World for the Internet of Things

• Oh the irony! When cybercriminals are rubbish at cybersecurity

Law/Policy

• Senate defense bill would authorize spying on Russians engaged in disinformation, hacking

• House panel approves bill to secure industrial systems from hacks

• SEC chief won’t ease securities rule for cryptocurrencies

• Experts warn massive malware network linked to Russia is more widespread

Technical

• Achieving Data Dissemination with Security using FIWARE and Intel Software Guard Extensions (SGX)

• Droplet: Decentralized Authorization for IoT Data Streams

• Improving the Privacy and Accuracy of ADMM-Based Distributed Algorithms

• PAC-learning in the presence of evasion adversaries

Reports, Blogs, Etc.

• Further Down the Trello Rabbit Hole

• VPNFilter Poses Broader Threat Than First Thought; Endpoints At Risk Too

• The Habituation of Security Warnings

• End-to-end encryption doesn’t stop the FBI reading your messages. Just ask Paul Manafort

• E-Mail Vulnerabilities and Disclosure

• Regulating Bitcoin

• An Example of Deterrence in Cyberspace

• Are Your Google Groups Leaking Data?

June 1

News/Trends

• SpamCannibal comes back to life, starts spam-blocking everyone

• Building Blocks for a Threat Hunting Program

• Banking Botnet Operators Strike Profit-Sharing Partnership

• What is Apple hiding with iOS 11.4?

• The Good News about Cross-Domain Identity Management

• Face, Iris and Pulse Biometrics Close in on Fingerprint

• Open Redis Servers Infected with Malware

• Hacker Defaces Ticketfly’s Website, Steals Customer Database

Law/Policy

• Civil liberties groups press Trump administration on NSA call record collection

• Security firm: North Korean cyber hacks have continued amid summit talks

• Rubio presses election commission to provide cybersecurity funding to Florida ahead of midterms

• Deadly attacks feared as hackers target industrial sites

Technical

• Fine-Pruning: Defending Against Backdooring Attacks on Deep Neural Networks

• Cybersecurity Information Sharing Governance Structures: An Ecosystem of Diversity, Trust, and Tradeoffs

• Greedy Attack and Gumbel Attack: Generating Adversarial Examples for Discrete Data

• Sequential Attacks on Agents for Long-Term Adversarial Goals

Reports, Blogs, Etc.

• FBI: Kindly Reboot Your Router Now, Please

• An acoustic attack can bluescreen your Windows computer
• An advert against online privacy

• Detecting Lies through Mouse Movements

• Cybercrime Is Skyrocketing as the World Goes Digital

• Will the Real Joker’s Stash Come Forward?

• I’m Not (Overly) Concerned About Smart Speaker Security, And You Shouldn’t Be Either

• Security and Human Behavior (SHB 2018)

May 25

News/Trends

• Testing of Uber’s Self-Driving Car Crashes to a Halt
• Google details how it will overturn encryption signals in Chrome
• Phishers Target Facebook to Harvest User Data
• How your web browser tells you when it’s safe
• Banks Aopt Military-Style Tactics to Fight Cybercrime

• T-Mobile bug let anyone see any customer’s account details

• 3 Things You Should Know About Europe’s Sweeping New Data Privacy Law
• Easy mobile security the Faraday way

Law/Policy

• Tech companies scramble as sweeping data rules take effect

• DOJ opens criminal probe into bitcoin price manipulation: report

• Dem calls for hearing on alleged wireless data disclosures

• FBI working to disrupt massive malware network linked to Russia

Technical

• Why developers cannot embed privacy into software systems? An empirical investigation

• Why Johnny Can’t Store Passwords Securely? A Usability Evaluation of Bouncycastle Password Hashing

• R-PackDroid: Practical On-Device Detection of Android Ransomware

• SEVered: Subverting AMD’s Virtual Machine Encryption

Reports, Blogs, Etc.

• VPNFilter botnet has hacked 500,000 routers. Reboot and patch now!

• Donald Trump’s smartphone security: an inconvenient truth

• Detecting Lies through Mouse Movements

• Supermarket Shoplifting

• Another Spectre-Like CPU Vulnerability

• Mobile Giants: Please Don’t Share the Where

• Most Expensive Data Breaches Start with Third Parties: Report

• F.B.I. Admits Overstating Locked Phone Problem, and Critics Pounce

May 18

News/Trends

• Hacker Dumps Data Stolen From Government-Linked Cyberespionage Group

• Shadowy Hackers Accidentally Reveal Two Zero-Days to Security Researchers

• Why Isn’t Integrity Getting the Attention It Deserves?

• Big Data Breaches Shine Spotlight on Laws Impacting Employee Data Protection

• US Lacks Policy to Address, Deter Cybercrime

• Facebook crushes 583 million fake accounts in 3 months

• ZipperDown catches 170,000 iOS apps with their pants down

• Data Security Incidents Spike as Human Error Dominates

Law/Policy

• Lawmakers take aim at Chinese tech giants in defense bill

• Dem lawmaker moves to block White House from eliminating cyber post

• Ryan to delay election security briefing, make it classified

• Homeland Security releases cyber strategy to counter evolving threats

Technical

• Towards Malware Detection via CPU Power Consumption: Data Collection Design and Analytics (Extended Version)

• DroidMark: A Tool for Android Malware Detection using Taint Analysis and Bayesian Network

• Test for penetration in Wi-Fi network: attacks on WPA2-PSK and WPA2-Enterprise

• Privacy-Preserving Boosting with Random Linear Classifiers for Learning from User-Generated Data

Reports, Blogs, Etc.

• Four-million Facebook users’ data wide open for anyone to download for years

• The Risks of Remote Desktop Access Are Far from Remote

• Sending Inaudible Commands to Voice Assistants

• Get Ready for ‘WannaCry 2.0’

• Maliciously Changing Someone’s Address

• Accessing Cell Phone Location Information

• Detecting Cloned Cards at the ATM, Register

• Tracking Firm LocationSmart Leaked Location Data for Customers of All Major U.S. Mobile Carriers Without Consent in Real Time Via Its Web Site

May 11

News/Trends

• White Hat Spoofs 2FA, Sends User to Phishing Page

• The WhatsApp text bomb – no, it won’t destroy your phone!

• Watch out: photo editor apps hiding malware on Google Play

• iOS 11.4 to come with 7-day USB shutout

• Two more evolving threats: JavaScript in Excel and payment processing in Outlook

• Apple boots out apps that abuse location data collection

• IBM bans USB drives – but will it work?

• As Personal Encryption Rises, So Do Backdoor Concerns

Law/Policy

• Lawmakers move to block government from ordering digital ‘back doors’

• House Intel Dems release thousands of Kremlin-linked Facebook ads

• House panel approves bills to secure energy infrastructure

• House panel approves bill to ‘hack’ the State Department

Technical

• Sequence Aggregation Rules for Anomaly Detection in Computer Network Traffic

• The Capacity of Private Information Retrieval from Uncoded Storage Constrained Databases

• The Utility Cost of Robust Privacy Guarantees

• Controlling the privacy loss with the input feature maps of the layers in convolutional neural networks

Reports, Blogs, Etc.

• Text bombs and “Black Dots of Death” plague WhatsApp and iMessage users

• Bad guys have something new to play with! Microsoft Excel adds support for JavaScript

• Airline Ticket Fraud

• Phishing Attack Bypasses Two-Factor Authentication

• The US Is Unprepared for Election-Related Hacking in 2018

• Supply-Chain Security

• Healthcare Prone to Attack, Still Unprepared

• Think You’ve Got Your Credit Freezes Covered? Think Again.

May 4

News/Trends

• How to Sell Your Old Phone Safely

• Microsoft claims to make Chrome safer with new extension

• Tech companies resist government hacking back and backdoors

• Medical devices vulnerable to KRACK Wi-Fi attacks

• Facebook’s getting a clear history button

• Google and Amazon put an end to censorship-dodging domain fronting

• Volkswagen and Audi car infotainment systems hacked remotely

• Dark Web Shop Sells Travel Reward Credentials

Law/Policy

• Senate confirms new Army cyber warfare unit leader

• Pentagon orders military stores to stop selling Chinese phones

• Tech firms fret over push to legalize ‘defensive’ hacking

• House Dem wants more oversight of Homeland Security’s cyber mission

Technical

• Authentication of Everything in the Internet of Things: Learning and Environmental Effects

• RF-PUF: IoT Security Enhancement through Authentication of Wireless Nodes using In-situ Machine Learning

• I Spy with My Little Eye: Analysis and Detection of Spying Browser Extensions

• Securing Social Media User Data – An Adversarial Approach

Reports, Blogs, Etc.

• We’re Doing Security Wrong!

• Twitter Alerts Users to Change Passwords Due to Flaw that Stored Them Unprotected

• Yes, you should change your Twitter password – but don’t panic

• The NSA wants its algorithms to be a global IoT standard. But they’re simply not trusted

• Detecting Laptop Tampering

• When Your Employees Post Passwords Online

• Smashing Security #076: Spying phones, hacked ski lifts, and World Password Day