October 11

News/Trends

• Apple to Congress: Chinese spy-chip story is “simply wrong”
• Mingis on Tech: Data breaches and the rise of ‘surveillance capitalism’
• Volume of Stolen Credentials Soars 141% in North America
• Microsoft Fixes Zero Day and Data Deletion Bugs

• Instagram tests sharing your location history with Facebook

• Why Apple must be looking into using blockchain

• Escaping Notice, by Laying Low

Law/Policy

• Trump’s praise for North Korea complicates cyber deterrence

• National security leaders warn of Chinese efforts to sway American opinion

• Election security groups warn of cyber vulnerabilities for emailed ballots

• Lawmakers press Super Micro for answers on hacking concerns

Technical

• Adaptive Fraud Detection System Using Dynamic Risk Features

• True2F: Backdoor-resistant authentication tokens

• You Shall Not Bypass: Employing data dependencies to prevent Bounds Check Bypass

• A quantum homomorphic encryption scheme for polynomial-sized circuits

Reports, Blogs, Etc.

• Another Bloomberg Story about Supply-Chain Hardware Attacks from China

• Security Vulnerabilities in US Weapons Systems

• Naming & Shaming Web Polluters: Xiongmai

• Smashing Security #099: Passwords – A Smashing Security splinter (replay)

• California’s ban on weak default passwords isn’t going to fix IoT security

• Making Sense of Microsoft’s Endpoint Security Strategy

• Retired Malware Samples: Everything Old is New Again

Advertisements

October 5

News/Trends

• Successful Scammers Call After Lunch
• Credential-Phishing Attempts Highest on Tuesdays
• Google taking new steps to prevent malicious Chrome extensions
• DevOps Producing More Insecure Apps Than Ever
• Fake News Domains Spoof UK News Sites

• For $14.71, You Can Buy A Passport Scan on the Dark Web

• Who Do You Trust? Parsing the Issues of Privacy, Transparency & Control

Law/Policy

• Apple, Amazon, among companies compromised in Chinese intelligence hack: report

• Senate passes key cyber bill cementing cybersecurity agency at DHS

• US to offer NATO its cyber capabilities

• DHS chief: Congress hampering efforts to tackle evolving threats

Technical

• Generating Labeled Flow Data from MAWILab Traces for Network Intrusion Detection

• Turning Lemons into Peaches using Secure Computation

• Revealing Network Structure, Confidentially: Improved Rates for Node-Private Graphon Estimation

• Distributing and Obfuscating Firewalls via Oblivious Bloom Filter Evaluation

Reports, Blogs, Etc.

• Detecting Credit Card Skimmers

• Conspiracy Theories Around the “Presidential Alert”

• China accused of sabotaging thousands of servers at major US companies with tiny microchips hidden on motherboards

• Even with the latest iOS 12 update, your iPhone’s lockscreen is unsafe

• Two reasons to reconsider your Facebook membership

• When Security Researchers Pose as Cybercrooks, Who Can Tell the Difference?

• Voice Phishing Scams Are Getting More Clever

• Facebook Security Bug Affects 90M Users

September 28

News/Trends

• Facebook says 50 million accounts affected by ‘security issue’

• Russian hackers ‘Fancy Bear’ now targeting governments with rootkit malware

• Users Rage Against the Dying of Skype 7.0
• Security Staffing Low in Midsized and Large Orgs
• Apple’s dropping Back To My Mac Remote Access. Here’s an Alternative, Currently Discounted.
• Easy-to-prevent Apple flaw may threaten enterprise security
• Google Promises Chrome Updates after Sign In Synchronization Snafu

Law/Policy

• Dems want briefing on Trump claims of Chinese election meddling

• Election security bill won’t pass ahead of midterms, says key Republican

• Cyber criminals increasingly target cryptocurrency, research finds

• 5G brings promise of innovation tinged with conflicts

Technical

• Optimal Noise-Adding Mechanism in Additive Differential Privacy

• PolyShard: Coded Sharding Achieves Linearly Scaling Efficiency and Security Simultaneously

• Identification of Wearable Devices with Bluetooth

• Security Implications of Fog Computing on the Internet of Things

Reports, Blogs, Etc.

• Secret Service Warns of Surge in ATM ‘Wiretapping’ Attacks

• Beware of Hurricane Florence Relief Scams

• Credit Freezes are Free: Let the Ice Age Begin

• Zuckerberg’s Facebook page? I’ll livestream its deletion, says hacker

• Counting People Through a Wall with WiFi

• Yet Another IoT Cybersecurity Document

• New Variants of Cold-Boot Attack

September 21

News/Trends

• Cyber-Attack Inevitable, Businesses Not Prepared
• Why Windows 10 is the most secure Windows ever

• Warning issued as Netflix subscribers hit by phishing attack

• Apple’s dropping Back To My Mac Remote Access. Here’s an Alternative, Currently Discounted.
• US Approves Cyber Weapons Against Foreign Enemies

• 6 Security Training Hacks to Increase Cyber IQ Org-Wide

• Over 90% of US Retailers Fail PCI DSS

Law/Policy

• Google says senators’ Gmail accounts targeted by foreign hackers

• US to prioritize attacks against foreign adversaries under new cyber strategy

• Report finds states have improved cybersecurity for voter registration data

• New Defense cyber strategy gives military power on preventative cyberattacks

Technical

• Compounding of Wealth in Proof-of-Stake Cryptocurrencies

• Taming the War in Memory: A Resilient Mitigation Strategy Against Memory Safety Attacks in CPS

• Chorus: Differential Privacy via Query Rewriting

• Security and Protocol Exploit Analysis of the 5G Specifications

Reports, Blogs, Etc.

• Making Sense of Microsoft’s Endpoint Security Strategy

• Scammers Use Breached Personal Details to Persuade Victims

• Cyber is Cyber is Cyber

• Smashing Security #096: Bribing Amazon staff, and blinking deepfakes

• “Peekaboo” zero-day lets hackers view and alter surveillance camera footage

• Security Vulnerability in ESS ExpressVote Touchscreen Voting Computer

• Pegasus Spyware Used in 45 Countries

September 14

News/Trends

• Microsoft Office Macros Still No. 1 Malware Delivery
• Cloud-Native Attacks Executed Against Known CVEs
• Google wants to get rid of URLs but doesn’t know what to use instead

• Blockchain hustler beats the house with smart contract hack

• #RockYourSOC Spotlight on Insider Threat
• New modification of the old cold boot attack leaves most systems vulnerable
• Georgia says switching back to all-paper voting is logistically impossible

Law/Policy

• North Korea warns US that cyberattack allegations could undermine talks

• Bipartisan trio asks US intelligence to investigate ‘deepfakes’

• Dem introduces bill to create federal cybersecurity apprenticeship program

• Treasury targets North Korean-run IT companies with sanctions

Technical

• Reversing the asymmetry in data exfiltration

• SAFE: A Neural Survival Analysis Model for Fraud Early Detection

• Real-Time Lightweight Chaotic Encryption for 5G IoT Enabled Lip-Reading Driven Secure Hearing-Aid

• Transforming acoustic characteristics to deceive playback spoofing countermeasures of speaker verification systems

Reports, Blogs, Etc.

• U.S. Mobile Giants Want to be Your Online Identity

• Trend Micro apologises after Mac apps found scooping up users’ browser history

• Military, Government Users Just as Bad About Password Hygiene as Civilians

• Security Risks of Government Hacking

• Quantum Computing and Cryptography

• Apps that steal users’ browser histories kicked out of the Mac App store

• EternalBlue Infections Persist

September 7

News/Trends

• German Researchers Spoof Certificate Authorities
• Thousands of unsecured 3D printers discovered online
• Iranian APT Believed to Be Targeting Citizens
• Firefox finally casts Windows XP users adrift

• Dark web sites could be exposed by routine slip-up

• Firefox to auto-block ad trackers
• Blockers Alone Won’t Cure Malvertising Woes

• The Role of Incident Response in ICS Security Compliance

Law/Policy

• NRCC chief faults Dems for breakdown in talks over hacked information

• DOJ to announce charges against North Korean in Sony hack: reports

• Homeland Security awards massive cyber contract to ManTech

• Far-right activist interrupts Twitter hearing

Technical

• HASP: A High-Performance Adaptive Mobile Security Enhancement Against Malicious Speech Recognition

• Multi-Client Order-Revealing Encryption

• Probabilistic Modeling and Inference for Obfuscated Cyber Attack Sequences

• Bridging machine learning and cryptography in defence against adversarial attacks

Reports, Blogs, Etc.

• If an extension goes rogue, everything you do in your browser is compromised

• Cryptominers killing cryptominers to squeeze more out of your CPU

• Five-Eyes Intelligence Services Choose Surveillance Over Security

• Using a Smartphone’s Microphone and Speakers to Eavesdrop on Passwords

• New Book Announcement: Click Here to Kill Everybody

• Eavesdropping on Computer Screens through the Webcam Mic

• Browser Extensions: Are They Worth the Risk?

• For 2nd Time in 3 Years, Mobile Spyware Maker mSpy Leaks Millions of Sensitive Records

August 30

News/Trends

• Machine Identity Failings Expose Firms
• Cryptocurrency Platform Suffers Data Breach
• Stamping Out Art Forgery with Cryptocurrency
• Microsoft obliquely acknowledges Windows 0-day bug published on Twitter
• Chrome 69 will take the next step to killing Flash, roll out new design

• How one man could have pwned all your PHP programs

• Why Yahoo scanning user email is no cause for panic

• Botnets Serving Up More Multipurpose Malware

Law/Policy

• FBI launches website on efforts to combat foreign influence campaigns

• Russia testing technology to ban encrypted messaging app Telegram: report

• Washington’s Fall Agenda: Midterms to test new security efforts

• GOP lawmakers urge improvements to cyber vulnerabilities resource

• Forcing iPhone unlock violates Fifth Amendment, says Court of Appeals

Technical

• Timelines for In-Code Discovery of Zero-Day Vulnerabilities and Supply-Chain Attacks

• VirtualIdentity: Privacy-Preserving User Profiling

• Backdoor Embedding in Convolutional Neural Network Models via Invisible Perturbation

• The Bounded Laplace Mechanism in Differential Privacy

Reports, Blogs, Etc.

• Smashing Security #093: Abandoned domains and dating app dangers

• Instagram finally supports third-party authentication apps for greater account security
• Fortnite fury over how Google handled its security hole

• Eavesdropping on Computer Screens through the Webcam Mic

• CIA Network Exposed through Insecure Communications System

• Future Cyberwar

• How Hackers Hit Printers