July 19

News/Trends

• Security Lessons From a New Programming Language

• Silent Mac update nukes dangerous webserver installed by Zoom
• The clever cryptography behind Apple’s “Find My” feature
• How to take control of Face ID (with tools you may not know exist)
• Microsoft OneDrive gets a more secure Personal Vault, plus additional storage options
• How and why Apple users should switch to DuckDuckGo for search
• Open Source Hacking Tool Grows Up
  

Law/Policy

• Senators introduce legislation to boost cyber defense training in high school

• States need more federal funds to secure elections: report

• Senate passes bill making hacking voting systems a federal crime

• Alarm sounds over census cybersecurity concerns

Technical

• Connecting Lyapunov Control Theory to Adversarial Attacks

• A Novel Approach for Detection and Ranking of Trendy and Emerging Cyber Threat Events in Twitter Streams

• A Differentially Private Algorithm for Range Queries on Trajectories

• Laptop Theft in a University Setting can be Avoided with Warnings

Reports, Blogs, Etc.

• John Paul Stevens Was a Cryptographer

• Alan Turing – the face of the new £50 note

• Identity Theft on the Job Market

• Zoom Vulnerability

• Apple pushes out another silent update to address flaws in RingCentral and other video conferencing apps

• Party Like a Russian, Carder’s Edition

• Slack response. Passwords reset four years after data breach

• Thousands of NHS computers are still running Windows XP from beyond the grave

Advertisements

July 12

News/Trends

• IT pros: we’re understaffed, under-resourced and under pressure

• New Windows 7 ‘security-only’ update installs telemetry/snooping, uh, feature

• Hey, Google, why are your contractors listening to me?

• How to set up Microsoft Cloud App Security
  
• US mayors group adopts resolution not to pay any more ransoms to hackers
• Flaw in GE Anesthesia and Respiratory Devices
• Healthcare Organizations Too Confident in Cybersecurity

• Apple Disables Walkie-Talkie App Over Privacy Concerns

Law/Policy

• Feds allow campaigns to accept discounted cybersecurity services

• Google admits workers listen to some smart device recordings

• Republicans say they’re satisfied with 2020 election security after classified briefings

• Lawmakers, experts see combating Russian disinformation as a ‘battle’

Technical

• Amplifying Rényi Differential Privacy via Shuffling

• Challenges and Directions for Authentication in Pervasive Computing

• An Energy-Efficient Reconfigurable DTLS Cryptographic Engine for Securing Internet-of-Things Applications

• On Designing Machine Learning Models for Malicious Network Traffic Classification

Reports, Blogs, Etc.

• FEC: Campaigns Can Use Discounted Cybersecurity Services

• Who’s Behind the GandCrab Ransomware?

• Microsoft to Require Multi-Factor Authentication for Cloud Solution Providers

• Presidential Candidate Andrew Yang Has Quantum Encryption Policy

• Details of the Cloud Hopper Attacks

• Cell Networks Hacked by (Probable) Nation-State Attackers

• Apple pushes out silent update to remove sketchy Zoom code from Macs

• US Cyber Command warns nation-state hackers are exploiting old Microsoft Outlook bug. Make sure you’re patched!

June 20

News/Trends

• Millions Fall Victim to System Cleaner Hoaxes
• Security Should Be Business Focused, Says ISF
• SACK Panic Vulnerability in Linux

• Bithumb Hit with Data Leak Charges, Denies Link to Hack

• Google asks Chrome users for help in spotting deceptive sites
• What the latest iOS passcode hack means for you
• WWDC: Has Apple closed the door on non-Mac App Store apps?
• Google launches new Chrome protection from bad URLs
  

Law/Policy

• Senate panel advances bill to protect government devices against cyber threats

• Senators weigh potential security risks from Chinese-made drones

• Maryland governor signs order to boost cybersecurity after Baltimore ransomware attack

• Democrats detail new strategy to pressure McConnell on election security bills

Technical

• A Secure Contained Testbed for Analyzing IoT Botnets

• Symmetries and isomorphisms for privacy in control over the cloud

• Cyber-Risks in Paper Voting

• Deep Recurrent Adversarial Learning for Privacy-Preserving Smart Meter Data Release

Reports, Blogs, Etc.

• Risks of Password Managers

• Maciej Cegłowski on Privacy in the Information Age

• Data, Surveillance, and the AI Arms Race

• 645,000 people warned their personal health data at risk after phishing attack

• NHS service accidentally reveals identities of HIV patients in email blunder

• Machine Learning Doesn’t Introduce Unfairness: It Reveals It

• Joining Axonius to Tackle Cybersecurity Asset Management

• Cybersecurity Advice for Political Campaigns

June 14

News/Trends

• Malware a Serious Threat for Industrial Orgs

• Critical flaw found in Evernote Web Clipper for Chrome

• Android phones can now be security keys for iOS devices

• The clever cryptography behind Apple’s “Find My” feature

• YouTube Attacks to Watch Out For in 2019

• The Tax Paying Hacker: A Modern Phenomenon

• Aircraft Parts Manufacturer Halts Operations After Ransomware Attack

• Millions of Email Servers at Risk from Cryptomining Worm

Law/Policy

• Klobuchar, Murkowski introduce legislation to protect consumer health data

• Hacking group targeting U.S. electric utilities: report

• Lawmakers grapple with deepfake threat at hearing

• Bipartisan bill would enable companies to defend themselves against cyberattacks

Technical

• Hackers vs. Security: Attack-Defence Trees as Asynchronous Multi-Agent Systems

• Metrics Towards Measuring Cyber Agility

• Money Cannot Buy Everything: Trading Infinite Location Data Streams with Bounded Individual Privacy Loss

• A Computationally Efficient Method for Defending Adversarial Deep Learning Attacks

Reports, Blogs, Etc.

• Video Surveillance by Computer

• Report on the Stalkerware Industry

• Rock-Paper-Scissors Robot

• Email blackmailer threatens to have your website blocked forever

• BlueKeep – everyone agrees, you should patch PCs running legacy versions of Windows

• Sensory Overload: Filtering Out Cybersecurity’s Noise

• Triton Attackers Seen Scanning US Power Grid Networks

• Workshop on the Economics of Information Security

June 7

News/Trends

• New Adware Found in 200+ Google Play Apps
• NSA Warns Windows Users to Upgrade, STAT

• Vulnerability Found in Millions of Email Systems

• Massive Changes to Tech and Platforms, But Cybercrime? Not So Much

• The Minefield of Corporate Email

• What’s the best approach to patching vulnerabilities?

• Researchers eavesdrop on smartphone finger taps

• Fortune 500 Company Addresses Weakness Behind 264GB Data Leak

Law/Policy

• Democratic senators press third party involved in Quest Diagnostics, LabCorp data breach

• High-profile data breaches underline cyber threats to health care industry

• Russia’s Twitter disinformation campaign far more extensive than previously known: study

• House Democrat places hold on State Department’s move to establish cyber bureau

Technical

• Investigation of Cyber Attacks on a Water Distribution System

• Enhancing Gradient-based Attacks with Symbolic Intervals

• Privacy-Preserving Classification of Personal Text Messages with Secure Multi-Party Computation: An Application to Hate-Speech Detection

• Should Adversarial Attacks Use Pixel p-Norm?

Reports, Blogs, Etc.

• Should Failing Phish Tests Be a Fireable Offense?

• Legal Threats Make Powerful Phishing Lures

• iOS Shortcut for Recording the Police

• The Cost of Cybercrime

• The Importance of Protecting Cybersecurity Whistleblowers

• Umm.. that’s not a movies password update. That’s a downgrade

• Cryptocurrency wallet GateHub hacked, nearly $10 million worth of Ripple (XRP) stolen

• Radisson Rewards may have leaked your data… again

May 24

News/Trends

• Any advance on $1.2m for this virus-infested netbook?

• Safari test points to a future with tracker-free ads

• Mobile Banking Malware Rose 58% in Q1
• Fake Trezor App in Google Play Scams Users
• Fraud Attacks from Mobile Spiked 300% in Q1

• Phisher folk reel in Computacenter security vetting mailbox packed with sensitive staff data

• Lower fines for firms that admit role in data breach

• Windows 10 May 2019 Update now rolling out to everyone… slowly
• The radio navigation planes use to land safely is insecure and can be hacked

Law/Policy

• Feds Target $100M ‘GozNym’ Cybercrime Network

• Fake videos edited to make Pelosi appear drunk spread on social media

• Senators offer bipartisan bill to help US firms remove Huawei equipment from networks

• DHS official: Florida one of the ‘best’ states on election security, despite 2016 Russian hack

Technical

• Simulation-Based Cyber Data Collection Efficacy

• Hey Google, What Exactly Do Your Security Patches Tell Us? A Large-Scale Empirical Study on Android Patched Vulnerabilities

• Elliptical Perturbations for Differential Privacy

• Approximate String Matching for DNS Anomaly Detection

Reports, Blogs, Etc.

• Legal Threats Make Powerful Phishing Lures

• Account Hijacking Forum OGusers Hacked

• Smashing Security #129: Too Long; Didn’t Listen

• Fingerprinting iPhones with the built-in gyroscope

• Google Stored Business Customers’ Passwords in Plaintext on Its Servers… For 14 Years

• Visiting the NSA

• How Technology and Politics Are Changing Spycraft

• The Concept of “Return on Data”

May 17

News/Trends

• Hacktivist attacks dropped by 95% since 2015

• Firms That Promised High-Tech Ransomware Solutions Almost Always Just Pay the Hackers

• GozNym malware: cybercriminal network dismantled in international operation

• More Orgs Use Booby Traps for Counterintelligence
• Do Apple devices need anti-virus software?
• The radio navigation planes use to land safely is insecure and can be hacked

• Google recalls Titan Bluetooth keys after finding security flaw

• A Trustworthy Digital Foundation Is Essential to Digital Government

Law/Policy

• Baltimore creates cybersecurity review panel following ransomware attack

• Florida lawmakers push FBI, DHS to declassify names of the two counties hacked by Russia in 2016

• Feds take down cybercrime group that stole $100M

• Top Republican says Senate unlikely to vote on any election security bills

Technical

• Secure and Utility-Aware Data Collection with Condensed Local Differential Privacy

• Data Poisoning Attacks on Stochastic Bandits

• Parsimonious Black-Box Adversarial Attacks via Efficient Combinatorial Optimization

• On the Cost of Cyber Security in Smart Business

Reports, Blogs, Etc.

• Feds Target $100M ‘GozNym’ Cybercrime Network

• A Tough Week for IP Address Scammers

• Microsoft Patches ‘Wormable’ Flaw in Windows XP, 7 and Windows 2003

• Oh, the irony… Malware spread via Best of the Web security seals

• Urgent! Update WhatsApp NOW to add new sticker support

• Why Are Cryptographers Being Denied Entry into the US?

• More Attacks against Computer Automatic Update Systems

• Another Intel Chip Flaw