Cybersecurity

Can Legislatures Safely Vote by Internet?

It is a well understood scientific fact that Internet voting in public elections is not securable: "the Internet should not be used for the return of marked ballots. ... [N]o known technology guarantees the secrecy, security, and verifiability of a marked ballot transmitted over the Internet." But can legislatures (city councils, county boards, or the U.S. Congress) safely vote by Internet? Perhaps they can. To understand why, let's examine two important differences between legislature votes and public elections. more

Reported Cyberattack Against Israel Only Ransomware to Regulatory Body, Electric Grid Not In Danger

Ransomware via a phishing attack was sent to Israel Electric Authority, not the power grid, as was heavily reported in mainstream media today. According to a cyber analyst in Israel (Eyal Sela) the media reporting so far is misleading with regards to the context around the incident, reports Robert M. Lee of SANS Institute. more

Trust and Insecurity

When I was first advocating home networking at Microsoft, we encountered a problem. The existing systems and applications had implicitly assumed they were inside a safe environment and didn't consider threats from bad actors. Early Windows systems hadn't yet provided file system with access control and other protections though there were some attempts to have separate logins to keep some settings separate. more

Pro-Trump Russians Accused for Democratic National Committee Email Hack, FBI Investigating

"DNC Hack Prompts Allegations of Russian Involvement," Damian Paletta and Devlin Barrett reported in the Wall Street Journal today: "U.S. authorities said they are still investigating who perpetrated the hack, but cybersecurity experts said the email release resembled past examples of political interference that other countries have tied to Russia." more

Over 2 Million VPN Passwords Compromised by Malware Attacks

A recent report from Specops Software reveals alarming security vulnerabilities within VPN password systems, highlighting over two million VPN passwords stolen by malware in the past year. more

Israel Becoming a Go-To Place for Cybersecurity

A report released by IVC Research Center in advance of this year's annual Cybertech 2016, highlights how a tight interplay between industry, investors, and the government has turned Israel into a center of cybersecurity technology. more

White House Appoints Retired Air Force General as First Cyber Security Chief

As part of its effort to improve defenses against hackers, the White House today named a retired U.S. Air Force Brigadier General Gregory J. Touhill as the first Federal Chief Information Security Officer (CISO) -- the position was announced eight months ago as part of Cybersecurity National Action Plan (CNAP). more

US Banks Face New Demands by Regulators for Higher Cyber Risk Management Standards

U.S. bank regulators on Wednesday outlined cyber security standards meant to protect financial markets and consumers from online attacks against the nation's leading financial firms," Patrick Rucker reporting in Reuters. more

Coronavirus Online Threats Going Viral, Part 2: Marketplaces

In the midst of the coronavirus crisis and the partial or total quarantines happening around the world, more people are turning to eCommerce for their purchases. This, combined with the increased demand for healthcare and healthcare-related products, is causing surges of activity on online marketplaces. Perhaps least surprising is the growth in the number of listings for cleaning and hygiene products (e.g., hand sanitizer), as well as facemasks... more

Website Security: Are Quantum Computers Going to Hack My Website?

No. Now, thank you for your attention. Last year, some security researchers were discussing a doomsday scenario, that without investing in quantum encryption, there would soon be no way to feel secure over the Internet. (I would add, that a feeling of security over the Internet is misleading at best.) Allow me to break down some of these security peculiarities, which could be worrisome. more

U.S. Targets Russian Mastermind Behind Dominant Ransomware Landscape, Offers $10 Million Reward

The U.S. government has declared criminal charges, economic sanctions, and a $10 million reward for information leading to the arrest of a Russian citizen, Mikhail Matveev. Accused of a series of ransomware attacks, Matveev's alleged operations, known as Babuk, have targeted entities such as the D.C. police, an airline, and other American industries. more

US to Retaliate Russian DNC Hack, Will Hit Russia with “Proportional” Response

The White House on Tuesday vowed a 'proportional' response for Russian DNC Hack -- Intelligence officials say files were leaked to interfere with outcome of presidential election. more

US Intelligence Officially Accuses Russian Government for the DNC Hack

In a joint statement today by the Department of Homeland Security and Office of the Director of National Intelligence on Election Security, Russia has been blamed for hacking and publishing archived emails from the Democratic National Committee this summer. more

Senate Urges Domain Registrars to Combat Russian Election Interference

The United States Senate Intelligence Committee Chair, Mark Warner, has called on several domain name registrars, including Namecheap, GoDaddy, and Cloudflare, to address the misuse of their services by Russian actors attempting to influence the 2024 U.S. presidential election. more

Longevity of Phishing Websites Dropped by 25% Since Last Year, Study Finds

A new phishing survey released by the Anti-Phishing Work Group (APWG) reveals that the longevity of phishing Web sites dropped by 25 percent over the last year. The survey has also revealed that a single criminal syndicate dubbed "Avalanche" was responsible for nearly one quarter of all phishing attacks in the first half of 2009. Indications are that the gang is continuing to claim a larger proportion of all detected phishing attacks. more