• Demand for cyberattack insurance grows, but challenges remain

    The surge in cyberattacks against the private sector and critical infrastructure has led to a growth in demand for cyber insurance; yet most insurers are unable properly to assess their clients’ cyber risk, let alone issue the appropriate pricing for their cyber coverage.Insurers which traditionally handle risks like weather disasters and fires, are now rushing to gain expertise in cyber technology.On average, a $1 million cyber coverage could cost $20,000 to $25,000.

  • Pennsylvania cybersecurity group takes down international criminal network

    Over the past month, a coalition of cybersecurity forces in Pittsburgh, Pennsylvania made of regional FBI officers and members of Carnegie Mellon University’s CERT cyberteam, took down the Gameover Zeus cyber theft network, which had employed data ransom and theft schemes. The criminal group was able to snatch funds up to seven figures from owners’ bank accounts.

  • Squiggly lines may be the future of password security

    As more people use smart phones or tablets to pay bills, make purchases, store personal information, and even control access to their houses, the need for robust password security has become more critical than ever. A new study shows that free-form gestures — sweeping fingers in shapes across the screen of a smart phone or tablet — can be used to unlock phones and grant access to apps. These gestures are less likely than traditional typed passwords or newer “connect-the-dots” grid exercises to be observed and reproduced by “shoulder surfers” who spy on users to gain unauthorized access.

  • Develop tool to make the Internet of Things safer

    There is a big push to create the so-called Internet of Things, where all devices are connected and communicate with one another. As a result, embedded systems — small computer systems built around microcontrollers — are becoming more common. They remain vulnerable, however, to security breaches. Some examples of devices that may be hackable: medical devices, cars, cell phones and smart grid technology. Computer scientists have developed a tool that allows hardware designers and system builders to test security- a first for the field.

    • view counter

  • Future cyberattacks to cause more trouble than Heartbleed

    Many of the future cyberattacks could take advantage of vulnerabilities similar to Heartbleed, a major Internet security flaw which allows attackers to gain access to encrypted passwords, credit card details, and other data on trusted Web sites including Facebook, Gmail, Instagram, and Pinterest. A new report said that hackers could soon use similar holes in computer security to shut down energy grids, disrupt public services, and steal vast amounts of private data worth billions of dollars, unless institutions take measures today to ready themselves against future Heartbleed-like threats.

  • Snowden revelations spur a surge in encrypted e-mail services

    The Edward Snowden revelations about National Security Agency(N.S.A) surveillance programs have fueled a surge of new e-mail encryption services. “A lot of people were upset with those revelations, and that coalesced into this effort,” said the co-developer of a new encrypted e-mail service which launched last Friday. The company notes that its servers are based in Switzerland, making it more difficult for U.S. law enforcement to reach them.

    • view counter

  • Cryptolocker has you between a back-up and a hard place

    Cryptolocker, a particularly vicious form of malware that first appeared in September 2013, is a game-changer. After getting into your computer, it will encrypt all your data files, from your word documents to your photos, videos, and PDFs. It will then ask for a ransom of around $300 or 0.5 bitcoins to get them back. It has been one of the most commented developments in computer security circles in recent times, and copycats are appearing. The criminals are netting tens or hundreds of millions in ransoms, and at least some of the ill-gotten gains secured from Cryptolocker are likely to be reinvested. The criminals behind it will likely pay for access to bigger botnets to reach a wider base of victims. Future versions of the virus will in all likelihood be more prevalent and will extend across other platforms, like smartphones and tablets.

  • Black markets for hackers increasingly sophisticated, specialized, and maturing

    Black and gray markets for computer hacking tools, services and byproducts such as stolen credit card numbers continue to expand, creating an increasing threat to businesses, governments and individuals, according to a new study. One dramatic example is the December 2013 breach of retail giant Target, in which data from approximately forty million credit cards and 70 million user accounts was hijacked. Within days, that data appeared — available for purchase — on black market Web sites.

  • New tool makes scanning the Internet for illegal images possible

    Researchers have developed a system that makes it possible to scan traffic on the Internet for illegal photographs. The system can, for example, help trace child pornography on the Internet without infringing on the privacy of Internet users. Internet service providers could use the tool to keep their network “clean.”

  • Software spots malicious behavior by apps

    Last year at the end of July the Russian software company Doctor Web detected several malicious apps in the app store Google Play. Downloaded on a smartphone, the malware installed — without the permission of the user — additional programs which sent expensive text messages to premium services. German computer scientists have now developed software which can discover such malicious apps already in the app store. The software detects pieces of code where the app accesses sensitive data and where data is sent from the mobile device.

  • Biometric security for mobile devices becoming mainstream

    Biometric security such as fingerprint, face, and voice recognition is set to hit the mainstream as global technology companies market the systems as convenient and easy to use. The latest biometric technologies are not without their security issues, but they are marketed as more convenient than traditional methods rather than more secure, and encourage adoption by people who currently do not have any security on their phone at all.

  • Platform for operating systems would outwit cyber criminals

    As smartphone use surges, consumers are just beginning to realize their devices are not quite as secure as they thought. A Swedish research team is working on a way to secure mobile operating systems so that consumers can be confident that their data is protected.

  • University of Texas at San Antonio ranked top U.S. cybersecurity school

    The University of Texas at San Antonio (UTSA) ranks as the top school for cybersecurity courses and degree programs according to a Hewlett-Packard (HP)-sponsored surveyof 1,958 certified IT security professionals. The schools undergraduate and graduate programs received top marks for academic excellence and practical relevance.

  • The “Mask": Kaspersky Lab discovers advanced global cyber-espionage operation

    Kaspersky Lab’s security researchers have announced the discovery of the Mask (aka Careto), an advanced Spanish-language speaking threat actor that has been involved in global cyber-espionage operations since at least 2007. What makes the Mask special is the complexity of the toolset used by the attackers. This includes a sophisticated malware, a rootkit, a bootkit, Mac OS X and Linux versions, and possibly versions for Android and iOS (iPad/iPhone). The primary targets are government institutions, diplomatic offices and embassies, energy, oil, and gas companies, research organizations and activists. Victims of this targeted attack have been found in thirty-one countries around the world.

  • New state-of-the-art cybersecurity resource available to software developers

    Cybercrime is booming; it is an estimated $100 billion industry in the United States and shows no signs of slowing down. Attackers have an arsenal of weapons at their disposal, including social engineering — or phishing — penetrating weak security protocols and exploiting software vulnerabilities that can serve as an “open window” into an organization’s IT environment. Closing those windows requires effective and accessible tools to identify and root out software vulnerabilities. Supported by a $23.4 million grant from DHS’s Science and Technology Directorate (S&T), the Software Assurance Marketplace, or SWAMP, provides a state-of-the-art facility that serves as an open resource for software developers, software assurance tool developers, and software researchers who wish to collaborate and improve software assurance activities in a safe, secure environment.