02 Aug 2018

BurnBox makes hidden files look like you’ve deleted them

A new “self-revocable encryption” app has been designed to temporarily remove access to specified content on a device. The app is not yet commercially available, but could eventually allow journalists, dissidents, and similar individuals carrying sensitive data a method of carrying the data over borders or through high-risk situations without

Read More
02 Aug 2018

The way you swipe your phone can be used to track you

A group of Australian researchers published a paper on how swipes, taps, key strokes, and handwriting on touch screen devices can be used to identify individuals. “While regular tracking tracks virtual identities such as online profiles, touch-based tracking has the potential to track and identify the actual (physical) person operating

Read More
01 Aug 2018

Kremlin Hackers Take Aim at the Swiss Lab That’s Working the Skripal Poisoning Case

A state-backed Russian hacking group that targeted the Ukrainian power grid is now “targeting a Swiss laboratory that’s helping investigators solve the March poisoning of Sergei Skripal and his daughter in London. Called Sandworm, the group has been trying to phish employees of Switzerland’s Spiez Laboratory, a chemical-and biological-weapons facility that

Read More
01 Aug 2018

Chinese “hackers” are sending malware via snail mail

Highlighting the importance of the human element in hacking, Chinese hackers are sending malware-laden CDs to state officials. The CDs contain simple malware embedded in Word files that compromises the victims computer when opened. While it is unknown whether anybody inserted one of the CDs and opened files, the attempt

Read More
01 Aug 2018

Advanced “Malvertising” Campaign Exploits Online Advertising Supply Chain

A “Malvertising” campaign has used legitimate online advertising supply chains to distribute malicious adverts around the world. Because the return from clicks on malicious ads is so instantaneous, the posters are willing and able to outbid legitimate advertisements. “The ads often contain malicious code that exploits unpatched vulnerabilities in browsers

Read More
01 Aug 2018

Hacker(s) Allegedly Stole Millions by Hijacking Phone Numbers

A 20-year-old American allegedly used an increasingly popular “SIM swapping” technique to gain control of targeted phones, mainly those owned by cryptocurrency investors, and steal over $5 million in cryptocurrency and other information. The technique requires convincing a mobile provider like AT&T or T-Mobile to transfer a number to another

Read More
31 Jul 2018

Identity theft protection service accidentally exposes identities

A website bug was responsible for exposing millions of email addresses belonging to customers of LifeLock, an identity protection service acquired by Symantec in 2016 for $2.3 billion.  Source: Identity Theft Protection Service Accidentally Exposes Identities – Nextgov

Read More
30 Jul 2018

Pentagon Creates ‘Do Not Buy’ List of Russian, Chinese Software

The Pentagon is distributing a “Do Not Buy” list of software that fails to meet national security standards. The list was started 6 months ago but while circulation among the military and its contractors started last week in response to “specific issues.” The defense undersecretary for acquisition and sustainment announced

Read More
27 Jul 2018

Bidding Begins for Pentagon’s Controversial $10 Billion War Cloud

The DoD is now accepting proposals for its 10-year, $10 billion Joint Enterprise Defense Infrastructure (JEDI) cloud contract, to be awarded to a single provider. The controversial contract will make a commercial company responsible for important workloads and classified military secrets accessible around the globe “in a single war cloud.”

Read More
26 Jul 2018

Congress wants DoD to hold a national cyber response exercise

Although it has not included a deadline, Congress has proposed high-level exercise led by the DoD in cooperation with the DHS and FBI to prepare civilian agencies to respond to attacks on critical infrastructure. Responding to lawmakers’ claims that the DoD has not adequately prepared, DOD’s CYBERCOM has emphasized that

Read More