Lifeboat Foundation

A hacking group linked to the Russian government has been attempting to breach the U.S. power grid, Wired reports.

Security experts from the non-profit group the Electric Information Sharing and Analysis Center (E-ISAC) and security firm Dragos tracked the hackers — and warn that the group has been probing the grid for weaknesses, searching for ways that they could access U.S. systems.

Even though there are no signs that the group has succeeded in accessing the power grid, the attacks still have experts worried. And that’s partly because of the history of this particular hacking group: Xenotime, who created the infamous Triton malware. In late 2017, Triton attacked critical infrastructure such as the industrial control systems used in power plants, and it could have been used to cause massive destruction through tampering with power plant controls. That lead it to be labeled the “world’s most murderous malware.”

Again, it’s all good stuff, essentially what I would hope for out a next-gen Deus Ex, but it’s still a little difficult to judge these elaborate upgrade trees without actually getting the opportunity to move through them at the intended pace. From what we can see, it’s plenty deep: there is the opportunity to build a hacking-fluent cyber ninja, and I’m going to guess that a good chunk of people playing this game are going to go that route.

‘Cyberpunk 2077’ is clearly stretching the limits of what’s possible on Xbox One and PS4.

Almost every day, news headlines announce another security breach and the theft of credit card numbers and other personal information. While having one’s credit card stolen can be annoying and unsettling, a far more significant, yet less recognized, concern is the security of physical infrastructure, including energy systems.

“With a credit card theft, you might have to pay $50 and get a new credit card,” says Stuart Madnick, the John Norris Maguire Professor of Information Technologies at the Sloan School of Management, a professor of engineering systems at the School of Engineering, and founding director of the Cybersecurity at MIT Sloan consortium. “But with infrastructure attacks, real physical damage can occur, and recovery can take weeks or months.”

A few examples demonstrate the threat. In 2008, an alleged cyberattack blew up an oil pipeline in Turkey, shutting it down for three weeks; in 2009, the malicious Stuxnet computer worm destroyed hundreds of Iranian centrifuges, disrupting that country’s nuclear fuel enrichment program; and in 2015, an attack brought down a section of the Ukrainian power grid—for just six hours, but substations on the grid had to be operated manually for months.

Continue reading “Protecting our energy infrastructure from cyberattack” »

Ben-Gurion University of the Negev (BGU) cyber security researchers have developed a new attack called Malboard evades several detection products that are intended to continuously verify the user’s identity based on personalized keystroke characteristics.

The new paper, “Malboard: A Novel User Keystroke Impersonation Attack and Trusted Detection Framework Based on Side-Channel Analysis,” published in the Computer and Security journal, reveals a sophisticated attack in which a compromised USB keyboard automatically generates and sends malicious keystrokes that mimic the attacked user’s behavioral characteristics.

Keystrokes generated maliciously do not typically match human typing and can easily be detected. Using artificial intelligence, however, the Malboard attack autonomously generates commands in the user’s style, injects the keystrokes as malicious software into the keyboard and evades detection. The keyboards used in the research were products by Microsoft, Lenovo and Dell.

Continue reading “New computer attack mimics user’s keystroke characteristics and evades detection” »

Low tech sometimes is really good because when systems can be exploited then basically you see that no tech is sometimes best.

Election Systems & Software has championed electronic voting machines in the US. Now it has had a change of heart about the need for paper records of votes.

Cyber threats: Over half a million electronic machines are used in big US elections. Many produce paper copies of votes that can be used to audit electronic results, but some don’t. That’s a problem because security experts have shown that machines can be hacked.

Continue reading “A big US maker of paperless voting systems now says paper is essential” »

The latest case of cyberweapons escaping American control raises questions about the United States’ expensive and dangerous digital arsenal.

WhatsApp has admitted to a major cybersecurity breach that has enabled both iPhone and Android devices to be targeted with spyware from Israel’s NSO. This is a major breach for WhatsApp, with the product’s encrypted voice calls seen as a secure alternative to standard calls.

Dehgan hopes that the organization’s prizes and other initiatives will bring innovative solutions to conservation’s deepest problems. Hundreds of people have already been lured in through challenges and engineering programmes such as Make for the Planet — a multi-day, in-person event — and an online tech collaboration platform called Digital Makerspace, which matches conservationists with technical talent.

Standard efforts have failed to slow the pace of extinctions, so Conservation X Labs is trying a fresh approach.

Somebody lend Baltimore $6.

Google automatically suspended accounts after detecting they were from same network.