"US Water Sector Vulnerable to Cyber Threats, Professor Says"

"US Water Sector Vulnerable to Cyber Threats, Professor Says"

Jongeun You, an assistant professor of political science at Northern Michigan University, brings further attention to the vulnerability of the US water sector to cyberattacks. According to You, water and wastewater operators typically rely on Industrial Control System (ICS) devices created decades ago, and their Operational Technology (OT)/Information Technology (IT) systems are often found to be outdated. In addition, the US has over 150,000 public water systems, resulting in a structure that is difficult to protect because of its fragmentation.

Submitted by Gregory Rigby on

"Khoury 'Women Who Empower' Winners Advance Cybersecurity, Pet Care Tools"

"Khoury 'Women Who Empower' Winners Advance Cybersecurity, Pet Care Tools"

Alexis Musaelyan-Blackmon won first place in the "Powering Diverse and Inclusive Communities of Belonging" category of the third annual Women Who Empower Innovator Awards presented by Northeastern University. With an interest in harnessing data, Artificial Intelligence (AI), and computational biology, Musaelyan-Blackmon came up with "Dephend," a play on the words "phishing" and "defend," to combat ever-evolving security threats. Dephend is a cloud-based Software-as-a-Service (SaaS) security platform that, once deployed, provides real-time insights into cyber threats.

Submitted by Gregory Rigby on

"Is TEMU's Affordability at the Expense of Our Data and Privacy?"

"Is TEMU's Affordability at the Expense of Our Data and Privacy?"

Cybersecurity experts at RMIT University warn that the popular shopping app TEMU may contribute to unsafe data collection practices. TEMU has been at the center of many cybersecurity and consumer data discussions due to its rising popularity. According to Dr. Arathi Arakala, lecturer in mathematics at RMIT University, TEMU's privacy and cookie policy states that the type of data it gathers includes essential user data for its service, such as address, phone number, and payment information.

Submitted by Gregory Rigby on

"Novel Device from UC San Diego Researchers Promotes Efficient, Real-Time and Secure Wireless Access"

"Novel Device from UC San Diego Researchers Promotes Efficient, Real-Time and Secure Wireless Access"

The lab of Dinesh Bharadia, a member of the University of California, San Diego Qualcomm Institute (QI) and professor in the Jacobs School of Engineering's Department of Electrical and Computer Engineering, has developed a novel device to address the challenge of increasing public access to the wireless network. The prototype technology filters out interference from other radio signals while sweeping underutilized spectrum frequency bands for high-traffic periods. High signal fidelity ensures users can rely on a secure connection, with cyberattacks being identified in real-time.

Submitted by Gregory Rigby on

"Hackers Using MSIX App Packages to Infect Windows PCs with GHOSTPULSE Malware"

"Hackers Using MSIX App Packages to Infect Windows PCs with GHOSTPULSE Malware"

A new cyberattack campaign has been distributing a novel malware loader called GHOSTPULSE via fake MSIX Windows app package files for popular software such as Google Chrome, Microsoft Edge, Brave, Grammarly, and Cisco Webex. According to Joe Desimone, researcher at Elastic Security Labs, MSIX is a Windows app package format that developers can use to package, distribute, and install their applications for Windows users.

Submitted by Gregory Rigby on

"Android Adware Apps on Google Play Amass Two Million Installs"

"Android Adware Apps on Google Play Amass Two Million Installs"

Multiple malicious Google Play Android apps downloaded over two million times push intrusive advertisements to users while hiding their presence on infected devices. Dr. Web's analysts identified trojans associated with the 'FakeApp,' 'Joker,' and 'HiddenAds' malware families on Google Play. According to Dr. Web, once these apps are installed on a victim's device, they hide by replacing their icons with those of Google Chrome or by using a transparent icon image to create empty space in the app drawer.

Submitted by Gregory Rigby on

"White House Issues Executive Order for Safe, Secure, and Trustworthy AI"

"White House Issues Executive Order for Safe, Secure, and Trustworthy AI"

President Biden has issued an Executive Order to ensure that the US maximizes the potential of Artificial Intelligence (AI) and mitigates its risks. As AI's capabilities continue to increase, so do its implications for the safety and security of Americans. Through this Executive Order, the President directs calls for sweeping actions to be taken to protect Americans from the potential threats posed by AI systems. This article continues to discuss the new standards for AI safety and security.

Submitted by Gregory Rigby on

"What Lurks in the Dark: Taking Aim at Shadow AI"

"What Lurks in the Dark: Taking Aim at Shadow AI"

The emergence of generative Artificial Intelligence (AI) has created new challenges for security teams. For CISOs, generative AI tools have brought on new potential issues, from enabling deepfakes that are nearly indistinguishable from reality to creating sophisticated phishing emails to take over accounts. The challenge posed by generative AI extends beyond Identity and Access Management (IAM), with attack vectors ranging from more innovative methods to infiltrate code to the exposure of sensitive proprietary data.

Submitted by Gregory Rigby on

"Apple's Safari Browser Is Still Vulnerable to Spectre Attacks"

"Apple's Safari Browser Is Still Vulnerable to Spectre Attacks"

Modern processors have a fundamental flaw in their hardware architecture that allows adversaries to steal sensitive data. This insight arose from the Spectre attack reported in 2018, which affected many devices and operating systems. Apple was one of the manufacturers that developed countermeasures in response to this. However, according to researchers, even in 2023, Mac and iOS systems are inadequately protected against this type of attack.

Submitted by Gregory Rigby on

"Critical Flaw in NextGen's Mirth Connect Could Expose Healthcare Data"

"Critical Flaw in NextGen's Mirth Connect Could Expose Healthcare Data"

Users of NextGen HealthCare's open-source data integration platform Mirth Connect are urged to update to the latest version because of an unauthenticated Remote Code Execution (RCE) flaw. Mirth Connect, also known as the "Swiss Army knife of healthcare integration," is a cross-platform interface engine that the healthcare industry uses to communicate and exchange data between disparate systems in a standardized way. The vulnerability, tracked as CVE-2023-43208, has been fixed in version 4.4.1, released on October 6, 2023.

Submitted by Gregory Rigby on
Subscribe to