The Cyber Diplomacy Act of 2017 has been introduced by a bipartisan group of Representatives that would create an Office of Cyber Issues at the State Department as well as require the development of a public international cyberspace strategy by the…

As the age of fully developed quantum computers approaches, researchers are quickly trying to develop post-quantum cryptographic methods as such advanced technology is expected to break current encryption algorithms, RSA and ECC. Current encryption …

A survey conducted by Ponemon Institute finds that most organizations acknowledge the importance of threat intelligence in achieving a strong security posture. However, many of the organizations that participated in this survey, still find it difficult…

Security firm, ESET, has warned of the increasing use of content delivery networks (CDNs) by hackers to spread malware. In a recently launched attack that targeted users in Brazil, attackers used a standard by the name of “downAndExec” in the…

Analysis conducted by Kromtech Security Center has revealed that 15,000 Elasticsearch servers are insecure with 4,000 of those servers hosting point-of-sale (POS) malware strains by the names of Alina and JackPos. These servers are insecure as they lack…

Improper disposal or destruction of recycled hardware devices raises cybersecurity concerns as such devices could still contain sensitive data that could be extracted by anyone. Electronic waste derives from inevitable device updates that are carried out…

A team of researchers at the University of Edinburgh discovered a method, which hackers could use to interreupt messages in their transmission between fitness trackers and cloud servers. In the demonstration of this method, researchers were able to…

SoS Musings #6 Toward Improving Security

IoT security firm, Armis, discovered and properly disclosed eight security vulnerabilities within stacks on Bluetooth devices, which could allow hackers to assume control over the device and infect other devices with malware. The set of…

Five research and development (R&D) projects have been awarded funding by the Department of Homeland Security (DHS) Science and Technology Directorate (S&T). These projects aim to strengthen the security of mobile devices and applications used by…

An experiment conducted by data scientists from the security firm, ZeroFox, demonstrated the ability to train artificial intelligence (AI) to perform spear-phishing at a significantly higher rate than a human. This experiment shows that AI could be used…

Security researcher, Scott Gayou, has discovered multiple vulnerabilities within Medfusion 4000 wireless syringe infusion pumps. The wireless syringe infusion pump is a medical device used to give small doses of medication to patients. The exploitation…