NSA 2023 Cybersecurity Year in Review

NSA 2023 Cybersecurity Year in Review

The National Security Agency has published their 2023 Cybersecurity Year in Review!

In an effort to be more transparent, the National Security Agency publishes an annual year in review sharing information regarding cybersecurity efforts that better equipped U.S. defenses against high priority cyber threats. NSA’s efforts to help secure the nation’s most sensitive systems also help your cybersecurity because NSA cascades these solutions through public guidance and engages with key technology providers to help them bolster the security of their products and services.

Submitted by Regan Williams on Thu, 01/25/2024 - 13:22

"Quantum Encryption May Secure the Danish Energy Grid"

"Quantum Encryption May Secure the Danish Energy Grid"

Energinet, the Danish national transmission system operator for electricity and natural gas, together with researchers from the Technical University of Denmark (DTU), demonstrated how quantum key encryption can protect society from the threat posed by quantum computers. Quantum computers have the potential to penetrate current Information Technology (IT) security systems and be used to gain control of the critical infrastructure that supports the supply of electricity, gas, and water.

Submitted by grigby1 CPVI on Fri, 03/01/2024 - 16:02

"Here Come the AI Worms"

"Here Come the AI Worms"

A team of researchers developed one of the first generative Artificial Intelligence (AI) worms, which can spread from one system to another. Ben Nassi, a Cornell Tech researcher, together with fellow researchers Stav Cohen and Ron Bitton, developed the AI worm dubbed "Morris II." They demonstrated how the AI worm can attack a generative AI email assistant, stealing data from emails and sending spam messages. The team was able to break some security protections in ChatGPT and Gemini.

Submitted by grigby1 CPVI on Fri, 03/01/2024 - 16:02

"Guarding Against Coding Vulnerabilities"

"Guarding Against Coding Vulnerabilities"

A new research project led by David Lo, a computer science professor at Singapore Management University (SMU), aims to develop a method for finding cybersecurity vulnerabilities in a software application's source code. Professor Lo and his team propose developing a localized and specialized Large Language Model (LLM) solution, specifically a large data model tuned for vulnerability discovery and contextualized to the government code base.

Submitted by grigby1 CPVI on Fri, 03/01/2024 - 16:02

"Autonomous Vehicle Technology Vulnerable to Road Object Spoofing and Vanishing Attacks"

"Autonomous Vehicle Technology Vulnerable to Road Object Spoofing and Vanishing Attacks"

A research team led by the University of California, Irvine (UCI) has demonstrated potentially dangerous vulnerabilities in Light Detection and Ranging (LiDAR) technology, which many autonomous vehicles use to navigate streets, roads, and highways. They showed how to use lasers to trick LiDAR into "seeing" objects that are not present while missing those that are. Lead author Takami Sato, a UCI Ph.D. candidate in computer science, and his colleagues investigated spoofing attacks on nine commercially available LiDAR systems.

Submitted by grigby1 CPVI on Fri, 03/01/2024 - 16:02

"Detecting Deepfakes - Detection of Deepfake Technology in Images and Videos"

"Detecting Deepfakes - Detection of Deepfake Technology in Images and Videos"

New research proposes a novel approach to addressing the challenges posed by deepfake technology, which creates manipulated media content resembling authentic footage. The researchers' method combines the miniXception and Long Short-Term Memory (LSTM) models to better analyze suspicious content and identify deepfake images with greater than 99 percent accuracy. The continued development of deepfakes may reduce the effectiveness of security systems put in place for authentication.

Submitted by grigby1 CPVI on Fri, 03/01/2024 - 16:02

"The Future of Cybersecurity Hinges on Creating Harder Problems"

"The Future of Cybersecurity Hinges on Creating Harder Problems"

Gretchen Matthews, mathematics professor and director of the Commonwealth Cyber Initiative in Southwest Virginia, discusses new hard problems that can support cryptography for today's computing devices but could also survive an attack by an adversary through a quantum computer. Cybersecurity that protects sensitive online data heavily relies on the difficulty of solving a hard math problem. However, quantum computers are highly effective at solving the problems currently being used.

Submitted by grigby1 CPVI on Fri, 03/01/2024 - 16:02

"Students From Across the Globe Are Gearing up for the 11th Annual picoCTF Capture-The-Flag Competition"

"Students From Across the Globe Are Gearing up for the 11th Annual picoCTF Capture-The-Flag Competition"

CyLab's picoCTF seeks to close the cybersecurity workforce gap by introducing cybersecurity to the next generation through its annual online hacking competition. The competition, aimed at college, high school, and middle school students, provides a gamified environment for practicing and demonstrating cyber skills. Megan Kearns, picoCTF program director, emphasizes that the picoCTF hacking competition provides an environment for students to apply theoretical knowledge and demonstrate their developing skills.

Submitted by grigby1 CPVI on Fri, 03/01/2024 - 16:02

"New BIFROSE Linux Malware Variant Using Deceptive VMware Domain for Evasion"

"New BIFROSE Linux Malware Variant Using Deceptive VMware Domain for Evasion"

Researchers have discovered a new Linux variant of a Remote Access Trojan (RAT) called BIFROSE, also known as Bifrost. It uses a deceptive domain that spoofs VMware. According to researchers at Palo Alto Networks' Unit 42, the new version of Bifrost bypasses security measures and compromises targeted systems. BIFROSE has previously been offered for sale in underground forums for up to $10,000. The malware was used by BlackTech, a state-backed hacking group from China that has targeted organizations in Japan, Taiwan, and the US.

Submitted by grigby1 CPVI on Fri, 03/01/2024 - 16:02

"70% of Australians Don’t Feel in Control of Their Data as Companies Hide Behind Meaningless Privacy Terms"

"70% of Australians Don’t Feel in Control of Their Data as Companies Hide Behind Meaningless Privacy Terms"

New research on consumer understanding of privacy terms, released by the Consumer Policy Research Centre and UNSW Sydney, reveals that Australian consumers do not understand how companies, including data brokers, track, target, and profile them. The report also found that 70 percent of Australians believe they have little or no control over how their data is shared between companies. This article continues to discuss insights regarding consumers' understanding of data broking, data privacy, and what it means for them.

Submitted by grigby1 CPVI on Fri, 03/01/2024 - 16:02
Subscribe to