The National Security Agency has announced the winning entry to its ninth annual Best Cybersecurity Research Paper Competition.

The winning paper was written by Yanyi Liu from Cornell University and Rafael Pass, professor of Computer Science at Cornell Tech. It expounded a theorem that relates the existence of one-way functions (OWFs) to a measurement of the complexity of a string of text. 

“OWFs are vital components of modern symmetric encryptions, digital signatures, authentic schemes and more,” said an NSA spokesperson. 

“Until now, it has been assumed that OWF functions exist even though research shows that they are both necessary and sufficient for much of the security provided by cryptography.”

Titled On One-way Functions and Kolmogorov Complexity, the winning paper was published at the 2020 IEEE (Institute of Electrical and Electronics Engineers) Symposium on Foundations of Computer Science. 

The chief of NSA’s Laboratory for Advanced Cybersecurity Research picked the winning entry in a decision informed by the opinions of 10 distinguished international cybersecurity experts who independently reviewed the top papers among 34 nominations.

“One-way functions are a key underpinning in many modern cryptography systems and were first proposed in 1976 by Whitfield Diffie and Martin Hellman,” said an NSA spokesperson.

“These functions can be efficiently computed but are difficult to reverse, as determining the input based on the output is computationally expensive.”

The NSA gave an honorable mention to another paper, Retrofitting Fine Grain Isolation in the Firefox Renderer, written by Shravan Narayan, Craig Disselhoen, Tal Garfinkel, Nathan Froyd, Sorin Lerner Hovav Shacham and Deian Stefan.

Originally published at the USENIX Security Conference 2020, this paper provides a security solution in the Firefox web browser. The paper also demonstrated that the technology could be applied to other situations.

“NSA congratulates the winners, and recently opened the nomination process for the 10th Annual Best Scientific Cybersecurity Paper Competition on January 15 2022,” said the NSA.

The agency said it will welcome nominations of papers published during 2021 in peer-reviewed journals, magazines, or technical conferences that show “an outstanding contribution to cybersecurity science.”

The nomination period for the 10th annual Best Cybersecurity Research Paper Competition closes on 15 April 2022.

An Ohio-based healthcare provider has been fined $600k over a data breach that exposed the records of 2.1 million patients across America. 

Cyber-criminals targeted EyeMed Vision Care in June 2020. Attackers gained access to an EyeMed email account to which EyeMed clients sent sensitive consumer data relating to vision benefits enrollment and coverage.

During the week-long intrusion, threat actors were able to view emails and attachments dating back six years. Contained within those emails and attachments was sensitive information that included consumers’ names, addresses, Social Security numbers and insurance account numbers.

In July 2020, the attackers used the compromised EyeMed account to launch a phishing attack against EyeMed clients. Approximately 2,000 emails were sent asking clients for their EyeMed account login credentials.

The healthcare provider’s IT department became aware of the phishing campaign when they started receiving emails from concerned clients who the attackers had targeted. EyeMed subsequently secured the compromised email account and launched an investigation.

The Office of the Attorney General determined that the affected email account had not been secured with multi-factor authentication at the time of the attack, despite being accessible via a web browser.

It was further determined that EyeMed failed to adequately implement sufficient password management requirements for the enrollment email account and failed to maintain adequate logging of its email accounts.

On Monday, New York Attorney General Letitia James announced that EyeMed had agreed to pay the State of New York $600k to resolve the 2020 data breach.

“New Yorkers should have every assurance that their personal health information will remain private and protected,” said attorney general James. 

“EyeMed betrayed that trust by failing to keep an eye on its own security system, which in turn compromised the personal information of millions of individuals.” 

The data breach impacted 98,632 residents of New York. James said she wanted the agreement to signal New York’s continued commitment to holding companies accountable.

“My office continues to actively monitor the state for any potential violations, and we will continue to do everything in our power to protect New Yorkers and their personal information,” she added.

An Ohio-based healthcare provider has been fined $600k over a data breach that exposed the records of 2.1 million patients across America. 

Cyber-criminals targeted EyeMed Vision Care in June 2020. Attackers gained access to an EyeMed email account to which EyeMed clients sent sensitive consumer data relating to vision benefits enrollment and coverage.

During the week-long intrusion, threat actors were able to view emails and attachments dating back six years. Contained within those emails and attachments was sensitive information that included consumers’ names, addresses, Social Security numbers and insurance account numbers.

In July 2020, the attackers used the compromised EyeMed account to launch a phishing attack against EyeMed clients. Approximately 2,000 emails were sent asking clients for their EyeMed account login credentials.

The healthcare provider’s IT department became aware of the phishing campaign when they started receiving emails from concerned clients who the attackers had targeted. EyeMed subsequently secured the compromised email account and launched an investigation.

The Office of the Attorney General determined that the affected email account had not been secured with multi-factor authentication at the time of the attack, despite being accessible via a web browser.

It was further determined that EyeMed failed to adequately implement sufficient password management requirements for the enrollment email account and failed to maintain adequate logging of its email accounts.

On Monday, New York Attorney General Letitia James announced that EyeMed had agreed to pay the State of New York $600k to resolve the 2020 data breach.

“New Yorkers should have every assurance that their personal health information will remain private and protected,” said attorney general James. 

“EyeMed betrayed that trust by failing to keep an eye on its own security system, which in turn compromised the personal information of millions of individuals.” 

The data breach impacted 98,632 residents of New York. James said she wanted the agreement to signal New York’s continued commitment to holding companies accountable.

“My office continues to actively monitor the state for any potential violations, and we will continue to do everything in our power to protect New Yorkers and their personal information,” she added.

Online trackers can capture up to 80% of users’ browsing histories, with the practice far more pervasive than previously realized. This is according to Norton Labs’ quarterly Consumer Cyber Safety Pulse Report, which analyzed online advertising trackers from October to December 2021.

It showed that consumers are tracked by an average of 177 different organizations per week while browsing online, raising significant privacy concerns. The researchers noted that the top trackers can view 80% of an average user’s browsing history despite appearing on a smaller number of unique domains.

The study also found that half the tracking organizations encountered by a user in a typical week collect this information within the initial two-hour browsing period. This suggests that even if users clear their browsing history every day, it would only take an average of two hours to re-encounter half of all online trackers.

Darren Shou, head of technology at NortonLifeLock, commented: “While it’s common knowledge that web trackers follow us around the internet, our online privacy researchers were surprised to find that some online trackers know up to 80% of a user’s browsing history. We hope these findings shine a light on online tracking and empower consumers to take back their online privacy.”

The new report also revealed cybercrime and online fraud trends during 2021. The company said it blocked around 3.6 billion cyber-threats worldwide last year, equating to nearly 10 billion per day. This includes 53.9 million phishing attempts, 221 million files threats, 1.4 million mobile threats and 253,063 ransomware attacks.

Additionally, the researchers revealed how cyber-criminals continued to leverage the COVID-19 pandemic to launch scam attacks, as well as consumer interest in popular TV shows. This includes phishing scams disguised as merchandise offers linked to hit shows.

Last year, the UK’s Information Commissioner’s Office (ICO) called on G7 countries to work together to tackle cookie pop-ups and their impact on online users’ privacy.

Online trackers can capture up to 80% of users’ browsing histories, with the practice far more pervasive than previously realized. This is according to Norton Labs’ quarterly Consumer Cyber Safety Pulse Report, which analyzed online advertising trackers from October to December 2021.

It showed that consumers are tracked by an average of 177 different organizations per week while browsing online, raising significant privacy concerns. The researchers noted that the top trackers can view 80% of an average user’s browsing history despite appearing on a smaller number of unique domains.

The study also found that half the tracking organizations encountered by a user in a typical week collect this information within the initial two-hour browsing period. This suggests that even if users clear their browsing history every day, it would only take an average of two hours to re-encounter half of all online trackers.

Darren Shou, head of technology at NortonLifeLock, commented: “While it’s common knowledge that web trackers follow us around the internet, our online privacy researchers were surprised to find that some online trackers know up to 80% of a user’s browsing history. We hope these findings shine a light on online tracking and empower consumers to take back their online privacy.”

The new report also revealed cybercrime and online fraud trends during 2021. The company said it blocked around 3.6 billion cyber-threats worldwide last year, equating to nearly 10 billion per day. This includes 53.9 million phishing attempts, 221 million files threats, 1.4 million mobile threats and 253,063 ransomware attacks.

Additionally, the researchers revealed how cyber-criminals continued to leverage the COVID-19 pandemic to launch scam attacks, as well as consumer interest in popular TV shows. This includes phishing scams disguised as merchandise offers linked to hit shows.

Last year, the UK’s Information Commissioner’s Office (ICO) called on G7 countries to work together to tackle cookie pop-ups and their impact on online users’ privacy.