An independent researcher has received a $100,500 bug bounty from Apple after discovering a security hole in the company’s Safari browser for macOS that could allow a malicious website to hijack accounts and seize control of users’ webcams.
Read more in my article on the Hot for Security blog.
An independent researcher has received a $100,500 bug bounty from Apple after discovering a security hole in the company’s Safari browser for macOS that could allow a malicious website to hijack accounts and seize control of users’ webcams.
Read more in my article on the Hot for Security blog.
As eventful as 2020 was, 2021 was equal to its predecessor. It was a year that bounced from hope to cautious optimism, then back to disquiet. While some of our cybersecurity predictions for 2021 were accurate, the year came to a close as organizations are forced to address the significant challenges of dealing with the Log4j vulnerability. As we enter 2022, we’ve asked a few of the experts on the CIS team to share their 2022 cybersecurity predictions. Some, you’ll notice, are similar to last year’s, as we work hard to stay steps ahead of threats and bad actors. But there are also a few new predictions we’ll be sure to keep an eye on as we step into 2022. […]
Wordle – good or bad for the world? Whatever your opinion, at least someone wants to spoil players’ fun. Meanwhile, we take a look at the threat mobile phones can pose to your mental health.
All this and more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault.
Wordle – good or bad for the world? Whatever your opinion, at least someone wants to spoil players’ fun. Meanwhile, we take a look at the threat mobile phones can pose to your mental health.
All this and more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault.
Apple has released urgent security updates for its customers, following the discovery of zero-day vulnerabilities that can be used to hack into iPhones, iPads, and Macs.
Apple has released urgent security updates for its customers, following the discovery of zero-day vulnerabilities that can be used to hack into iPhones, iPads, and Macs.
The National Security Agency has announced the winning entry to its ninth annual Best Cybersecurity Research Paper Competition.
The winning paper was written by Yanyi Liu from Cornell University and Rafael Pass, professor of Computer Science at Cornell Tech. It expounded a theorem that relates the existence of one-way functions (OWFs) to a measurement of the complexity of a string of text.
“OWFs are vital components of modern symmetric encryptions, digital signatures, authentic schemes and more,” said an NSA spokesperson.
“Until now, it has been assumed that OWF functions exist even though research shows that they are both necessary and sufficient for much of the security provided by cryptography.”
Titled On One-way Functions and Kolmogorov Complexity, the winning paper was published at the 2020 IEEE (Institute of Electrical and Electronics Engineers) Symposium on Foundations of Computer Science.
The chief of NSA’s Laboratory for Advanced Cybersecurity Research picked the winning entry in a decision informed by the opinions of 10 distinguished international cybersecurity experts who independently reviewed the top papers among 34 nominations.
“One-way functions are a key underpinning in many modern cryptography systems and were first proposed in 1976 by Whitfield Diffie and Martin Hellman,” said an NSA spokesperson.
“These functions can be efficiently computed but are difficult to reverse, as determining the input based on the output is computationally expensive.”
The NSA gave an honorable mention to another paper, Retrofitting Fine Grain Isolation in the Firefox Renderer, written by Shravan Narayan, Craig Disselhoen, Tal Garfinkel, Nathan Froyd, Sorin Lerner Hovav Shacham and Deian Stefan.
Originally published at the USENIX Security Conference 2020, this paper provides a security solution in the Firefox web browser. The paper also demonstrated that the technology could be applied to other situations.
“NSA congratulates the winners, and recently opened the nomination process for the 10th Annual Best Scientific Cybersecurity Paper Competition on January 15 2022,” said the NSA.
The agency said it will welcome nominations of papers published during 2021 in peer-reviewed journals, magazines, or technical conferences that show “an outstanding contribution to cybersecurity science.”
The nomination period for the 10th annual Best Cybersecurity Research Paper Competition closes on 15 April 2022.
The National Security Agency has announced the winning entry to its ninth annual Best Cybersecurity Research Paper Competition.
The winning paper was written by Yanyi Liu from Cornell University and Rafael Pass, professor of Computer Science at Cornell Tech. It expounded a theorem that relates the existence of one-way functions (OWFs) to a measurement of the complexity of a string of text.
“OWFs are vital components of modern symmetric encryptions, digital signatures, authentic schemes and more,” said an NSA spokesperson.
“Until now, it has been assumed that OWF functions exist even though research shows that they are both necessary and sufficient for much of the security provided by cryptography.”
Titled On One-way Functions and Kolmogorov Complexity, the winning paper was published at the 2020 IEEE (Institute of Electrical and Electronics Engineers) Symposium on Foundations of Computer Science.
The chief of NSA’s Laboratory for Advanced Cybersecurity Research picked the winning entry in a decision informed by the opinions of 10 distinguished international cybersecurity experts who independently reviewed the top papers among 34 nominations.
“One-way functions are a key underpinning in many modern cryptography systems and were first proposed in 1976 by Whitfield Diffie and Martin Hellman,” said an NSA spokesperson.
“These functions can be efficiently computed but are difficult to reverse, as determining the input based on the output is computationally expensive.”
The NSA gave an honorable mention to another paper, Retrofitting Fine Grain Isolation in the Firefox Renderer, written by Shravan Narayan, Craig Disselhoen, Tal Garfinkel, Nathan Froyd, Sorin Lerner Hovav Shacham and Deian Stefan.
Originally published at the USENIX Security Conference 2020, this paper provides a security solution in the Firefox web browser. The paper also demonstrated that the technology could be applied to other situations.
“NSA congratulates the winners, and recently opened the nomination process for the 10th Annual Best Scientific Cybersecurity Paper Competition on January 15 2022,” said the NSA.
The agency said it will welcome nominations of papers published during 2021 in peer-reviewed journals, magazines, or technical conferences that show “an outstanding contribution to cybersecurity science.”
The nomination period for the 10th annual Best Cybersecurity Research Paper Competition closes on 15 April 2022.
An Ohio-based healthcare provider has been fined $600k over a data breach that exposed the records of 2.1 million patients across America.
Cyber-criminals targeted EyeMed Vision Care in June 2020. Attackers gained access to an EyeMed email account to which EyeMed clients sent sensitive consumer data relating to vision benefits enrollment and coverage.
During the week-long intrusion, threat actors were able to view emails and attachments dating back six years. Contained within those emails and attachments was sensitive information that included consumers’ names, addresses, Social Security numbers and insurance account numbers.
In July 2020, the attackers used the compromised EyeMed account to launch a phishing attack against EyeMed clients. Approximately 2,000 emails were sent asking clients for their EyeMed account login credentials.
The healthcare provider’s IT department became aware of the phishing campaign when they started receiving emails from concerned clients who the attackers had targeted. EyeMed subsequently secured the compromised email account and launched an investigation.
The Office of the Attorney General determined that the affected email account had not been secured with multi-factor authentication at the time of the attack, despite being accessible via a web browser.
It was further determined that EyeMed failed to adequately implement sufficient password management requirements for the enrollment email account and failed to maintain adequate logging of its email accounts.
On Monday, New York Attorney General Letitia James announced that EyeMed had agreed to pay the State of New York $600k to resolve the 2020 data breach.
“New Yorkers should have every assurance that their personal health information will remain private and protected,” said attorney general James.
“EyeMed betrayed that trust by failing to keep an eye on its own security system, which in turn compromised the personal information of millions of individuals.”
The data breach impacted 98,632 residents of New York. James said she wanted the agreement to signal New York’s continued commitment to holding companies accountable.
“My office continues to actively monitor the state for any potential violations, and we will continue to do everything in our power to protect New Yorkers and their personal information,” she added.
