cybersecurity – SSL and internet security news

Security Analysis of a Thirteenth-Century Venetian Election Protocol

December 6, 2023 infossl

academic papers, cybersecurity, history of security, italy, protocols, Security technology, Uncategorized, voting

Interesting analysis: This paper discusses the protocol used for electing the Doge of Venice between 1268 and the end of the Republic in 1797. We will show that it has some useful properties that in addition to being interesting in themselves, also suggest that its fundamental design principle is worth investigating for application to leader … Read More “Security Analysis of a Thirteenth-Century Venetian Election Protocol” »

Ransomware Gang Files SEC Complaint

November 17, 2023 infossl

cybersecurity, data breaches, disclosure, extortion, ransomware, Security technology, Uncategorized

A ransomware gang, annoyed at not being paid, filed an SEC complaint against its victim for not disclosing its security breach within the required four days. This is over the top, but is just another example of the extreme pressure ransomware gangs put on companies after seizing their data. Gangs are now going through the … Read More “Ransomware Gang Files SEC Complaint” »

New York Increases Cybersecurity Rules for Financial Companies

November 3, 2023 infossl

banking, computer security, cybersecurity, ransomware, regulation, Security technology, Uncategorized

Another example of a large and influential state doing things the federal government won’t: Boards of directors, or other senior committees, are charged with overseeing cybersecurity risk management, and must retain an appropriate level of expertise to understand cyber issues, the rules say. Directors must sign off on cybersecurity programs, and ensure that any security … Read More “New York Increases Cybersecurity Rules for Financial Companies” »

EPA Won’t Force Water Utilities to Audit Their Cybersecurity

October 24, 2023 infossl

cybersecurity, infrastructure, national security policy, Security technology, Uncategorized, utilities

The industry pushed back: Despite the EPA’s willingness to provide training and technical support to help states and public water system organizations implement cybersecurity surveys, the move garnered opposition from both GOP state attorneys and trade groups. Republican state attorneys that were against the new proposed policies said that the call for new inspections could … Read More “EPA Won’t Force Water Utilities to Audit Their Cybersecurity” »

Security Vulnerability of Switzerland’s E-Voting System

October 17, 2023 infossl

blockchain, cybersecurity, malware, Security technology, switzerland, Uncategorized, voting

Online voting is insecure, period. This doesn’t stop organizations and governments from using it. (And for low-stakes elections, it’s probably fine.) Switzerland—not low stakes—uses online voting for national elections. Andrew Appel explains why it’s a bad idea: Last year, I published a 5-part series about Switzerland’s e-voting system. Like any internet voting system, it has … Read More “Security Vulnerability of Switzerland’s E-Voting System” »

NSA AI Security Center

October 2, 2023 infossl

artificial intelligence, cybersecurity, national security policy, nsa, Security technology, Uncategorized

The NSA is starting a new artificial intelligence security center: The AI security center’s establishment follows an NSA study that identified securing AI models from theft and sabotage as a major national security challenge, especially as generative AI technologies emerge with immense transformative potential for both good and evil. Nakasone said it would become “NSA’s … Read More “NSA AI Security Center” »

On the Cybersecurity Jobs Shortage

September 20, 2023 infossl

cybersecurity, employment, Security technology, Uncategorized

In April, Cybersecurity Ventures reported on extreme cybersecurity job shortage: Global cybersecurity job vacancies grew by 350 percent, from one million openings in 2013 to 3.5 million in 2021, according to Cybersecurity Ventures. The number of unfilled jobs leveled off in 2022, and remains at 3.5 million in 2023, with more than 750,000 of those … Read More “On the Cybersecurity Jobs Shortage” »

Remotely Stopping Polish Trains

August 28, 2023 infossl

cyberattack, cybersecurity, radio, russia, Security technology, transportation, Uncategorized

Turns out that it’s easy to broadcast radio commands that force Polish trains to stop: …the saboteurs appear to have sent simple so-called “radio-stop” commands via radio frequency to the trains they targeted. Because the trains use a radio system that lacks encryption or authentication for those commands, Olejnik says, anyone with as little as … Read More “Remotely Stopping Polish Trains” »

White House Announces AI Cybersecurity Challenge

August 21, 2023 infossl

artificial intelligence, cybersecurity, darpa, infrastructure, Security technology, Uncategorized

At Black Hat last week, the White House announced an AI Cyber Challenge. Gizmodo reports: The new AI cyber challenge (which is being abbreviated “AIxCC”) will have a number of different phases. Interested would-be competitors can now submit their proposals to the Small Business Innovation Research program for evaluation and, eventually, selected teams will participate … Read More “White House Announces AI Cybersecurity Challenge” »

China Hacked Japan’s Military Networks

August 14, 2023 infossl

china, cyberespionage, cybersecurity, espionage, hacking, japan, military, Security technology, Uncategorized

The NSA discovered the intrusion in 2020—we don’t know how—and alerted the Japanese. The Washington Post has the story: The hackers had deep, persistent access and appeared to be after anything they could get their hands on—plans, capabilities, assessments of military shortcomings, according to three former senior U.S. officials, who were among a dozen current … Read More “China Hacked Japan’s Military Networks” »