citizenlab, gdpr, privacy, reports, Security technology, surveillance
Citizen Lab just published an excellent report on the stalkerware industry. Boing Boing post. Powered by WPeMatico
Category: reports
Auto Added by WPeMatico
cyberattack, infrastructure, malware, reports, Security technology
The International Committee of the Red Cross has just published a report: “The Potential Human Cost of Cyber-Operations.” It’s the result of an “ICRC Expert Meeting” from last year, but was published this week. Here’s a shorter blog post if you don’t want to read the whole thing. And commentary by one of the authors. … Read More “The Human Cost of Cyberattacks” »
hacking, internetofthings, reports, Security technology, vulnerabilities
Construction cranes are vulnerable to hacking: In our research and vulnerability discoveries, we found that weaknesses in the controllers can be (easily) taken advantage of to move full-sized machines such as cranes used in construction sites and factories. In the different attack classes that we’ve outlined, we were able to perform the attacks quickly and … Read More “Hacking Construction Cranes” »
breaches, databreaches, nationalsecuritypolicy, reports, Security technology
The US House of Representatives Committee on Oversight and Government Reform has just released a comprehensive report on the 2017 Equifax hack. It’s a great piece of writing, with a detailed timeline, root cause analysis, and lessons learned. Lance Spitzner also commented on this. Here is my testimony before before the House Subcommittee on Digital … Read More “Congressional Report on the 2017 Equifax Data Breach” »
artificialintelligence, reports, Security technology, securityengineering
The research group AI Now just published its annual report. It’s an excellent summary of today’s AI security challenges, as well as a policy agenda to address them. This is related, and also worth reading. Powered by WPeMatico
cyberattack, cybercrime, hacking, reports, Security technology
Interesting policy paper by Third Way: “To Catch a Hacker: Toward a comprehensive strategy to identify, pursue, and punish malicious cyber actors“: In this paper, we argue that the United States currently lacks a comprehensive overarching strategic approach to identify, stop and punish cyberattackers. We show that: There is a burgeoning cybercrime wave: A rising … Read More “How to Punish Cybercriminals” »
control, cybersecurity, departmentofdefense, encryption, nationalsecuritypolicy, operationalsecurity, passwords, reports, Security technology, vulnerabilities, weapons
The US Government Accounting Office just published a new report: “Weapons Systems Cyber Security: DOD Just Beginning to Grapple with Scale of Vulnerabilities” (summary here). The upshot won’t be a surprise to any of my regular readers: they’re vulnerable. From the summary: Automation and connectivity are fundamental enablers of DOD’s modern military capabilities. However, they … Read More “Security Vulnerabilities in US Weapons Systems” »
backdoors, fbi, forensics, lawenforcement, police, reports, Security technology
According to a new CSIS report, “going dark” is not the most pressing problem facing law enforcement in the age of digital data: Over the past year, we conducted a series of interviews with federal, state, and local law enforcement officials, attorneys, service providers, and civil society groups. We also commissioned a survey of law … Read More “New Report on Police Digital Forensics Techniques” »
botnets, economicsofsecurity, internetofthings, reports, Security technology
Last month, the US Department of Commerce released a report on the threat of botnets and what to do about it. I note that it explicitly said that the IoT makes the threat worse, and that the solutions are largely economic. The Departments determined that the opportunities and challenges in working toward dramatically reducing threats … Read More “Department of Commerce Report on the Botnet Threat” »
cybersecurity, medicine, reports, Security technology
New US government report: “Report on Improving Cybersecurity in the Health Care Industry.” It’s pretty scathing, but nothing in it will surprise regular readers of this blog. It’s worth reading the executive summary, and then skimming the recommendations. Recommendations are in six areas. The Task Force identified six high-level imperatives by which to organize its … Read More “Healthcare Industry Cybersecurity Report” »