URL: Security

Security News

Monday, March 31, 2025

• Standardized security playbooks can improve protection against cyberattacks
  One attack, many responses—organizations use various solutions to ward off online attacks. The playbooks that outline countermeasures also vary in their specifics. In the CyberGuard project, Fraunhofer researchers are working on standardized playbooks to help companies optimize their security strategies and align them with each other. The playbooks are generated by large language models and support the automation of IT security.
  
• What users need to know about privacy and data after 23andMe's bankruptcy filing
  23andMe, one of the first companies to provide direct-to-consumer genetic testing kits, has filed for bankruptcy. Since its founding in 2006, it has sold over 12 million DNA kits, with high-profile users including Oprah Winfrey and Warren Buffett.
  
• Oracle warns health customers of patient data breach
  Hackers broke into Oracle Corp.'s computer systems and stole patient data in an attempt to extort multiple medical providers in the U.S., according to a person familiar with the matter and a notification the software company sent to clients.
  

Saturday, March 29, 2025

• Everything you say to an Alexa speaker will be sent to Amazon—starting today
  Amazon has disabled two key privacy features in its Alexa smart speakers, in a push to introduce artificial intelligence-powered "agentic capabilities" and turn a profit from the popular devices.
  

Thursday, March 27, 2025

• Signal is not the place for top secret communications, but it might be the right choice for you
  When top White House defense and national security leaders discussed plans for an attack on targets in Yemen over the messaging app Signal, it raised many questions about operational security and recordkeeping and national security laws. It also puts Signal in the spotlight.
  
• 23andMe filed for bankruptcy. Here's why you should be worried about your privacy
  Over the past decade, 23andMe has collected genetic data from millions of people—and now that the company has filed for bankruptcy, that information could be sold to the highest bidder, a Northeastern University data scientist warns.
  
• One Tech Tip: Don't give your email to strangers, use a decoy address instead
  You've heard of burner phones. What about burner email?
  

Wednesday, March 26, 2025

• Encryption breakthrough lays groundwork for privacy-preserving AI models
  In an era where data privacy concerns loom large, a new approach in artificial intelligence (AI) could reshape how sensitive information is processed.
  
• Giving verification more logic and more scale: New method enhances processor security against side-channel attacks
  More than seven years ago, cybersecurity researchers were thoroughly rattled by the discovery of Meltdown and Spectre, two major security vulnerabilities uncovered in the microprocessors found in virtually every computer on the planet.
  
• Leak of US military plans on Signal shows why security systems need to be easy to use
  Yesterday, The Atlantic magazine revealed an extraordinary national security blunder in the United States. Top US government officials had discussed plans for a bombing campaign in Yemen against Houthi rebels in a Signal group chat which inadvertently included The Atlantic's editor in chief, Jeffrey Goldberg.
  
• Signal app prized by activists central to Houthi chat uproar
  The messaging app Signal that Trump administration officials used to discuss an attack on Yemen's Houthi rebels was created by a one-time anarchist to help activists, journalists and others communicate beyond the prying eyes of government intelligence agencies—not to plan government military operations.
  
• Cracking the code of private AI: The role of entropy in secure language models
  Large Language Models (LLMs) have rapidly become an integral part of our digital landscape, powering everything from chatbots to code generators. However, as these AI systems increasingly rely on proprietary, cloud-hosted models, concerns over user privacy and data security have escalated. How can we harness the power of AI without exposing sensitive data?
  

Friday, March 21, 2025

• Q&A: What happens to your data if 23andMe collapses?
  A paper published in the New England Journal of Medicine calls for regulations to protect customers' personal and genetic data in light of biotech company 23andMe's uncertain future.
  

Thursday, March 20, 2025

• Engineers develop new security protocol to protect miniaturized wireless medical implants from cyberthreats
  A brain implant designed to help control seizures is hijacked. A pacemaker receives fake signals, disrupting its rhythm. A hacker infiltrates an insulin pump, delivering a fatal overdose. While these scenarios sound like scenes from a sci-fi thriller, such cyberhealth threats are of real concern as medical technology moves toward smart, wirelessly connected implants.
  
• Balancing various uncertainties in cyber threat intelligence
  In 2020, cybersecurity company Mandiant's computer system was compromised by an intruder exploiting an innocuous crack: routine software updates pushed out by another company, SolarWinds. Mandiant was one of nearly 18,000 organizations compromised.
  
• Researcher develops a security-focused large language model to defend against malware
  Security was top of mind when Dr. Marcus Botacin, assistant professor in the Department of Computer Science and Engineering, heard about large language models (LLMs) like ChatGPT. LLMs are a type of AI that can quickly craft text. Some LLMs, including ChatGPT, can also generate computer code. Botacin became concerned that attackers would use LLMs' capabilities to rapidly write massive amounts of malware.
  

Wednesday, March 19, 2025

• Belief in AI as a 'Great Machine' could weaken national security crisis responses, new research finds
  Artificial intelligence designed to influence our decisions is everywhere—in Google searches, in online shopping suggestions and in movie streaming recommendations. But how does it affect decision-making in moments of crisis?
  
• Reproductive health apps must do more to protect user data, researchers say
  A study by CUNY SPH researchers raises concerns about the privacy and security practices of popular reproductive health apps. The research, conducted by alumna Nina Zadushlivy, Assistant Professor Karmen Williams, and Arizona State University Assistant Professor Rizwana Biviji, evaluated four widely-used apps: Clue, Flo, Period Tracker by GP Apps, and Stardust.
  

Tuesday, March 18, 2025

• Web search formulas offer a first step for protecting critical infrastructure
  The technology behind web search engines is useful for more than tracking down your long-lost buddy or discovering a delicious new recipe. Technology based on search engine algorithms might also help keep the lights on, the water running and the trains moving during an emergency.
  
• AI 'reshaping' organized crime, warns Europol
  Artificial intelligence is turbocharging organized crime, from creating child sexual abuse images to money laundering via cryptocurrency, Europol warned Tuesday, with advances like quantum computing only poised to make things worse.
  

Sunday, March 16, 2025

• Cybersecurity officials warn against potentially costly Medusa ransomware attacks
  The FBI and the U.S. Cybersecurity and Infrastructure Security Agency are warning against a dangerous ransomware scheme.
  

Thursday, March 13, 2025

• Developing an ontology for smart city infrastructure threats, cybercrime and digital investigation
  With technological advancements and a growing awareness about the United Nations (UN) Sustainable Development Goals (SDGs), interconnected systems within cities that capture real-time data indicators reflecting chosen SDGs are a way forward. Known as smart city infrastructure (SCI), these systems are vital to nations in assessing their alignment with the UN SDGs. As the role of smart city infrastructure becomes apparent, it inevitably becomes a prime target for adversaries and cyber criminals.
  
• Don't click on those road toll texts. Officials issue warnings about the smishing scam
  State officials are warning Americans not to respond to a surge of scam road toll collection texts.
  
• Unofficial parental control apps put children's safety and privacy at risk
  Some "unofficial" parental control apps have excessive access to personal data and hide their presence, raising concerns about their potential for unethical surveillance as well as domestic abuse, according to new research from UCL and St. Pölten UAS, Austria.
  
• Researchers develop innovative method for secure operations on encrypted data without decryption
  A hospital that wants to use a cloud computing service to perform artificial intelligence data analysis on sensitive patient records needs a guarantee those data will remain private during computation. Homomorphic encryption is a special type of security scheme that can provide this assurance.
  
• Security is just a side quest: Insights from the video game industry
  The video game industry is a constantly changing market worth billions. In a qualitative interview study with industry experts, CISPA researcher Philip Klostermeyer from the team of CISPA Faculty Prof. Dr. Sascha Fahl investigated the challenges involved in incorporating security considerations into game development.
  

Wednesday, March 12, 2025

• Research reveals 'major vulnerabilities' in deepfake detectors
  An international team of researchers is calling for urgent improvements in deepfake detection technologies after uncovering critical flaws in widely used detection tools.
  

Tuesday, March 11, 2025

• Report warns of 'cyberwashing' in digital security claims
  A new Monash University report highlights the growing problem of organizations resorting to "cyberwashing" to mislead the public about their data privacy practices and recommends measures to build a genuine culture of cybersecurity.
  

Monday, March 10, 2025

• Countering a flaw in anti-censorship tools to improve global internet freedom
  A newly identified time-based vulnerability exposes a widely used technique to evade internet censorship, University of Michigan researchers have found. The findings emphasize the need to develop more robust countermeasures for the millions of people in heavily censored regions who rely on evasion techniques.
  
• Russian disinformation 'infects' AI chatbots, researchers warn
  A sprawling Russian disinformation network is manipulating Western AI chatbots to spew pro-Kremlin propaganda, researchers say, at a time when the United States is reported to have paused its cyber operations against Moscow.