Security News
The advanced threat actor known as APT29 has been hard at work attempting to pilfer COVID-19 vaccine research from academic and pharmaceutical research institutions in various countries around the world, including the U.S. That's according to a joint alert from the U.S. Department of Homeland Security, the U.K.'s National Cyber Security Centre and Canada's Communications Security Establishment, issued Thursday. The 14-page advisory details the recent activity of Russia-linked APT29, including the use of custom malware called "WellMess" and "WellMail" for data exfiltration.
Britain's cyber-security agency on Thursday accused a hacking group it said "Almost certainly" operates as part of Russian intelligence services of trying to steal research into potential coronavirus vaccines. The National Cyber Security Centre said the attacks by the group APT29 were ongoing but targets have so far included UK, US and Canadian vaccine research and development organisations.
The library "Boasts a suite of tools for machine learning and data analytics tasks, all with built-in privacy guarantees," according to Naoise Holohan, a research staff member on IBM Research Europe's privacy and security team. Differential privacy allows data collectors to use mathematical noise to anonymize information, and IBM's library is special because it's machine learning functionality enables organizations to publish and share their data with rigorous guarantees on user privacy.
SOC team members battle with burnout, overload and chaosWhile some organizations have increased security operations center funding, the overall gains have been meager, and the most significant issues have not only persisted, but worsened, according to Devo Technology. Privacy and security concerns related to patient data in the cloudThe Cloud Security Alliance has released a report examining privacy and security of patient data in the cloud.
Remarkably, the report uncovered that 13% of hackers are neurodiverse and possess neurological advantages that help them provide extraordinary depth and dimension in security testing. 6% of neurodiverse hackers experience Attention-Deficit/Hyperactivity Disorder and thrive in environments of rapid change, such as security research, where creativity and out-of-the-box thinking are rewarded generously.
Multistage targeted ransomware attacks against critical infrastructure, designed to maximize damage and recovery costs, are increasingly common. The attack was captured by Cybereason's 2020 honeypot research.
I just published a new paper with Karen Levy of Cornell: "Privacy Threats in Intimate Relationships." Abstract: This article provides an overview of intimate threats: a class of privacy threats that can arise within our families, romantic partnerships, close friendships, and caregiving relationships.
US authorities warned healthcare and scientific researchers Wednesday that Chinese-backed hackers were attempting to steal research and intellectual property related to treatments and vaccines for COVID-19. "We are leading the world in COVID-19 treatment and vaccine research. It is immoral to target China with rumors and slanders in the absence of any evidence," Zhao said.
One of Britain's most powerful academic supercomputers has fallen victim to a "Security exploitation" of its login nodes, forcing the rewriting of all user passwords and SSH keys. Sysadmins warned ARCHER users that their SSH keys may have been compromised as a result of the apparent attack, advising them to "Change passwords and SSH keys on any other systems which you share your ARCHER credentials with".
One of Britain's most powerful academic supercomputers has fallen victim to a "Security exploitation" of its login nodes, forcing the rewriting of all user passwords and SSH keys. Sysadmins warned ARCHER users that their SSH keys may have been compromised as a result of the apparent attack, advising them to "Change passwords and SSH keys on any other systems which you share your ARCHER credentials with".