Blog Posts

Posts

Security of Distributed Energy Resources: Data Integrity Attack Targeting Offshore Wind Farms

  • Nethmi Hettiarachchi
  • Published date: 2024-12-19 15:09:41

This blog highlights the cybersecurity risks of Distributed Energy Resources (DER) like wind and solar power. It discusses vulnerabilities in communication networks, focusing on a data integrity attack targeting offshore wind farms, which can destabilize grids and cause economic losses. The blog emphasizes the urgent need for enhanced security in DER systems to protect modern energy infrastructure.

CrossBarking: How a New Attack Targets Opera’s Secret APIs

  • Mohammad Jafari Dehkordi
  • Published date: 2024-12-18 10:03:19

This blog explores the CrossBarking exploit, a newly discovered attack targeting Opera's private APIs. It delves into how attackers use malicious Chrome extensions to inject harmful scripts, manipulate browser settings, and pair the exploit with XSS attacks for greater impact. Defensive measures, including stricter API permissions and enhanced extension vetting, are also discussed to help mitigate such threats.

Cryptography Libraries: Traditional vs. Quantum-Resistant Solutions

  • Shabnam Saderi
  • Published date: 2024-12-09 09:33:30

This blog explores the evolving landscape of cryptography, comparing traditional libraries like OpenSSL and libsodium with emerging quantum-resistant solutions such as CRYSTALS-Kyber and PQClean. It highlights their features, performance, and security to help developers navigate immediate and future data protection needs in an era of advancing quantum computing.

Advancing Cryptographic Agility: Embracing Hybrid Approaches for the Quantum Era

  • Vikas Chouhan
  • Published date: 2024-12-03 15:55:13

The blog highlights the growing quantum computing threat to traditional encryption, the importance of cryptographic agility, and the adoption of hybrid approaches. It explores NIST standards, quantum-safe strategies, and practical steps to secure digital assets for the future.

Threat Intelligence through Cyber Deception: A Beginner's Guide to Honeypots

  • Alireza Zohourian
  • Published date: 2024-11-28 15:50:39

The blog introduces honeypots—decoy systems used in cybersecurity to lure attackers and gather threat intelligence. It explains their role in identifying attack patterns, tools, and vulnerabilities, while protecting real systems. A step-by-step guide to setting up a honeypot with tools like Cowrie, VirtualBox, and Kali Linux is provided, along with tips for further exploration.

Preparing for the Quantum Shift: Post-Quantum Migration in Cybersecurity

  • Somayeh Sadeghi
  • Published date: 2024-11-26 09:14:34

Quantum computing is no longer just a thing of sci-fi movies or distant tech dreams. It’s becoming real—fast! And while that’s super exciting for fields like science and medicine, it’s a bit of a nightmare for cybersecurity. Quantum computers will be so powerful that they’ll be able to crack the encryption we rely on today, which means everything from online banking to secure communication could be at risk. But don’t panic! This is where post-quantum cryptography (PQC) comes in, and the process of shifting to quantum-safe encryption is called post-quantum migration. Let’s break down what it is, why you should care, and what needs to happen to keep our digital world safe.

Comprehensive Overview of Intel and AMD CPU Security Vulnerabilities

  • Yoonjib Kim
  • Published date: 2024-11-21 13:14:17

Modern CPUs integrate various advanced architectures and features to maximize performance and efficiency, but these advancements also introduce potential security vulnerabilities. Two major vulnerabilities recently discovered in Intel and AMD CPUs are Intel's RAPL interface vulnerability and AMD's Sinkclose vulnerability. Both vulnerabilities pose risks of sensitive data being extracted by attackers.

Protecting Kids: Tips to Combat Cyberbullying and Boost Mental Health

  • Hamed Jelodar
  • Published date: 2024-11-07 12:03:54

Cyberbullying on social media is a growing crisis that significantly impacts teens' mental health, leaving many feeling isolated and distressed. Addressing this issue calls for a proactive, empathetic approach that encourages positive online interactions and builds safer digital environments for young people.

Securing Modern Digitized Supply Chains

  • Windhya Rankothge
  • Published date: 2024-11-04 15:56:44

The use of recent disruptive technologies such as blockchain networks, cloud computing infrastructure and machine learning has made the supply chains more effective and efficient, but exposed them to different cyber vulnerabilities. Securing modern supply chains has become an essential, but a complicated task, with attacks such as SolarWinds.

Malware Packers: The Hidden Threat Inside Modern Cyber Attacks

  • Ehab Mufid Shafiq Alkhateeb
  • Published date: 2024-10-30 15:29:57

Malware packers obscure malicious code, helping it evade detection by compressing or encrypting files. This blog covers types of packers, their uses, and effective methods for identifying and unpacking hidden threats.

Lethal Weapon 5: SecOps

  • Kwasi Boakye-Boateng
  • Published date: 2022-01-13 10:45:07

This blog discusses SecOps, what it represents and its benefits.

Electronic Voting

  • Mahdi Abrishami
  • Published date: 2021-12-06 08:40:00

Which one do you prefer, traditional or electronic voting? If your preference is the latter one, read this post to know the requirements and potential threats of electronic voting.

Cyber Threat Intelligence: ”Is it a mythical animal?”

  • Ida Siahaan
  • Published date: 2021-12-03 13:11:04

Is ”a bunch of IOCs named for marketing” a CTI? or ”we did an IR response against a top tier APT, here are the only things the lawyer will let us say” a CTI? or ”this is a new threat; we have some generic and entirely impractical mitigation advice” a CTI? Or all of them plus many other definitions of CTI construct CTI? Is CTI a mythical animal like Pegasus, i.e., a horse with wings? This blog will briefly discuss about CTI and how today’s CTI is still evolving. Why it is good or not to share CTI and why systems thinking is very important to Cyber Security and CTI is a good helper to achieve this. Hopefully, someday we can say that CTI can help us going far together in Cyber Security.

Cyber, Pandemic & IoT

  • Barjinder Kaur
  • Published date: 2021-11-26 13:44:57

This post highlights the increase in cyber-attacks in the past few years. It discusses the various ways and strategies followed by malicious attackers to take control over the system. Also exposing that due to COVID19-pandemic, how everything has changed with number of attacks increased many-fold due to work from home facility. In addition, Internet-of-Things (IoT) devices have made it more critical for cybersecurity providers to secure IoT environments.

Social Media Attack: A Rising Threat to Everyone!

  • Dilli P. Sharma
  • Published date: 2021-11-23 14:50:11

Hey! Are you using social media (Twitter, Facebook, Instagram, YouTube)? Are you aware of cyberattacks (data breach, phishing, SIM swap, disinformation) on social media and their impact? If not, this blog makes you aware of these attacks. This blog provides an overview of the rising cyberattacks on/via social media and their impacts.

Privacy, Security, and Reliability Aspects in Trading Personal Data for Businesses

  • Rashid Khokhar
  • Published date: 2021-11-22 14:30:54

This post is for companies who are dealing with the personal data of users for business purposes. As we know, data has become an integral part of almost every industry, such as social media, healthcare, e-commerce, and government. With the advancements in digital technology and the proliferation of online services, data is growing at a tremendous pace.

Secure Your Organization with Social Engineering Pen Testing

  • Wajiha Shahid
  • Published date: 2021-11-10 09:49:20

Are you struggling to keep up the security pace of your organization? If so, this article is for you! In today's era of rising global cybersecurity threats, Social engineering tests can prove beneficial for companies to stress-test their weakest links and resolve any underlying issues to avoid security breaches. One of the practical techniques is penetration testing (also known as "pen testing").

Learning AI with NO Data: No more Data Problem? (One-shot learning AND Less than One-shot learning)

  • Sajjad Dadkhah
  • Published date: 2021-08-11 16:20:59

Unlike humans, deep supervised algorithms and machine learning techniques require several objects to learn. A child usually needs to perceive just a few examples of an object or even only one before recognizing it for life. By displaying photos of a horse and eagle and telling the child there is a magical creature in between called a unicorn, they can recognize it anywhere they see it. The question is, how can we program AI to be the same? A couple of MIT researchers proposed a distillation technique that synthesizes a small number of data points that do not need to come from the correct data distribution. Their experimental result illustrated that their model could compress 60,000 MNIST training images into only 10 images (one per class).

”We”llness not ”I”llness: Cyber Security is a Shared Responsibility

  • Ida Siahaan
  • Published date: 2021-06-23 17:13:55

"mizaru, kikazaru, iwazaru" (see not, hear not, speak not). What can we learn from "see no evil, hear no evil, speak no evil" in the realm of cyber security? In cyber security we do need to see evil, to hear evil, and to speak about evil which can be facilitated by an approach coined as Situation awareness (SA). In SA, we "see and hear" the environment within a context of time and space, then we "speak" about their meaning and the projection in the future. Therefore, systems thinking is very important in cyber security. This blog will discuss how today's endpoint security, network security, threat information sharing, orchestration, and automation of cyber security are still evolving. By considering the current situation, it is good enough for us to say that cyber security is indeed a shared responsibility. It is indeed a "We" in wellness not an "I" in illness.

Interpreting AI-based Cybercrime Prediction

  • Haruna Isah
  • Published date: 2021-05-25 15:44:46

Crime detection using Artificial Intelligence (AI) approaches, especially Machine Learning (ML) techniques have attracted a lot of attention in both academic research and industry practices. However, the inability of humans to understand how some of these models arrive at their decision is raising a lot of ethical issues. In addition, data protection laws such as the General Data Protection Regulation (GDPR) has empowered data subjects to be entitled to an explanation of automated decisions impacting them and the right to challenge such decisions. Thanks to Explainable AI, an active area of research aimed at ensuring transparency in the use of AI and ML. This article explores the potentials and biases of AI and ML and highlights interpretability methods and libraries that can be leveraged in rooting out inequality in the application of automated decision-making in risk profiling and behavioral analytics as it relates to criminal justice and financial crime prediction.

Tips to spot Fake News

  • Saqib Hakak
  • Published date: 2021-05-18 10:28:01

The research community from different disciplines is studying the dissemination, detection, and mitigation of fake news, however, it remains challenging to detect and prevent the dissemination of fake news in practice. In this blog, we will share few useful tips that can help in identifying fake news articles.

10 ways AI is Benefiting You

  • Ram Tavva
  • Published date: 2021-05-04 12:18:01

If you are searching the term “artificial intelligence” on Google or you ended up on this particular blog, or commuted to work using Amazon, yes you made use of Artificial Intelligence.

Can we trust an autopilot?

  • Mohammed Al-Darwbi
  • Published date: 2021-05-03 12:03:47

As with all networked computing devices, increased connectivity often results in a heightened risk of a cybersecurity attack. Vehicles are currently being developed and sold with increasing levels of connectivity and automation. After all, people’s lives depend on the proper functioning of the system[1].

Internet of Things Platforms Interoperability

  • Mahdi Daghmehchi Firoozjaei
  • Published date: 2021-04-26 14:20:36

Due to IoT ecosystem's complexity, no single technology can deliver a complete IoT solution on its own. From connectivity, sensors, and gateways to the cloud and application systems, an IoT architecture is composed of various components working in concert with each other. As a global partnership project, oneM2M develops standard specifications that cover requirements, architecture, security solutions, and interoperability for machine-to-machine (M2M) and IoT technologies. oneM2M is a service layer platform to support end-to-end IoT services including M2M communications by developing technical specifications. In this blog, we introduce oneM2M and its service layer functions.

MITRE ATT&CK Framework

  • Mahdi Daghmehchi Firoozjaei
  • Published date: 2021-04-26 14:03:38

Abstract- The MITRE ATT&CK framework is a comprehensive matrix of tactics and techniques used by adversaries to compromise information technology (IT) and operational technology (OT) systems. This framework is used by security engineers to develop analytics to detect possible adversary behaviors. ATT&CK became the practical tool both for the adversary emulation team to plan events and for the detection team to verify their progress. In this blog, brief descriptions of the adversarial tactics used by malicious cyber actors in the IT and OT systems are provided.

Types of Distributed Denial of Service (DDoS) Attacks

  • Samaneh Mahdavifar
  • Published date: 2021-04-19 15:34:56

The goal of Distributed Denial of Service (DDoS) attacks is to disrupt the normal traffic of a target network/server by overloading the target with a large volume of malicious traffic. In this blog, we provide descriptions of a wide variety of DDoS attacks categorized into two broad groups of reflection-based and exploitation-based attacks.

I AM TRACKING YOU, AND YOU DON'T KNOW

  • Barjinder Kaur
  • Published date: 2021-04-14 10:41:02

With the increase usage of smartphones, stalkers found new way to abuse their victims by stealing their online freedom. Usually, this is done by stalkerware apps which are a growing concern in domestic violence. In the recent past, these apps have come with disturbing and dangerous implications as they easily installed without victim's knowledge.

Moving Target Defenses (MTDs): Game-Changing Defense Techniques for Cybersecurity

  • Dilli P. Sharma
  • Published date: 2021-04-12 12:31:28

The static nature of the existing state-of-the-art computing systems provides asymmetric advantages to attackers that make them easy for reconnaissance, plan and launch attacks. The concept of Moving Target Defense (MTD) is to dynamically change the attack surface to increase uncertainty and confuse the attackers by invalidating their intelligence collected during the reconnaissance and it significantly reduces the attack success.

DIGITAL FORENSICS

  • Saeed Shafiee
  • Published date: 2021-04-09 09:40:36

This blog describes how digital forensic techniques and tools enable defenders to detect cyberattacks and identify defensive approaches to prevent the similar attacks in future.

Top 5 reasons why Data Centers need SOC1 Audit Report

  • Narendra Sahoo
  • Published date: 2020-10-20 09:53:54

Organizations often outsource some of their services to third-party vendors for handling their business-critical data. With some of your most valuable data assets stored with third-party organizations, security becomes a major concern. As a service organization, you would want to know whether the security controls implemented are the best practices to safeguard your customer’s data. You would also want to ensure that your third-party vendor is Compliant with various industry standards. This is when a SOC1 Audit comes into the picture. SOC1 Audit plays a key role in ensuring whether or not a company is compliant with the set security standards and has in place necessary controls. This blog covers the top 5 reasons why a data center should consider or rather need a SOC1 Audit. But before delving in, let us first understand what a SOC1 Audit is.

Security and Data Privacy in 5G and Next Generation IoT Networks

  • Haruna Isah
  • Published date: 2020-08-06 11:16:55

As 5G standards continue to evolve, all relevant stakeholders including research institutions should be involved in the 5G technology rollout process and the 6G development initiative to ensure the security of billions of IoT devices and systems. This also applies to the development of emergent networks which will have big implications for government and industry solutions in terms of public safety and critical asset protection.