News

1 2 3 4
  • All
  • CCS News
  • Press Highlights

NYU and NY Cyber Command team up to offer cheap cybersecurity education and training

May 10, 2018

Earlier this year NYU Tandon School of Engineering and New York’s Cyber Command (NYC3) joined forces to announce one of the country’s most affordable Cybersecurity Master’s Degree in the form of its NY Cyber Fellows program. The program was developed to answer Mayor Bill de Blasio’s New York Works initiative to add 10,000 cybersecurity experts to the workforce within a decade and will offer the degree for $15,000 after scholarships for the entire master’s cybersecurity degree program.

That cheap beach vacation rental on Craigslist could be a scam

May 8, 2018

according to a 2016 study from New York University’s Tandon School of Engineering.

Inside New York City Cyber Command

May 8, 2018

A government agency most people know nothing about that’s leading America’s biggest city into the future.

 

When Studying Doxing Gets You Doxed

May 8, 2018

Doxing is a particular form of this harassment in which a victim’s private information is publicly released with the intent of exacting revenge, seeking justice or intimidating the individual. … Unfortunately, doxing can happen to anyone. It even happened to me; following the release of our study, my colleagues and I experienced doxing firsthand. Our physical addresses and links to our social network profiles were posted online, prompting threatening messages.

Ransomware payments, blockchain and cryptoexchanges

May 8, 2018

The murky ecosystem of ransomware payments comes into focus in new research led by Damon McCoy, an assistant professor of computer science and engineering at the NYU Tandon School of Engineering.

Study exposes murky ecosystem of ransomware payments

May 8, 2018

…in May, Damon McCoy, an assistant professor of computer science and engineering at the NYU Tandon School of Engineering and a team…

As Cities Get High-Tech, Hackers Become More Dangerous

May 8, 2018

 

…as once an hour. “It’s somewhat surprising it doesn’t happen more,” says Justin Cappos, a NYU computer science professor who…

NYU Professor Finds $16 Million Impact of Ransomware

April 12, 2018

A recent study co-authored by NYU Assistant Professor of Computer Science and Engineering at the Tandon School of Engineering Damon McCoy found that ransomware — a type of computer software which encrypts users’ files and does not return them unless payment has been made — has generated approximately $16 million from over 20,000 victims of the cyber attacks throughout the two years the study was conducted.

CYBERSECURITY LECTURE DEBUNKS MYTHS OF FIELD

April 9, 2018

NYU Tandon School of Engineering’s Cybersecurity Lecture Series recently hosted the 10th lecture in its series, which brings together some of the top experts and tech professionals to speak on the latest advances and issues within cybersecurity. Now sponsored by finance and insurance corporation AIG, the lecture comes on the heels of recent global cyber-attacks and ransomware such as Petya, which affected a Ukrainian power grid; WannaCry, which disrupted hospital and school systems; and the 2016 email leak from the Democratic National Committee.

The True Cyber Crime? – Failing to Collaborate

April 5, 2018

Cybersecurity Quarterly – Spring 2018

By Nasir Memon, Associate Dean of Online Learning of NYU Tandon School of Engineering.

With the exponential growth of the Internet of Things and the digital threats to our very democracy in the news on a daily basis, the need for cybersecurity experts is self-evident. …  At New York University Tandon School of Engineering (NYU Tandon), for example, our new Cyber Fellows initiative – an elite, competitive online master’s program – costs just $15,000, thanks to generous scholarships, with no compromises to the high caliber of instruction. We envision it could scale to accommodate hundreds, or even thousands, of students.

Mayor De Blasio Announces NYC Secure, The City’s First-Ever Cybersecurity Initiative To Protect New Yorkers Online

April 5, 2018

Public Now

Mayor de Blasio today announced the launch of NYC Secure, a pioneering cybersecurity initiative aimed at protecting New Yorkers online.  … ‘CyberCrime is sadly a part of our daily reality, and NYU Tandon is eager to continue its partnership with New York City and support Mayor de Blasio’s initiatives that help provide online privacy and security,’ said Nasir Memon, Associate Dean at NYU Tandon School of Engineering.

NYU’s Tandon School of Engineering appoints first female dean

April 5, 2018

Brooklyn Eagle

For the first time in its 164-year history, the former Polytechnic Institute of Brooklyn appointed its first female dean yesterday. Jelena Kovacevic was named dean of NYU’s Tandon School of Engineering by President Andrew Hamilton and Provost Katherine Fleming, effective Aug. 15.  Kovacevic, who comes from Carnegie Mellon University — where she is the Hamerschlag University professor, the head of the Department of Electrical and Computer Engineering and a professor of biomedical engineering — is the first woman to head the school since its founding in 1854.

Inside the Dark World of Trolling

April 4, 2018

Professor Damon McCoy speaks on the dark side of trolling.

Marketing, Cyber Security Professors Weigh in on Cambridge Analytical Scandal

April 4, 2018

Washington Square News

With all of Cambridge Analytica’s lapses, NYU Tandon professor Justin Cappos, who works heavily in cyber security, warns against placing too much of the blame on the data firm, which he likened to a robber and Facebook to a glaringly insecure bank. “Of course, what Cambridge Analytica did was bad but Facebook set up the rules and the system for how this was all supposed to happen,” Cappos said to WSN. “Facebook isn’t in the business of storing data secretly, they’re in the business of gathering information about you and selling it […] to make as much money as possible.”

Why the military needs to take 3-D printer cybersecurity seriously

April 4, 2018

C4ISRNET

The use of 3-D printing in the military is becoming more commonplace, and as a result experts are emphasizing the importance of treating 3-D printers like the hackable machines they are. While a 3-D printer’s capability for experimental on-site manufacturing is far more futuristic than a traditional Wi-Fi enabled printer, the hardware is as vulnerable to cyberattacks as an average laptop or connected printer, said Nikhil Gupta, a New York University [Tandon School of Engineering] associate professor of engineering and materials researcher.

Scientists trace ransomware payments across the globe

April 4, 2018

Futurity

New research brings the murky ecosystem of ransomware payments into focus. Ransomware attacks, which encrypt and hold a computer user’s files hostage in exchange for payment, extort millions of dollars from individuals each month and comprise one of the fastest-growing forms of cyber attack. … Damon McCoy, assistant professor of computer science and engineering at the Tandon School of Engineering at New York University, and his collaborators took advantage of the public nature of the bitcoin blockchain technology to trace ransom payments over a two-year period.

Ransomware payments, blockchain and cryptoexchanges

April 4, 2018

Enterprise Times

The murky ecosystem of ransomware payments comes into focus in new research led by Damon McCoy, an assistant professor of computer science and engineering at the NYU Tandon School of Engineering. … Amongst the most striking findings are: the discovery that South Koreans are disproportionately impacted by ransomware campaigns. … Most ransomware operators used a Russian bitcoin exchange, BTC-E (now seized by the FBI), to convert bitcoin to fiat currencies; the research estimates at least 20,000 individuals made ransomware payments over the past two years, at a confirmed cost of $16 million (the true payment total is likely higher).

More than $16 Million Ransomware Payments Have Been Made in the Past 2 Years

April 4, 2018

Researchers from the NYU Tandon School of Engineering have studied ransomware payments learning that $16 million in ransomware payments have been tracked in the past two years by researchers with South Korea paying about $2.5 million as the country has been hard hit by the impact of ransomware. … ‘Ransomware operators ultimately direct bitcoin to a central account that they cash out periodically, and by injecting a little bit of our own money into the larger flow we could identify those central accounts, see the other payments flowing in, and begin to understand the number of victims and the amount of money being collected,’ says Damon McCoy, an assistant professor of computer science and engineering at the NYU Tandon School of Engineering and who led the research.

Which Russia hack? Part 1

April 4, 2018

Carbonite – Breach (podcast series)

Damon McCoy, assistant professor of computer science and engineering at NYU Tandon at 19:18.

… In this episode of Breach, we attempt to connect the dots between the Yahoo security breach, the DNC hack and efforts to undermine the U.S. presidential election on social media. And while we didn’t find evidence of a direct link, it’s clear that all three can be connected to the larger Russian cybersecurity playbook.

How to Protect Today’s Highly Computerized Cars from Hackers (video)

April 4, 2018

Interview with Justin Cappos, associate professor of Computer Science and Engineering at NYU Tandon, at 7:50.

“Certainly as these systems get more and more complex there are more and more opportunities for hackers,” said Cappos. “It’s not clear whether having cars that drive themselves or have advanced safety systems are more at risk or less at risk … safety systems may actually reduce risks as they fight hackers.”

Opening Arguments Begin In AT&T And Time Warner Merger Case

March 22, 2018

The telephone and Internet giant AT&T wants to buy the media conglomerate Time Warner. President Trump has opposed this $85 billion deal, and the U.S. Justice Department is in federal court to try and stop it. The opening arguments are scheduled to begin this week…. [Center for Cybersecurity Co-Chair Randy] Milch says a judgment against AT&T may well ice future corporate deals.

Randy Milch, CCS Co-Chair and Judi Germano, CCS Senior Fellow to speak at PCCE Cybersecurity Conference

March 21, 2018

On behalf of the NYU School of Law Program on Corporate Compliance and Enforcement (PCCE), we would like to invite you to our upcoming conference, Global Cyber Threats: Corporate and Governmental Challenges to Protecting Private Data on April 6, 2018 at the Lester Pollack Colloquium Room, 9th Floor, Furman Hall, 245 Sullivan Street, New York, New York.

 

The conference is an off-the-record event and is invitation only. In order to attend, you must pre-register.

OSIRIS Lab Welcomes First Female Hacker-In-Residence

March 15, 2018

NYU Tandon’s Offensive Security, Incident Response and Internet Security Laboratory, well known as the OSIRIS Lab, recently welcomed a new hacker-in-residence: Sophia d’Antoine, a Senior Security Researcher at Trail of Bits.

Professor Nikhil Gupta’s lab develops breakthrough 3D-printed foam

March 15, 2018

… Only 5 percent of the Earth’s oceans have been explored, according to the National Oceanic and Atmospheric Administration. But that could be changing, thanks in part to a new development by researchers at the NYU Tandon School of Engineering. Coming out of the lab of Professor Nikhil Gupta

Pay Us Bitcoin or Never See Your Files Again…

March 15, 2018

A study by researchers at Google, Chainalysis, University of California San Diego and NYU Tandon School of Engineering estimated that from 2016 to mid 2017, victims paid $25 million in ransom to get files back. CSE Professor, Damon McCoy’s research was referenced in this article.

Justin Cappos, Associate Professor, featured on PBS Sci Tech

February 26, 2018

Professor Cappos’ segment on PBS Sci Tech will be airing ­­on 3/26/18 on WLIW at 7:30pm. It will repeat on 3/28/18 at 5:30pm and 4/01/18 at 6pm. Additionally, the show will be posted to http://scitechnow.org/ following the first airing.

Damon McCoy, Assistant Professor, Sat on FTC Information Injury Workshop

February 26, 2018

Professor McCoy described his research with doxing, which is the public release of people’s information and other methods of social engineering that collect personal information. His research indicates that the use of this data can be innocuous or harmful if it is used for extortion or other stalking purposes.

Cyber Fellows Master’s Program Highlighted in City & State New York Article

February 26, 2018

Professor Nasir Memon talked about the city’s and industries’ strategies to find and recruit more qualified personnel. As part of the strategy, the two mentioned the “Cyber Fellowship” initiative; a master’s program in cybersecurity.

Nasir Memon, Co-Founder of NYU CCS, featured in The Bridge BK Podcast

February 20, 2018

Professor Memon, a pioneer in computer science, spoke on The Bridge BK podcast about how he aims to make the field affordable and open to all. Click the link to listen.

NYU Tandon Student, Abdullah Alharbi, Featured In Nature Nanotechnology

February 6, 2018

journal_header_v3

Electrical and Computer Engineering Student, Abdullah Alharbi’s work on the application of 2D materials for security was featured as a research highlight in Nature Nanontechnology. Click to read more…

NYU Tandon and New York City Cyber Command Launch New York Cyber Fellows Master’s Degree Program

January 26, 2018

New York University Tandon School of Engineering, in partnership with New York City Cyber Command, today launched the New York Cyber Fellows, a unique, affordable online cybersecurity master’s degree program designed in conjunction with leading New York City employers to address the acute shortage of highly trained technical professionals in the city and nation.

Car Hacking Remains a Very Real Threat as Autos Become Ever More Loaded with Tech

January 21, 2018

Automakers and suppliers are making progress in protecting vehicles from cyber attacks, but the car-hacking threat is still real and could get increasingly serious in the future when driverless vehicles begin talking to each other. … Justin Cappos, a computer science professor at New York University’s Tandon School of Engineering, said one of the more promising ways to stay ahead of hackers is through regular over-the-air software updates to fix vulnerabilities as soon as they become known.

A New Way To Track Down Bugs Could Help Save IOT

January 18, 2018

wired

On a clear day this summer, security researcher Ang Cui boarded a boat headed to a government biosafety facility off the northeastern tip of Long Island. … “Right now we haven’t seen much of it because there are so many IoT systems already out there with even more trivially exploitable problems like default passwords,” says Brendan Dolan-Gavitt, a software analysis and embedded device researcher at New York University [Tandon School of Engineering]. “So until those become more scarce, I wouldn’t expect attackers to expend effort.”

Americans Concerned About Cybersecurity of Self-Driving Cars

January 18, 2018

Many Americans are concerned about potential cyber risks to self-driving cars, though the public is more comfortable with the industry’s overall safety than in the past, Morning Consult polling shows. … Justin Cappos, a systems and security professor at the New York University Tandon School of Engineering, said the inherent vulnerabilities in most connected devices — including autonomous vehicle technology — shouldn’t necessarily influence consumers’ opinions about the safety of driverless cars.

IBM Joins New York Cyber Fellows Program to Address Cyber Skills Shortage

January 17, 2018

The growing workforce shortage in the cybersecurity industry is no secret, with thousands of job currently open and a shortfall of nearly 2 million workers anticipated in the next several years. … As part of these efforts, IBM Security works with hundreds of higher education programs around the world on skills, training and recruitment initiatives. Last week IBM expanded those efforts by joining a new program founded by New York University (NYU) Tandon School of Engineering, in partnership with New York City Cyber Command (NYC3).

BlackBerry in Motion: Firm Aims to Secure Cars From Hackers

January 17, 2018

BlackBerry mobile devices are a rare sight. But you may still be using the company’s technology – in your car. … Static binary code scanning tools are good at finding obvious vulnerabilities in code, says Damon McCoy, an assistant professor in the computer science and engineering department at New York University [Tandon School of Engineering]. McCoy, who has not analyzed Jarvis, says BlackBerry may have a bit of an edge given its experience with embedded systems.

BlackBerry in Motion: Firm Aims to Secure Cars From Hackers

January 17, 2018

Static binary code scanning tools are good at finding obvious vulnerabilities in code, says Damon McCoy, an assistant professor in the computer science and engineering department at New York University. McCoy, who has not analyzed Jarvis, says BlackBerry may have a bit of an edge given its experience with embedded systems. But it’s also possible that BlackBerry might lag competitors’ sophistication when it comes to the algorithms they use to find potential vulnerabilities.

With More Tech Comes More Hacking Risk for Smart Cars

January 16, 2018

Automakers and suppliers are making progress in protecting vehicles from cyberattacks, but the car-hacking threat is still real and could get increasingly serious in the future when driverless vehicles begin talking to each other. … Justin Cappos, a computer science professor at New York University’s Tandon School of Engineering, said one of the more promising ways to stay ahead of hackers is through regular over-the-air software updates to fix vulnerabilities as soon as they become known.

Car Hacking Remains a Very Real Threat as Autos Become Ever More Loaded With Tech

January 13, 2018

Automakers and suppliers are making progress in protecting vehicles from cyber attacks, but the car-hacking threat is still real and could get increasingly serious in the future when driverless vehicles begin talking to each other. … Justin Cappos, a computer science professor at New York University’s Tandon School of Engineering, said one of the more promising ways to stay ahead of hackers is through regular over-the-air software updates to fix vulnerabilities as soon as they become known.

NYU Tandon offers affordable cybersecurity master’s degree with backing from NYC

January 11, 2018

With everything from Russian hackers to credit card fraud becoming very much a 21st century problem, a door of opportunity has just opened for New York City students hoping to get into one of the hottest fields on the planet. New York University Tandon School of Engineering in Downtown Brooklyn is partnering with the city to launch an affordable online cybersecurity master’s degree program.

NYU Tandon and NYC Cyber command launch a new cybersecurity Master’s Program

January 11, 2018

New York City is now home to a cybersecurity master’s degree program, launched as a joint effort between New York University (NYU) Tandon School of Engineering and New York City Cyber Command. This program, dubbed the New York Cyber Fellows, is an online initiative created in conjunction with leading employers within New York City, aiming to alleviate an acute shortage of highly-trained cybersecurity professionals that has become an increasingly relevant problem for both the jurisdiction and the rest of the nation.

NYU Launches Cybersecurity Master’s Program to Help Fill Skills Gap

January 10, 2018

Cybersecurity threats are a serious issue, but the field is lacking experts who can prevent or handle such hacks. … One estimate predicts that the world will see a global shortage of 1.8 million cybersecurity experts by 2022.To help fill this skills gap, New York University’s Tandon School of Engineering has launched the New York Cyber Fellows, an online master’s program for cybersecurity education that costs $15,000 — the least, the school said, of any cybersecurity master’s program in New York City.

The Worst Healthcare Cybersecurity Breaches of 2017

December 29, 2017

In 2017, a spate of high-profile attacks brought the healthcare industry’s need to strengthen its cybersecurity into sharp focus. Ransomware, like WannaCry and NotPetya, has wreaked havoc in small hospitals and biopharma giants alike, and the vulnerabilities appear widespread and acute, experts said. … “If you were hit by WannaCry, you were really doing something very wrong,” said Justin Cappos, PhD, associate professor of systems and security at [the NYU Tandon School of Engineering] Computer Science and Engineering Department.

2018: The Year Of Blockchain For Ad Industry?

December 29, 2017

Blockchain technology emerged in the advertising industry as a sort of phenomenon in 2017. Companies like IBM and Microsoft are betting big on the technology that seems to be pumping new life into some of the more established players and retailers, such as Oracle and Walmart. .. In July 2017, Google researchers reported that Chainalysis, UC San Diego, and the NYU Tandon School of Engineering used blockchain to track $15 million in ransomware.

3D Printing Industry Review Of The Year May 2017

December 27, 2017

A month of celebration – in May we held the first ever annual 3D Printing Industry Awards and hosted a gala dinner of esteemed guests including Siemens, 3D Systems, Ultimaker, Zortrax, Desktop Metal, Shining 3D, Markforged, Zortrax, Sinterit, HP, Dassault Systèmes, DWS, Autodesk, Polymaker and UCL. … And a team at the New York University Tandon School of Engineering, published a paper of interest to high-risk manufacturing describing a method on adding deliberate mistakes to .stl files as a means of security.

CCS and C2SMART Center Post-Doc Opportunity

December 20, 2017

The C2SMART Center and the NYU Center for Cybersecurity (cyber.nyu.edu) are jointly seeking to hire a Post-doctoral fellow to conduct state-of-the art research on emerging transportation cybersecurity problems.
With the emergence of connected and autonomous vehicles as well as the increasing levels of automation of all transportation systems, there is a growing recognition of cybersecurity threats to all of the transportation system components including vehicles, users, and cyber and physical infrastructures. This candidate will work closely with faculty and students in:

  • Researching and identifying cybersecurity issues faced in automated implementations of transportation systems
  • Developing multi-disciplinary solutions targeted at intrusion detection and vulnerable transportation infrastructure
  • Preparing and designing protocols designed to ensure automated systems and platforms are adequately identifying and preparing for cybersecurity threats
  • Leading outreach efforts for increasing agency awareness of transportation cybersecurity
Applications should be submitted at: https://apply.interfolio.com/48019

NYU Tandon Becomes a Center of Influence in the World of Hardware Security

December 6, 2017

Tandon

Since 2002, when NYU Tandon Professor of Electrical and Computer Engineering Ramesh Karri and his students generated the first research on attack-resilient chip architecture, the school has been at the forefront of this vital field, demonstrating before anyone else that integrated circuits’ test and debug ports could be used by hackers; delivering the first set of invited Institute of Electrical and Electronics Engineers (IEEE) tutorials in hardware security in the U.S., Europe, and Latin America; and presenting the first research paper on split manufacturing, a means of thwarting counterfeiting by an untrusted foundry by dividing a chip’s blueprint into several components and distributing each to a different fabricator; among other such accomplishments.

Let’s Talk About the Latest Godawful Cybersecurity Plan

December 4, 2017

By 2020, some major companies will shovel billions of dollars into developing more comprehensive forms of security according to the International Data Corporation, and policy-makers are following closely, proposing new legislation and regulations to accompany them. One of the latest is the newly repurposed Active Cyber Defense Certainty (ACDC) Act, also called the hack-back bill. … [where] Victims are encouraged to literally “hack back” against their aggressors. … it makes many experts uneasy. … Justin Cappos, a computer science professor and director of the Secure Systems Lab at New York University [Tandon School of Engineering said,] “In some cases this may be an appropriate response to actions, but in this case I think it’s misguided.”… “I think that this might be taking that idea to a very dangerous place.”

Random Light Patterns – A Novel Cyber Security Solution?

November 30, 2017

Researchers at New York University Tandon School of Engineering have developed a new class of unclonable cybersecurity security primitives using the high level of structural randomness in 2D MoS2. … In a paper published in the journal ACS Nano (‘Physically Unclonable Cryptographic Primitives by Chemical Vapor Deposition of Layered MoS2), Davood Shahrjerdi and his NYU Tandon team offer the first proof of complete spatial randomness in atomically thin MoS2.

A Timely Talk About Cyber Threats to Our Democracy

November 30, 2017

Tandon

On November 16, as many Americans prepared for Thanksgiving, Ed Amoroso — former chief security officer of AT&T Services, advisor to four presidential administrations, CEO of global security firm TAG Cyber LLC, and NYU Tandon Distinguished Research Professor — gave a rapt audience a good reason to be thankful: that there are brilliant, experienced, and visionary cybersecurity experts exploring recent cyber-threats to our electoral system and ways to mitigate those risks in the future.

HERE buys OTA specialist ATS

November 29, 2017

… ATS’s OTA Plus v3 product is secured by Uptane, a security system for OTA developed by New York University Tandon School of Engineering (NYU), the University of Michigan Transportation Research Institute (UMTRI), and the Southwest Research Institute (SWRI) under a programme supported by the US Department of Homeland Security. The ATS acquisition will be developed as a support for HERE’s mapping business, as an independent product offering and for new applications such as drones.

Researchers Discover Big Cryptographic Potential in Nanomaterial

November 29, 2017

The next generation of electronic hardware security may be at hand as researchers at New York University Tandon School of Engineering introduce a new class of unclonable cybersecurity security primitives made of a low-cost nanomaterial with the highest possible level of structural randomness. Randomness is highly desirable for constructing the security primitives that encrypt and thereby secure computer hardware and data physically, rather than by programming.

Nanotech Anti-Hacker Developed to Challenge Any Hacker Now

November 29, 2017

Researchers at the New York University Tandon School of Engineering have developed a new class of low-cost nanomaterial which could protect computer hardware and data physically from hackers. … Davood Shahrjerdi, Assistant Professor at Tandon who led the research said, “At monolayer thickness, this material has the optical properties of a semiconductor that emits light, but at multilayer, the properties change, and the material no longer emits light

Victims of ‘Home Takeover’ Scam Locked Out of House

November 26, 2017

WP_Featured

A Delaware man says he’s the victim of a so-called “home takeover” scam. … Alexander Pratt lived in a Wilmington house for 10 months with his fiancee and son before being locked out. … Pratt said the man he thought was the landlord and to whom he paid rent disappeared. The real property owners said they had no idea anyone was living in the house. Pratt said he rented the house from a man who posted an ad on Craigslist. … Such scams are not new. And researchers at New York University’s Tandon School of Engineering found that Craigslist often fails to identify scam rental listings.

Experts Warn: Terrorists ‘Could Kill Millions’ by Remotely Hacking People’s Cars

November 25, 2017

Cyberterrorists have the potential to put millions of lives at risk by hacking the sophisticated cars on 21st Century roadways, one expert has warned. The caution comes amid a host of technological advances pervading the automotive industry. … “If there was a war or escalation with a country with strong cybercapability, I would be very afraid of hacking of vehicles,” said Justin Cappos, a computer scientist at New York University [Tandon School of Engineering]. “Many of our enemies are nuclear powers but any nation with the ability to launch a cyberstrike could kill millions of civilians by hacking cars. It’s daunting.”

Cyber criminals working for enemy states could ‘kill millions’ by remotely hacking cars, warns expert

November 20, 2017

Terrorist hackers working for enemy states could turn cars into killing machines, a security expert has warned. Any car built after 2005 is an ‘open door’ to hackers and could be remotely controlled to obliterate ‘millions of civilians’, a researcher has found. The warning was made by Justin Cappos. … Dr Cappos says this vulnerability should be treated as an ‘urgent’ national security issue, writes The Times. ‘If there was a war or escalation with a country with strong cybercapability, I would be very afraid of hacking of vehicles.’

Hackers could take control of cars and kill millions, ministers warned

November 20, 2017

Modern cars are an “open door” to hackers, inviting hostile states to use Britain’s roads as a weapon against citizens, ministers have been warned. Deaths are inevitable within five years if carmakers do not fix vulnerabilities in technology, one of the world’s experts in vehicle software has said. Justin Cappos said that any car built since 2005 could be controlled remotely by hackers with some cars built as long ago as the year 2000 also at risk. Hackers could already be causing accidents without the authorities realising it because no one was looking for the evidence.

Boards Should Think of Cyber a Bit More Like Bank Robberies, Former AT&T Security Chief Says

November 17, 2017

Corporate boards should think about cybersecurity risk as banks think about bank robbery: a relatively common risk that must be managed. “Just like bank robbery, you can’t say get rid of (cyber risk) and make it never happen,” said Ed Amoroso, former chief security officer at AT&T Inc.

A Quantitative Analysis of Doxing: Who Gets Doxed, and How Can We Detect Doxing Automatically?

November 14, 2017

A group of NYU [Tandon School of Engineering] and University of Illinois at Chicago computer scientists have presented a paper at the 2017 ACM Internet Measurement Conference in London presenting their findings in a large-scale study of online doxings, with statistics on who gets doxed (the largest cohort being American, male, gamers, and in their early 20s), why they get doxed (‘revenge’ and ‘justice’) and whether software can detect doxing automatically, so that human moderators can take down doxing posts quickly.

Cyber Defense Tool Limitations and What Our Leaders Should Be Doing About Them

November 13, 2017

With:

Judith Germano, Senior Fellow at the NYU Center for Cybersecurity and NYU Center on Law & Security and Founder, GermanoLaw LLC

Timothy Ryan, Principal, Assurance Services, Fraud Investigation & Dispute Services, Ernst & Young LLP

Matthew Waxman, Liviu Librescu Professor of Law and the faculty chair of the National Security Law Program at Columbia Law School

Why people ruin others’ lives by exposing all their data online

November 13, 2017

… All these people were doxed – that is, someone published their personal information against their will, in a public forum intended for dissemination and abuse, instigating a torrent of attacks from strangers. … But despite many individual cases catching the public eye, up until now there has been very little research examining the scale of the problem and who is involved. A new study from the University of Illinois at Chicago and New York University changes that.

Weaponizing 3-D printers: Cyberattacks could turn battlefield tech into threats

November 13, 2017

Flaws [in military equipment] could be introduced in the 3-D printing software by a cyberattack if the printers aren’t equipped with proper cybersecurity, said Nikhil Gupta, New York University associate professor of mechanical and aerospace engineering and an affiliate faculty at the NYU Center for Cyber Security. The possibility of a bug altering a 3-D file, whether intentionally or unintentionally, to the point of making the end product unusable is a real threat.

Inaugural Award for Cybersecurity Journalism Honors Wired’s Andy Greenberg for Reporting Russia’s Hack of the Ukraine Grid

November 10, 2017

Tandon

WIRED magazine’s July 2017 cover story, Lights Out: How An Entire Nation Became Russia’s Test Lab for Cyberwar, won the inaugural NYU Cyber Security Awareness Week (CSAW) Cyber Journalism Award. Its author, Andy Greenberg, accepted the award. … Ramesh Karri, NYU Tandon professor of electrical and computer engineering, and Charles Seife, professor at the NYU Arthur L. Carter Journalism Institute, conceived the CSAW Cyber Journalism Award.

There’s Now an Academic Study on the Dark Art of Doxing

November 9, 2017

Technical.ly_Featured

Plenty of people want to get famous online, but most people don’t. Researchers at the NYU Tandon School of Engineering and the University of Illinois at Chicago released a report Tuesday on the very modern-day phenomenon of doxing, or revealing someone’s personal information online. The report, “Fifteen Minutes of Unwanted Fame,” analyzed 1.7 million text files, mostly on the sites pastebin.com, 4chan.org and 8ch.net, where nearly all doxing is done.

Linux Foundation Taps Researcher’s Security Framework as Standard for the Cloud

November 8, 2017

Tandon

The Linux Foundation recently recognized The Update Framework (TUF), which is overseen by a research team at NYU Tandon School of Engineering, as a key security system. … The Foundation tapped TUF as one of two new projects hosted by its Cloud Native Computing Foundation (CNCF). The other is Notary — the most prominent implementation of TUF. Developed by NYU Tandon researchers from CCS and the Secure Systems Lab.

Why They Dox: First Large-scale Study Reveals Top Motivations and Targets for This Form of Cyber Bullying

November 7, 2017

Tandon

Researchers at the New York University Tandon School of Engineering and the University of Illinois at Chicago (UIC) have published the first large-scale study of a low-tech, high-harm form of online harassment known as doxing. … “This study adds significantly to our understanding of this deeply damaging form of online abuse,” said Damon McCoy, an assistant professor of computer science and engineering at NYU Tandon.

U.S.-Led Cybersecurity Contest Gets More Global

November 7, 2017

The next generation of cybersecurity experts is vying for top honors at an annual global contest created by New York University [Tandon School of Engineering]. Ben-Gurion University of the Negev in Israel and the Grenoble Institute of Technology in France are the latest to join in the world’s biggest student-run cybersecurity event, called Cyber Security Awareness Week, or CSAW. Finals of the competition will be held at sites around the world the second week of November.

All About Bugs (of the Animal and Computer Varieties) (Podcast)

November 2, 2017

Musical crickets, crop-saving wasps — and why you should pre-bug your software. Professor Brendan Dolan-Gavitt explains to Stephen Dubner, noted author and host of the NPR program Freakonomics why he puts bugs in programs to make them more secure. [interview at 12:10]

Tracking Hackers with NLP and Machine Learning

November 2, 2017

…Cybercrime researchers and law enforcement need to broadly understand the scale and scope of the activity on these underground markets, but it takes a long time for human analysts to peruse entire forums. To expedite this process, a multi-university team of researchers including Damon McCoy, Assistant Professor of Computer Science and Engineering at NYU [Tandon School of Engineering], has developed new natural language processing tools that can be trained on forum-specific data to categorize posts and determine what products are being bought and sold for what prices.

It’s Time to Address Cybersecurity Education, Say Policymakers

November 2, 2017

… Many institutions have already ramped up their cybersecurity education frameworks, such as NYU Tandon School of Engineering’s Center for Cybersecurity, which began offering classes in the subject in 1999. Founder and professor, Nasir Memon, told Education Dive that the program provides the necessary hands-on approach to get students the training and expertise needed to get into the field. … “People [need] to get this type of experience. This will give them that training that’s not easy to give in a classroom.”

iPhone X First Look: Let’s Talk About Face ID

October 31, 2017

Gizmodo-CCS

The iPhone X’s Face ID camera module has received a bit more press than Apple might’ve intended. The facial recognition security tech was the whiz-bang feature that caught everybody’s eye during the Tim Cook and friends keynote—and later it was repeatedly fingered as the culprit behind the long-rumored iPhone X shortages and delays. So what’s the deal with it? … Nasir Memon, chair of the New York University Tandon School of Engineering explained to Gizmodo earlier this year  that Touch ID actually takes multiple tiny photos of a person’s fingerprints.

Top Experts: Can Facebook Legally Disclose Russian Ads–What does the Stored Communications Act say?

October 30, 2017

How could the Stored Communications Act (SCA) prohibit Facebook from providing Congress with the “Russian Ads” one day, but permit it the next?

CNCF Adds Security, Service Mesh and Tracing Projects: Docker Notary, Lyft Envoy and Uber Jaeger

October 30, 2017

The Cloud Native Computing Foundation (CNCF) has announced the addition of four new hosted projects over the past month ..[including] The Update Framework (TUF) an open source specification that was written in 2009 by Professor Justin Cappos and developed further by members of the Professor Cappos’s Secure Systems Lab at NYU’s Tandon School of Engineering. This project was submitted to join the CNCF in partnership with Notary, as Notary is one of the most mature implementations of TUF.

3D Printing Gives Hackers Entirely New Ways to Wreak Havoc

October 25, 2017

Effects created from a hacked file may not materialize until some point in the future, and when they do, it may be in an entirely unpredictable manner… For example, in a recent study, New York University researchers examined two aspects of 3D printing with cybersecurity implications: printing orientation and insertion of fine defects. These tiny errors inducted by hackers could not be detected by normal monitoring and verification systems like ultrasonic imaging.

CNCF Brings In Notary, The Update Framework to Boost Container Security

October 24, 2017

The Cloud Native Computing Foundation on Oct. 24 announced that it is expanding its project roster with the addition of the Notary container trust project and The Update Framework security effort. Notary relies on TUF, which is a software development and update model that was described in detail by co-creator Justin Cappos, an assistant professor at New York University, at the DockerCon 17 conference in April. “If you have the green HTTPS padlock in your browser, it tells you the browser has a secure connection to a server,’ Cappos said. ‘It doesn’t say anything about whether the server has a valid update or know what the correct update is and whether the server itself has been compromised.”

The Cloud Native Computing Foundation adds two security projects to its open source stable

October 24, 2017

Today, the CNCF is expanding its stable with the addition of the Docker-incubated Notary and The Update Framework (TUF), which was originally developed by professor Justin Cappos and his team at NYU’s Tandon School of engineering. These are actually related projects. Notary, which can provide a layer of trust to any content, is actually an implementation of the TUF.

Cybersecurity Awareness Month Lasts All Year Long at Tandon

October 19, 2017

By developing ways to make automotive software and hardware more resistant to hacking, keep banking PINs reliably private, and a host of other important research, Tandon is always working towards a safer, more secure world. Read on to learn about what our cybersecurity experts have accomplished recently.

Popular Science Names Two Brooklyn Technologies Among Top 100 Inventions of 2017

October 19, 2017

Technical.ly_Logo

Two new technologies born in Downtown Brooklyn made Popular Science magazine’s list of top inventions for 2017. Uptane, a cybersecurity for cars project out of NYU Tandon, and goTenna, a decentralized cell network technology were listed in the magazine’s Best of What’s New feature. … Uptane is the work of NYU Tandon professor Justin Cappos and collaborators from the University of Michigan Transportation Research Institute (UMTRI) and the Southwest Research Institute (SWRI).

The 100 greatest innovations of 2017

October 17, 2017

Don’t let nefarious coders take you for a ride. Late-model cars are basically just engines wrapped in computers. Those computers need updates, but malicious code hidden in software can leave you driving a couple tons of compromised steel. Hackers could track you, or even steer you off the road. Uptane—an open-source software protocol—checks incoming instructions for correct cryptographic signatures before accepting any downloads.[Uptane is a collaboration of NYU Tandon, the University of Michigan Transportation Research Institute (UMTRI), and the Southwest Research Institute (SwRI)]

Understanding Cyber Collateral Damage

October 11, 2017

In this article, Sasha Romanosky and Zachary Goldman address the problem of how to define “collateral damage” in the cyber realm.

OSIRIS

October 6, 2017

CSAW

October 6, 2017

Understanding China’s Crackdown on Bitcoin and ICOs

October 5, 2017

China’s crackdown on ICO’s highlights an underappreciated perspective: consumer protection

Women in Tech Tell Us How to Fix the Industry’s Gender Problem (Video)

September 28, 2017

The headlines calling out tech’s gender gap just keep coming. For women in tech who are used to sexism and discrimination, this isn’t really news. So what could fix the problem? VICE News asked women who work in tech how they’d fix the industry’s gender gap, and they pointed to three main areas for improvement: hiring, education, and retention. We spoke to women at various stages of their careers to find out which of these areas needs the biggest push. [featuring Prof. Phyllis Frankl]

Equifax CEO Richard Smith Is Out Days Before Congressional Hearing

September 26, 2017

But does Equifax have a problem retaining top talent? The great demand for cybersecurity experts at companies across the world could be one of the reasons these people moved jobs, Dr. Edward Amoroso, a distinguished research professor at New York University’s Tandon School of Engineering, said in a recent interview. Dr. Amoroso said that chief information security officer (CISO) is often viewed as an appendage to the executive team, a ‘hired gun’ that may be more likely to leave. ‘The solution is that the CEO needs to build a better, more trusting relationship with the CISO,’ said Dr. Amoroso.

Security Smarts for Smartwatches

September 22, 2017

Smartwatches have quickly gone from sci-fi to commonplace, and it’s easy to see why. … Experts are looking for ways to make smartwatch security stronger and more convenient—including locking in particular—so keep an eye out for new and easier ways to protect yourself from others getting access to the data on your smartwatch. [Articles cites publication authored by CCS researchers]

Apple’s Touch ID Is Probably Doomed, And That’s OK

September 15, 2017

Gizmodo-CCS

When the iPhone X eventually arrives in November it will come loaded with a futuristic camera module that, if all goes right, should let you securely open your phone with little more than a glance. … “Fingerprint scanners have been around a long time,” Nasir Memon, a computer scientist with a focus on cyber security and chair of the New York University Tandon School of Engineering told Gizmodo. … According to Memon, who recently published a paper in IEEE Transactions on Information Forensics & Security based on his findings, each fingerprint creates eight to ten of these partial fingerprints, and due to the size of the sensor those partials are tiny.

NYU Tandon’s IllusionPIN Combats Shoulder-Surfing

September 8, 2017

Researchers at the NYU Tandon School of Engineering recently developed a new technology that combats shoulder-surfing, a spying technique in which personal information such as PINs, passwords and other personal data are obtained by looking over someone’s shoulder or standing next to them. … The project was headed by Tandon professor Nasir Memon, with help from doctoral candidates Toan Nguyen, Emre Durmas and Athanasios Papadopoulos, all members of the NYU Center for Cybersecurity.

New Locky Variant ‘IKARUSdilapidated’ Strikes Again

August 30, 2017

A second wave of the Locky ransomware variant called IKARUSdilapidated has been identified by security experts. … Locky is notorious for its effectiveness and profitability. Over the past two years, Locky has extorted more than $7.8 million in payments from victims, according a recent study by Google, Chainalysis, UC San Diego, and the NYU Tandon School of Engineering.

Millions That Ransomware Victims Paid Revealed

August 29, 2017

Sufferers of ransomware attacks have gave more than $25 Million in ransom money for the period of past 2 Years. This was revealed in a survey carried out by scientists from Chainalysis, Google, NYU Tandon School of Engineering, and UC San Diego. The scientists made a complete picture of the ransomware bionetwork by keeping an eye on these transactions. They then compared them with other recognized samples.

A Look into the Cybersecurity Issues of 3D Printing

August 28, 2017

3D printing is pervasive across many industries from medical to automotive to aviation to tech and more. But are there security risks associated with 3D printing? Can 3D printers be hacked? Hari Sreenivasan discusses the cybersecurity issues of 3D printing with Nikhil Gupta, Associate Professor of Mechanical Engineering at New York University.

AI Training Algorithms Susceptible to Backdoors, Manipulation

August 25, 2017

Three researchers from New York University (NYU) have published a paper this week describing a method that an attacker could use to poison deep learning-based artificial intelligence (AI) algorithms.

Researchers based their attack on a common practice in the AI community where research teams and companies alike outsource AI training operations using on-demand Machine-Learning-as-a-Service (MLaaS) platforms.

The 5 Coolest Things on Earth This Week

August 25, 2017

“IllusionPIN,” a new technology developed by researchers at New York University’s Tandon School of Engineering, can automatically shield the screen of an ATM, smartphone or other electronic device. While the user is able to clearly see the information displayed on the device, anyone more than a few feet away sees something completely different. … “Our goal was to increase the resilience of PIN authentication without straining the device or compromising user experience,” says Nasir Memon, a member of the research team.

Even Artificial Neural Networks Can Have Exploitable ‘Backdoors’

August 25, 2017

wired1

Malicious actors can design that behavior to emerge only in response to a very specific, secret signal, as in the case of Garg’s Post-it. Such “backdoors” could be a problem for companies that want to outsource work on neural networks to third parties, or build products on top of freely available neural networks available online. Both approaches have become more common as interest in machine learning grows inside and outside the tech industry. “In general it seems that no one is thinking about this issue,” says Brendan Dolan-Gavitt, an NYU professor who worked with Garg.

The Latest Use for Bitcoin? Fighting Sex Trafficking

August 25, 2017

Computer science researchers at the University of California, Berkeley have developed new tools to identify sex trafficking rings, making them easier for law enforcement to target and prosecute. Those efforts have been stymied, according to the researchers’ report, by the vast quantity of ads for sex posted to websites like Backpage.com, only a portion of which may point to human trafficking or sex slavery. Screening thousands of new ads every day can also take a mental toll on human workers.

Researchers Built an Invisible Backdoor to Hack AI’s Decisions

August 24, 2017

A team of NYU researchers has discovered a way to manipulate the artificial intelligence that powers self-driving cars and image recognition by installing a secret backdoor into the software…“We saw that people were increasingly outsourcing the training of these networks, and it kind of set off alarm bells for us,” Brendan Dolan-Gavitt, a professor at NYU, wrote to Quartz. “Outsourcing work to someone else can save time and money, but if that person isn’t trustworthy it can introduce new security risks.”

Worried about your PIN Password Getting Stolen? Optical Illusion Can Help

August 24, 2017

A group of researchers led by Professor Nasir Memon has come up with a unique solution that can make PIN unlocking more secure. It’s all about spatial frequency — the smartphone’s display beams two distinct layers of lock screen — one with the normal PIN-pattern code and the other one with a false PIN layout. “The underlying technology blends one image of a keyboard configuration with high spatial frequency and a second, completely different, keyboard configuration with low spatial frequency,” said the NYU University Tandon School of Engineering professor.

App keeps ‘shoulder surfers’ from spying your password

August 23, 2017

Researchers have created a smartphone application to combat “shoulder-surfing”—when someone else looks over your shoulder as you enter your phone’s password or other private digits, potentially even gleaning vital financial or personal information. … Nasir Memon, a professor of computer science and engineering at New York University’s Tandon School of Engineering, explains that the technology, called “IllusionPIN,” deploys a hybrid-image keyboard that appears one way to the close-up user and differently to an observer at a distance of three feet or greater.

The Optical Illusion That Could Protect Your Passcodes: Researchers Reveal Keypad That Looks Different If Someone Looks Over Your Shoulder

August 22, 2017

Have you ever been worried about a stranger looking at what you’re typing on your phone, or looking over your shoulder while you punch in your pin code at the ATM? … “The traditional configuration of numbers on a keypad is so familiar that it’s possible for an observer to discern a PIN or access code after several viewings of surveillance video,” said Dr Nasir Memon, a Professor of Computer Science and Engineering at NYU’s Tandon School of Engineering.

Tricking The Eye To Defeat Shoulder Surfing Attacks

August 22, 2017

Tandon

Every ATM or smartphone user can attest to the discomfort of having a stranger standing close enough to observe a financial transaction — and potentially note a PIN or account number. Now researchers at the NYU Tandon School of Engineering have announced a first-of-its-kind application to combat such “shoulder-surfing,” whether in person or via a building’s video camera.