News

1 2 3
  • All
  • CCS News
  • Press Highlights

Cybersecurity Awareness Month Lasts All Year Long at Tandon

October 19, 2017

By developing ways to make automotive software and hardware more resistant to hacking, keep banking PINs reliably private, and a host of other important research, Tandon is always working towards a safer, more secure world. Read on to learn about what our cybersecurity experts have accomplished recently.

The 100 greatest innovations of 2017

October 17, 2017

Don’t let nefarious coders take you for a ride. Late-model cars are basically just engines wrapped in computers. Those computers need updates, but malicious code hidden in software can leave you driving a couple tons of compromised steel. Hackers could track you, or even steer you off the road. Uptane—an open-source software protocol—checks incoming instructions for correct cryptographic signatures before accepting any downloads.[Uptane is a collaboration of NYU Tandon, the University of Michigan Transportation Research Institute (UMTRI), and the Southwest Research Institute (SwRI)]

Understanding Cyber Collateral Damage

October 11, 2017

In this article, Sasha Romanosky and Zachary Goldman address the problem of how to define “collateral damage” in the cyber realm.

OSIRIS

October 6, 2017

CSAW

October 6, 2017

Understanding China’s Crackdown on Bitcoin and ICOs

October 5, 2017

China’s crackdown on ICO’s highlights an underappreciated perspective: consumer protection

Women in Tech Tell Us How to Fix the Industry’s Gender Problem (Video)

September 28, 2017

The headlines calling out tech’s gender gap just keep coming. For women in tech who are used to sexism and discrimination, this isn’t really news. So what could fix the problem? VICE News asked women who work in tech how they’d fix the industry’s gender gap, and they pointed to three main areas for improvement: hiring, education, and retention. We spoke to women at various stages of their careers to find out which of these areas needs the biggest push. [featuring Prof. Phyllis Frankl]

Equifax CEO Richard Smith Is Out Days Before Congressional Hearing

September 26, 2017

But does Equifax have a problem retaining top talent? The great demand for cybersecurity experts at companies across the world could be one of the reasons these people moved jobs, Dr. Edward Amoroso, a distinguished research professor at New York University’s Tandon School of Engineering, said in a recent interview. Dr. Amoroso said that chief information security officer (CISO) is often viewed as an appendage to the executive team, a ‘hired gun’ that may be more likely to leave. ‘The solution is that the CEO needs to build a better, more trusting relationship with the CISO,’ said Dr. Amoroso.

Security Smarts for Smartwatches

September 22, 2017

Smartwatches have quickly gone from sci-fi to commonplace, and it’s easy to see why. … Experts are looking for ways to make smartwatch security stronger and more convenient—including locking in particular—so keep an eye out for new and easier ways to protect yourself from others getting access to the data on your smartwatch. [Articles cites publication authored by CCS researchers]

Apple’s Touch ID Is Probably Doomed, And That’s OK

September 15, 2017

Gizmodo-CCS

When the iPhone X eventually arrives in November it will come loaded with a futuristic camera module that, if all goes right, should let you securely open your phone with little more than a glance. … “Fingerprint scanners have been around a long time,” Nasir Memon, a computer scientist with a focus on cyber security and chair of the New York University Tandon School of Engineering told Gizmodo. … According to Memon, who recently published a paper in IEEE Transactions on Information Forensics & Security based on his findings, each fingerprint creates eight to ten of these partial fingerprints, and due to the size of the sensor those partials are tiny.

NYU Tandon’s IllusionPIN Combats Shoulder-Surfing

September 8, 2017

Researchers at the NYU Tandon School of Engineering recently developed a new technology that combats shoulder-surfing, a spying technique in which personal information such as PINs, passwords and other personal data are obtained by looking over someone’s shoulder or standing next to them. … The project was headed by Tandon professor Nasir Memon, with help from doctoral candidates Toan Nguyen, Emre Durmas and Athanasios Papadopoulos, all members of the NYU Center for Cybersecurity.

New Locky Variant ‘IKARUSdilapidated’ Strikes Again

August 30, 2017

A second wave of the Locky ransomware variant called IKARUSdilapidated has been identified by security experts. … Locky is notorious for its effectiveness and profitability. Over the past two years, Locky has extorted more than $7.8 million in payments from victims, according a recent study by Google, Chainalysis, UC San Diego, and the NYU Tandon School of Engineering.

Millions That Ransomware Victims Paid Revealed

August 29, 2017

Sufferers of ransomware attacks have gave more than $25 Million in ransom money for the period of past 2 Years. This was revealed in a survey carried out by scientists from Chainalysis, Google, NYU Tandon School of Engineering, and UC San Diego. The scientists made a complete picture of the ransomware bionetwork by keeping an eye on these transactions. They then compared them with other recognized samples.

A Look into the Cybersecurity Issues of 3D Printing

August 28, 2017

3D printing is pervasive across many industries from medical to automotive to aviation to tech and more. But are there security risks associated with 3D printing? Can 3D printers be hacked? Hari Sreenivasan discusses the cybersecurity issues of 3D printing with Nikhil Gupta, Associate Professor of Mechanical Engineering at New York University.

AI Training Algorithms Susceptible to Backdoors, Manipulation

August 25, 2017

Three researchers from New York University (NYU) have published a paper this week describing a method that an attacker could use to poison deep learning-based artificial intelligence (AI) algorithms.

Researchers based their attack on a common practice in the AI community where research teams and companies alike outsource AI training operations using on-demand Machine-Learning-as-a-Service (MLaaS) platforms.

The 5 Coolest Things on Earth This Week

August 25, 2017

“IllusionPIN,” a new technology developed by researchers at New York University’s Tandon School of Engineering, can automatically shield the screen of an ATM, smartphone or other electronic device. While the user is able to clearly see the information displayed on the device, anyone more than a few feet away sees something completely different. … “Our goal was to increase the resilience of PIN authentication without straining the device or compromising user experience,” says Nasir Memon, a member of the research team.

Even Artificial Neural Networks Can Have Exploitable ‘Backdoors’

August 25, 2017

wired1

Malicious actors can design that behavior to emerge only in response to a very specific, secret signal, as in the case of Garg’s Post-it. Such “backdoors” could be a problem for companies that want to outsource work on neural networks to third parties, or build products on top of freely available neural networks available online. Both approaches have become more common as interest in machine learning grows inside and outside the tech industry. “In general it seems that no one is thinking about this issue,” says Brendan Dolan-Gavitt, an NYU professor who worked with Garg.

The Latest Use for Bitcoin? Fighting Sex Trafficking

August 25, 2017

Computer science researchers at the University of California, Berkeley have developed new tools to identify sex trafficking rings, making them easier for law enforcement to target and prosecute. Those efforts have been stymied, according to the researchers’ report, by the vast quantity of ads for sex posted to websites like Backpage.com, only a portion of which may point to human trafficking or sex slavery. Screening thousands of new ads every day can also take a mental toll on human workers.

Researchers Built an Invisible Backdoor to Hack AI’s Decisions

August 24, 2017

A team of NYU researchers has discovered a way to manipulate the artificial intelligence that powers self-driving cars and image recognition by installing a secret backdoor into the software…“We saw that people were increasingly outsourcing the training of these networks, and it kind of set off alarm bells for us,” Brendan Dolan-Gavitt, a professor at NYU, wrote to Quartz. “Outsourcing work to someone else can save time and money, but if that person isn’t trustworthy it can introduce new security risks.”

Worried about your PIN Password Getting Stolen? Optical Illusion Can Help

August 24, 2017

A group of researchers led by Professor Nasir Memon has come up with a unique solution that can make PIN unlocking more secure. It’s all about spatial frequency — the smartphone’s display beams two distinct layers of lock screen — one with the normal PIN-pattern code and the other one with a false PIN layout. “The underlying technology blends one image of a keyboard configuration with high spatial frequency and a second, completely different, keyboard configuration with low spatial frequency,” said the NYU University Tandon School of Engineering professor.

App keeps ‘shoulder surfers’ from spying your password

August 23, 2017

Researchers have created a smartphone application to combat “shoulder-surfing”—when someone else looks over your shoulder as you enter your phone’s password or other private digits, potentially even gleaning vital financial or personal information. … Nasir Memon, a professor of computer science and engineering at New York University’s Tandon School of Engineering, explains that the technology, called “IllusionPIN,” deploys a hybrid-image keyboard that appears one way to the close-up user and differently to an observer at a distance of three feet or greater.

The Optical Illusion That Could Protect Your Passcodes: Researchers Reveal Keypad That Looks Different If Someone Looks Over Your Shoulder

August 22, 2017

Have you ever been worried about a stranger looking at what you’re typing on your phone, or looking over your shoulder while you punch in your pin code at the ATM? … “The traditional configuration of numbers on a keypad is so familiar that it’s possible for an observer to discern a PIN or access code after several viewings of surveillance video,” said Dr Nasir Memon, a Professor of Computer Science and Engineering at NYU’s Tandon School of Engineering.

Tricking The Eye To Defeat Shoulder Surfing Attacks

August 22, 2017

Tandon

Every ATM or smartphone user can attest to the discomfort of having a stranger standing close enough to observe a financial transaction — and potentially note a PIN or account number. Now researchers at the NYU Tandon School of Engineering have announced a first-of-its-kind application to combat such “shoulder-surfing,” whether in person or via a building’s video camera.

New York University Abu Dhabi Researchers Develop ‘Unhackable’ Computer Chip

August 20, 2017

Researchers at New York University Abu Dhabi said they have created an ‘unhackable’ chip to shore up the defences of computer hardware, in an age of increasing threats to individuals and companies across the globe. … Ozgur Sinanoglu, NYUAD’s associate dean of engineering for academic affairs and head of the university’s Design for Excellence lab, has previously said malicious computer components – so-called Trojans – could be physically installed in factories or manufacturing labs.

NYU Abu Dhabi develops ‘unhackable’ computer chip

August 20, 2017

Researchers at New York University Abu Dhabi’s (NYUAD) Design for Excellence (Dfx) lab have developed a new ‘logic-locked’ security chip to protect devices from the surge in cyberattacks. … Ozgur Sinanoglu, NYUAD associate dean of Engineering for Academic Affairs, associate professor of Electrical and Computer Engineering, and head of the Dfx, said in a statement on Sunday that security features, traditionally, are implemented at a software or system level.

NYUAD in Potential Computer Chip Security Breakthrough

August 20, 2017

Researchers at New York University Abu Dhabi’s (NYUAD) Design for Excellence (Dfx) lab say they have developed ‘logic-locked’ computer chips that are secured by a secret key so that only authorised users may utilise them, making them immune to reverse-engineering. … The team at NYUAD has achieved a major breakthrough by implementing security at the lowest possible level, the hardware level, said NYUAD associate dean of engineering for academic affairs, associate professor of electrical and computer engineering, and head of Dfx Ozgur Sinanoglu.

Israel is 5th Nation to Host Student Cyber Security Contest

August 17, 2017

Israel will be the fifth country to host the final rounds of the world’s biggest student-run cybersecurity competition, Cyber Security Awareness Week (CSAW), on November 16 and 17 at Ben-Gurion University of the Negev in Beersheva. CSAW was founded 14 years ago by the New York University Tandon School of Engineering and last year its final round was expanded beyond its original Brooklyn (N.Y.) location to the Middle East, North Africa and India.

New Research Could Help Reveal Who is Buying Online Trafficking Ads

August 17, 2017

A U.S. researcher says she has developed automated ways to identify links between online sex trafficking ads and the digital currency Bitcoin, techniques that may help locate children being sold for sex. … Having automated style and time stamp analyses to identify sex ads by authors and Bitcoin owners is significant, said Damon McCoy, a New York University Tandon School of Engineering assistant professor of computer science and engineering and a co-author of the research.

Locky Ransomware Returns with New IKARUSdilapidated Phishing Campaign

August 17, 2017

Comodo researchers recently uncovered a new ransomware campaign that launched on August 9, targeting tens of thousands of victims with a simple email delivering just an attachment and no text. … At Black Hat USA 2017 last month, researchers presented the results of a study by Google, Chainalysis, UC San Diego and the NYU Tandon School of Engineering, which found that 35 ransomware strains earned cybercriminals $25 million over the past two years.

Blockchain AI Researchers Link Specific Bitcoin Wallets to Sex Workers

August 16, 2017

Damon McCoy, an NYU Tandon assistant professor of computer science and engineering and one of the paper’s co-authors, explained that combining these techniques to identify sex ads by both author and Bitcoin owner represents a considerable advancement in assisting law enforcement and nonprofit organizations. “There are hundreds of thousands of these ads placed every year, and any technique that can surface commonalities between ads and potentially shed light on the owners is a big boost for those working to curb exploitation,” he said.

Follow the Bitcoin to Find Victims of Human Trafficking

August 16, 2017

Tandon

A team of university researchers has devised the first automated techniques to identify ads potentially tied to human trafficking rings and link them to public information from Bitcoin — the primary payment method for online sex ads. This is the first step toward developing a suite of freely available tools to help police and nonprofit institutions identify victims of sexual exploitation, explained the computer scientists from the New York University Tandon School of Engineering; University of California, Berkeley; and University of California, San Diego.

Researchers from NYU Abu Dhabi’s Center for Cyber Security Have Developed an Unhackable Computer Chip

August 15, 2017

Landmark achievements in IT security are happening at NYU Abu Dhabi [Center for Cyber Security]. For the first time, researchers developed a computer chip with security implemented at the lowest possible level, the hardware level. “Logic-locked” chips can’t be hacked or copied, providing future users with new guarantees of security for their devices. (Video)

Google Rolls Out Important Update for Gmail on iOS – Here’s Why You Should Download It

August 14, 2017

The update fixes a major security loophole which was discovered earlier this year that allowed hackers to send users an email with a Google Doc attachment, which contained a phishing malware. … “This is a very serious situation for anybody who is infected because the victims have their accounts controlled by a malicious party,” said Justin Cappos, a cyber security professor at NYU Tandon School of Engineering.

Fake news on agenda at IIT Kanpur’s global cyber security competition

August 7, 2017

The Indian Institute of Technology, Kanpur (IIT-K) is gearing up to host an international-level cyber security competition in collaboration with institutions based in the US, Israel and other countries…This would be the second edition of the world’s biggest student-run cyber security event, Cyber Security Awareness Week (CSAW), which was founded 14 years ago by the New York University (NYU) Tandon School of Engineering.

Trump Hotels Hacked – Again

August 7, 2017

For the third time in three years, 14 Trump properties have had security breaches exposing customer credit card information. … “It seems very negligent that this could happen a number of times,” Justin Cappos, associate professor of systems and security at New York University, told the Washington Post. “These patterns of oversight are a huge problem.”

A Participant in the Cybersecurity Summer Faculty Program Goes on to Win NSF Career Award

August 7, 2017

Tandon

Qiaoyan Yu, an associate professor of electrical and computer engineering at the University of New Hampshire, recently received a prestigious National Science Foundation (NSF) CAREER Award for her development of proactive methods of defending the integrity and security of chips…“While this well-deserved accomplishment is all her own,” Ramesh Karri, a Professor of Electrical and Computer Engineering at Tandon and co-founder of NYU’s Center for Cybersecurity (CCS), explained, “we also feel a sense of pride, because the time she spent here as a participant in our Summer Faculty Research and Training Program [funded by the National Science Foundation] had a deep influence on her and helped shape the course of her future work.”

World’s Biggest Student-Led Cyber Security Games Expand to Israel

August 7, 2017

Tandon

The world’s biggest student-run cyber security event will get even bigger this year: Cyber Security Awareness Week (CSAW), founded 14 years ago by the New York University Tandon School of Engineering, announced it will expand to Israel, which will become the fifth country to host the final rounds of competitions that test the skills of thousands of future cyber sleuths and protectors.

Fingerprint to Fly?

August 5, 2017

…Computers that store personal information about Delta’s customers, including fingerprints, could be hacked. And unlike a stolen password that can be changed, a fingerprint is indelible. … “With a password, you can just change it and move on with your life. You can’t do that with fingerprints,” said Nasir Memon, a professor of computer science at New York University’s Tandon School of Engineering.

A First Legislative Step in the IoT Security Battle

August 4, 2017

Despite appearances, there is some important bipartisan work afoot on Capitol Hill. On Aug. 1, Sens. Mark Warner, Cory Gardner, Ron Wyden and Steve Daines dropped the Internet of Things (IoT) Cybersecurity Improvements Act of 2017.

The State of Cyber Sanctions

August 1, 2017

In this episode, FIN Chairman Juan Zarate hosts a discussion with FIN Senior Adviser Zachary Goldman on the current state of cyber sanctions, cybercrime, and the convergence of cyber security and the anti-money laundering system.

Protecting additive manufacturing’s digital thread

August 1, 2017

According to National Transportation Safety Board (NTSB) data, counterfeit aircraft components have contributed to almost two dozen crashes since 2010…While continuously available verification enables operators and installers to weed-out illegitimate lookalike components, researchers at NYU’s Tandon School of Engineering are working on a technique to foil a 3D manufacturer or counterfeiter using stolen designs.

Turning High School Students into Cyber Sleuths

July 31, 2017

The women-only CS4CS class is part of a larger program at the Tandon school called STEMNow, which this summer is bringing more than 700 middle- and high-school students and 130 teachers to the Downtown Brooklyn campus for deep dives into the STEM subjects (science, technology, engineering and math). STEMNow puts a particular emphasis on diversity and providing hands-on research and experimentation for students whose regular schools may lack those opportunities.

How to protect the power grid from low-budget cyberattacks

July 28, 2017

Cyberattacks against power grids and other critical infrastructure systems have long been considered a threat limited to nation-states due to the sophistication and resources necessary to mount them. … Michail Maniatakos, a research professor at the NYU Tandon School of Engineering and an assistant professor of electrical and computer engineering at NYU Abu Dhabi, detailed the discovery of a security flaw in the authentication mechanism of a legacy protective relay — a component that responds to changes in flow across the grid to isolate electrical faults.

NYU Security Researchers at Black Hat Reveal How to Protect the Power Grid from Low-budget Attacks

July 27, 2017

Tandon

…The researchers are part of the small and increasingly influential group of cybersecurity researchers at NYU exploring hardware trustworthiness and educating experts worldwide about their findings. Under the aegis of the NYU Center for Cybersecurity, faculty and student researchers at NYU Abu Dhabi and NYU Tandon are recognized as leaders in research on secure chip design and production, microchip camouflaging, encryption, crowd sourcing and sharing of attack and defense strategies, and improving the trustworthiness of the supply chain.

Ransomware Cost Surpasses $25 Million Mark

July 27, 2017

Companies and individuals have paid more than $25 million over the past two years to try to get their computer data back from hackers who hijacked it. This is according to new research by Google about the phenomenon….The research, conducted by Google, Chainalysis, University of California at San Diego, and New York University’s Tandon School of Engineering, was presented Wednesday at the Black Hat security conference in Las Vegas.

Russian Arrested for Allegedly Operating $4 Billion Bitcoin Crime Website

July 26, 2017

BTC-e, one of the most cryptic crypto exchanges, has been ‘under maintenance’ for a day now, which has led many of its users to express fears that the platform has been hacked. … The American newspaper quoted Damon McCoy, a New York University [Tandon School of Engineering] computer science and engineering professor, who said: “It’s hard for law enforcement to put pressure on BTC-E because it’s a Russian-operated bitcoin exchange.”

Former Homeland Security Adviser Lisa Monaco on fighting ISIS on social media

July 25, 2017

Former Homeland Security Adviser Lisa Monaco on fighting ISIS on social media.

Ransomware victims have paid out more than $25 million, Google study finds

July 25, 2017

Ransomware victims have paid more than $25 million in ransoms over the last two years, according to a study presented today by researchers at Google, Chainalysis, UC San Diego, and the NYU Tandon School of Engineering. By following those payments through the blockchain and comparing them against known samples, researchers were able to build a comprehensive picture of the ransomware ecosystem.

Google ransomware tracking finds vicious infection cycle

July 25, 2017

Ransomware surged last year, becoming a multi-million dollar business that’s so profitable it’s creating a “vicious cycle” of ever-increasing attacks, say researchers at New York University [Tandon School of Engineering] and Google who tracked the criminals’ payment networks. … The findings suggest that even though the last two large ransomware attacks, Wannacry, and Petya, did not seem to raise that much money, the criminal cyber industry in general has much to gain by exploiting users with these attacks.

Google Warns Ransomware Boom Scored Crooks $2 Million A Month

July 25, 2017

Forbes-CCS

As the ransomware scourge calms down for the summer holidays, Google has taken a retrospective at that particular pesky form of cybercrime, finding it only become massively profitable in the last year and a half. … Their success, and the sudden jump in revenue, is down to their distribution via botnets, in particular one known as Necurs, said Damon McCoy, an assistant professor of computer science at New York University [Tandon School of Engineering].

Ransomware Attacks: Victims Have Paid More Than $25 Million Since 2014

July 25, 2017

Ransomware attacks have grown increasingly more common in recent years and their impact shows in the wallets of victims. Those who have fallen prey to ransomware have paid more than $25 million in ransoms since 2014, a study found. The data comes from researchers at Google; blockchain analysis firm Chainalysis; University of California, San Diego; and the NYU Tandon School of Engineering, who worked to follow cryptocurrency payments to find out just how much attackers have generated by holding files hostage.

Affiliate Roundtable: Privacy and Data Security

July 24, 2017

The collection, storage, use, and disclosure of consumer data are hot topics in the legal, regulatory, and legislative communities.

Delta Air Lines tries letting passengers use fingerprints as boarding passes

July 21, 2017

LAT

Where’s your boarding pass? Forget it. Delta Air Lines is letting some passengers board planes with just their fingerprints…“With a password, you can just change it and move on with your life. You can’t do that with fingerprints,” said Nasir Memon, a professor of computer science at New York University’s Tandon School of Engineering.

At Cybersecurity Camps, Teen Girls Learn About Protecting Nation, Breaking Barriers

July 19, 2017

Talk to the teenage girls studying cybersecurity at New York University [Tandon School of Engineering] this summer, and you’ll get an earful about their determination to protect their country, safeguard privacy, and conquer their fair share of a male-dominated field.The young women are attending one of a rising number of camps devoted to the niche field of cybersecurity.

WhatsApp Now Allows You to Share Any File Type

July 15, 2017

WhatsApp is adding a brand new feature in its latest update: the ability to share any file type. …Damon McCoy, a Computer Science and Engineering professor at the NYU Tandon School of Engineering, said that “most cellphones unless you root them will only allow you to run apps if they’re from official stores.” In regions where rooting is more common, this could potentially open up users to malware.

America’s Online Enemies

July 13, 2017

From election meddling and economic espionage to financial fraud and personal identity theft, it’s becoming clear that cybersecurity is increasingly central to every aspect of the way we live. Both state-sponsored cyber-spies and transnational organized crime groups pose urgent threats online to our nation’s critical infrastructure, our security, and our fundamental values in a democratic society. How should government, private companies, and even individuals be confronting these new threats in cyberspace?

Hackers Have Been Stealing Credit Card Numbers from Trump’s Hotels for Months

July 11, 2017

WP_Featured

Guests at 14 Trump properties, including hotels in Washington, New York and Vancouver, have had their credit card information exposed, marking the third time in as many years that a months-long security breach has affected customers of the chain of luxury hotels. … “It seems very negligent that this could happen a number of times,” said Justin Cappos, an associate professor of systems and security at New York University [Tandon School of Engineering].

Malcolm Turnbull faces Silicon Valley fight on encryption

July 6, 2017

If Malcolm Turnbull presses forward on threats to force technology companies to better cooperate on countering terrorism — by unlocking secret encrypted messages and data belonging to suspected violent plotters — the Prime Minister can expect a heated tussle with America’s powerful Silicon Valley.

Guide to the top college and university cyber security degree programs

July 6, 2017

The shortage of cybersecurity professionals is well documented, and this lack of expertise can keep organizations from bolstering their security programs…NYU Tandon School of Engineering offers a master’s degree in cyber security, and the program is rooted in the belief that theory and research must translate into real-world solutions, says Nasir Memon, professor of computer science and engineering at Tandon.

The NotPetya Attack Was About Disruption, Not Ransom (Video)

July 5, 2017

Fox-5-CCS

Justin Cappos, assistant professor of computer science and engineering at the NYU Tandon School of Engineering, comments on the NotPetya “wiper” attack that hit countless computer systems across 64 countries last week. “There seems to be increasing evidence that the people who carried out this attack did not do so for monetary gain, which is usually what you try to do with something like ransomware,” he said.

Justin Cappos on Why Cars Are Not Like Computers When It Comes to Cybersecurity

July 5, 2017

IEEE

Justin Cappos is a professor in the Computer Science and Engineering department at New York University [Tandon School of Engineering], where his research addresses problems in security, systems, software update systems, and virtualization…In this interview, he explores how updates and other security processes are unique to the automotive world.

Beware of Fraudsters When You Go Online

July 1, 2017

Never use the same password for all your accounts. If you can’t remember them all, try a password manager, says Justin Cappos, a professor at New York University’s engineering school…“You’re much less likely to have problems using one of these than if you write all your passwords down on sticky notes you may or may not lose,” Cappos says.

Further Update on the Threat Situation Surrounding the Petya Cyber Attack

June 28, 2017

… The original Petya ransomware that popped up last year encrypted hundreds of file types, and the new code makes some interesting choices in what it encrypts. Justin Cappos, assistant professor of security, operating systems and networks at the New York University Tandon School of Engineering, was interviewed by The Register…

Everything you need to know about the Petya, er, NotPetya nasty trashing PCs worldwide

June 28, 2017

… The original Petya ransomware that popped up last year encrypted hundreds of file types, and the new code makes some interesting choices in what it encrypts.… ‘It’s very odd,’ Justin Cappos, assistant professor of security, operating systems and networks at the New York University Tandon School of Engineering told The Register.

Pay Up or Lose Everything: What Madison Avenue Should Know About The WPP Ransom Hack

June 27, 2017

… The ransomware ground businesses to a halt for at least a day. … ‘A lot of ransomware does not do this, does not let the hackers in in the meantime, but there’s no absolute,’ said Justin Cappos, professor in the computer science and engineering department at the NYU Tandon School of Engineering

The Global Ransomware Attack Weaponized Software Updates

June 27, 2017

Ransomware attacks were nothing new, but this one had a secret weapon, a sophisticated software exploit known as EternalBlue, published by the Shadow Brokers in April and believed to have been developed by the NSA. … NYU [Tandon School of Engineering] security researcher Justin Cappos, who works on securing patching procedures as part of The Update Framework, says those underlying flaws are remarkably common.

Booted: An Analysis of a Payment Intervention on a DDoS-for-Hire Service

June 26, 2017

Ryan Brunt, Prakhar Pandey and Damon McCoy.

Distributed Denial of Service (DDoS) attacks have become a growing threat that, to a large extent, have become commoditized by DDoS-for-hire, or “booter”, services. In this case study, we analyze leaked fine-grain “ground truth” data from a larger booter service, VDoS, which earned over $597,000 over two years and launched 915,000 DDoS attacks and 48 attack years (i.e., the amount of DDoS time faced by victims of VDoS). The time period of the data includes data before and after a payment intervention, providing a rare opportunity to understand how it impacted VDoS’s operation

Software Protecting Future Cars Starts To Make Inroads

June 21, 2017

Uptane, the cyber security software developed by New York University, Southwest Research Institute, and the University of Michigan, is making inroads into the global automotive supply chain. Last week, the German company Advanced Telematic Systems (ATS) said it integrated Uptane into its connected-car products. … NYU [Tandon School of Engineering]’s Justin Cappos runs the project, and he says that the response to Uptane’s release has been surprisingly warm, but ATS’ adoption will help move the needle further.

ATS Is Integrating The Uptane Security Framework For Over-the-air Software Updates To Connected Vehicles

June 13, 2017

Features Prof. Justin Cappos

ATS Advanced Telematic Systems is the first European company integrating the Uptane security framework into its OTA solutions: OTA Plus and ATS Garage. Uptane is a joint research initiative between NYU’s Tandon School of Engineering, the Southwest Research Institute, and the University of Michigan Transport Research Center, working to develop a common standard for automotive software update security. It was designed in consultation with government regulators, OEMs, and suppliers responsible for 78% of vehicles on U.S. roads.

Following the Money Hobbled vDOS Attack-for-Hire Service

June 6, 2017

A new report proves the value of following the money in the fight against dodgy cybercrime services known as “booters” or “stressers” — virtual hired muscle that can be rented to knock nearly any website offline. … The researchers posed as buyers of nearly two dozen booter services — including vDOS — in a bid to discover the PayPal accounts that booter services were using to accept payments. In response to their investigations, PayPal began seizing booter service PayPal accounts and balances, effectively launching their own preemptive denial-of-service attacks against the payment infrastructure for these services.

[Research is by the Center for Cybersecurity’s, Professor Damon McCoy, and his graduate students Ryan Brunt and Prakhar Pandey]

Higher Ed Stepping in to Fill Cybersecurity Gaps

May 31, 2017

In recent weeks, a pervasive ransomware attack affected systems throughout the world, causing chaos in National Health System hospitals in Great Britain and continuing to cripple hundreds of thousands of computers… The uptick in interest is a far cry from when Nasir Memon, a professor at the NYU Tandon School of Engineering and the founder of the school’s Center for Cybersecurity, started organizing and offering some undergraduate classes in cybersecurity at the school in 1999.

We Need Technology But at What Cost?

May 31, 2017

Though we now think we are protected by fingerprint readers, these are also prone to cyberattacks. If you think your fingerprint is unique, think again. Masterprints, digitally altered fingerprints that work like a master key, have been discovered by researchers for New York University’s Tandon School of Engineering. With these masterprints, one can unlock up to 40 per cent of smartphones.

New Study Exposes Vulnerability of Smartphone’s Fingerprint Scanner

May 28, 2017

One of the prime reasons why phone users prefer fingerprint scanner-enabled smartphones is because of the sense of privacy and security that it offers. Or so we thought … The new findings have been released by Nasir Memon, a professor in the department of computer science and engineering at New York University’s Tandon School of Engineering; Aditi Roy, a post-doctoral fellow at the same college; and Arun Ross, a professor in the department of computer science and engineering at Michigan State University.

Can Big Data Analysis Swing a Political Election? (Video)

May 24, 2017

Fox-5-CCS

As nearly everything in our lives transitions from the real to the digital world, the more those things can — and are — being tracked. Every like, tweet, search and swipe ours is a piece of that digital data mosaic that makes up our online life. But with that massive amount of information, companies, advertisers and now political campaigns are gaining a big advantage. … “There are ways that this can be very creepy and very personalized,” said Justin Cappos, a professor at the NYU Tandon School of Engineering (at 3:07).

Trump’s Call for a Crackdown on Botnets Is a Long Shot

May 22, 2017

MIT-Tech-CCS-lighter

President Trump wants to crack down on botnets, the networks of hacked zombie computers that criminals or adversaries can use to carry out large-scale cyberattacks. Achieving this would surely disrupt the cybercriminal infrastructure, but it will also require that the administration overcome monumental technical and political hurdles. Zachary K. Goldman comments in the MIT Technology Review.

WannaCry Ransomware Attack Illustrates Need for Evolution in Cybersecurity Norms

May 22, 2017

TheHill_Featured

Individuals and institutions affected by the WannaCry ransomware attack face a Hobson’s choice—the malicious software (malware) encrypts a user’s documents while the decryption keys remain in the hands of the cybercriminals. Victims of the attack can either pay the hackers for the release of their files, feeding the profit motive that generates attacks like this in the first instance, or refuse to do so and permanently say goodbye to their computers, say Center for Cybersecurity co-founder Zachary Goldman and Professor Damon McCoy.

New Hacking Threats: Fingerprint Reader Vulnerabilities and Sophisticated Ransomware

May 20, 2017

CNBC-CCS

Researchers for New York University’s (N.Y.U.) Tandon School of Engineering discovered masterprints, digitally altered fingerprints that could match many people’s fingers…”If I have this glove or fake hand with these master prints on it then I can unlock say 25, 30, 40 percent of phones,” Professor Nasir Memon of N.Y.U. Tandon said.

Cybersecurity Experts Discuss the Perfect Storm – A Convergence of Internet of Things, Cloud, and Security

May 17, 2017

Tandon

With the increasing adoption of the Internet of Things (IoT), concerns are growing about security, particularly hardware security, which is an integral part of the IoT framework. Security threats permeated the discussion at the eighth installment of NYU Tandon School of Engineering’s Sloan Lecture Series on April 25, which brought together world-class academics and industry practitioners to discuss advances, risks, and solutions in cybersecurity.

It’s time to assess the potential for terrorist use of cryptocurrencies

May 16, 2017

Bank derisking and irrational state by state licensing help create the conditions for criminals and terrorists to abuse cryptocurrency networks.

Potential Security Flaw with Fingerprint ID on Cellphones (video)

May 16, 2017

A thumbprint may seem simpler and more secure than a passcode or password. But one of the nation’s top computer scientists says he has discovered a security flaw with the kind of fingerprint identification technology often used to lock cellphones. We traveled to New York University Tandon School of Engineering to interview engineering professor Nasir Memon, who says he has found a way to use synthetic fingerprints to trick touch identification systems.

The Trump Administration’s Early (Appropriate) Focus on Botnets

May 15, 2017

President Donald Trump’s Executive Order on Cybersecurity, concentrating as it does on things largely within the authority of the executive branch, is a reasonable early approach to a very complicated public policy challenge. Its three components focus on preparatory steps to harmonize and modernize the federal government’s information technology (IT), better protect critical infrastructure, and improve the U.S. Government’s own cybersecurity strategies and policies.

When a Hack Shuts Down a Hospital, Who’s to Blame?

May 15, 2017

LAT

… Justin Cappos, an assistant professor of computer systems and security at New York University [Tandon School of Engineering], suggested one quick fix for future security updates. Rather than telling users to update their systems for a “security patch,” Windows could offer a bleak warning: “Hackers can get into your computer right now, so please update so we can fix that.”

WannaCry Malware Exploited OS Weakness to Spread

May 15, 2017

Fox-5-CCS

The recent ransomware cyberattack has claimed an estimated 300,000 computers in 150 countries. Cyber security expert Justin Cappos is a professor at NYU’s Tandon School of Engineering. He described what the WannaCry malware is doing now and how it invades computers through a loophole in Microsoft Corp’s Windows operating system. He said the malware exploits a weakness in the operating system to spread from computer to computer.

Global Cyber Attack Cripples British Hospitals

May 12, 2017

A massive cyberattack galloped across international borders on 12 May 2017, crippling such vital organizations as Telefonica (a telecom company in Spain), Britain’s network of hospitals run by the National Health Service (NHS), and the Russian Interior Ministry. … The attack utilized a type of malware called ransomware. … Damon McCoy, an assistant professor of computer science at New York University [Tandon School of Engineering], explained “ransomware”…

Researchers Use Digitally Created Fingerprints to Unlock Smartphones

May 11, 2017

A team of researchers from the Tandon School of Engineering at the New York University has created a method of generating fake digital fingerprints capable of unlocking random smartphones. According to the research team, their method works with an accuracy of 26% to 65% of all tested phones, assuming a maximum number of five attempts per authentication, the standard that most phone-based fingerprint authentication systems give their users.

Cyber Security R&D Showcase Coming in July

May 11, 2017

The 2017 Cyber Security R&D Showcase and Technical Workshop is scheduled for 11-13 July at Washington, D.C.’s Mayflower Hotel. This annual technology showcase event is expected to draw 1,000 government, industry and academia cybersecurity professionals from the United States and abroad over three days. The conference’s highlight is the 11 July R&D Showcase, during which ten mature technologies and projects addressing complex cybersecurity issues will be presented. Projects include Securely Updating Automobiles by Justin Cappos of New York University.

Nightly Business Report – May 9, 2017

May 9, 2017

CNBC-CCS

… There were some reports last week that Apple was having a bit of trouble with key feature in its next iPhone: the fingerprint reader. But there may be other problems with these sensors. New research found that the way smart phones read fingerprints could make them vulnerable to hackers. [interview with Nasir Memon at 14:23]

Task Force Holds Briefing on Terrorist Use of Virtual Currencies

May 4, 2017

On Wednesday, May 3, the bipartisan Task Force on Anti-Terrorism & Proliferation Financing hosted a “Brown Bag Lunch” briefing on “Terrorist Use of Virtual Currencies:  Containing the Potential Threat.”

Phishing, Hacks And Better Online Security

May 4, 2017

… This hour On Point, the Google email attack, an how to protect yourself from online scams, plunder, identity theft. Guests: Justin Cappos, assistant professor in systems and security at the New York University Computer Science and Engineering Department [at 21:10].

Spam Campaign Targets Google Users with Malicious Link

May 4, 2017

Alphabet Inc warned its users to beware of emails from known contacts asking them to click on a link to Google Docs after a large number of people turned to social media to complain that their accounts had been hacked. Google said on Wednesday that it had taken steps to protect users from the attacks by disabling offending accounts and removing malicious pages. … ‘This is a very serious situation for anybody who is infected because the victims have their accounts controlled by a malicious party,’ said Justin Cappos….

Google Docs Users Hit by Phishing Scam

May 4, 2017

BBC

The scam claimed to come from Google Docs – a service that allows people to share and edit documents online. Users who clicked a link and followed instructions, risked giving the hackers access to their email accounts … “This is a very serious situation for anybody who is infected because the victims have their accounts controlled by a malicious party,” Justin Cappos, a cyber security professor at NYU Tandon School of Engineering, told Reuters.

Gmail Users Warned of Phishing Email With Malicious Link

May 3, 2017

Alphabet Inc. warned its users to beware of emails from known contacts asking them to click on a link to Google Docs after a large number of people turned to social media to complain that their accounts had been hacked…’This is a very serious situation for anybody who is infected because the victims have their accounts controlled by a malicious party,’ said Justin Cappos, a cyber security professor at NYU Tandon School of Engineering.

NYU Sophomores Stumble Upon IT Hack

May 1, 2017

WSN-CCS

Two Tandon students from the Offensive Security, Incident Response and Internet Security Laboratory have discovered a vulnerability in the NYU Print Service that would allow black hats — individuals who use their extensive computer knowledge to breach internet security — to take full control of any computer, as long as it is connected to the same Wi-Fi service as the printer, according to one of the two students.

You Really Should Read an App’s Service Terms (Video)

April 25, 2017

Fox-5-CCS

When you install an app on your phone, do you read the terms of service agreement? Probably not…”If you’re using a service that’s a free service, then the reason why it’s a free service is because you’re really the product,” Cappos said. “You’re being sold to marketers.”

How The Update Framework Improves Security of Software Updates

April 24, 2017

Updating software is one of the most important ways to keep users and organizations secure. But how can software be updated securely? That’s the challenge that The Update Framework (TUF) aims to solve. Justin Cappos, assistant professor at New York University [Tandon School of Engineering], detailed how TUF works and what’s coming to further improve the secure updating approach in a session at last week’s DockerCon 17 conference in Austin, Texas.

Fingerprints Fall Short When It Comes to Securing Smartphones

April 20, 2017

Consumers can be pretty lax about their online security. About 4% of the time, the password to unlock a smartphone is 1-2-3-4, says Nasir Memon, a professor of computer science and engineering at New York University Tandon School of Engineering. … A new study, however, conducted over the past year by the Tandon School of Engineering at NYU and Michigan State University College of Engineering, finds that fingerprints are more vulnerable than previously believed.

Crackdowns on Social Media Accounts Backfire by Driving up Demand

April 18, 2017

NBC-CCS

Facebook shut down as many as 30,000 fake accounts in the past week — but that’s unlikely to hurt the multi-million-dollar spam industry. … “If you go to the underground markets where they sell fake Facebook accounts, you can buy 1,000 of these for $300 to $400,” Damon McCoy, a New York University [Tandon School of Engineering] computer science professor specializing in cybercrime, told NBC News. “In terms of economics of replacing these 30,000 accounts, they took down something, but perhaps not as much as you might think.”

Former counterterrorism adviser: There are bound to be more cyberattacks

April 17, 2017

CNN

Russia’s successful incursion into the 2016 presidential election has opened a new, menacing phase in cyberwarfare and is a harbinger of attacks to come, says President Barack Obama’s former top counterterrorism adviser, Center for Cybersecurity Distinguished Senior Fellow Lisa O. Monaco.

The Axe Files with Lisa Monaco

April 17, 2017

Axe-Files-CCS

Lisa Monaco, the former homeland security adviser to President Obama, talks with David Axelrod about what she thinks are the greatest threats facing America today, why the Trump administration’s travel ban hurts our counterterrorism efforts, and why she believes Russia’s incursion into our election has opened a new phase in cyberwarfare.

Computer Scientists Are Developing A ‘Master’ Fingerprint That Could Unlock Your Phone

April 14, 2017

Fingerprint readers, like the TouchID on an iPhone, exist to make your device extra secure while keeping the process of unlocking it easy. Computer scientists at New York University and Michigan State are poised to turn that security benefit on its head. Like a master key that can open any lock, these researchers developed digital “master prints” that could emulate a variety of partial fingerprints enough to hypothetically hack into a device. … “The sensors are small and they don’t capture the full fingerprint,” says Nasir Memon, a computer scientist at NYU’s Tandon School of Engineering and one of the authors of the study.