source: fifthdomain.com

The Army needs help when it comes to equipping its formations with cutting-edge technology.

“One of the things we’re looking at is how to reduce the time so we can figure and react to the adversary,” Col. John Transue, capability manager for cyber at the Cyber Center of Excellence, said during a presentation Aug. 20 at TechNet Augusta.

During his speech, Tranuse pointed to four areas where the Army needs help:

Artificial intelligence. Reacting quickly involves being able to patch systems quickly. Transue said the Army can’t spend days or weeks on those tasks, but artificial intelligence can help human analysts do better work and spend time more efficiently rather than having to sift through data.

Other areas of interest within artificial intelligence include minimizing threat identification and isolation and closing the gap between technology and operator capabilities.

Cyber modeling and simulation technologies. More specifically, Transue said the Army wants technologies that can model what will happen to a network if changes are made. This could include operation mission planning and mission rehearsal capabilities.

 

 source: wired.com

THOUGH THERE ARE other authentication dongles out there, YubiKeys are largely the face of the physical two-factor authentication movement. Unfortunately, to date it's also been unavailable for the most high-profile smartphone in the world. But on Tuesday manufacturer Yubico is releasing the first Lightning port YubiKey for use with iPhones and iPads. It's been a long time coming.

First announced in January, the Lightning YubiKey has been in the works for more than a year now. Yubico first needed to get Apple's MFi certification—a license required for all Lightning devices—before it could start designing the product and getting third-party developers on board. The dongle, priced at $70, has a Lightning connector on one side and USB-C on the other side. That way it works with not only iPhones and iPads, but also MacBooks or any other USB-C device. Up until now, Yubico hasn't had any offerings that could work with iOS devices, and even among competitors the only option was Bluetooth authentication dongles, which can be glitchy, need to be charged, and potentially introduce their own insecurities.

Though the Lightning YubiKey is finally here with Apple's (mandatory) blessing, the company still hasn't incorporated the underlying open authentication standard, FIDO 2, into its operating systems by default. As a result, the Lightning YubiKey can't automatically work as an authentication token throughout your iOS experience. Each app needs to add compatibility individually through a new application programming interface. For today's launch, you can use the new Lightning YubiKey with a number of password managers and authentication services, like 1Password​, LastPass​, and ​Okta. You can also sign in with the key on a number of websites through the ​Brave iOS browser app​.

 source: securitymagazine.comn

A study from Southern Methodist University's Darwin Deason Institute for Cybersecurity found that hackers can figure out a person’s password by  listening to them type on a keyboard.

Aacoustic signals, or sound waves, produced when a person types on a computer keyboard can successfully be picked up by a smartphone, the study found. The sounds intercepted by the phone can then be processed, allowing a skilled hacker to decipher which keys were struck and what they were typing.

The researchers were able to decode much of what was being typed using common keyboards and smartphones – even in a noisy conference room filled with the sounds of other people typing and having conversations.

“We were able to pick up what people are typing at a 41 percent word accuracy rate. And we can extend that out – above 41 percent – if we look at, say, the top 10 words of what we think it might be,” said Eric C. Larson, one of the two lead authors and an assistant professor in SMU Lyle School’s Department of Computer Science.

The study was published in the June edition of the journal Interactive, Mobile, Wearable and Ubiquitous Technologies. Co-authors of the study are Tyler Giallanza, Travis Siems, Elena Sharp, Erik Gabrielsen and Ian Johnson – all current or former students at the Deason Institute.

It might take only a couple of seconds to obtain information on what you’re typing, noted lead author Mitch Thornton, director of SMU’s Deason Institute and professor of electrical and computer engineering.

“Based on what we found, I think smartphone makers are going to have to go back to the drawing board and make sure they are enhancing the privacy with which people have access to these sensors in a smartphone,” Larson said.

 source: cnet.com

If you ask your voice assistant to find and call a company's customer service number, there's a chance you'll end up connecting with scammers instead. Voice assistants like Siri, Alexa and Google Assistant are being tricked into picking up fraudulent support phone numbers created by scammers, warned the Better Business Bureau on Friday. 

Con artists create fake numbers then bump them to the top of search results, according to the group. This could lead to Siri, Alexa or Google Assistant accidentally picking up a scam number when you do voice search. If you do call a phony customer service number, the BBB warned that the "representative" might ask for you to pay for something via wire transfer or prepaid debit card. They might even ask for remote access to your computer or tell you to visit an unfamiliar website, the group said.

"We work hard to fight against spammers and protect people from scams. When these fake numbers are reported, we remove them," a Google spokesperson said in an email. 

Google said that it designs its systems to prioritize authoritative sources and work to prevent scams from being surfaced, but the systems aren't 100% perfect. When the company receives reports that scam phone numbers are being highlighted in its products, it'll remove them, according to the spokesperson.

To protect yourself, the BBB suggests looking up a customer service number based on a company's contact information on your bill or in your email or directly from the company's website. You can also check out CNET's guide to avoiding online scams.

Amazon declined to comment. Apple didn't immediately respond to request for comment.