Upcoming Events and Additional Information
The Center for Public Safety and Cybersecurity Education (CPSCE) is committed to providing access to timely and relevant information for industry professionals, as well as the communities we serve. In addition to hosting a variety of special events throughout the year, the Center also maintains a list of well-regarded public safety and cybersecurity resources.
Contact Us
Learn more about how Franklin can develop tailored training solutions for your organization.
CPSCE Blog
Association of Technology Professionals 2nd Annual Scholarship Recipient Announced >
Spotlight: Dr. Ned Pettus Jr., Director of Public Safety for the City of Columbus >
Aspect-Oriented Programming's Ironical Relation to Information Security >
Digital Transformation is Occurring at a Rapid Pace. Are You Ready? >
Creek Technologies is Seeking Franklin and Urbana Students and Alumni for Open Positions >
News Feeds
Get the latest cyber security news and insight from industry leaders.
Schneier on Security
Friday Squid Blogging: Sunscreen from Squid Pigments
July 26, 2024 - 12:23pm
Bruce Schneier
<p><a href="https://www.zmescience.com/science/news-science/octopus-squids-pigment-sunscreen/">They’re</a> <a href="https://phys.org/news/2024-07-octopus-squid-pigments-sunscreen-environment.html">better</a> for the environment.</p> <p><a href="https://www.schneier.com/blog/archives/2024/06/new-blog-moderation-policy.html">Blog moderation policy.</a></p>
Compromising the Secure Boot Process
July 26, 2024 - 12:21pm
Bruce Schneier
<p>This <a href="https://arstechnica.com/security/2024/07/secure-boot-is-completely-compromised-on-200-models-from-5-big-device-makers/">isn’t good</a>:</p> <blockquote><p>On Thursday, researchers from security firm Binarly revealed that Secure Boot is completely compromised on more than 200 device models sold by Acer, Dell, Gigabyte, Intel, and Supermicro. The cause: a cryptographic key underpinning Secure Boot on those models that was compromised in 2022. In a public GitHub repository committed in December of that year, someone working for multiple US-based device manufacturers published what’s known as a platform key, the cryptographic key that forms the root-of-trust anchor between the hardware device and the firmware that runs on it. The repository was located at https://github.com/raywu-aaeon/Ryzen2000_4000.git, and it’s not clear when it was taken down...</p></blockquote>
The CrowdStrike Outage and Market-Driven Brittleness
July 26, 2024 - 12:18pm
Bruce Schneier
<p>Friday’s massive internet outage, caused by a mid-sized tech company called CrowdStrike, disrupted major airlines, hospitals, and banks. Nearly <a href="https://www.independent.co.uk/tech/microsoft-outage-crowdstrike-global-it-flights-banks-windows-b2582964.html">7,000 flights were canceled</a>. It took down 911 systems and factories, courthouses, and television stations. Tallying the total cost will take time. The outage affected more than 8.5 million Windows computers, and the cost will surely be in the <a href="https://www.theguardian.com/technology/article/2024/jul/24/crowdstrike-outage-companies-cost">billions of dollars</a>easily matching the most costly previous cyberattacks, such as <a href="https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/">NotPetya</a>.</p> <p>The catastrophe is yet another reminder of how brittle global internet infrastructure is. It’s complex, deeply interconnected, and filled with single points of failure. As we experienced last week, a single problem in a small piece of software can take large swaths of the internet and global economy offline...</p>
Data Wallets Using the Solid Protocol
July 24, 2024 - 12:40pm
Bruce Schneier
<p>I am the Chief of Security Architecture at <a href="https://www.inrupt.com/">Inrupt, Inc.</a>, the company that is commercializing Tim Berners-Lee’s <a href="https://solidproject.org/">Solid</a> open W3C standard for distributed data ownership. This week, we <a href="https://www.inrupt.com/blog/data-wallet-release">announced</a> a digital wallet based on the Solid architecture.</p> <p>Details are <a href="https://www.inrupt.com/release/data-wallet">here</a>, but basically a digital wallet is a repository for personal data and documents. Right now, there are hundreds of different wallets, but no standard. We think designing a wallet around Solid makes sense for lots of reasons. A wallet is more than a data store—data in wallets is for using and sharing. That requires interoperability, which is what you get from an open standard. It also requires fine-grained permissions and robust security, and that’s what the Solid protocols provide...</p>
Robot Dog Internet Jammer
July 24, 2024 - 11:25am
Bruce Schneier
<p>Supposedly the DHS <a href="https://www.404media.co/dhs-has-a-ddos-robot-to-disable-internet-of-things-booby-traps-inside-homes/">has these</a>:</p> <blockquote><p>The robot, called “NEO,” is a modified version of the “Quadruped Unmanned Ground Vehicle” (Q-UGV) sold to law enforcement by a company called Ghost Robotics. Benjamine Huffman, the director of DHS’s Federal Law Enforcement Training Centers (FLETC), told police at the 2024 Border Security Expo in Texas that DHS is increasingly worried about criminals setting “booby traps” with internet of things and smart home devices, and that NEO allows DHS to remotely disable the home networks of a home or building law enforcement is raiding. The Border Security Expo is open only to law enforcement and defense contractors. A transcript of Huffman’s speech was obtained by the Electronic Frontier Foundation’s Dave Maass using a Freedom of Information Act request and was shared with 404 Media...</p></blockquote>
Krebson Security
Crooks Bypassed Google’s Email Verification to Create Workspace Accounts, Access 3rd-Party Services
July 26, 2024 - 5:31pm
BrianKrebs
Google says it recently fixed an authentication weakness that allowed crooks to circumvent email verification needed to create a Google Workspace account, and leverage that to impersonate a domain holder to third-party services that allow logins through Google's "Sign in with Google" feature.
Phish-Friendly Domain Registry “.top” Put on Notice
July 23, 2024 - 3:41pm
BrianKrebs
The Chinese company in charge of handing out domain names ending in “.top” has been given until mid-August 2024 to show that it has put in place systems for managing phishing reports and suspending abusive domains, or else forfeit its license to sell domains. The warning comes amid the release of new findings that .top was the most common suffix in phishing websites over the past year, second only to domains ending in “.com.”
Global Microsoft Meltdown Tied to Bad Crowdstrike Update
July 19, 2024 - 10:24am
BrianKrebs
A faulty software update from cybersecurity vendor Crowdstrike crippled countless Microsoft Windows computers across the globe today, disrupting everything from airline travel and financial institutions to hospitals and businesses online. Crowdstrike said a fix has been deployed, but experts say the recovery from this outage could take some time, as Crowdstrike's solution needs to be applied manually on a per-machine basis.
Researchers: Weak Security Defaults Enabled Squarespace Domains Hijacks
July 15, 2024 - 11:24am
BrianKrebs
At least a dozen organizations with domain names at domain registrar Squarespace saw their websites hijacked last week. Squarespace bought all assets of Google Domains a year ago, but many customers still haven't set up their new accounts. Experts say malicious hackers learned they could commandeer any migrated Squarespace accounts that hadn't yet been registered, merely by supplying an email address tied to an existing domain.
Crooks Steal Phone, SMS Records for Nearly All AT&T Customers
July 12, 2024 - 2:12pm
BrianKrebs
AT&T Corp. disclosed today that a new data breach has exposed phone call and text message records for roughly 110 million people -- nearly all of its customers. AT&T said it delayed disclosing the incident in response to "national security and public safety concerns," noting that some of the records included data that could be used to determine where a call was made or text message sent. AT&T also acknowledged the customer records were exposed in a cloud database that was protected only by a username and password (no multi-factor authentication needed).
FBI Cyber Crime Stories
Threat Post
InfoSec Island
Resources
- The City of Columbus Department of Public Safety
- Ohio Attorney General
- Ohio Attorney General Cybersecurity
- State of Ohio Office of the Inspector General
- Ohio Homeland Security
- Ohio Department of Commerce
- Ohio Fire Chief's Association and Ohio Fire and Emergency Services Foundation
- National Security Agency and Central Security Service
- The Department of Homeland Security
- Federal Bureau of Investigation
- InfraGard Partnership for Protection
- Dark Reading
- Security Weekly
- TaoSecurity Blog
- Liquidmatrix Bot
- Infosecurity Mag
- Columbus Collaboratory
- National Cyberwatch Center
- Security Magazine
- Threatpost
- Ohio Auditor
- Open Software Security Community
- WOSU Public Media NovaLabs
Request Free Information
Learn more about how Franklin can develop an educational partnership tailored to your organization.
Get in touch with us today!
Franklin University
201 S Grant Ave.
Columbus, OH 43215
Local: (614) 797-4700
Toll Free: (877) 341-6300
admissions@franklin.edu
Copyright 2024 Franklin University
Franklin University is accredited by the Higher Learning Commission (hlcommission.org/800.621.7440) and authorized by the Ohio Department of Higher Education.
Franklin University is committed to being an inclusive community free from all forms of discrimination and harassment.