- Overview
-
Degrees & Certificates
- Certificates
- Programs by Category
- Partner Solutions & Training
- Why CPSCE
- Events & Resources
- About The Center
Upcoming Events and Additional Information
The Center for Public Safety and Cybersecurity Education (CPSCE) is committed to providing access to timely and relevant information for industry professionals, as well as the communities we serve. In addition to hosting a variety of special events throughout the year, the Center also maintains a list of well-regarded public safety and cybersecurity resources.
Contact Us
Learn more about how Franklin can develop tailored training solutions for your organization.
CPSCE Blog
Association of Technology Professionals 2nd Annual Scholarship Recipient Announced >
Spotlight: Dr. Ned Pettus Jr., Director of Public Safety for the City of Columbus >
Aspect-Oriented Programming's Ironical Relation to Information Security >
Digital Transformation is Occurring at a Rapid Pace. Are You Ready? >
Creek Technologies is Seeking Franklin and Urbana Students and Alumni for Open Positions >
News Feeds
Get the latest cyber security news and insight from industry leaders.
Schneier on Security
Dan Solove on Privacy Regulation
April 23, 2024 - 11:28pm
Bruce Schneier
<p>Law professor Dan Solove has a <a href="https://papers.ssrn.com/sol3/papers.cfm?abstract_id=4333743">new article</a> on privacy regulation. In his email to me, he writes: “I’ve been pondering privacy consent for more than a decade, and I think I finally made a breakthrough with this article.” His mini-abstract:</p> <blockquote><p>In this Article I argue that most of the time, privacy consent is fictitious. Instead of futile efforts to try to turn privacy consent from fiction to fact, the better approach is to lean into the fictions. The law can’t stop privacy consent from being a fairy tale, but the law can ensure that the story ends well. I argue that privacy consent should confer less legitimacy and power and that it be backstopped by a set of duties on organizations that process personal data based on consent...</p></blockquote>
Microsoft and Security Incentives
April 22, 2024 - 10:51pm
Bruce Schneier
<p>Former senior White House cyber policy director A. J. Grotto <a href="https://www.theregister.com/AMP/2024/04/21/microsoft_national_security_risk/">talks about the economic incentives</a> for companies to improve their security—in particular, Microsoft:</p> <blockquote><p>Grotto told us Microsoft had to be “dragged kicking and screaming” to provide logging capabilities to the government by default, and given the fact the mega-corp banked around $20 billion in revenue from security services last year, the concession was minimal at best.</p> <p>[…]</p> <p>“The government needs to focus on encouraging and catalyzing competition,” Grotto said. He believes it also needs to publicly scrutinize Microsoft and make sure everyone knows when it messes up...</p></blockquote>
Using Legitimate GitHub URLs for Malware
April 22, 2024 - 11:26am
Bruce Schneier
<p>Interesting social-engineering <a href="https://www.bleepingcomputer.com/news/security/github-comments-abused-to-push-malware-via-microsoft-repo-urls/">attack vector</a>:</p> <blockquote><p>McAfee released a report on a <a href="https://www.bleepingcomputer.com/news/security/fake-cheat-lures-gamers-into-spreading-infostealer-malware/">new LUA malware loader</a> distributed through what appeared to be a legitimate Microsoft GitHub repository for the “C++ Library Manager for Windows, Linux, and MacOS,” known as <a href="https://github.com/microsoft/vcpkg">vcpkg</a>.</p></blockquote> <p>The attacker is exploiting a property of GitHub: comments to a particular repo can contain files, and those files will be associated with the project in the URL.</p> <p>What this means is that someone can upload malware and “attach” it to a legitimate and trusted project.</p> <blockquote><p>As the file’s URL contains the name of the repository the comment was created in, and as almost every software company uses GitHub, this flaw can allow threat actors to develop extraordinarily crafty and trustworthy lures...</p></blockquote>
New Lattice Cryptanalytic Technique
April 20, 2024 - 8:50am
Bruce Schneier
<p>A <a href="https://eprint.iacr.org/2024/555">new paper</a> presents a polynomial-time quantum algorithm for solving certain hard lattice problems. This could be a big deal for post-quantum cryptographic algorithms, since many of them base their security on hard lattice problems.</p> <p>A few things to note. One, this paper has not yet been peer reviewed. As <a href="https://crypto.stackexchange.com/questions/111385/polynomial-time-quantum-algorithms-for-lattice-problems">this comment</a> points out: “We had already some cases where efficient quantum algorithms for lattice problems were discovered, but they turned out <a href="https://crypto.stackexchange.com/questions/41731/new-quantum-attack-on-lattices-or-shor-strikes-again?rq=1">not being correct</a> or only worked for <a href="https://crypto.stackexchange.com/questions/95187/what-does-the-work-an-efficient-quantum-algorithm-for-lattice-problems-achievin">simple special cases</a>.” I expect we’ll learn more about this particular algorithm with time. And, like many of these algorithms, there will be improvements down the road...</p>
Friday Squid Blogging: Squid Trackers
April 19, 2024 - 10:57am
Bruce Schneier
<p>A <a href="https://newatlas.com/science/bioadhesive-interface-marine-sensors-tracking-squids/">new bioadhesive</a> makes it easier to attach trackers to squid.</p> <p>Note: the article does not discuss squid privacy rights.</p> <p>As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.</p> <p>Read my blog posting guidelines <a href="https://www.schneier.com/blog/archives/2017/03/commenting_poli.html">here</a>.</p>
Krebson Security
Russian FSB Counterintelligence Chief Gets 9 Years in Cybercrime Bribery Scheme
April 22, 2024 - 4:07pm
BrianKrebs
The head of counterintelligence for a division of the Russian Federal Security Service (FSB) was sentenced last week to nine years in a penal colony for accepting a USD $1.7 million bribe to ignore the activities of a prolific Russian cybercrime group that hacked thousands of e-commerce websites. The protection scheme was exposed in 2022 when Russian authorities arrested six members of the group, which sold millions of stolen payment cards at flashy online shops like Trump's Dumps.
Who Stole 3.6M Tax Records from South Carolina?
April 16, 2024 - 7:26am
BrianKrebs
For nearly a dozen years, residents of South Carolina have been kept in the dark by state and federal investigators over who was responsible for hacking into the state's revenue department in 2012 and stealing tax and bank account information for 3.6 million people. The answer may no longer be a mystery: KrebsOnSecurity found compelling clues suggesting the intrusion was carried out by the same Russian hacking crew that stole of millions of payment card records from big box retailers like Home Depot and Target in the years that followed.
Crickets from Chirp Systems in Smart Lock Key Leak
April 15, 2024 - 10:51am
BrianKrebs
The U.S. government is warning that smart locks securing entry to an estimated 50,000 dwellings nationwide contain hard-coded credentials that can be used to remotely open any of the locks. The lock's maker Chirp Systems remains unresponsive, even though it was first notified about the critical weakness in March 2021. Meanwhile, Chirp's parent company, RealPage, Inc., is being sued by multiple U.S. states for allegedly colluding with landlords to illegally raise rents.
Why CISA is Warning CISOs About a Breach at Sisense
April 11, 2024 - 4:48pm
BrianKrebs
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) said today it is investigating a breach at business intelligence company Sisense, whose products are designed to allow companies to view the status of multiple third-party online services in a single dashboard. CISA urged all Sisense customers to reset any credentials and secrets that may have been shared with the company, which is the same advice Sisense gave to its customers Wednesday evening.
Twitter’s Clumsy Pivot to X.com Is a Gift to Phishers
April 10, 2024 - 10:28am
BrianKrebs
On April 9, Twitter/X began automatically modifying links that mention "twitter.com" to redirect to "x.com" instead. But over the past 48 hours, dozens of new domain names have been registered that demonstrate how this change could be used to craft convincing phishing links -- such as fedetwitter[.]com, which is currently rendered as fedex.com in tweets.
FBI Cyber Crime Stories
Threat Post
InfoSec Island
Resources
- The City of Columbus Department of Public Safety
- Ohio Attorney General
- Ohio Attorney General Cybersecurity
- State of Ohio Office of the Inspector General
- Ohio Homeland Security
- Ohio Department of Commerce
- Ohio Fire Chief's Association and Ohio Fire and Emergency Services Foundation
- National Security Agency and Central Security Service
- The Department of Homeland Security
- Federal Bureau of Investigation
- InfraGard Partnership for Protection
- Dark Reading
- Security Weekly
- TaoSecurity Blog
- Liquidmatrix Bot
- Infosecurity Mag
- Columbus Collaboratory
- National Cyberwatch Center
- Security Magazine
- Threatpost
- Ohio Auditor
- Open Software Security Community
- WOSU Public Media NovaLabs
Request Free Information
Learn more about how Franklin can develop an educational partnership tailored to your organization.
Get in touch with us today!
Franklin University
201 S Grant Ave.
Columbus, OH 43215
Local: (614) 797-4700
Toll Free: (877) 341-6300
admissions@franklin.edu
Copyright 2024 Franklin University
Franklin University is accredited by the Higher Learning Commission (hlcommission.org/800.621.7440) and authorized by the Ohio Department of Higher Education.
Franklin University is committed to being an inclusive community free from all forms of discrimination and harassment.