Upcoming Events and Additional Information
The Center for Public Safety and Cybersecurity Education (CPSCE) is committed to providing access to timely and relevant information for industry professionals, as well as the communities we serve. In addition to hosting a variety of special events throughout the year, the Center also maintains a list of well-regarded public safety and cybersecurity resources.
Contact Us
Learn more about how Franklin can develop tailored training solutions for your organization.
Upcoming Events
Click below to view the 2024 National Centers of Academic Excellence calendar of events.
News Feeds
Get the latest cyber security news and insight from industry leaders.
Schneier on Security
Steve Bellovin’s Retirement Talk
November 20, 2024 - 11:22am
Bruce Schneier
<p>Steve Bellovin is retiring. <a href="https://www.cs.columbia.edu/~smb/blog/2024-05/2024-05-09.html">Here’s</a> his retirement talk, reflecting on his career and what the cybersecurity field needs next.</p>
Why Italy Sells So Much Spyware
November 18, 2024 - 11:47pm
Bruce Schneier
<p>Interesting <a href="https://therecord.media/how-italy-became-an-unexpected-spyware-hub">analysis</a>:</p> <blockquote><p>Although much attention is given to sophisticated, zero-click spyware developed by companies like Israel’s NSO Group, the Italian spyware marketplace has been able to operate relatively under the radar by specializing in cheaper tools. According to an Italian Ministry of Justice <a href="https://www.documentcloud.org/documents/25260169-mod-bp-22-071-232_5622_1-4">document</a>, as of December 2022 law enforcement in the country could rent spyware for €150 a day, regardless of which vendor they used, and without the large acquisition costs which would normally be prohibitive.</p> <p>As a result, thousands of spyware operations have been carried out by Italian authorities in recent years, according to a ...</p></blockquote>
Most of 2023’s Top Exploited Vulnerabilities Were Zero-Days
November 18, 2024 - 10:49am
Bruce Schneier
<p>Zero-day vulnerabilities are <a href="https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-317a">more commonly used</a>, according to the Five Eyes:</p> <blockquote><p><strong>Key Findings</strong></p> <p>In 2023, malicious cyber actors exploited more zero-day vulnerabilities to compromise enterprise networks compared to 2022, allowing them to conduct cyber operations against higher-priority targets. In 2023, the majority of the most frequently exploited vulnerabilities were initially exploited as a zero-day, which is an increase from 2022, when less than half of the top exploited vulnerabilities were exploited as a zero-day.</p> <p>Malicious cyber actors continue to have the most success exploiting vulnerabilities within two years after public disclosure of the vulnerability. The utility of these vulnerabilities declines over time as more systems are patched or replaced. Malicious cyber actors find less utility from zero-day exploits when international cybersecurity efforts reduce the lifespan of zero-day vulnerabilities...</p></blockquote>
Subverting LLM Coders
November 14, 2024 - 1:06pm
Bruce Schneier
<p>Really interesting research: “<a href="https://www.usenix.org/system/files/usenixsecurity24-yan.pdf">An LLM-Assisted Easy-to-Trigger Backdoor Attack on Code Completion Models: Injecting Disguised Vulnerabilities against Strong Detection</a>“:</p> <blockquote><p><b>Abstract</b>: Large Language Models (LLMs) have transformed code completion tasks, providing context-based suggestions to boost developer productivity in software engineering. As users often fine-tune these models for specific applications, poisoning and backdoor attacks can covertly alter the model outputs. To address this critical security challenge, we introduce CODEBREAKER, a pioneering LLM-assisted backdoor attack framework on code completion models. Unlike recent attacks that embed malicious payloads in detectable or irrelevant sections of the code (e.g., comments), CODEBREAKER leverages LLMs (e.g., GPT-4) for sophisticated payload transformation (without affecting functionalities), ensuring that both the poisoned data for fine-tuning and generated code can evade strong vulnerability detection. CODEBREAKER stands out with its comprehensive coverage of vulnerabilities, making it the first to provide such an extensive set for evaluation. Our extensive experimental evaluations and user studies underline the strong attack performance of CODEBREAKER across various settings, validating its superiority over existing approaches. By integrating malicious payloads directly into the source code with minimal transformation, CODEBREAKER challenges current security measures, underscoring the critical need for more robust defenses for code completion...</p></blockquote>
AIs Discovering Vulnerabilities
November 14, 2024 - 1:04pm
Bruce Schneier
<p>I’ve been <a href="https://www.schneier.com/essays/archives/2018/03/artificial_intellige.html">writing about</a> the possibility of AIs automatically discovering code vulnerabilities since at least 2018. This is an ongoing area of research: AIs doing source code scanning, AIs finding zero-days in the wild, and everything in between. The AIs aren’t very good at it yet, but they’re getting better.</p> <p>Here’s some <a href="https://zeropath.com/blog/0day-discoveries">anecdotal data</a> from this summer:</p> <blockquote><p>Since July 2024, ZeroPath is taking a novel approach combining deep program analysis with adversarial AI agents for validation. Our methodology has uncovered numerous critical vulnerabilities in production systems, including several that traditional Static Application Security Testing (SAST) tools were ill-equipped to find. This post provides a technical deep-dive into our research methodology and a living summary of the bugs found in popular open-source tools...</p></blockquote>
Krebson Security
Fintech Giant Finastra Investigating Data Breach
November 19, 2024 - 8:12pm
BrianKrebs
The financial technology firm Finastra is investigating the alleged large-scale theft of information from its internal file transfer platform, KrebsOnSecurity has learned. Finastra, which provides software and services to 45 of the world's top 50 banks, notified customers of a potential breach after a cybercriminal began selling more than 400 gigabytes of data purportedly stolen from the company.
An Interview With the Target & Home Depot Hacker
November 14, 2024 - 11:45pm
BrianKrebs
In December 2023, KrebsOnSecurity revealed the real-life identity of Rescator, the nickname used by a Russian cybercriminal who sold more than 100 million payment cards stolen from Target and Home Depot between 2013 and 2014. Moscow resident Mikhail Shefel, who confirmed using the Rescator identity in a recent interview, also admitted reaching out because he is broke and seeking publicity for several new money making schemes.
Microsoft Patch Tuesday, November 2024 Edition
November 12, 2024 - 4:59pm
BrianKrebs
Microsoft today released updates to plug at least 89 security holes in its Windows operating systems and other software. November's patch batch includes fixes for two zero-day vulnerabilities that are already being exploited by attackers, as well as two other flaws that were publicly disclosed prior to today.
FBI: Spike in Hacked Police Emails, Fake Subpoenas
November 9, 2024 - 2:20pm
BrianKrebs
The Federal Bureau of Investigation (FBI) is urging police departments and governments worldwide to beef up security around their email systems, citing a recent increase in cybercriminal services that use hacked police email accounts to send unauthorized subpoenas and customer data requests to U.S.-based technology companies.
Canadian Man Arrested in Snowflake Data Extortions
November 5, 2024 - 12:10pm
BrianKrebs
A 26-year-old man in Ontario, Canada has been arrested for allegedly stealing data from and extorting more than 160 companies that used the cloud data service Snowflake. On October 30, Canadian authorities arrested Alexander Moucka, a.k.a. Connor Riley Moucka of Kitchener, Ontario, on a provisional arrest warrant from the United States. Bloomberg first reported Moucka's alleged ties to the Snowflake hacks on Monday. At the end of 2023, malicious hackers learned that many large companies had uploaded huge volumes of sensitive customer data to Snowflake accounts that were protected with little more than a username and password (no multi-factor authentication required). After scouring darknet markets for stolen Snowflake account credentials, the hackers began raiding the data storage repositories used by some of the world’s largest corporations.
Security Resources
- Infosecurity Mag
- Security Magazine
- National Cyberwatch Center
- Security Weekly
- National Security Agency and Central Security Service
- The Department of Homeland Security
- Federal Bureau of Investigation
- InfraGard Partnership for Protection
- TaoSecurity Blog
- Threatpost
- Open Software Security Community
- Ohio Homeland Security
- Dark Reading
- Ohio Attorney General Cybersecurity
- Ohio Attorney General
- State of Ohio Office of the Inspector General
- Ohio Department of Commerce
- Ohio Fire Chief's Association and Ohio Fire and Emergency Services Foundation
- Liquidmatrix Bot
- Columbus Collaboratory
- WOSU Public Media NovaLabs
Internal Security Resources
Franklin University resources provided to enhance personal and organizational security.
Request Free Information
Learn more about how Franklin can develop an educational partnership tailored to your organization.
Get in touch with us today!
Franklin University
201 S Grant Ave.
Columbus, OH 43215
Local: (614) 797-4700
Toll Free: (877) 341-6300
admissions@franklin.edu
Copyright 2024 Franklin University
Franklin University is accredited by the Higher Learning Commission (hlcommission.org/800.621.7440) and authorized by the Ohio Department of Higher Education.
Franklin University is committed to being an inclusive community free from all forms of discrimination and harassment.