- Overview
-
Degrees & Certificates
- Certificates
- Programs by Category
- Partner Solutions & Training
- Why CPSCE
- Events & Resources
- About The Center
Upcoming Events and Additional Information
The Center for Public Safety and Cybersecurity Education (CPSCE) is committed to providing access to timely and relevant information for industry professionals, as well as the communities we serve. In addition to hosting a variety of special events throughout the year, the Center also maintains a list of well-regarded public safety and cybersecurity resources.
Contact Us
Learn more about how Franklin can develop tailored training solutions for your organization.
CPSCE Blog
Association of Technology Professionals 2nd Annual Scholarship Recipient Announced >
Spotlight: Dr. Ned Pettus Jr., Director of Public Safety for the City of Columbus >
Aspect-Oriented Programming's Ironical Relation to Information Security >
Digital Transformation is Occurring at a Rapid Pace. Are You Ready? >
Creek Technologies is Seeking Franklin and Urbana Students and Alumni for Open Positions >
News Feeds
Get the latest cyber security news and insight from industry leaders.
Schneier on Security
Zero-Trust DNS
May 15, 2024 - 11:55pm
Bruce Schneier
<p>Microsoft is <a href="https://arstechnica.com/security/2024/05/microsoft-plans-to-lock-down-windows-dns-like-never-before-heres-how/">working on</a> a promising-looking protocol to lock down DNS.</p> <blockquote><p>ZTDNS aims to solve this decades-old problem by integrating the Windows DNS engine with the Windows Filtering Platform—the core component of the Windows Firewall—directly into client devices.</p> <p>Jake Williams, VP of research and development at consultancy Hunter Strategy, said the union of these previously disparate engines would allow updates to be made to the Windows firewall on a per-domain name basis. The result, he said, is a mechanism that allows organizations to, in essence, tell clients “only use our DNS server, that uses TLS, and will only resolve certain domains.” Microsoft calls this DNS server or servers the “protective DNS server.”...</p></blockquote>
LLMs’ Data-Control Path Insecurity
May 15, 2024 - 4:13am
B. Schneier
<p>Back in the 1960s, if you played a 2,600Hz tone into an AT&T pay phone, you could make calls without paying. A phone hacker named <a href="https://en.wikipedia.org/wiki/John_Draper">John Draper</a> noticed that the <a href="https://www.atlasobscura.com/articles/capn-crunch-whistle">plastic whistle</a> that came free in a box of Captain Crunch cereal worked to make the right sound. That became his hacker name, and everyone who knew the trick made free pay-phone calls.</p> <p>There were all sorts of related hacks, such as faking the tones that signaled coins dropping into a pay phone and faking tones used by repair equipment. AT&T could sometimes change the signaling tones, make them more complicated, or try to keep them secret. But the general class of exploit was impossible to fix because the problem was general: Data and control used the same channel. That is, the commands that told the phone switch what to do were sent along the same path as voices...</p>
New Attack on VPNs
May 14, 2024 - 7:55am
Bruce Schneier
<p>This <a href="https://arstechnica.com/security/2024/05/novel-attack-against-virtually-all-vpn-apps-neuters-their-entire-purpose/">attack</a> has been feasible for over two decades:</p> <blockquote><p>Researchers have devised an attack against nearly all virtual private network applications that forces them to send and receive some or all traffic outside of the encrypted tunnel designed to protect it from snooping or tampering.</p> <p>TunnelVision, as the researchers have named their attack, largely negates the entire purpose and selling point of VPNs, which is to encapsulate incoming and outgoing Internet traffic in an encrypted tunnel and to cloak the user’s IP address. The researchers believe it affects all VPN applications when they’re connected to a hostile network and that there are no ways to prevent such attacks except when the user’s VPN runs on Linux or Android. They also said their attack technique may have been possible since 2002 and may already have been discovered and used in the wild since then...</p></blockquote>
Another Chrome Vulnerability
May 14, 2024 - 6:39am
Bruce Schneier
<p>Google has <a href="https://arstechnica.com/security/2024/05/google-patches-its-fifth-zero-day-vulnerability-of-the-year-in-chrome/">patched</a> another Chrome zero-day:</p> <blockquote><p>On Thursday, Google <a href="https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_9.html">said</a> an anonymous source notified it of the vulnerability. The vulnerability carries a severity rating of 8.8 out of 10. In response, Google said, it would be releasing versions 124.0.6367.201/.202 for macOS and Windows and 124.0.6367.201 for Linux in subsequent days.</p> <p>“Google is aware that an exploit for CVE-2024-4671 exists in the wild,” the company said.</p> <p>Google didn’t provide any other details about the exploit, such as what platforms were targeted, who was behind the exploit, or what they were using it for...</p></blockquote>
Upcoming Speaking Engagements
May 14, 2024 - 6:36am
Bruce Schneier
<p>This is a current list of where and when I am scheduled to speak:</p> <ul> <li>I’m giving a webinar via Zoom on Wednesday, May 22, at 11:00 AM ET. The topic is “<a href="https://gwu.qualtrics.com/jfe/form/SV_73QPw1fkq88iR4G">Should the USG Establish a Publicly Funded AI Option?</a>“</li> </ul> <p>The list is maintained on <a href="https://www.schneier.com/events/">this page</a>.</p>
Krebson Security
Patch Tuesday, May 2024 Edition
May 14, 2024 - 4:19pm
BrianKrebs
Microsoft today released updates to fix more than 60 security holes in Windows computers and supported software, including two "zero-day" vulnerabilities in Windows that are already being exploited in active attacks. There are also important security patches available for macOS and Adobe users, and for the Chrome Web browser, which just patched its own zero-day flaw.
How Did Authorities Identify the Alleged Lockbit Boss?
May 13, 2024 - 7:26am
BrianKrebs
Last week, the United States joined the U.K. and Australia in sanctioning and charging a Russian man named Dmitry Yuryevich Khoroshev as the leader of the infamous LockBit ransomware group. LockBit's leader "LockBitSupp" claims the feds named the wrong guy, saying the charges don't explain how they connected him to Khoroshev. This post examines the activities of Khoroshev's many alter egos on the cybercrime forums, and tracks the career of a gifted malware author who has written and sold malicious code for the past 14 years.
U.S. Charges Russian Man as Boss of LockBit Ransomware Group
May 7, 2024 - 1:36pm
BrianKrebs
The United States joined the United Kingdom and Australia today in sanctioning 31-year-old Russian national Dmitry Yuryevich Khoroshev as the alleged leader of the infamous ransomware group LockBit. The U.S. Department of Justice also indicted Khoroshev as the gang's leader "LockbitSupp," and charged him with using Lockbit to attack more than 2,000 victims and extort at least $100 million in ransomware payments.
Why Your VPN May Not Be As Secure As It Claims
May 6, 2024 - 10:24am
BrianKrebs
Virtual private networking (VPN) companies market their services as a way to prevent anyone from snooping on your Internet usage. But new research suggests this is a dangerous assumption when connecting to a VPN via an untrusted network, because attackers on the same network could force a target's traffic off of the protection provided by their VPN without triggering any alerts to the user.
Man Who Mass-Extorted Psychotherapy Patients Gets Six Years
April 30, 2024 - 9:34am
BrianKrebs
A 26-year-old Finnish man was sentenced to more than six years in prison today after being convicted of hacking into an online psychotherapy clinic, leaking tens of thousands of patient therapy records, and attempting to extort the clinic and patients.
FBI Cyber Crime Stories
Threat Post
InfoSec Island
Resources
- The City of Columbus Department of Public Safety
- Ohio Attorney General
- Ohio Attorney General Cybersecurity
- State of Ohio Office of the Inspector General
- Ohio Homeland Security
- Ohio Department of Commerce
- Ohio Fire Chief's Association and Ohio Fire and Emergency Services Foundation
- National Security Agency and Central Security Service
- The Department of Homeland Security
- Federal Bureau of Investigation
- InfraGard Partnership for Protection
- Dark Reading
- Security Weekly
- TaoSecurity Blog
- Liquidmatrix Bot
- Infosecurity Mag
- Columbus Collaboratory
- National Cyberwatch Center
- Security Magazine
- Threatpost
- Ohio Auditor
- Open Software Security Community
- WOSU Public Media NovaLabs
Request Free Information
Learn more about how Franklin can develop an educational partnership tailored to your organization.
Get in touch with us today!
Franklin University
201 S Grant Ave.
Columbus, OH 43215
Local: (614) 797-4700
Toll Free: (877) 341-6300
admissions@franklin.edu
Copyright 2024 Franklin University
Franklin University is accredited by the Higher Learning Commission (hlcommission.org/800.621.7440) and authorized by the Ohio Department of Higher Education.
Franklin University is committed to being an inclusive community free from all forms of discrimination and harassment.