and in some cases proactively paying hackers through bug bounty programs, for example. But the CFAA remains a sticking point. “Computer security research is a key driver of improved …
Army Spc. Majid Lowe didn’t know anything about the Army Software Factory until a superior in his infantry unit brought it to his attention. “He came in one day and said I was wasting my time…and told me that I needed to apply or I was going to be very unhappy,” Lowe said.
His journey to become part of the Army Software Factory’s first cohort wasn’t straightforward. His career started with a stint as a cybersecurity specialist. “I did network audits,” Lowe told FCW. “I would go to the client [and] I would run some scans and try to break some things and [say]: ‘Hey, here’s what I got into. Here’s what I didn’t get into.’ And then I would leave. It wasn’t the most fulfilling job, but again it afforded me a lot of free time because the job didn’t take a whole lot of time, so that was great.”
In 2017, he went on a six-month motorcycle camping trip with his father, who was in the Marine Corps. Lowe originally intended to join the Army’s Special Forces, but an injury sidelined those dreams, and after his father’s death, he decided to enlist as an infantryman.
“In early 2018, I lost my dad, and when that happened, I realized I don’t want to have regrets when my time comes to meet whatever maker we might have,” Lowe said.
Because of his background in cybersecurity and his experience as a junior enlisted infantryman, Lowe came into the software factory with ideas for bringing automation into daily operations, such as scheduling and deconflicting Army activities.
Finding hidden tech talent
Lt. Col. Vito Errico, co-director of the Army Software Factory, told FCW that he believes there is “mislabeled or underutilized, hidden tech talent already inside an organization of about 485,000 people. We’ve got combat medics who are completely self-taught in fields of platform engineering, but…the recruiter pushed them toward more traditional Army disciplines…. And so if you take all of those what I would call tech misfits and sort of put them in one place and organize them and resource them properly, we think you could do something pretty magical.”
The software factory is now training its second cohort of in-house “tech misfits.” Co-Director Maj. Jason Zuniga said: “Over the past year, it’s been…
Before virtual assistants such as Amazon’s Alexa and Google Assistant became ubiquitous household technology, thieves needed to gain physical access into a home to inflict harm. Now all they need is their voice.
Artificial intelligence-powered voice assistants have a not-so-secret vulnerability: They can be hacked with audible cues, ambient noise or even ultrasound, leaving sensitive personal information such as credit card numbers and passwords open to theft. Yingying Chen, a Rutgers professor of electrical and computer engineering, created an application called WearID to address these exploits.
“We’re a long way away from The Shining, when it took brute force to hurt someone,” Chen said. “In the digital age you can dissect people’s lives and access their most important information simply by speaking from behind a closed door.”
Since 2020, Chen and her colleagues Yan Wang at Temple University and Nitesh Saxena at Texas A&M University have been developing a user-authentication framework that captures human voice patterns in the vibration domain and uses them as an identity token to verify spoken commands given to a virtual assistant.
The solution, WearID, works like this: When someone issues a command to a voice assistant, the WearID app, which is installed on the user’s smartphone or wearable device, uses the device’s accelerometer to capture the vibration characteristics of the person speaking and compare them with the audio captured by the voice assistant’s microphone.
If a legitimate user has given the command, the spectral pattern between the vibration and audio domains will be similar. If the pattern doesn’t match, the voice assistant will ignore the prompt.
Chen is working with Rutgers to patent the technology and with Silicon Valley industry leaders to help bring WearID to market. She hopes to have the app available for download sometime next year.
“Because this is a software solution that requires no backend hardware, it should be straightforward to deploy,” she said.
“As internet-connected devices rise in popularity and voice prompts…
Ukraine’s Kalush Orchestra is favorite to win the Eurovision 2022 final
The same Russian threat actors that this week targeted Italian parliamentary and military websites and threatened to disrupt U.K. National Health Service (NHS) services, could now have the Eurovision Song Contest 2022 final in their crosshairs.
The Killnet threat group has threatened to “send 10 billion requests” to the Eurovision online voting system and “add votes to some other country.”
The pro-Kremlin Killnet cybercriminal group boasts of conducting “military cyber exercises” to improve member skills, appears to be mostly involved in reasonably straightforward, if disruptive, Distributed Denial-of-Service (DDoS) attacks.
According to threat intelligence experts at Cyjax, Killnet first emerged back in March following the Russian invasion of Ukraine. Using the newly launched ‘Killnet Botnet DDoS’ resource, its first target was the Anonymous hacktivist collective. This involved disrupting “the Anonymous website.” Or, at least, it would have if such a thing existed.
As Cyjax explains, there is no central Anonymous website. “It’s more likely that an independent generic Anonymous website was targeted to boost morale for the Russian side,” Cyjax says.
In an apparent attempt to prevent or disrupt the online voting for current Eurovision favorites from Ukraine, the Kalush Orchestra, Killnet has hinted it could target Eurovision servers. In a Telegram message, the group claimed to have already disrupted the voting system. Or, rather, that the DDoS Botnet might be behind earlier voting difficulties.
Russia was banned from competing in Eurovision 2022 following the invasion of Ukraine, and the Kalush Orchestra has stated that a win would be a morale booster for the people of Ukraine.
A Eurovision spokesperson said that the voting system has “a wide range of security measures in place to protect audience participation” and this year will be no different in that regard.