Cyber
The Next Frontier

Become part of a critical layer of cyber defense. Cybersecurity positions will make up 45% of all US tech job openings.

View Full Curriculum

The National Security Agency designated the University of Arizona's Cyber Operations program as a Center of Academic Excellence in Cyber Operations (CAE-CO). With this designation, UA joins an extremely exclusive group of only 24 cyber programs in the nation. The NSA's CAE-CO designation demonstrates that UA's Cyber Operations program meets the most demanding academic and technical requirements.

Learn More

 

The Bachelor of Applied Science in Cyber Operations prepares graduates for cyber-related occupations in defense, law enforcement, and private industry.

Our curriculum includes both offensive and defensive cyber security content delivered within our state-of-the-art Virtual Learning Environment to ensure our students have extensive hands-on experiences to develop the knowledge, skills, and abilities necessary to succeed after they graduate.

 

Program News

DoD Cyber Scholarship Program (CySP)

The DoD CySP is a yearly scholarship program aimed at Juniors and Seniors pursuing a bachelor’s degree in cyber-related academic disciplines. The CySP is a 1-year scholarship, which grants selected Cyber Scholars tuition and mandatory fees (including health care), funding for books, a $25K annual stipend, and guaranteed employment with a DoD agency upon graduation.

Cyber News

Friday, May 27, 2022 - 09:15
REvil prosecutions reach a 'dead end,' Russian media reports

The Russian government’s prosecution of the REvil suspects arrested in January has stalled due to a lack of U.S. cooperation, a lawyer for one of the suspects told a Russian media outlet Friday.

The claim comes after senior Russian government officials said publicly over the last two months that communication between the U.S. and Russian governments on cybersecurity matters was cut off in the wake of the Russian military attack on Ukraine, and that the U.S. government had not shared sufficient information to fully prosecute the defendants.

The Russian government arrested multiple REvil ransomware crew suspects Jan. 14 as part of what was described as a “joint operation” with U.S. officials. Russia’s Federal Security Service, the FSB, said it seized 426 million rubles, $600,000 and 500,000 euros, as well as “20 premium cars” as part of the operation.

The money seized from the hackers should be donated as “humanitarian aid” to people living in the Russian-occupied areas of eastern Ukraine and the hackers should be released to work for Russian security services, Igor Vagin, an attorney in the case, told Russian state news outlet Kommersant Friday.

“The unique experience of the former defendants would certainly be useful to the Russian special services in the fight against hackers from Ukraine that have become more active lately,” Vagin said.

Kommersant reported that Yevgeny Krylov, an attorney for one of the REvil suspects, asked Oleg Khramov, the deputy head of the Russian Security Council, for help in getting Russian prosecutors to drop the case. Security Council staff said the prosecutor’s office was part of the working group that had been coordinating with the U.S. government’s National Security Council on cybersecurity matters, and that Khramov would not interfere in their case, the news outlet reported.

A spokesperson for the National Security Council told CyberScoop in April that the working group had not met “since Russia’s brutal war on Ukraine,” and that the U.S. government remained “focused on deterring and disrupting malicious cyber activity.”

Russian prosecutors only have enough information to accuse the suspects of using stolen credit information from “two Mexicans living in the United States” to purchase goods from U.S. online stores, Kommersant reported. “Neither the victims themselves nor the data on the damage caused to them by the investigation … are present, and now it is unlikely to be able to find them,” the attorney said.

Oleg Shakirov, an unaffiliated Moscow cyber policy expert, told CyberScoop Friday that the lawyer’s claims “should not be overestimated: it’s clear that the approach they chose is to appeal to patriotic sentiments. But as of now it is merely the stated position of one of the defendants and does not indicate a broader change in Moscow towards this case.”

“Although this might look like an excuse, it is not surprising that in such a case where attacks were not targeting Russian organizations, law enforcement agencies would need more information from their counterparts or from actual victims.”

Oleg shakirov

Shakirov added that Russian senior officials such as Khramov and Deputy Foreign Minister Oleg Syromolotov have said Russian-U.S. dialogue on cybersecurity was a good thing and cited the REvil arrests as a tangible result.

“But they said there was not enough information provided by the Americans to prosecute the group, meaning specific evidence on their crimes,” Shakirov said. “Although this might look like an excuse, it is not surprising that in such a case where attacks were not targeting Russian organizations, law enforcement agencies would need more information from their counterparts or from actual victims.”

He added that “despite all the speculations, the group members are still under arrest — their initial arrests were until March and were subsequently extended — which means that investigation continues.”

Russian Deputy Minister of Internal Affairs Sergei Lebedev told Russian news agency Interfax on April 6 that the Russian government had done a significant amount of work on the REvil prosecutions, which involve “thefts from citizens and U.S. entities,” according to a Google translation.

“However, foreign partners are in no hurry to provide the necessary information that would make it possible to bring the perpetrators to justice for committing other crimes and restore the rights of their own citizens violated by crimes,” he said.

U.S. officials and independent analysts have long argued that the Russian government could easily go after the myriad cybercrime perpetrators within its borders, but largely chooses not to do so.

The post REvil prosecutions reach a 'dead end,' Russian media reports appeared first on CyberScoop.

Friday, May 27, 2022 - 03:32
Critical Flaws in Popular ICS Platform Can Trigger RCE
Cisco Talos discovered eight vulnerabilities in the Open Automation Software, two of them critical, that pose risk for critical infrastructure networks.
Thursday, May 26, 2022 - 10:43
Broadcom to acquire VMware in $61B deal

Broadcom, a semiconductor and infrastructure software company, announced Thursday that it is acquiring VMware, the enterprise software firm, in an eye-popping $61 billion cash and stock deal.

The news comes on the heels of reports on the potential acquisition over the weekend.

VMware ranked first for market share in the global virtualization infrastructure software market in 2021, according to Gartner. Both companies provide cybersecurity services, with Broadcom having purchased Symantec’s enterprise security business in 2020 for nearly $11 billion.

Following the close of the transaction, Broadcom will rebrand and operate as VMware, folding its existing infrastructure and security software into the VMware portfolio.

A Broadcom press release heralded the deal, saying the merger of Broadcom software with VMware technology “will provide enterprise customers an expanded platform of critical infrastructure solutions to accelerate innovation and address the most complex information technology infrastructure needs.”

But the acquisition could face regulatory hurdles. Broadcom sought to buy the semiconductor and software company Qualcomm for $130 billion in 2018 but the Trump administration blocked the deal, citing national security concerns.

The unified company will allow customers to “build, run, manage, connect and protect applications at scale across diversified, distributed environments, regardless of where they run: from the data center to any cloud and to edge-computing,” according to the Broadcom press release.

The combined company will be a “remarkable enterprise software player,” VMware CEO Raghu Raghuram said in a statement.

The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency recently issued a directive for federal agencies to patch “critical” VMware vulnerabilities.

The post Broadcom to acquire VMware in $61B deal appeared first on CyberScoop.

Thursday, May 26, 2022 - 06:20
Regulators slam Twitter with $150M fine over using consumer security data for...

Twitter on Wednesday agreed to pay a $150 million dollar civil penalty and follow new data privacy practices in order to settle allegations that the company used data collected for account-security purposes for advertising without customer awareness.

A complaint the Justice Department filed this week on behalf of the Federal Trade Commission alleges that Twitter failed to inform more than 140 million users that their phone numbers or emails provided for account security could also be used for targeted advertising. The practice started sometime around 2014 and ended in 2019 when Twitter publicly admitted the “error.” Twitter disclosed the FTC’s investigation in 2020.

The practice violates federal law and the terms of a 2011 settlement with the FTC over Twitter’s failure to safeguard user data, which led to two breaches.

While the fine is just a small fraction of the billion-dollar company’s revenue, it’s the second-largest privacy-related fine from the FTC to date, topped only by a massive $5 billion settlement with Facebook in 2019. Facebook’s settlement also accused the company of using security data for advertising.

“The Department of Justice is committed to protecting the privacy of consumers’ sensitive data,” said Associate Attorney General Vanita Gupta. “The $150 million penalty reflects the seriousness of the allegations against Twitter, and the substantial new compliance measures to be imposed as a result of today’s proposed settlement will help prevent further misleading tactics that threaten users’ privacy.” 

As a part of the order, Twitter agreed to allow users to enable multi-factor authentication apps that don’t require a phone number and limit employee access to personal data. In 2020 the Justice Department indicted two Twitter employees for using their employee access to spy on Saudi dissidents.

The FTC isn’t the only regulator to slam Twitter’s security measures. New York financial regulators faulted Twitter’s security practices for a 2020 hacking campaign that took over high-profile accounts to promote cryptocurrency scams.

“Keeping data secure and respecting privacy is something we take extremely seriously, and we have cooperated with the FTC every step of the way,” Twitter’s chief privacy officer Damien Kieran wrote in a blog Wednesday. “In reaching this settlement, we have paid a $150M USD penalty, and we have aligned with the agency on operational updates and program enhancements to ensure that people’s personal data remains secure and their privacy protected.”

The post Regulators slam Twitter with $150M fine over using consumer security data for advertising appeared first on CyberScoop.

Thursday, May 26, 2022 - 03:30
Cybergang Claims REvil is Back, Executes DDoS Attacks
Actors claiming to be the defunct ransomware group are targeting one of Akami’s customers with a Layer 7 attack, demanding an extortion payment in Bitcoin.