The Cybersecurity (CS) Digest is a curated bi-weekly news summary for cybersecurity professionals. It is transmitted in an HTML-formatted email and provides links to articles and news summaries across a spectrum of cybersecurity topics.

CSIAC ANNOUNCEMENTS:

DoDIAC Webinar, TODAY, Apr 15th @ 12:00 EDT: NREL’s Energy Security and Resilience Center - CSIAC

This webinar discusses the National Renewable Energy Laboratory's ongoing work to ensure energy security and resilience in today's interconnected and interdependent world. Software applications and internet-enabled devices have been integrated into most industrial control systems, delivering many benefits, but also increasing vulnerability. NREL's Virtual Cyber Research Platform allows evaluation of interconnected components in an emulated grid environment to improve security and resilience of critical infrastructure.

New CSIAC Podcast – Risk Management Framework (RMF) Categorization Part 4 of 4 - CSIAC

In part four of the RMF Categorization podcast series, the SMEs discuss the various roles and responsibilities as well as the operating environment.

In Cased You Missed It: CSIAC Webinar – Agile, Energy-Efficient and Trustworthy Intelligence at the Edge - CSIAC

Artificial intelligence (AI) has become the linchpin in a growing number of products, services, and research programs which are aimed at automating and enhancing the human decision-making process. However, there are still several application domains (satellites, wearables, wireless, etc.) that cannot afford the size, weight, and power (SWaP) overheads associated with executing state-of-the-art AI algorithms. This webinar discusses previous and ongoing research to bridge the gap and enable AI in the most SWaP-constrained environments.
Tags: Artificial Intelligence (AI)

RECENT HEADLINES:

Hackers Hijacking Home Routers to Direct People to Malicious Coronavirus App - TechRepublic

The attackers are changing DNS settings on Linksys routers to redirect users to a malicious website promising an informative COVID-19 app, says security provider BitDefender.

FBI Warns of Teleconferencing and Online Classroom Hijacking During COVID-19 Pandemic - FBI

As large numbers of people turn to video-teleconferencing (VTC) platforms to stay connected in the wake of the COVID-19 crisis, reports of VTC hijacking (also called "Zoom-bombing") are emerging nationwide. The FBI has received multiple reports of conferences being disrupted by pornographic and/or hate images and threatening language.

Europe Eyes Smartphone Location Data to Stem Virus Spread - Fifth Domain

Several European nations are evaluating powerful but potentially intrusive tools for fighting the new coronavirus pandemic, a move that could put public health at odds with individual privacy.

Booz Allen Analyzed 200+ Russian Hacking Operations to Better Understand Their Tactics - Zdnet

Booz Allen Hamilton, the largest private contractor for the US intelligence community, has published a comprehensive report this week detailing 15 years (2004 to 2019) of cyber operations carried out by Russia's military hackers.

Amazon Opposes Pentagon’s Proposal to Reevaluate Parts of its JEDI Award - Federal Times

Amazon Web Services opposes the Defense Department's decision to reconsider certain aspects of the government's controversial enterprise cloud award to Microsoft, arguing that the proposed action by the department isn't "fair and rational" and will "preserve" Microsoft's win, according to a March 24 court filing.

Commission Suggests Creating Reserve Force of Civilian Cybersecurity Experts - Fifth Domain

A new congressional report suggests piloting a reserves corps for federal civilian cybersecurity, along with several other recommendations to support the government's effort to attract and retain cybersecurity talent.

Unpatched iOS Bug Blocks VPNs From Encrypting All Traffic - Bleeping Computer

A currently unpatched security vulnerability affecting iOS 13.3.1 or later prevents virtual private networks (VPNs) from encrypting all traffic and can lead to some Internet connections bypassing VPN encryption to expose users' data or leak their IP addresses.

White House Releases National Strategy for 5G Security - Defense One

The strategy focuses on four lines of effort and will guide how the government approaches 5G for the near future.

Cyber Version of ‘Justice League’ Launches to Fight COVID-19 Related Hacks - Dark Reading

A group of cybersecurity experts from around the world - including from companies like Microsoft and Okta - have teamed to help organizations fight COVID-19-related hacking and phishing attacks.

Tor Browser 9.0.7 addresses a flaw that could allow unmasking Tor users - Security Affairs

The Tor Project released Tor Browser 9.0.7 that definitively addresses a vulnerability that allowed to execute JavaScript code on sites it should not.
Tags: Tor Browser, Vulnerability

New York Attorney General asks domain registrars to crack down on coronavirus scam sites - Security Affairs

New York Attorney General asks domain registrars, including GoDaddy, and Namecheap, to crack down on coronavirus scam sites.
Tags: Coronavirus, Coronavirus Scam

Millions of Americans are suddenly working from home. That’s a huge security risk - CNN

The dramatic expansion of teleworking by US schools, businesses and government agencies in response to the coronavirus is raising fresh questions about the capacity and security of the tools many Americans use to connect to vital workplace systems and data.
Tags: Coronavirus, Cyber Threats, Teleworking

Tech Giant GE Discloses Data Breach After Service Provider Hack - Bleeping Computer

Fortune 500 technology giant General Electric (GE) disclosed that personally identifiable information of current and former employees, as well as beneficiaries, was exposed in a security incident experienced by one of GE's service providers.
Tags: Data Breach, General Electric (GE)

Chinese hackers hit Citrix, Cisco vulnerabilities in sweeping campaign - Cyber Scoop

Earlier this year, state-backed Chinese hackers embarked on one of the most sweeping Chinese espionage campaigns FireEye has seen in years, according to new research the security firm published Wednesday.
Tags: Advanced Persistent Threat (APT), APT41, China, Citrix

CSIAC Supported Communities

CSIAC supports several communities of practice, such as the Cyber Community of Interest (COI) Group and research & development working groups.

Technical Resources, Policy and Guidance

This list of related sites provides additional sources to pursue the topic of Cybersecurity. The sites include Government organizations, including federal agencies, Department of Defense and military service agencies, commercial organizations, and academic institutions.

The CS Digest provides links to third party Websites. The CSIAC is not responsible for the availability of, and content provided on, third party Websites. You should refer to the policies posted by other Websites regarding their privacy and other topics before you use them. The CSIAC is not responsible for third party content accessible through the CSIAC CS Digest, including opinions, advice, statements, advertisements and endorsements, and you bear all risks associated with the use of such content.