The Cybersecurity (CS) Digest is a curated bi-weekly news summary for cybersecurity professionals. It is transmitted in an HTML-formatted email and provides links to articles and news summaries across a spectrum of cybersecurity topics.
A talk delivered at the Black Hat Europe 2015 security conference in Amsterdam shows how one simple vulnerability in an ERP suite used inside oil and gas companies can escalate to grant attackers access to the company's entire infrastructure.
Most federal agencies overseeing the security of America's critical infrastructure still lack formal methods for determining whether those essential networks are protected from hackers, according to a new government report.
British spies are building elite cyber offensive forces to strike at Islamic State fighters, hackers and hostile powers, Chancellor George Osborne said on Tuesday after warning militants wanted to launch deadly digital attacks.
The Pentagon has quietly put out a call for vendors to bid on a contract to develop, execute and manage its new cyber weaponry and defense program.
In an exercise that has taken on new urgency since the Paris attacks, experts are in Estonia testing the Western alliance's ability to cope with Internet attacks that could paralyze equipment, compromise data.
Fabian Wosar of Emisoft has created a tool capable of decoding files encrypted by the DecryptorMax ransomware, also known as CryptInfinite.
FBI Probes 1.2B Stolen Credentials - Gov Info Security
The FBI is pursuing a suspected Russian hacker who claims to have amassed a trove of 1.2 billion unique email and password combinations and who also offered access to hacked Facebook and Twitter accounts.
Samy Kamkar, the inventor of numerous hacking tools, has created another mind-blowing device, one that can accurately read and predict credit card numbers, and bypass chip & PIN safeguards embedded within modern cards.
CryptoWall 4.0 Spreading via Nuclear Exploit Kit - Security Week
The CryptoWall 4.0 ransomware is being spread via exploit kits, with the Nuclear exploit kit (EK) being the first major crimekit to infect machines with this type of malware, Rackspace security researcher Brad Duncan has discovered.
Analytics code deeply hidden in popular Google Chrome extensions is being used to track users across the Web, in different browser tabs, and without user consent.
Technology certification management provider Pearson VUE has copped to a computer security breach after malware compromised its Credential Manager System.
The challenges are a potential inability to trust financial and other data due to manipulation by adversaries, and the disregard of some non-state actors for connectivity and other staples of daily life in many parts of the world.
State-sponsored Cyberspies Inject Victim Profiling and Tracking Scripts in Strategic Websites - PC World
Web analytics and tracking cookies play a vital role in online advertising, but they can also help attackers discover potential targets and their weaknesses.
Lahey Hospital Fined $850,000 in HIPAA Case - Gov Info Security
Federal regulators have announced a HIPAA resolution agreement with Lahey Hospital and Medical Center in Burlington, Mass., stemming from an investigation into the theft of a laptop that was used to operate a medical device.
Based on the BitSight report, the healthcare industry is near worst in overall security, with only education below them.
Machine Learning Master Algorithm: Next big Wave for Enterprises - IT World Canada
Your enterprise will live, grow, and die from Machine Learning (ML). ML provides huge competitive advantage for those strongly embracing it.
The Department of Energy's Oak Ridge National Laboratory, FCA US LLC, and the foundry giant, Nemak of Mexico, are combining their strengths to create lightweight powertrain materials that will help the auto industry speed past the technological roadblocks to its target of 54.5 miles per gallon by 2025.
Millions of Internet-of-Things (IoT) devices use the same cryptographic secrets, an oversight that exposes them to various types of malicious attacks, shows a new study by IT security consultancy SEC Consult.
New Law Allows French Police to Seize and Search Electronic Devices Without a Warrant - Net-Security
In the wake of the Paris attacks, the French Senate passed on Friday a bill that extends the state of emergency declared after the attacks to three months.
A vulnerability into how VPN providers deal with port forwarding exposes the real IP address of some users, say the network security experts from Perfect Privacy, a VPN provider.
NMAP 7 Brings Faster Scans, Other Improvements - Security Week
Three and a half years after the release of version 6, the developers of the Nmap Security Scanner announced this week the availability of Nmap 7.0.0.
The CSIAC has produced a short follow-up on recent cybersecurity headlines. Recent advances and speculation in Quantum Computing have created many questions. A look at the NSA's Suite B cryptographic algorithms resource provides a sound reference for understanding the current state of the industry. However, scientific breakthroughs continue to be a driving force in the Quantum Computing realm.
The Cyber COI engages in multiple activities and forums for coordinating cyber S&T strategies, sharing innovative ideas and technical approaches, promoting technology transfer and upcoming business opportunities, and in jointly planning programs across the Department of Defense and other government agencies. Membership is based upon approval by the Cyber COI group administrator.
The Cyber Shield Newsletter - New Mexico Counterintelligence Working Group (NMCIWG)
The Cyber Shield is a Cyber Newsletter for Counterintelligence, IT and Security Professionals associated with DoD and USG agencies. There are no distribution constraints. If you would like to subscribe, please contact Paul Losiewicz at email@example.com
The CS Digest provides links to third party Websites. The CSIAC is not responsible for the availability of, and content provided on, third party Websites. You should refer to the policies posted by other Websites regarding their privacy and other topics before you use them. The CSIAC is not responsible for third party content accessible through the CSIAC CS Digest, including opinions, advice, statements, advertisements and endorsements, and you bear all risks associated with the use of such content.