The Cybersecurity (CS) Digest is a curated bi-weekly news summary for cybersecurity professionals. It is transmitted in an HTML-formatted email and provides links to articles and news summaries across a spectrum of cybersecurity topics.
Free CSIAC Webinar TODAY May 16 @ 12 PM EDT – Democratize Anomaly Detection Technologies: Challenges, Advances, and Opportunities - CSIAC
This webinar will highlight recent success in demonstrating substantial improvements in the accuracy under control-flow and data-oriented attacks in Linux, including malicious code reuse, security bypass, and service abuse. The webinar will also describe exciting future research directions on hardware-assisted fast tracing, anomaly-detection as a service, supporting domain experts for inter-disciplinary anomaly discovery, and standardizing evaluation.
An insider threat is a malicious threat to an organization that comes from people within the organization. Learn how to spot some possible indicators of an insider threat.
The Hack the Pentagon bug bounty program that allowed citizens to test the defenses of Defense Department websites could soon see a spinoff inviting hackers to probe the Pentagon’s critical infrastructure.
The New Frontier in Cybersecurity is Underwater - Washington Examiner
High-speed wireless "underwater internet" of the type that is now pervasive in the world's cities is still just theory. Without a cable, data just doesn't transmit easily through water (even less so when it is salt water).
Hackers Using Pixel Tracking to Gather Pre-Hack Data - E Hacking News
Pixel tracking is a decades-old email marketing technique that relies on embedding a one-by-one pixel image, usually transparent or of the same colour of the email's background which prevents users from noticing them in most cases.
A phishing attack usually depends on two things: a perfect disguise and somewhat the ignorance of users. But not this one as hackers are now faking popular domains like Apple, Google, or eBay on their own fraudulent websites. Hackers are even able to get the little "Secure" green bar for their fraudulent websites making the attack even more sophisticated.
The hotel group, which operates Holiday Inn, Kimpton, and several other brands, has now released details on the broader scope of the security breach. "Approximately 1,200 IHG-branded franchise hotel locations in the Americas were affected," a company spokesperson tells The Verge.
Computer Operating System and Short Movie Stored on DNA - ScienceDaily
In a new study in Science, a pair of researchers at Columbia University and the New York Genome Center (NYGC) show that an algorithm designed for streaming video on a cellphone can unlock DNA's nearly full storage potential by squeezing more information into its four base nucleotides.
Many now consider simulation the third pillar of scientific inquiry, alongside the centuries-old pillars of theory and experiment.
The study to be published Friday and another published on Wednesday add evidence to complaints by officials in France, Germany and the United States that Russia is trying to replicate its cyber-powered election meddling in American politics.
A group of researchers at the Beijing-based security firm Qihoo 360 recently pulled off the so-called relay hack with a pair of gadgets they built for just $22.
Mirai and Hajime Locked Into IoT Botnet Battle - ThreatPost
"No one knows for sure who created Hajime. The only thing we know for sure is that it's a vigilante white hat hacker who created this to counter any future attacks from Mirai and similar attacks," said Mandeep Khera, CMO of security firm Arxan.
NIST forms 5G alliance of 130 companies - Next Big Future
NIST’s establishment of the alliance has brought together more than 130 participants, including representatives from Qualcomm, Intel, Samsung, Keysight and Echostar, to solve the most pressing modeling and measurement challenges facing the deployment of 5G wireless Communications.
The Windows vulnerability was first publicly disclosed in July 2010, a few days before security reporter Brian Krebs was the first to report on the Stuxnet outbreak.
Air Force Issues Challenge to “Hack the Air Force” - U.S. Department of Defense
The event expands on the DoD 'Hack the Pentagon' bug bounty program by broadening the participation pool from U.S. citizens to include "white hat" hackers from the United Kingdom, Canada, Australia and New Zealand.
The primary focus of the administration when it comes to cybersecurity will be to protect federal IT infrastructure. That will involve modernizing systems and moving toward shared services and commercial solutions in an effort to raise the standards for smaller agencies that do not have the budget and workforce to focus on cybersecurity the way the Department of Defense does, Joyce said.
Sharing Cyber Threat Information - The National Law Review
The Information Sharing and Analysis Organization-Standards Organization (ISAO-SO) was set up under the aegis of the Department of Homeland Security pursuant to a Presidential Executive Order intended to foster threat vector sharing among private entities and with the government.
Only six contractors - Leidos, Northrup Grumman, Booz Allen Hamilton, IBM, Hewlett-Packard and General Dynamics - earned a billion dollars or more in cyber contracts from the U.S. government in fiscal 2011-16, according to the new report from Govini, a consultancy that crunches procurement numbers.
Attackers are exploiting a previously undisclosed vulnerability in Microsoft Word, which security researchers say can be used to quietly install different kinds of malware -- even on fully-patched computers.
"We can see an evolution of tradecraft," says Rid, who teaches at King's College Department of War Studies, and last week testified at a Senate hearing on Russian hackers meddling in the 2016 election.
According to MIT experts, over the last 25 years presidents from both parties have paid lip service to the topic while doing little about it, leading to a series of short-term fixes they liken to a losing game of "Whac-a-Mole." This scattershot approach, they say, endangers national security.
Cyber Security of Critical Infrastructure - Department of Homeland Security
CSIAC serves on the EO 13636/PPD-21 Research & Development (R&D) Working Group (WG) run by DHS S&T. If you would like further information, contact Dr. Paul Losiewicz at firstname.lastname@example.org
The Cyber COI engages in multiple activities and forums for coordinating cyber S&T strategies, sharing innovative ideas and technical approaches, promoting technology transfer and upcoming business opportunities, and in jointly planning programs across the Department of Defense and other government agencies. Membership is based upon approval by the Cyber COI group administrator.
DOD OSBP officials acknowledged that cybersecurity is an important and timely issue for small businesses -and therefore the office is considering incorporating cybersecurity into its existing outreach and education efforts. During the review, GAO identified 15 existing federal cybersecurity resources that DOD OSBP could disseminate to defense small businesses.
DHS S&T Collaboration Community - Ideascale
The National Conversation is intended to bring together everyone to play a role in shaping the future of homeland security technology. This means responders, operational users, citizens, academia, and industry.
The Department of Defense Cyber Strategy - Department of Defense
The purpose of this strategy is to guide the development of DoD's cyber forces and strengthen our cyber defense and cyber deterrence posture. It focuses on building cyber capabilities and organizations for DoD's three primary cyber missions.
The Information Sharing Environment (ISE) broadly refers to the people, projects, systems, and agencies that enable responsible information sharing for national security.
Standards & Reference Documents - CSIAC
View all Best Practices and Reference Documents on the CSIAC website.
DoD Cyber Domain Resources - Department of Defense
DHS Cyber Security Strategy (“Blueprint for a Secure Cyber Future”, 2011) - Department of Homeland Defense
DIB CS/IA Voluntary Information Sharing Program - DoD DIBNet
DoD's DIB CS/IA program is a voluntary program to enhance and supplement DIB participants' capabilities to safeguard DoD information that resides on, or transits, DIB unclassified information systems.
US-CERT Bulletins - Department of Homeland Security
Bulletins provide weekly summaries of new vulnerabilities. Patch information is provided when available.
US-CERT Alerts - Department of Homeland Security
Alerts provide timely information about current security issues, vulnerabilities, and exploits.
NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. NVD includes databases of security checklists, security related software flaws, misconfigurations, product names, and impact metrics.
Trustworthy CyberSpace: Strategic Plan For The Federal Cybersecurity Research and Development Program - NITRD
Committee on National Security Systems (CNSS) - Committee on National Security Systems
The CS Digest provides links to third party Websites. The CSIAC is not responsible for the availability of, and content provided on, third party Websites. You should refer to the policies posted by other Websites regarding their privacy and other topics before you use them. The CSIAC is not responsible for third party content accessible through the CSIAC CS Digest, including opinions, advice, statements, advertisements and endorsements, and you bear all risks associated with the use of such content.