The Cybersecurity (CS) Digest is a curated bi-weekly news summary for cybersecurity professionals. It is transmitted in an HTML-formatted email and provides links to articles and news summaries across a spectrum of cybersecurity topics.
This webinar describes a cyber risk assessment approach for operational technology. It argues that a risk management approach to cybersecurity includes the integration of key activities: Cyber Workforce Development and training; Public-Private Partnerships; Operational Technology Risk Management Supply Chain cybersecurity; and cyber threats.
Safeguarding the Nation’s Critical Infrastructure: National Cyber Security Awareness Month – Week 4 - CSIAC
The 15th annual NCSAM is coming to a close, and we hope you'll join in to promote a safer, more secure and more trusted Internet for these last few days of the month. CSIAC will continue to emphasize the importance of securing our critical infrastructure as we transition into November's Critical Infrastructure Security and Resilience Month (CISRM), which is spearheaded by the U.S. Department of Homeland Security.
Credit monitoring giant Equifax has been hit with the maximum penalty from the UK's data protection agency for its actions related to the company's massive data breach.
Tags: Big Data
As the national power grid becomes increasingly dependent on computers and data sharing-providing significant benefits for utilities, customers, and communities-it has also become more vulnerable to both physical and cyber threats. While evolving standards with strict enforcement help reduce risks, efforts focused on response and recovery capabilities are just as critical--as is research aimed at creating a well-defended next generation smart grid.
Nozomi Networks, a San Francisco-based company that specializes in industrial cybersecurity, announced Thursday that it raised $30 million in its Series C funding round - yet another sign that investors see growth potential in the market for guarding industrial control systems (ICS).
Tags: Critical Infrastructure Protection (CIP)
A voting tabulator used to count ballots in more than half of states has a decade-old flaw that leaves it vulnerable to hacking, according to a report published Thursday by security researchers.
Tags: Big Data
Vulnerabilities and Architectural Considerations in Industrial Control Systems - Help Net Security
The reason SCADA security is so controversial stems primarily from the intense consequences that come from a compromise in this area. In this podcast, Andrew Ginter, VP of Industrial Security at Waterfall Security Solutions, and Edward Amoroso, CEO of TAG Cyber, talk about SCADA vulnerabilities in ICS architectures.
Port of San Diego Hit by a Cyber Attack a Few Days After the Attack on the Port of Barcelona - Security Affairs
Port of San Diego suffered a ransomware-based attack, a few days after the Port of Barcelona was hit by a cyber attack that caused several problems.
Cybersecurity is unique compared to most other business operations, even most IT operations. Unlike marketing or network management-both of which tackle difficult and ever-changing challenges in the business operating environment-cybersecurity pits defenders against intelligent, creative and deliberate opponents.
Army Looks to Build Stronger Tactical Cyber Teams - Fifth Domain
The Army is looking to build up and resource expeditionary cyber teams that will conduct cyber effects at the tactical edge.
How 50 Million Facebook Users Were Hacked - Motherboard
Facebook revealed more details about how hackers exploited three distinct bugs to get the ability to control up to 50 million users' accounts.
IC3 Issues Alert Regarding Remote Desktop Protocol (RDP) Attacks - Bleeping Computer
The Internet Crime Complaint Center (IC3), in collaboration with the Department of Homeland Security and the FBI, have issued a security alert regarding attacks being conducted through the Windows Remote Desktop Protocol. While the most publicized attacks over RDP are related to ransomware, attackers also hack into exposed RDP services for corporate theft, installation of backdoors, or as a launching point for other attacks.
LoJax: First-ever UEFI Rootkit Detected in a Cyberattack - Help Net Security
ESET researchers have discovered a cyberattack that used a UEFI rootkit to establish a presence on the victims' computers. Dubbed LoJax, this rootkit was part of a campaign run by the infamous Sednit group against several high-profile targets in Central and Eastern Europe and is the first-ever publicly known attack of this kind.
Lawmakers want to draw the road map for privacy legislation for decades to come, and Silicon Valley is giving them some directions.
DHS Drone Data Left Vulnerable, Audit Finds - CyberScoop
While the Department of Homeland Security has looked to step up its use of drones to patrol the U.S.-Mexico border, lax security policies have left the collected data vulnerable to hackers and insider threats, a new audit finds.
A former employee of the U.S. National Security Agency (NSA) received a five-year prison sentence for retaining classified national defense information.
Security Companies See Opportunity in Trump’s New Cyber Plan - Fifth Domain
For the Department of Defense, President Donald Trump's new cybersecurity strategy means additional authority to hack foreign countries. But for the cybersecurity industry, the new American doctrine could mean a lucrative payday.
America's networks are threatened daily by criminals, terrorists, and foreign adversaries. In the face of growing threats, the Federal Government has the responsibility to do its part to ensure America has the best cybersecurity in the world. Failures to prioritize cybersecurity by both government and industry have left our Nation less secure.
Linux Kernel Vulnerability Affects Red Hat, CentOS, Debian - Security Week
Qualys has disclosed the details of an integer overflow vulnerability in the Linux kernel that can be exploited by a local attacker for privilege escalation. The flaw, dubbed "Mutagen Astronomy," affects certain versions of the Red Hat, CentOS and Debian distributions.
CSIAC supports several communities of practice, such as the Cyber Community of Interest (COI) Group and research & development working groups.
This list of related sites provides additional sources to pursue the topic of Cybersecurity. The sites include Government organizations, including federal agencies, Department of Defense and military service agencies, commercial organizations, and academic institutions.
The CS Digest provides links to third party Websites. The CSIAC is not responsible for the availability of, and content provided on, third party Websites. You should refer to the policies posted by other Websites regarding their privacy and other topics before you use them. The CSIAC is not responsible for third party content accessible through the CSIAC CS Digest, including opinions, advice, statements, advertisements and endorsements, and you bear all risks associated with the use of such content.