• Home
  • Resources
    • Cybersecurity Policy Chart
    • CSIAC Reports
    • Webinars
    • Podcasts
    • Cybersecurity Digest
    • Standards & Reference Docs
    • Journals
    • Certifications
    • Acronym DB
    • Cybersecurity Related Websites
  • Services
    • Free Technical Inquiry
    • CAT Program
    • Subject Matter Experts
    • Store
    • Training
    • Contact
  • Community
    • Upcoming Events
    • Cybersecurity
    • Modeling & Simulation
    • Knowledge Management
    • Software Engineering
    • Cyber COI
  • About
    • About the CSIAC
    • The CSIAC Team
    • DTIC’s IAC Program
    • DTIC’s R&E Gateway
    • Inquiries & CAT’s
    • FAQ’s
    • DTIC STI Program
  • Cart
  • Skip to primary navigation
  • Skip to content
  • Skip to primary sidebar
  • Skip to footer
Login / Register

CSIAC

Cyber Security and Information Systems Information Analysis Center

header-right

Main navigation

  • Resources
    • Cybersecurity Policy Chart
    • CSIAC Reports
    • Webinars
    • Podcasts
    • Cybersecurity Digest
    • Standards & Reference Docs
    • Journals
    • Certifications
    • Acronym DB
    • Topic Tags
    • Cybersecurity Websites
  • Services
    • Free Technical Inquiry
    • CAT Program
    • Subject Matter Experts
    • Store
    • Training
    • Contact
  • Community
    • Upcoming Events
    • Cybersecurity
    • Modeling & Simulation
    • Knowledge Management
    • Software Engineering
    • Cyber COI
  • About
    • About the CSIAC
    • The CSIAC Team
    • DTIC’s IAC Program
    • DTIC’s R&E Gateway
    • Inquiries & CAT’s
    • FAQ’s
    • DTIC STI Program
  • Cart
  • Cybersecurity
  • Modeling & Simulation
  • Knowledge Management
  • Software Engineering
  • Cyber COI
/ CS Digests / 03 Apr 2018

CS Digest: 03 Apr 2018

Posted: 04/03/2018 | Leave a Comment

The Cybersecurity (CS) Digest is a curated bi-weekly news summary for cybersecurity professionals. It is transmitted in an HTML-formatted email and provides links to articles and news summaries across a spectrum of cybersecurity topics.

CSIAC ANNOUNCEMENTS:

Free CSIAC Webinar Wednesday Apr 25 @ 12:00 pm EDT – Cybersecurity of DoD Critical Infrastructure - CSIAC

The substantial cyber threat to the nation’s Critical Infrastructure is the context for this discussion on DoD policy concerns and current R&D efforts. Topics will include Weasel Board being developed at Sandia National Laboratory, More Situational Awareness for Industrial Control Systems (MOSAICS), sponsored by PACOM and NORTHCOM, and recent policy concerns relating to cyber security and Utilities Privatization of Critical Infrastructure. This webinar will also report the results of a panel discussion from the DHS Industrial Control System Joint Working Group (ICSJWG) meeting April 9-11 at Albuquerque NM.

RECENT HEADLINES:

Critical Infrastructure:

A Cyberattack Hobbles Atlanta, and Security Experts Shudder - NY Times

The City of Atlanta's 8,000 employees got the word on Tuesday that they had been waiting for: It was O.K. to turn their computers on. But as the city government's desktops, hard drives and printers flickered back to life for the first time in five days, residents still could not pay their traffic tickets or water bills online, or report potholes or graffiti on a city website. Travelers at the world's busiest airport still could not use the free Wi-Fi.

Baltimore 911 Dispatch System Hacked, Investigation Underway, Officials Confirm - Baltimore Sun

Baltimore's 911 dispatch system was hacked by an unknown actor or actors over the weekend, prompting a temporary shutdown of automated dispatching and an investigation into the breach, Mayor Catherine Pugh's office confirmed Tuesday.

Cyberwarfare:

U.S. Charges Iranians for Global Cyber Attacks on Behalf of Tehran - Reuters

The United States on Friday charged nine Iranians and an Iranian company with attempting to hack into hundreds of U.S. and international universities, dozens of companies and parts of the U.S. government on behalf of the Tehran government.

Data Security:

Saks, Lord & Taylor Hit by Payment Card Data Breach - Reuters

Retailer Hudson's Bay Co on Sunday disclosed that it was the victim of a security breach that compromised data on payment cards used at Saks and Lord & Taylor stores in North America.

Under Armour Says 150 Million MyFitnessPal Accounts Breached - Reuters

Under Armour Inc said on Thursday that data from some 150 million MyFitnessPal diet and fitness app accounts was compromised in February, in one of the biggest hacks in history, sending shares of the athletic apparel maker down 3 percent in after-hours trade.

Blockchain and Digital Currency:

CoinMiner Campaigns Move to the Cloud via Docker, Kubernetes - Bleeping Computer

After becoming a scourge inside browsers, on desktops, and on servers, cryptocurrency-mining malware is now invading the cloud, and it appears to be quite successful.

81% of Recent ICOs Were Scams, Research Finds - Bleeping Computer

Four out of five initial coin offerings (ICOs) that have taken place in the last year have been classified as scams, according to a recent study by Satis Group, an ICO advisory firm. ICOs have been the rage of the cryptocurrency world because they allow companies to raise money for various ventures by issuing cryptocurrency tokens that users could buy and later trade on cryptocurrency exchanges.

Emerging Technology:

Golden Touch: Next-gen Optical Disk to Solve Data Storage Challenge - Phys

Researchers from Australia and China used gold nanoparticles to create a new type of high-capacity optical storage disk which can hold data securely for more than 600 years. The technology promises a better solution to the global data storage problem where the explosion of big data and cloud storage has led to power-hungry data centres.

Legislation and Regulation:

US Congress Passes CLOUD Act Hidden in Budget Spending Bill - Bleeping Computer

The United States Congress passed late last night a $1.3 trillion budget spending bill that also contained a piece of legislation that allows internal and foreign law enforcement access to user data stored online without a search warrant or probable cause.

Machine Learning and Artificial Intelligence:

Tesla Says Crashed Vehicle Had Been on Autopilot Prior to Accident - Reuters

Tesla Inc said on Friday that a Tesla Model X involved a fatal crash in California last week had activated its Autopilot system, raising new questions about the semi-autonomous system that handles some driving tasks.

Mobile Security:

Monero-Mining HiddenMiner Android Malware Can Potentially Cause Device Failure - Trend Micro

New Android malware that can surreptitiously use the infected device's computing power to mine Monero. Trend Micro detects this as ANDROIDOS_HIDDENMINER. This Monero-mining Android app's self-protection and persistence mechanisms include hiding itself from the unwitting user and abusing the Device Administrator feature (a technique typically seen in SLocker Android ransomware).

Network Security:

IETF Approves TLS 1.3 as Internet Standard - Bleeping Computer

The Internet Engineering Task Force (IETF) - the organization that approves proposed Internet standards and protocols - has formally approved TLS 1.3 as the next major version of the Transport Layer Security (TLS) protocol.

Public Sector:

New Undersecretary Griffin Asserts Role as Pentagon’s R&D Leader - National Defense Magazine

The Defense Department's new Research and Engineering office will take a more assertive role in setting the direction of U.S. military technology development, a senior official from the new organization said March 20. The undersecretary of defense for research and engineering "will set the technical direction for the department, not just recommend," a slide displayed at the National Defense Industrial Association's Science and Engineering Technology conference in Austin, Texas, stated.

Software Security:

Microsoft’s Windows 7 Meltdown Patch Created ‘Worse’ Flaw - Naked Security

Microsoft's updates for the Meltdown microprocessor mega-flaw inadvertently left users running Windows 7 64-bit systems open to a "way worse" flaw, a researcher has claimed.

Drupal Fixes Drupalgeddon2 Security Flaw That Allows Hackers to Take Over Sites - Bleeping Computer

The Drupal CMS team has fixed a highly critical security flaw that allows hackers to take over a site just by accessing an URL. Drupal site owners should immediately - and we mean right now - update their sites to Drupal 7.58 or Drupal 8.5.1, depending on the version they're running.

FEEDBACK FROM PREVIOUS DIGEST:

Most Popular:

MOSQUITO Attack Allows to Exfiltrates Data From Air-Gapped Computers Via Leverage Connected Speakers - Security Affairs

MOSQUITO is new technique devised by a team of researchers at Israel's Ben Gurion University, led by the expert Mordechai Guri, to exfiltrate data from an air-gapped network.

Police Say Uber Is Likely Not at Fault for Its Self-Driving Car Fatality in Arizona - Fortune

The police chief of Tempe, Arizona, where a woman was struck and killed by one of Uber's self-driving cars Sunday, says the ride-sharing company is likely not at fault for the accident, following a preliminary investigation.

Cambridge Analytica Took 50M Facebook Users’ Data – And Both Companies Owe Answers - Wired

Cambridge Analytica, a data analysis firm that worked on President Trump's 2016 campaign, and its related company, Strategic Communications Laboratories, pilfered data on 50 million Facebook users and secretly kept it, according to two reports in The New York Times and The Guardian. The apparent misuse of Facebook data-and the social media giant's failure to police it-leave both companies with plenty still to answer for.

CSIAC Supported Communities

CSIAC supports several communities of practice, such as the Cyber Community of Interest (COI) Group and research & development working groups.

Technical Resources, Policy and Guidance

This list of related sites provides additional sources to pursue the topic of Cybersecurity. The sites include Government organizations, including federal agencies, Department of Defense and military service agencies, commercial organizations, and academic institutions.


The CS Digest provides links to third party Websites. The CSIAC is not responsible for the availability of, and content provided on, third party Websites. You should refer to the policies posted by other Websites regarding their privacy and other topics before you use them. The CSIAC is not responsible for third party content accessible through the CSIAC CS Digest, including opinions, advice, statements, advertisements and endorsements, and you bear all risks associated with the use of such content.

« 20 Mar 2018
17 Apr 2018 »

Reader Interactions

Leave a Comment Cancel

You must be logged in to post a comment.

sidebar

Blog Sidebar

Featured Content

CSIAC Journal - Serious Games to Enhance Defense Capabilities

CSIAC Journal Cover Volume 5 Number 4

This 2017 special edition of the CSIAC Journal focuses on wargames and the many uses of Modeling and Simulation (M&S) that support decision making needed at the various levels of combat.

Read the Journal

CSIAC Report - Defense Acquisition University Secure Systems Design Course Experiment

CSIAC developed a course experiment with the Defense Acquisition University (DAU) Cybersecurity Enterprise Team. The goal of this exercise was to study the techniques & strategies used to provide cybersecurity-based training, in an effort to educate the entire acquisition workforce on cybersecurity best practices & techniques.

Read the Report

CSIAC Journal - Design and Development Process for Assured Software

CSIAC Journal Cover Volume 5 Number 2

This is Volume 1 of 2 special edition issues on Software Assurance. This edition explores different aspects of developing, deploying and training on how to build assured software.

Read the Journal

CSIAC Journal - Tools & Testing Techniques for Assured Software

CSIAC Journal Cover Volume 5 Number 3

This is Volume 2 of 2 special edition issues on Software Assurance. This edition explores different aspects of software assurance competencies that can be used to improve software assurance functions and how to develop/deploy assured software throughout the lifecycle acquisition process.

Read the Journal

Recent Video Podcasts

  • CS Digest Roundtable #2: Meltdown/Spectre, NIST Framework, GDPR Policy, and Romanian Hackers Series: The CSIAC Podcast
  • CS Digest Roundtable #1: Emotet Trojan, Cryptojacking, and User Data Exposure Series: The CSIAC Podcast
  • Cybersecurity of DOD Critical Infrastructure Series: CSIAC Webinars
  • Challenges to Critical Infrastructure Series: Cyber Awareness Videos
  • Emerging Concepts to Critical Infrastructure Series: Cyber Awareness Videos
View all Podcasts

Resource Topic Tags

Critical Infrastructure Protection (CIP) Data Security Internet of Things (IoT) Ransomware Cybersecurity Network Security Insider Threat Mobile Security Quantum Computing Cyber Warfare Workplace Security Cloud Computing Phishing Artificial Intelligence (AI) Cyber Legislation Protecting Controlled Unclassified Information (CUI) Risk Management Framework (RMF) Modeling & Simulation Password Security Software Engineering Software Assurance IT Security Encryption Hacking Malware National Institute of Standards and Technology [NIST] DISA Air Force Research Laboratory (AFRL) Intrusion Detection Operational Technology (OT)

Upcoming Events

Tue 24

MODSIM World 2018

April 24 - April 26
Norfolk VA
United States
May 01

SANS Automotive Cybersecurity Summit

May 1 - May 8
Chicago IL
United States
Organizer: SANS
May 14

Northsec

May 14 - May 20
Old Montreal Quebec
Canada
Jun 11

Transport Security and Safety Expo – TSSX 2018

June 11 - June 12
Washington DC
United States
Jun 25

AIAA Modeling and Simulation Technologies Conference

June 25 - June 29
Alanta GA
United States
View all Events

Recently Active Members

Profile picture of harrisog
Profile picture of dcopperwheat1
Profile picture of glesher16
Profile picture of ibernaar
Profile picture of harrison785
Profile picture of james
Profile picture of glarcombe
Profile picture of forkpahwu
Profile picture of austinmarino
Profile picture of jvhoughton
Profile picture of jrthompson550
Profile picture of sam25
Profile picture of mstewart
Profile picture of djones06a
Profile picture of paul1
Profile picture of emcdonald
Profile picture of fmarinier
Profile picture of nrea13

Footer

CSIAC Products & Services

  • Free Technical Inquiry
  • Core Analysis Tasks (CATs)
  • Resources
  • Events Calendar
  • Frequently Asked Questions
  • Product Feedback Form
  • CSIAC Store

About CSIAC

The CSIAC is a DoD-sponsored Center of Excellence in the fields of Cybersecurity, Software Engineering, Modeling & Simulation, and Knowledge Management & Information Sharing.Learn More

Contact Us

Phone:800-214-7921
Email:info@csiac.org
Address:   266 Genesee St.
Utica, NY 13502
Send us a Message
ASD(R&E) LogoUS Department of Defense LogoDoD IACs LogoDTIC LogoTEMS Logo

Copyright 2018, Quanterion Solutions Incorporated

Sitemap | Privacy Policy | Terms of Use | Accessibility Information