The Cybersecurity (CS) Digest is a curated bi-weekly news summary for cybersecurity professionals. It is transmitted in an HTML-formatted email and provides links to articles and news summaries across a spectrum of cybersecurity topics.

RECENT HEADLINES:

Cyberwarfare:

Report Suggests Most DoD Networks Susceptible to Mid-Grade Cyber Threats - Federal News Radio

A new Pentagon report on the Defense Department's major systems includes some worrying assessments of DoD's overall cybersecurity posture.

Cyberwarfare: Capitol Staffers Aren’t Ready - Politico

Congressional staffers are the gateway to all lawmaking on the Hill, but they also may be unwittingly opening the door to hackers.

Data Security:

CTB-Locker Ransomware Variant Being Distributed in Spam Campaign - SC Magazine

A variant of Curve-Tor-Bitcoin (CTB) Locker ransomware - also known as Critroni - being distributed in a spam campaign now offers victims additional time to pay the ransom, but also requires them to pay a whole lot more than previously.

Internet-of-Things:

Drone Incident at White House Highlights Long Studied, Still Unsolved Security Gap - Washington Post

The intrusion by a recreational drone early Monday onto the White House lawn exposed a security gap at the compound that the Secret Service has spent years studying but has so far been unable to fix.

Legislation:

Obama to Congress: Enact Cybersecurity Laws - Gov Info Security

President Warns of a Nation Vulnerable Without New Statutes.

Mobile Security:

Multiple Security Weaknesses in Microsoft Outlook for iOS Revealed by Developer - Softpedia

A software developer has analyzed the way the newly released Microsoft Outlook for iOS functions and discovered that it does not align to the best security practices, presenting a serious risk if used for company email communication.

Remote Code Execution Flaw Found in iPass Open Mobile Windows Client - Softpedia

A security vulnerability that allows a potential attacker to execute arbitrary code on the system has been uncovered in the iPass Open Mobile Windows Client.

Network Security:

VPN Providers Play ‘Cat-and-Mouse’ With China’s Growing Censorship - PC World

Amit Bareket calls it a "cat-and-mouse" game. In this instance, his company is the mouse, and the Chinese government is a giant cat.

D-Link Routers Vulnerable to Unauthorized DNS Changing - Softpedia

The DNS settings of some router models from D-Link can be modified without authorization via their web-based administration console.

Private Sector:

Cyber Vulnerabilities Threaten National Security - Defense

Cyber vulnerabilities in the private sector pose a serious threat to national security, the chairman of the Joint Chiefs of Staff said.

Software Security:

GHOST glibc Remote Code Execution Vulnerability Affects All Linux Systems - Threat Post

A critical vulnerability has been found in glibc, the GNU C library, that affects all Linux systems dating back to 2000. Attackers can use this flaw to execute code and remotely gain control of Linux machines.

Oracle Critical Patch Update Advisory - Oracle

Oracle released new security updates for Java to fix 19 vulnerabilities and disable default support for SSL 3.0.

Security Advisory for Adobe Flash Player - US-Cert

Adobe has released Flash Player desktop version 16.0.0.296 to address a critical vulnerability (CVE-2015-0311) in 16.0.0.287 and earlier versions for Windows and Macintosh.

Three OS X Vulnerabilities Disclosed by Google - Security Week

The details of three high-severity vulnerabilities affecting Apple's OS X operating system have been disclosed over the past two days by Google.

CSIAC SUPPORTED COMMUNITIES:

The Cyber Shield Newsletter - New Mexico Counterintelligence Working Group (NMCIWG)

The Cyber Shield is a Cyber Newsletter for Counterintelligence, IT and Security Professionals associated with DoD and USG agencies. There are no distribution constraints. If you would like to subscribe, please contact Paul Losiewicz at plosiewicz@csiac.org

The CS Digest provides links to third party Websites. The CSIAC is not responsible for the availability of, and content provided on, third party Websites. You should refer to the policies posted by other Websites regarding their privacy and other topics before you use them. The CSIAC is not responsible for third party content accessible through the CSIAC CS Digest, including opinions, advice, statements, advertisements and endorsements, and you bear all risks associated with the use of such content.