The Cybersecurity (CS) Digest is a curated bi-weekly news summary for cybersecurity professionals. It is transmitted in an HTML-formatted email and provides links to articles and news summaries across a spectrum of cybersecurity topics.
In Cased You Missed It: CSIAC Webinar – Agile, Energy-Efficient and Trustworthy Intelligence at the Edge - CSIAC
Artificial intelligence (AI) has become the linchpin in a growing number of products, services, and research programs which are aimed at automating and enhancing the human decision-making process. However, there are still several application domains (satellites, wearables, wireless, etc.) that cannot afford the size, weight, and power (SWaP) overheads associated with executing state-of-the-art AI algorithms. This webinar discusses previous and ongoing research to bridge the gap and enable AI in the most SWaP-constrained environments.
Tags: Artificial Intelligence (AI)
In part one of the RMF Categorization podcast series, the SMEs discuss what a security program is and why it is important. A security program defines the people, processes and technologies used to manage cybersecurity risk to the environment in which your system operates. This document serves as the blueprint for how your system operates and responds to the ever changing threat landscape. (Requires DTIC account and a DoD CAC, ECA, or PIV)
Tags: Risk Management Framework (RMF)
In part two of the RMF Categorization podcast series, the SMEs discuss the process of accurately identifying information types. The identification of the information types establishes the foundation for the system security program. The information types serve as the baseline by which the mission owner as well as the adversary both measure success. Information types allow the system owner to respond to cybersecurity risks by utilizing specified security requirements. (Requires DTIC account and a DoD CAC, ECA, or PIV)
Tags: Risk Management Framework (RMF)
White Hat Hackers Find Thousands of Vulnerabilities: DoD - SC Magazine
The U.S. Department of Defense's Cyber Crime Center (DC3) received more than 2,800 validated vulnerability reports from a variety of sources, according to its 2019 Vulnerability Disclosure Program (VDP).
Tags: DC3, DoD, VDP
A precision parts maker for space and defense contractors has confirmed a "cybersecurity incident," which TechCrunch has learned was likely caused by ransomware.
Tags: Data Security, Defense Companies
Google Launches Free Fuzzer Benchmarking Service - Security Week
Critical Bugs in WordPress Plugins Let Hackers Take Over Sites - Bleeping Computer
Hackers are attempting to take over tens of thousands of WordPress sites by exploiting critical vulnerabilities including a zero-day in multiple plugins that allow them to create rogue administrator accounts and to plant backdoors.
Tags: WordPress, Zero-day Exploits
The Case for Limiting Your Browser Extensions - Krebs on Security
Last week, KrebsOnSecurity reported to health insurance provider Blue Shield of California that its Web site was flagged by multiple security products as serving malicious content.
Tags: Browser Security
FBI Says $140+ Million Paid to Ransomware, Offers Defense Tips - Bleeping Computer
Through the analysis of collected ransomware bitcoin wallets and ransom notes, the FBI states that victims have paid over $140 million to ransomware operators over the past six years.
Tags: Federal Bureau of Investigation (FBI), Ransomware
US Drugstore Giant Walgreens Leaked Users’ Sensitive Info - Bleeping Computer
US drugstore chain giant Walgreens disclosed over the weekend that some of its mobile apps' users have been able to inadvertently access other users' sensitive information because of a bug.
Tags: Data Leak
New guidance from the Department of Justice warns threat intelligence companies to avoid breaking the law when gathering data from dark web forums and suspected cybercriminals.
Tags: Department of Justice (DoJ)
DOD Adopts Ethical Principles for AI Development, Use - Air Force Mag
The Defense Department has adopted a series of ethical principles intended to guide the development and use of artificial intelligence on and off the battlefield, including taking "deliberate steps to minimize unintended bias" and ensuring the ability to "deactivate" systems that aren't behaving as expected.
Tags: Artificial Intelligence (AI), Department of Defense (DoD), Ethical
An agency under the US Department of Defense was hit by a data breach that affected personal information. Hackers stole Social Security numbers, names and other personal data, a department spokesman said Thursday.
Tags: Defense Information Systems Agency (DISA), DoD, Hack
CSIAC supports several communities of practice, such as the Cyber Community of Interest (COI) Group and research & development working groups.
This list of related sites provides additional sources to pursue the topic of Cybersecurity. The sites include Government organizations, including federal agencies, Department of Defense and military service agencies, commercial organizations, and academic institutions.
The CS Digest provides links to third party Websites. The CSIAC is not responsible for the availability of, and content provided on, third party Websites. You should refer to the policies posted by other Websites regarding their privacy and other topics before you use them. The CSIAC is not responsible for third party content accessible through the CSIAC CS Digest, including opinions, advice, statements, advertisements and endorsements, and you bear all risks associated with the use of such content.