The Cybersecurity (CS) Digest is a curated bi-weekly news summary for cybersecurity professionals. It is transmitted in an HTML-formatted email and provides links to articles and news summaries across a spectrum of cybersecurity topics.
Register for CSIAC Webinar: Thursday, February 21, 12-1 PM EST – What is DevOps? From a Tools Point of View - CSIAC
This webinar will give a brief overview of the core ideas and discuss the basic principles behind the benefits of adopting DevOps. Following discussion of the basic ideas and principles, the foundational architectural concepts and the components that underlie existing tools will be discussed. Architectural concepts and tools including Cloud services/ecosystems, multilevel virtualization as used by Container microservices/orchestration tools, and interesting new .Net based software development technologies (such as .Net Core) are among those that will be covered.
Tags: .NET Core, Container Environment, DevOps, Orchestration Tools
A lack of tough cyber operators to play the role of adversary is leaving U.S. cyber defenders unprepared for today's real-world threats, according to the Pentagon's Office of the Director of Operational Test & Evaluation.
Tags: Cyberwarfare, Penetration Testing
New York to probe Apple’s FaceTime bug - The Hill
A 20-year-old college student who was accused of stealing more than $5 million in cryptocurrency in a slew of SIM hijacking attacks is the first person to be sentenced for the crime.
Tags: Cryptocurrency, Cyber Crime, Sim Swapping
Digital-asset exchange Quadriga CX has a $200 million problem with no obvious solution -- just the latest cautionary tale in the unregulated world of cryptocurrencies.
Tags: Cyrptocurrency, QuadrigaCX
In the wake of TechCrunch's investigation yesterday, Apple blocked Facebook's Research VPN app before the social network could voluntarily shut it down. The Research app asked users for root network access to all data passing through their phone in exchange for $20 per month. Apple tells TechCrunch that yesterday evening it revoked the Enterprise Certificate that allows Facebook to distribute the Research app without going through the App Store. This not only breaks the Research app, but all of Facebook's internal-use employee apps for collaboration and logistics too, from workplace chat to the lunch menu.
Tags: Data Security, Facebook, Mobile Security
New Backdoor Targets Linux Servers - Security Week
Mozilla Adding CryptoMining and Fingerprint Blocking to Firefox - Bleeping Computer
In numerous Mozilla bug tickets that were recently updated, Mozilla is getting closer to adding cryptomining and fingerprinting blocking to their Firefox browser.
Tags: CryptoMining, Fingerprint Blocking, Mozilla Firefox
The FBI, together with authorities from several European countries, have seized the domain and servers of xDedic, a notorious online marketplace where cyber-criminals would sell and buy access to hacked servers. Three suspects were also arrested in Ukraine.
Tags: Cyber Crime, FBI
A new vulnerability has been discovered in the upcoming 5G cellular mobile communications protocol. Researchers have described this new flaw as more severe than any of the previous vulnerabilities that affected the 3G and 4G standards.
Tags: 5G, AKA Protocol, Mobile Security
Imperva Mitigated DDoS Attack Generated 500 Million Packets per Second, the Largest Ever - Security Affairs
Earlier this month, the cyber security software and services company Imperva mitigated an attack against one of its clients that exceeded 500 million packets per second. This attack was a SYN flood DDoS and it is the largest DDoS attack by packet volume ever observed.
Tags: Denial-of-Service Attacks, Network Security
Companies that sold fake social media activity have reached a settlement with the state of New York in a case that, for the first time, established such activity as illegal, the state's attorney general said Wednesday.
Tags: Data Security, Social Media
Airbus Data Breach Exposes Employee Credentials, Professional Contact Details - Bleeping Computer
Commercial aircraft manufacturer Airbus announced a data breach incident that impacted the company's "Commercial Aircraft business" information systems and led to third parties gaining unauthorized access to data.
Tags: Data Breach, Data Security
Palo Alto Networks' Unit 42 recently discovered malware that is believed been developed from OSX.DarthMiner, a malware known to target the Mac platform. This malware is capable of stealing browser cookies associated with mainstream cryptocurrency exchanges and wallet service websites visited by the victims. It also steals saved passwords in Chrome. Finally, it seeks to steal iPhone text messages from iTunes backups on the tethered Mac.
Tags: Apple, Cryptocurrency, Malware
Microsoft Exchange 2013 and newer versions are vulnerable to a privilege escalation attack that gives anyone with a mailbox a way to gain domain administrator rights at potentially 90% of organizations running Active Directory and Exchange, according to a security researcher.
Tags: Exploit, Microsoft
U.S. Charges Chinese Telecom Giant Huawei With Bank Fraud, Obstruction, Stealing Trade Secrets - Fortune
The U.S. Department of Justice filed charges against Huawei and its chief financial officer Meng Wanzhou, accusing the Chinese telecom-equipment giant of stealing trade secrets, obstructing justice, and committing bank fraud in an effort to skirt sanctions on Iran.
Tags: Mobile Security
There are breaches, and there are megabreaches, and there's Equifax. But a newly revealed trove of leaked data tops them all for sheer volume: 772,904,991 unique email addresses, over 21 million unique passwords, all recently posted to a hacking forum.
The Air Force is pushing forward with several key IT changes for the coming fiscal year.
Questioning the Effectiveness of Offensive Cyber Operations - Homeland Security News Wire
Great-power competition in the twenty-first century increasingly involves the use of cyber operations between rival states. But do cyber operations achieve their stated objectives? What are the escalation risks? Under what conditions could increasingly frequent and sophisticated cyber operations result in inadvertent escalation and the use of military force? The answers to these questions should inform U.S. cybersecurity policy and strategy.
CSIAC supports several communities of practice, such as the Cyber Community of Interest (COI) Group and research & development working groups.
This list of related sites provides additional sources to pursue the topic of Cybersecurity. The sites include Government organizations, including federal agencies, Department of Defense and military service agencies, commercial organizations, and academic institutions.
The CS Digest provides links to third party Websites. The CSIAC is not responsible for the availability of, and content provided on, third party Websites. You should refer to the policies posted by other Websites regarding their privacy and other topics before you use them. The CSIAC is not responsible for third party content accessible through the CSIAC CS Digest, including opinions, advice, statements, advertisements and endorsements, and you bear all risks associated with the use of such content.