The Cybersecurity (CS) Digest is a curated bi-weekly news summary for cybersecurity professionals. It is transmitted in an HTML-formatted email and provides links to articles and news summaries across a spectrum of cybersecurity topics.

CSIAC ANNOUNCEMENTS:

Register for CSIAC Webinar: Thursday, February 21, 12-1 PM EST – What is DevOps? From a Tools Point of View - CSIAC

This webinar will give a brief overview of the core ideas and discuss the basic principles behind the benefits of adopting DevOps. Following discussion of the basic ideas and principles, the foundational architectural concepts and the components that underlie existing tools will be discussed. Architectural concepts and tools including Cloud services/ecosystems, multilevel virtualization as used by Container microservices/orchestration tools, and interesting new .Net based software development technologies (such as .Net Core) are among those that will be covered.
Tags: .NET Core, Container Environment, DevOps, Orchestration Tools

RECENT HEADLINES:

The Teams Who Test US Cyber Defenses Aren’t Being Tough Enough: Pentagon Report - Defense One

A lack of tough cyber operators to play the role of adversary is leaving U.S. cyber defenders unprepared for today's real-world threats, according to the Pentagon's Office of the Director of Operational Test & Evaluation.
Tags: Cyberwarfare, Penetration Testing

New York to probe Apple’s FaceTime bug - The Hill

New York officials have launched an investigation into Apple's FaceTime bug that allowed iPhone users to hear through someone else's iPhone without permission.
Tags: Apple, Exploit, FaceTime

Hacker Who Stole $5 Million By SIM Swapping Gets 10 Years in Prison - Motherboard

A 20-year-old college student who was accused of stealing more than $5 million in cryptocurrency in a slew of SIM hijacking attacks is the first person to be sentenced for the crime.
Tags: Cryptocurrency, Cyber Crime, Sim Swapping

Crypto CEO Dies Holding Only Passwords That Can Unlock Millions in Customer Coins - Bloomberg

Digital-asset exchange Quadriga CX has a $200 million problem with no obvious solution -- just the latest cautionary tale in the unregulated world of cryptocurrencies.
Tags: Cyrptocurrency, QuadrigaCX

Apple Bans Facebook’s Research App That Paid Users For Data - Tech Crunch

In the wake of TechCrunch's investigation yesterday, Apple blocked Facebook's Research VPN app before the social network could voluntarily shut it down. The Research app asked users for root network access to all data passing through their phone in exchange for $20 per month. Apple tells TechCrunch that yesterday evening it revoked the Enterprise Certificate that allows Facebook to distribute the Research app without going through the App Store. This not only breaks the Research app, but all of Facebook's internal-use employee apps for collaboration and logistics too, from workplace chat to the lunch menu.
Tags: Data Security, Facebook, Mobile Security

New Backdoor Targets Linux Servers - Security Week

A new backdoor is targeting Linux servers in East Asia and Latin America, including Amazon Web Services (AWS) hosted machines, Check Point security researchers say.
Tags: Linux, SpeakUp, Trojan

Mozilla Adding CryptoMining and Fingerprint Blocking to Firefox - Bleeping Computer

In numerous Mozilla bug tickets that were recently updated, Mozilla is getting closer to adding cryptomining and fingerprinting blocking to their Firefox browser.
Tags: CryptoMining, Fingerprint Blocking, Mozilla Firefox

Google Chrome to Get Warnings for ‘Lookalike URLs’ - ZDNet

The Google Chrome browser is set to add a feature that will warn users when accessing sites with domain names that look like authentic websites.
Tags: Domain Name, Google Chrome

Authorities Shut Down xDedic Marketplace for Buying Hacked Servers - ZDNet

The FBI, together with authorities from several European countries, have seized the domain and servers of xDedic, a notorious online marketplace where cyber-criminals would sell and buy access to hacked servers. Three suspects were also arrested in Ukraine.
Tags: Cyber Crime, FBI

New Security Flaw Impacts 5G, 4G, and 3G Telephony Protocols - ZDNet

A new vulnerability has been discovered in the upcoming 5G cellular mobile communications protocol. Researchers have described this new flaw as more severe than any of the previous vulnerabilities that affected the 3G and 4G standards.
Tags: 5G, AKA Protocol, Mobile Security

Imperva Mitigated DDoS Attack Generated 500 Million Packets per Second, the Largest Ever - Security Affairs

Earlier this month, the cyber security software and services company Imperva mitigated an attack against one of its clients that exceeded 500 million packets per second. This attack was a SYN flood DDoS and it is the largest DDoS attack by packet volume ever observed.
Tags: Denial-of-Service Attacks, Network Security

Firms That Sold Fake Social Media Activity Settle With New York State - Security Week

Companies that sold fake social media activity have reached a settlement with the state of New York in a case that, for the first time, established such activity as illegal, the state's attorney general said Wednesday.
Tags: Data Security, Social Media

Airbus Data Breach Exposes Employee Credentials, Professional Contact Details - Bleeping Computer

Commercial aircraft manufacturer Airbus announced a data breach incident that impacted the company's "Commercial Aircraft business" information systems and led to third parties gaining unauthorized access to data.
Tags: Data Breach, Data Security

Mac Malware Steals Cryptocurrency Exchanges’ Cookies - Unit 42

Palo Alto Networks' Unit 42 recently discovered malware that is believed been developed from OSX.DarthMiner, a malware known to target the Mac platform. This malware is capable of stealing browser cookies associated with mainstream cryptocurrency exchanges and wallet service websites visited by the victims. It also steals saved passwords in Chrome. Finally, it seeks to steal iPhone text messages from iTunes backups on the tethered Mac.
Tags: Apple, Cryptocurrency, Malware

Microsoft Exchange Vuln Enables Attackers to Gain Domain Admin Privileges - Dark Reading

Microsoft Exchange 2013 and newer versions are vulnerable to a privilege escalation attack that gives anyone with a mailbox a way to gain domain administrator rights at potentially 90% of organizations running Active Directory and Exchange, according to a security researcher.
Tags: Exploit, Microsoft

U.S. Charges Chinese Telecom Giant Huawei With Bank Fraud, Obstruction, Stealing Trade Secrets - Fortune

The U.S. Department of Justice filed charges against Huawei and its chief financial officer Meng Wanzhou, accusing the Chinese telecom-equipment giant of stealing trade secrets, obstructing justice, and committing bank fraud in an effort to skirt sanctions on Iran.
Tags: Mobile Security

Most Popular:

Hack Brief: An Astonishing 773 Million Records Exposed in Monster Breach - Wired

There are breaches, and there are megabreaches, and there's Equifax. But a newly revealed trove of leaked data tops them all for sheer volume: 772,904,991 unique email addresses, over 21 million unique passwords, all recently posted to a hacking forum.

Air Force Looks to Data Standards in 2019 - FCW

The Air Force is pushing forward with several key IT changes for the coming fiscal year.

Questioning the Effectiveness of Offensive Cyber Operations - Homeland Security News Wire

Great-power competition in the twenty-first century increasingly involves the use of cyber operations between rival states. But do cyber operations achieve their stated objectives? What are the escalation risks? Under what conditions could increasingly frequent and sophisticated cyber operations result in inadvertent escalation and the use of military force? The answers to these questions should inform U.S. cybersecurity policy and strategy.

CSIAC Supported Communities

CSIAC supports several communities of practice, such as the Cyber Community of Interest (COI) Group and research & development working groups.

Technical Resources, Policy and Guidance

This list of related sites provides additional sources to pursue the topic of Cybersecurity. The sites include Government organizations, including federal agencies, Department of Defense and military service agencies, commercial organizations, and academic institutions.

The CS Digest provides links to third party Websites. The CSIAC is not responsible for the availability of, and content provided on, third party Websites. You should refer to the policies posted by other Websites regarding their privacy and other topics before you use them. The CSIAC is not responsible for third party content accessible through the CSIAC CS Digest, including opinions, advice, statements, advertisements and endorsements, and you bear all risks associated with the use of such content.