The Cybersecurity (CS) Digest is a curated bi-weekly news summary for cybersecurity professionals. It is transmitted in an HTML-formatted email and provides links to articles and news summaries across a spectrum of cybersecurity topics.

CSIAC ANNOUNCEMENTS:

NEW CSIAC Report – Emerging Developments in Cyberlaw: 2019 - CSIAC

CSIAC SME and member of the American Bar Association's Information Security Committee, Richard "Rick" Aldrich, gives a snapshot of the recent developments in cyberlaw, policy, standards, court cases and industry legal frameworks. These slides focus on emerging issues such as consumer privacy rights, forensic border search of computers, search consent, biometrics, expectations of privacy from cloud providers, and cyber insurance.
Tags: Cyberlaw, Policy, Regulations

In Case you Missed it: CSIAC Webinar – The National Security Agency’s Science of Security and Privacy Initiative - CSIAC

The Science of Security and Privacy (SoS) Initiative, sponsored by the National Security Agency Research Directorate, fosters a self-sustaining, open, and public security science research community to discover key cyber principles necessary to support improved explanations, predictions and confirmation or validation of predicted outcomes. The discipline of Science of Security and Privacy draws on the bases from multiple disciplines including: Computer Science, Engineering, Mathematics, and Psychology. SoS is advancing the technical aspects of security along with an understanding the human elements involved.
Tags: National Security Agency (NSA), SoS, Webinar

In Case You Missed It: CSIAC Webinar – What is DevOps? From a Tools Point of View - CSIAC

This webinar will give a brief overview of the core ideas and discuss the basic principles behind the benefits of adopting DevOps. Following discussion of the basic ideas and principles, the foundational architectural concepts and the components that underlie existing tools will be discussed. Architectural concepts and tools including Cloud services/ecosystems, multilevel virtualization as used by Container microservices/orchestration tools, and interesting new .Net based software development technologies (such as .Net Core) are among those that will be covered.
Tags: .NET Core, Container Environment, DevOps, Orchestration Tools

RECENT HEADLINES:

TikTok Kids’ App Hit by Record $5.7m FTC Fine - Info Security Magazine

US regulators have handed a Chinese-owned social networking app a record fine after it illegally collected the personal data of children who used it.
Tags: Data Privacy, FTC, TikTok

The Security Clearance Process Is About to Get Its Biggest Overhaul in 50 Years - Defense One

Intelligence and human capital officials are about to make the rounds to show off Trusted Workforce 2.0, a framework to completely change how the government makes security clearance determinations.
Tags: Security Clearance, Trusted Workforce 2.0

New Flaws in 4G, 5G Allow Attackers to Intercept Calls and Track Phone Locations - Tech Crunch

A group of academics have found three new security flaws in 4G and 5G, which they say can be used to intercept phone calls and track the locations of cell phone users.
Tags: 5G, Data Privacy, Mobile Security

As Trump and Kim Met, North Korean Hackers Hit Over 100 Targets in U.S. and Ally Nations - The New York Times

North Korean hackers who have targeted American and European businesses for 18 months kept up their attacks last week even as President Trump was meeting with North Korea's leader in Hanoi.
Tags: Cyber Attack, Cyberwarfare

Researchers Safeguard Hardware From Cyberattack - TechXplore

Researchers have developed an algorithm that safeguards hardware from attacks to steal data. In the attacks, hackers detect variations of power and electromagnetic radiation in electronic devices' hardware and use that variation to steal encrypted information.
Tags: Cyber Attack, Hardware Security

NSA’s Joyce Outlines How U.S. Can Disrupt and Deter Foreign Hacking - CyberScoop

The United States will do more to disrupt the malicious cyber-activity that foreign adversaries are aggressively using to advance their interests, a National Security Agency official said Thursday.
Tags: Cyber Attack, Cyberwarfare, National Security Agency (NSA)

Trump Calls For More Biometric Scans, Data Sharing To Stop Terrorism - Defense One

International travelers can expect to see more facial recognition and other biometric technologies per the latest national security strategy document.
Tags: Biometrics, Facial Recognition, National Security Strategy

Supply-Chain Attacks Rose 78% Last Year, Cyber Researchers Found - Defense One

Hackers are shifting their tactics away from traditional phishing and ransomware attacks, and moving toward stealthier intrusions via websites and the software supply chain, according to a recent report.
Tags: Cyber Supply Chain, Phishing, Ransomware

Social Media Attacks Generate $3.25 Billion for Crooks Each Year - Bleeping Computer

Cybercriminals are becoming more clever every year when it comes to exploiting the trust of social media users and this translates into increased earnings, with malicious activities targeting social media platforms netting criminals roughly $3.25 billion per year.
Tags: Cyber Attack, Cyber Crime, Social Media

Microsoft Announces Azure Sentinel and Threat Experts Cloud-Based Tech - Bleeping Computer

Microsoft announced its new cloud-based Microsoft Azure Sentinel and Microsoft Threat Experts solutions designed to allow security professionals to react faster and provide adequate responses during cyber attacks.
Tags: Azure, Microsoft, SIEM

CSIAC Supported Communities

CSIAC supports several communities of practice, such as the Cyber Community of Interest (COI) Group and research & development working groups.

Technical Resources, Policy and Guidance

This list of related sites provides additional sources to pursue the topic of Cybersecurity. The sites include Government organizations, including federal agencies, Department of Defense and military service agencies, commercial organizations, and academic institutions.

The CS Digest provides links to third party Websites. The CSIAC is not responsible for the availability of, and content provided on, third party Websites. You should refer to the policies posted by other Websites regarding their privacy and other topics before you use them. The CSIAC is not responsible for third party content accessible through the CSIAC CS Digest, including opinions, advice, statements, advertisements and endorsements, and you bear all risks associated with the use of such content.