The Cybersecurity (CS) Digest is a curated bi-weekly news summary for cybersecurity professionals. It is transmitted in an HTML-formatted email and provides links to articles and news summaries across a spectrum of cybersecurity topics.

CSIAC ANNOUNCEMENTS:

Free CSIAC Webinar Sept 12 @ 12:00 PM EDT – Overview of the Software Assurance Marketplace (SWAMP) and SWAMP-in-a-Box (SiB) - CSIAC

With the increasing rate of security breaches, today’s applications need to be built more securely at the code level, and that code needs to be tested regularly. The Software Assurance Marketplace was developed to make it easier to consistently test the quality and security of applications and bring a transformative change to the software assurance landscape by reducing the number of weaknesses deployed in software.

RECENT HEADLINES:

Critical Infrastructure:

Siemens and ISA Partnership Fosters Cybersecurity Awareness - Pharmtech

Both parties will share expertise in protecting the automation environment based on the International Electrotechnical Commission (IEC) 62443 standard and appropriate security measures in the form of events, webinars, and educational material. Together, ISA and Siemens intend to raise awareness and share best practices for industrial security with owner-operators of industrial equipment.

Is the Power Grid Getting More Vulnerable to Cyber Attacks? - Scientific American

Two weeks ago it was cyberattacks on the Irish power grid. Last month it was a digital assault on U.S. energy companies, including a nuclear power plant. Back in December a Russian hack of a Vermont utility was all over the news. From the media buzz, one might conclude that power grid infrastructure is teetering on the brink of a hacker-induced meltdown.

Cyber Crime:

Massive Email Campaign Sends Locky Ransomware to Over 23 Million Users - TheHackerNews

The campaign spotted by researchers at AppRiver sent out more than 23 million messages containing Locky ransomware in just 24 hours on 28 August across the United States in what appears to be one of the largest malware campaigns in the second half of this year. According to the researchers, the emails sent out in the attack were "extremely vague," with subjects lines such as "please print," "documents," "images," "photos," "pictures," and "scans" in an attempt to convince victims into infecting themselves with Locky ransomware.

Researchers Uncover Maze of Hidden Backdoors in European Embassy and Ministry Systems - Cyberscoop

Some cybersecurity firms believe the hacking group exposed by ESET, known as Turla, is connected to Russian intelligence services. The backdoor used by Turla has been codenamed Gazer. ESET describes Gazer as a stealthy and complex hacking tool that is difficult to detect. The implant receives encrypted code from an external server, which can execute commands either directly through the infected machine or via another computer on a shared network. In addition, ESET found evidence that Turla leverages a virtual file system in the Windows registry to evade antivirus defenses after they’ve deployed Gazer.

711 Million Email Addresses Ensnared in ‘Largest’ Spambot - ZDnet

A Paris-based security researcher, who goes by the pseudonymous handle Benkow, discovered an open and accessible web server hosted in the Netherlands, which stores dozens of text files containing a huge batch of email addresses, passwords, and email servers used to send spam. Those credentials are crucial for the spammer's large-scale malware operation to bypass spam filters by sending email through legitimate email servers. The spambot, dubbed "Onliner," is used to deliver the Ursnif banking malware into inboxes all over the world. To date, it's resulted in more than 100,000 unique infections across the world, Benkow told ZDNet.

Data Security:

FBI Arrests Another Hacker Who Visited United States to Attend a Conference - TheHackerNews

The FBI has arrested a Chinese citizen for allegedly distributing malware used in the 2015 massive OPM breach that resulted in the theft of personal details of more than 25 Million U.S. federal employees, including 5.6 Million federal officials' fingerprints. Yu Pingan, identified by the agency as the pseudonym "GoldSun," was arrested at Los Angeles international airport on Wednesday when he was arrived in the United States to attend a conference, CNN reported. The 36-year-old Chinese national is said to face charges in connection with the Sakula malware, which was not only used to breach the US Office of Personnel Management (OPM) but also breached Anthem health insurance firm in 2015.

PoS Flaws Allow Hackers to Steal Card Data, Change Prices - Securityweek

A hacker can abuse tens of commands, allowing them to steal data from all the credit and debit cards used at the targeted store, and apply special prices and discounts to specified items. These discounts can be applied for specified times so that an item has a small price only when fraudsters go to purchase it. Fraudsters can also set up the system so that their purchases are charged to the previous customer's card. An attacker can also change the data displayed on a receipt, including to display the customer's full payment card number, not just the last 4 digits as required.

New EMPTY CryptoMix Ransomware Variant Released - Bleepingcomputer

Yesterday, MalwareHunterTeam discovered a new variant of the CryptoMix ransomware that is appending the .EMPTY extension to encrypted file names. Considering that the previous variant used ERROR as the previous extension and now uses empty, it is clear that the developers are running out of ideas for extensions. This article will provide a brief summary of what has changed in this new variant. As we are always looking for weaknesses, if you are a victim of this variant and decide to pay the ransom, please send us the decryptor so we can take a look at it. You can also discuss or receive support for Cryptomix ransomware infections in our dedicated Cryptomix Help & Support Topic.

Beware of Windows/MacOS/Linux Virus Spreading Through Facebook Messenger - TheHackerNews

If you came across any Facebook message with a video link sent by anyone, even your friend - just don’t click on it. Security researchers at Kaspersky Lab have spotted an ongoing cross-platform campaign on Facebook Messenger, where users receive a video link that redirects them to a fake website, luring them to install malicious software.

Is Malware Hiding in Your Resume? Vulnerability in LinkedIn Messenger Would Have Allowed Malicious File Transfer - Checkpoint

As the world’s largest professional network, LinkedIn has acquired a noteworthy reputation. Individuals utilize the site to seek out trustworthy business connections and job opportunities. The most used feature on the site is the messenger platform. It enables users to easily send resumes, transfer academic research and share job descriptions. Users open messages under the assumption that the information is safe, secure and sent by a user with good intentions. Unfortunately, this trusting assumption can sometimes be abused. Check Point researchers discovered a vulnerability within LinkedIn’s messenger platform, that if exploited would enable attackers to spread malicious files.

Simple Exploit Allows Attackers to Modify Email Content – Even After It’s Sent! - TheHackerNews

A successful exploitation of the Ropemaker attack could allow an attacker to remotely modify the content of an email sent by the attacker itself, for example swapping a URL with the malicious one. This can be done even after the email has already been delivered to the recipient and made it through all the necessary spam and security filters, without requiring direct access to the recipient’s computer or email application, exposing hundreds of millions of desktop email client users to malicious attacks.

Emerging Technology:

Putin says the nation that leads in AI ‘will be the ruler of the world’ - The Verge

Russian president Vladimir Putin has joined the war of words concerning the international race to develop artificial intelligence. Speaking to students last Friday, Putin predicted that whichever country leads the way in AI research will come to dominate global affairs.

High Performance Computing:

Argonne Steps up to the Exascale Computing Project - Inside HPC

Argonne National Laboratory, a US Department of Energy (DOE) science and energy lab located outside of Chicago, provides supercomputing resources aimed at accelerating the pace of discovery and innovation. It is home to Mira, currently the ninth fastest supercomputer in the world, and its new Theta system, which will serve as a bridge between Mira and its next leadership-class supercomputer, Aurora.

Information Warfare:

First Evidence That Social Bots Play a Major Role in Spreading Fake News - MIT

Fake news and the way it spreads on social media is emerging as one of the great threats to modern society. In recent times, fake news has been used to manipulate stock markets, make people choose dangerous health-care options, and manipulate elections, including last year’s presidential election in the U.S. Clearly, there is an urgent need for a way to limit the diffusion of fake news. And that raises an important question: how does fake news spread in the first place? Today we get an answer of sorts thanks to the work of Chengcheng Shao and pals at Indiana University in Bloomington. For the first time, these guys have systematically studied how fake news spreads on Twitter and provide a unique window into this murky world. Their work suggests clear strategies for controlling this epidemic.

Machine Learning and Artificial Intelligence:

Elon Musk and AI Experts Urge U.N. to Ban Artificial Intelligence in Weapons - LA Times

"Lethal autonomous weapons threaten to become the third revolution in warfare," read the letter, which was also signed by the chief executives of companies such as Cafe X Technologies (which built the autonomous barista) and PlusOne Robotics (whose robots automate manual labor). "Once this Pandora's box is opened, it will be hard to close. Therefore we implore the High Contracting Parties to find a way to protect us all from these dangers."

ORNL Researchers Turn to Deep Learning to Solve Science’s Big Data Problem - Newswise

The Advances in Machine Learning to Improve Scientific Discovery at Exascale and Beyond (ASCEND) project aims to use deep learning to assist researchers in making sense of massive datasets produced at the world's most sophisticated scientific facilities. Deep learning is an area of machine learning that uses artificial neural networks to enable self-learning devices and platforms. The team, led by ORNL's Thomas Potok, includes Robert Patton, Chris Symons, Steven Young and Catherine Schuman. While deep learning has long been used to classify relatively simple data such as photographs, today's scientific data presents a much greater challenge because of its size and complexity. Deep learning offers the potential to truly change the way in which researchers use massive datasets to solve challenges spanning the scientific spectrum. For example, neutron scattering data collected at ORNL's Spallation Neutron Source contain rich scientific information about structure and dynamics of materials under investigation, and deep learning could help researchers better understand the link between experimental data and materials properties. "This understanding can help scientists build and support new scientific theories, and help to design better materials," Potok said.

Mobile Security:

Vulnerabilities Discovered in Mobile Bootloaders of Major Vendors - Bleeping Computer

Android bootloader components from five major chipset vendors are affected by vulnerabilities that break the CoT (Chain of Trust) during the boot-up sequence, opening devices to attacks. The vulnerabilities came to light during research carried out by a team of nine computer scientists from the University of California, Santa Barbara.

Public Sector:

Air Force Opens Doors to Universities, Small Businesses and Entrepreneurs to Boost Innovation - DoD

Air Force Secretary Heather Wilson announced the launch of AFwerX July 21, 2017, during her visit to Nellis Air Force Base, Nevada. Based on a model used by Special Operations Command, AFwerX opens Air Force doors to highly innovative problem solvers with small amounts of money in ways that strip out bureaucracy. The first AFwerX location will be near the University of Nevada, Las Vegas, so students and faculty, small businesses and entrepreneurs can connect easily to the Air Force. The storefront is slated to open by early 2018 with "open to the public" hours for individuals and groups to present ideas. "We're changing the way we do business with innovators," Wilson said. "Bringing an AFwerX storefront to Vegas allows us to take advantage of Nevada's emerging idea marketplace."

Federal Panel Urges 11 Steps to Avert a Cyber 9/11 - FederalNewsRadio

"We find ourselves at a crucial point. We are in a pre-9/11 cyber moment," said Michael Wallace, a retired energy executive who co-chairs the NIAC cyber working group. "We have the opportunity to be proactive in this limited window before our nation experiences a watershed cyber attack, and we’re calling on the administration to take bold and decisive actions."

Dispute Along Cold War Lines Led to Collapse of UN Cyberwarfare Talks - The Guardian

Thirteen years of negotiations at the United Nations aimed at restricting cyberwarfare collapsed in June, it has emerged, due to an acrimonious dispute that pitted Russia, China and Cuba against western countries. The split among legal and military experts at the UN, along old cold war lines, has reinforced distrust at a time of mounting diplomatic tension over cyber-attacks, such as the 2016 hacking of the US Democratic National Committee’s (DNC) computers. That break-in was allegedly coordinated by Russian intelligence and intended to assist Donald Trump’s presidential campaign.

Software Security:

FBI Pushes Private Sector to Cut Ties With Kaspersky - Cyberscoop

The FBI's goal is to have U.S. firms push Kaspersky out of their systems as soon as possible or refrain from using them in new products or other efforts, the current and former officials say. The FBI's counterintelligence section has been giving briefings since beginning of the year on a priority basis, prioritizing companies in the energy sector and those that use industrial control (ICS) and Supervisory Control and Data Acquisition (SCADA) systems.

FEEDBACK FROM PREVIOUS DIGEST:

Most Popular:

Secret Chips in Replacement Parts can Completely Hijack Your Phone’s Security - ARS Technica

People with cracked touch screens or similar smartphone maladies have a new headache to consider: the possibility the replacement parts installed by repair shops contain secret hardware that completely hijacks the security of the device.

The Ghostly Radio Station That no One Claims to Run - BBC

In the middle of a Russian swampland, not far from the city of St Petersburg, is a rectangular iron gate. Beyond its rusted bars is a collection of radio towers, abandoned buildings and power lines bordered by a dry-stone wall. This sinister location is the focus of a mystery which stretches back to the height of the Cold War.

China Drone Maker Steps Up Security After U.S. Army Ban - Reuters

Chinese drone maker SZ DJI Technology Co Ltd is tightening data security on its drones after the U.S. Army ordered its members to stop using DJI drones because of "cyber vulnerabilities," a company official told Reuters on Monday.

CSIAC SUPPORTED COMMUNITIES:

Cyber Security of Critical Infrastructure - Department of Homeland Security

CSIAC serves on the EO 13636/PPD-21 Research & Development (R&D) Working Group (WG) run by DHS S&T. If you would like further information, contact Dr. Paul Losiewicz at plosiewicz@csiac.org

Cyber Community of Interest (COI) Group - CSIAC

The Cyber COI engages in multiple activities and forums for coordinating cyber S&T strategies, sharing innovative ideas and technical approaches, promoting technology transfer and upcoming business opportunities, and in jointly planning programs across the Department of Defense and other government agencies. Membership is based upon approval by the Cyber COI group administrator.

TECHNICAL RESOURCES, POLICY & GUIDANCE:

Cybersecurity Related Websites - CSIAC

The listing of related sites provide additional sources to pursue the topic of Cybersecurity. The sites include Government organizations, including federal agencies, Department of Defense and military service agencies, commercial organizations, and academic institutions.

Presidential Policy Directive – United States Cyber Incident Coordination - The White House

Opportunities Exist for DOD to Share Cybersecurity Resources with Small Businesses - GAO

DOD OSBP officials acknowledged that cybersecurity is an important and timely issue for small businesses -and therefore the office is considering incorporating cybersecurity into its existing outreach and education efforts. During the review, GAO identified 15 existing federal cybersecurity resources that DOD OSBP could disseminate to defense small businesses.

DHS S&T Collaboration Community - Ideascale

The National Conversation is intended to bring together everyone to play a role in shaping the future of homeland security technology. This means responders, operational users, citizens, academia, and industry.

The Department of Defense Cyber Strategy - Department of Defense

The purpose of this strategy is to guide the development of DoD's cyber forces and strengthen our cyber defense and cyber deterrence posture. It focuses on building cyber capabilities and organizations for DoD's three primary cyber missions.

Information Sharing Environment - ISE

The Information Sharing Environment (ISE) broadly refers to the people, projects, systems, and agencies that enable responsible information sharing for national security.

Standards & Reference Documents - CSIAC

View all Best Practices and Reference Documents on the CSIAC website.

The DoD Cybersecurity Policy Chart (Formerly the IA Policy Chart) - CSIAC

DoD Cyber Domain Resources - Department of Defense

DHS Cyber Security Strategy (“Blueprint for a Secure Cyber Future”, 2011) - Department of Homeland Defense

DIB CS/IA Voluntary Information Sharing Program - DoD DIBNet

DoD's DIB CS/IA program is a voluntary program to enhance and supplement DIB participants' capabilities to safeguard DoD information that resides on, or transits, DIB unclassified information systems.

US-CERT Bulletins - Department of Homeland Security

Bulletins provide weekly summaries of new vulnerabilities. Patch information is provided when available.

US-CERT Alerts - Department of Homeland Security

Alerts provide timely information about current security issues, vulnerabilities, and exploits.

National Vulnerability Database - NIST

NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. NVD includes databases of security checklists, security related software flaws, misconfigurations, product names, and impact metrics.

Trustworthy CyberSpace: Strategic Plan For The Federal Cybersecurity Research and Development Program - NITRD

Committee on National Security Systems (CNSS) - Committee on National Security Systems

The CS Digest provides links to third party Websites. The CSIAC is not responsible for the availability of, and content provided on, third party Websites. You should refer to the policies posted by other Websites regarding their privacy and other topics before you use them. The CSIAC is not responsible for third party content accessible through the CSIAC CS Digest, including opinions, advice, statements, advertisements and endorsements, and you bear all risks associated with the use of such content.