The Cybersecurity (CS) Digest is a curated bi-weekly news summary for cybersecurity professionals. It is transmitted in an HTML-formatted email and provides links to articles and news summaries across a spectrum of cybersecurity topics.
Register for CSIAC Webinar, Tuesday, Aug 20 @ 12:00 pm EDT: DoD Enterprise DevSecOps Initiative - CSIAC
This webinar will present the vision for transforming DoD software acquisition into secure, responsive software factories. It will examine and explore the utilization of modern software development processes and tools to revolutionize the Department's ability to provide responsive, timely, and secure software capabilities for our warfighters. The focus of the effort involves exploiting automated software tools, services, and standards so warfighters can rapidly create, deploy, and operate software applications in a secure, flexible, and interoperable manner.
Tags: DevSecOps, Software Development
The settlement fund for the breach that saw the exposure of 147 million Equifax customers' data was $31 million. Customers applying for a payout were initially offered $125 or free Equifax credit monitoring. Unsurprisingly, many people already had credit monitoring, or didn't want to take it from the firm that failed to safeguard their data. The result? Equifax can't afford to pay out to all affected customers.
Tags: Data Breach, Equifax
Two members of Project Zero, Google's elite bug-hunting team, have published details and demo proof-of-concept code for five of six "interactionless" security bugs that impact the iOS operating system and can be exploited via the iMessage client.
Tags: Apple, Vulnerability
Today, researchers from the enterprise security firm Armis are detailing just such a group of vulnerabilities in a popular operating system that runs on more than 2 billion devices worldwide. But unlike Windows, iOS, or Android, this OS is one you've likely never heard of. It's called VxWorks.
Tags: Vulnerability, VxWorks
A Two-Track Algorithm To Detect Deepfake Images - IEEE Spectrum
Researchers have demonstrated a new algorithm for detecting so-called deepfake images-those altered imperceptibly by AI systems, potentially for nefarious purposes. Initial tests of the algorithm picked out phony from undoctored images down to the individual pixel level with between 71 and 95 percent accuracy, depending on the sample data set used. The algorithm has not yet been expanded to include the detection of deepfake videos.
Tags: Artificial Intelligence (AI), Deepfake, Machine Learning (ML)
The Defense Department has been failing to take into account the potential security risks of buying commercial off-the-shelf (COTS) technology items such as laptops, security cameras, software and networking equipment, according to the office of the Pentagon Inspector General.
Tags: COTS, Cyber Supply Chain, DoD
The revelation brings to five the number of groups tracked by Dragos that go after the oil and gas sector, highlighting the growing interest shown by well-resourced hackers in probing the industrial control systems (ICS) that underpin energy infrastructure. Oil and gas companies move markets and are strategic national assets, giving cyber operatives plenty of reason to scope them out.
Tags: Advanced Persistent Threat (APT), cyberattack, Industrial Control Systems (ICS)
Capital One Says Data Breach Affected 100 Million Credit Card Applications - The Washington Post
Capital One, the Virginia-based bank with a popular credit card business, announced Monday that a hacker had accessed about 100 million credit card applications, and investigators say thousands of Social Security and bank account numbers were also taken.
Tags: cyberattack, Data Breach
The National Security Agency is creating a Cybersecurity Directorate to better protect the country against cyberthreats from foreign adversaries, NSA Director Gen. Paul Nakasone said Tuesday.
Tags: Critical Infrastructure Protection (CIP), National Security Agency (NSA)
Microsoft on Wednesday announced that it would give away software designed to improve the security of American voting machines, even as the tech giant said it had tracked 781 cyberattacks by foreign adversaries targeting political organizations so far this election cycle.
Tags: Election Hacking, Microsoft
Android Devices Could be Hacked by Playing a Video Due to CVE-2019-2107 Flaw - Security Affairs
Playing a specially-crafted video on devices with the Android's native video player application could allow attackers to compromise them due to a dangerous critical remote code execution flaw. The vulnerability, tracked as CVE-2019-2107, affected Android OS between version 7.0 and 9.0 (Nougat, Oreo, or Pie) potentially impacting over 1 billion devices.
Tags: Android, CVE-2019-2107
Robert Mueller warned that Russian interference is still happening "as we sit here." State election officials are anxious and underfunded, some running systems with outdated software and scrounging for replacement parts off e-Bay. And on Thursday a report from the Senate Intelligence committee concluded all 50 states were targeted in 2016 and ahead of the 2018 election "top election vulnerabilities remained."
Tags: Election Hacking, Russia
CSIAC supports several communities of practice, such as the Cyber Community of Interest (COI) Group and research & development working groups.
This list of related sites provides additional sources to pursue the topic of Cybersecurity. The sites include Government organizations, including federal agencies, Department of Defense and military service agencies, commercial organizations, and academic institutions.
The CS Digest provides links to third party Websites. The CSIAC is not responsible for the availability of, and content provided on, third party Websites. You should refer to the policies posted by other Websites regarding their privacy and other topics before you use them. The CSIAC is not responsible for third party content accessible through the CSIAC CS Digest, including opinions, advice, statements, advertisements and endorsements, and you bear all risks associated with the use of such content.