The Cybersecurity (CS) Digest is a curated bi-weekly news summary for cybersecurity professionals. It is transmitted in an HTML-formatted email and provides links to articles and news summaries across a spectrum of cybersecurity topics.
Critical Infrastructure More Vulnerable Than Ever Before - InfoSecurity Magazine
Despite widespread awareness of the physical and data-related danger inherent in exposing critical infrastructure to cyberattack, the number of internet-accessible industrial control systems (ICS) is increasing every year.
The attack vector for Triton, the nation state-sponsored malware that attacked industrial sites in the Middle East in December 2017, has been revealed by the hardware manufacturer whose equipment was the target.
Schneider Electric said on Thursday that hackers had exploited a flaw in its technology in a watershed incident discovered last month that halted operations at an undisclosed industrial facility.
An elite, government authored cyberweapon has been sitting online in public view for nearly anyone to copy since Dec. 22 because multinational energy technology company Schneider Electric mistakenly posted a sensitive computer file to VirusTotal, three sources familiar with the matter told CyberScoop.
British 15-year-old Gained Access to Intelligence Operations in Afghanistan and Iran by Pretending to be Head of CIA, Court Hears - Telegraph
A 15-year-old gained access to plans for intelligence operations in Afghanistan and Iran by pretending to be the head of the CIA to gain access to his computers, a court has heard.
A prototype autonomous ship known as the Medium Displacement Unmanned Surface Vehicle (MDUSV) has officially been transferred to the U.S. Navy from the Defense Advanced Research Projects Agency (DARPA) after a two-year testing and evaluation program. Named "Sea Hunter," the Office of Naval Research will continue to develop the vessel from this point forward.
Navy Plans to Spend $100 Million on Cyber Through New Other Transaction Authority - Federal News Radio
The Navy's Space and Naval Warfare Systems Command is the latest DoD organization to look to Other Transaction Authority as a work-around to the traditional acquisition system in pursuit of new cyber capabilities.
Dutch intelligence services hacked Russian cyber attackers and alerted US counterparts after watching them transfer "thousands" of Democratic Party emails ahead of the 2016 US election, Dutch media reported Friday.
‘Terabyte of Death’ Cyberattack Against DoD Looms, DISA Director Warns - Department of Defense
The vast, global networks of the Defense Department are under constant attack, with the sophistication of the cyber assaults increasing, the director of Defense Information Systems Agency said here today.
The review came after reports by The Washington Post and other outlets that a "heat map" had been posted online by the fitness-tracking company Strava showing where users jog, bike and exercise - and in the process inadvertently highlighting the locations of U.S. military facilities in some of the most dangerous spots in the world.
Bitcoin alternatives like Monero and Ethereum continue their overall upward trend in value, putting them squarely in the crosshairs of threat actors looking for quick profits and anonymous transactions. Because obtaining these cryptocurrencies through legitimate mining mechanisms is quite resource-intensive, cybercriminals are stealing them, demanding ransomware payments in them, and harnessing other computers to mine them for free. Recently, Proofpoint researchers have been tracking the massive Smominru botnet, the combined computing power of which has earned millions of dollars for its operators.
Several cybersecurity firms are reporting of new cryptocurrency mining viruses that are being spread using EternalBlue - the same NSA exploit that was leaked by the hacking group Shadow Brokers and responsible for the devastating widespread ransomware threat WannaCry.
Early Friday morning in Tokyo, hackers broke into a cryptocurrency exchange called Coincheck Inc. and made off with nearly $500 million in digital tokens. It's one of the biggest heists in history, with the exchange losing more than 500 million of the somewhat obscure NEM coins. The hack has raised questions about security of cryptocurrencies around the world.
Samsung Electronics has revealed it is making chips designed specifically to harvest crypto-currency coins. The firm made the disclosure in its latest earnings report, where it said the activity should boost its profits.
Proofpoint researchers have been following a previously undocumented threat in which actors are stealing bitcoins via the Tor proxy onion[.]top. Operators of this proxy are surreptitiously diverting Bitcoin payments from ransomware victims to their own wallets by modifying in transit the source of web pages used for payment, replacing the ransomware author-controlled Bitcoin addresses with their own.
Autosploit, a new tool that basically couples Shodan and Metasploit, makes it easy for even amateurs to hack vulnerable IoT devices.
Superconducting computing chips modeled after neurons can process information faster and more efficiently than the human brain. That achievement, described in Science Advances on 26 January 1, is a key benchmark in the development of advanced computing devices designed to mimic biological systems. And it could open the door to more natural machine-learning software, although many hurdles remain before it could be used commercially.
The federal government has awarded Booz Allen Hamilton a massive $621 million, six-year contract to implement a Department of Homeland Security program aimed at securing federal networks from cyber threats.
Alphabet Launches Cybersecurity Firm Chronicle - CNN Money
Google's parent company, Alphabet, is launching a business to protect companies from hackers. Chronicle, a new company under the Alphabet umbrella, calls itself a "cybersecurity intelligence and analytics platform."
DoD Memo Starts to Cleave its Acquisition Office in Half, Reassigns Workforce - Federal News Radio
Defense acquisition civilian personnel will see no changes in their title, series or grade as the Defense Department begins to cleave the office of acquisition, technology and logistics in half on Feb. 1.
DoD’s Network Defense Headquarters Achieves Full Operational Capability - Department of Defense
The U.S. Cyber Command component responsible for securing, operating and defending the Defense Department’s complex infrastructure of roughly 15,000 networks with 3 million users has achieved full operational capability.
An Army team, in fact, recently received a Department of Defense Innovation, Modernization in IT Award specifically for its work in leading the service's implementation of the DoD Cybersecurity Scorecard. The Army's Cybersecurity Scorecard Team worked out a plan for tracking programs of record, worked with the Defense Information Systems Agency (DISA) to ensure that contracts supported security requirements, and improved compliance with the Federal Information Systems Management Act (FISMA), according to an Army release.
A Small-Scale Demonstration Shows How Quantum Computing Could Revolutionize Data Analysis - Technology Review
Over the past few decades, topology - a branch of mathematics dealing with shapes that can be turned into other shapes by processes like bending and stretching - has evolved from an arcane pursuit into an increasingly powerful tool for analyzing the real world. The role of symmetry in the topological world has turned out to be particularly important.
Cloud Quantum Computing Calculates Nuclear Binding Energy - Physics World
Cloud quantum computing has been used to calculate the binding energy of the deuterium nucleus – the first-ever such calculation done using quantum processors at remote locations. Nuclear physicists led by Eugene Dumitrescu at Oak Ridge National Laboratory in the US used publicly available software to achieve the remote operation of two distant quantum computers. Their work could lead to new opportunities for scientists in many fields who want to use quantum simulations to calculate properties of matter.
Microsoft has decided to crack down on the growing number of free programs that claim to scan computers for errors and then pressure worried PC users into upgrading to paid versions for a cure.
Microsoft on Saturday issued an out-of-band Windows security update that disabled a patch the company released earlier this month to protect personal computers from possible attacks leveraging one of the "Spectre" vulnerabilities.
You Had One Job, Outlook! Security Bug Fix Stops Mail App From Forwarding Attachments - The Register
Outlook will strip attachments from some forwarded emails once you've applied a security patch from this month's Patch Tuesday, Microsoft has admitted.
CSIAC supports several communities of practice, such as the Cyber Community of Interest (COI) Group and research & development working groups.
This list of related sites provides additional sources to pursue the topic of Cybersecurity. The sites include Government organizations, including federal agencies, Department of Defense and military service agencies, commercial organizations, and academic institutions.
The CS Digest provides links to third party Websites. The CSIAC is not responsible for the availability of, and content provided on, third party Websites. You should refer to the policies posted by other Websites regarding their privacy and other topics before you use them. The CSIAC is not responsible for third party content accessible through the CSIAC CS Digest, including opinions, advice, statements, advertisements and endorsements, and you bear all risks associated with the use of such content.