• Home
  • Resources
    • Find Resources by Topic Tags
    • Cybersecurity Policy Chart
    • CSIAC Reports
    • Webinars
    • Podcasts
    • Cybersecurity Digest
    • Standards & Reference Docs
    • Journals
    • Certifications
    • Acronym DB
    • Cybersecurity Related Websites
  • Services
    • Free Technical Inquiry
    • Core Analysis Task (CAT) Program
    • Subject Matter Expert (SME) Network
    • Training
    • Contact Us
  • Community
    • Upcoming Events
    • Cybersecurity
    • Modeling & Simulation
    • Knowledge Management
    • Software Engineering
  • About
    • About the CSIAC
    • The CSIAC Team
    • Subject Matter Expert (SME) Support
    • DTIC’s IAC Program
    • DTIC’s R&E Gateway
    • DTIC STI Program
    • FAQs
  • Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
Login / Register

CSIAC

Cyber Security and Information Systems Information Analysis Center

  • Resources
    • Find Resources by Topic Tags
    • Cybersecurity Policy Chart
    • CSIAC Reports
    • Webinars
    • Podcasts
    • Cybersecurity Digest
    • Standards & Reference Docs
    • Journals
    • Certifications
    • Acronym DB
    • Cybersecurity Websites
  • Services
    • Free Technical Inquiry
    • Core Analysis Task (CAT) Program
    • Subject Matter Expert (SME) Network
    • Training
    • Contact
  • Community
    • Upcoming Events
    • Cybersecurity
    • Modeling & Simulation
    • Knowledge Management
    • Software Engineering
  • About
    • About the CSIAC
    • The CSIAC Team
    • Subject Matter Expert (SME) Support
    • DTIC’s IAC Program
    • DTIC’s R&E Gateway
    • DTIC STI Program
    • FAQs
  • Cybersecurity
  • Modeling & Simulation
  • Knowledge Management
  • Software Engineering
/ CS Digests / 06 Mar 2018

CS Digest: 06 Mar 2018

Posted: 03/06/2018 | Leave a Comment

The Cybersecurity (CS) Digest is a curated bi-weekly news summary for cybersecurity professionals. It is transmitted in an HTML-formatted email and provides links to articles and news summaries across a spectrum of cybersecurity topics.

CSIAC ANNOUNCEMENTS:

Reminder: Free CSIAC Webinar Thursday Mar 22 @ 12:00 pm EDT – Autonomic Cyber Security (ACS) - CSIAC

This webinar will provide an overview of cutting-edge research efforts being conducted at the University of Arizona’s National Science Foundation (NSF) Cloud and Autonomic Computing Center (CAC) along with one of their affiliate members, AVIRTEK Inc.

FEEDBACK FROM PREVIOUS DIGEST:

Cyber Crime:

Olympic Destroyer Data-Wiping Malware Is More Complex Than Previously Thought - Bleeping Computer

The Olympic Destroyer malware that has caused damage to PyeongChang 2018 Winter Olympics computer networks is much more complex than previously thought. Discovered by Cisco Talos researchers, this malware has been deployed before the start of the Olympics and has caused downtime to internal WiFi and television systems, disrupting some operations during the games' opening ceremony.

RECENT HEADLINES:

Cyberwarfare:

German Government Intranet Under ‘Ongoing Attack’ - The Guardian

Germany's government is dealing with an ongoing security crisis after hackers managed to access its intranet and collect confidential information, a senior lawmaker said on Thursday.

Data Security:

Major Data Breach at Marine Forces Reserve Impacts Thousands - Marine Corps Times

The personal information of thousands of Marines, sailors and civilians, including bank account numbers, was compromised in a major data spillage emanating from U.S. Marine Corps Forces Reserve.

Equifax Says it’s Found 2.4 Million More Victims From 2017 Breach - The Hill

Equifax has identified 2.4 million victims of its massive 2017 data breach that were not previously counted in the number of people affected by the hack, the credit bureau announced Thursday.

GitHub Survived the Biggest DDoS Attack Ever Recorded - Wired

On Wednesday, at about 12:15 pm ET, 1.35 terabits per second of traffic hit the developer platform GitHub all at once. It was the most powerful distributed denial of service attack recorded to date—and it used an increasingly popular DDoS method, no botnet required.

FBI Warns of Spike in W-2 Phishing Campaigns - Threat Post

The Federal Bureau of Investigation is warning businesses about a spike in phishing campaigns requesting W-2 information from payroll personnel.

FEEDBACK FROM PREVIOUS DIGEST:

Blockchain and Digital Currency:

How to Mitigate the Threat Cryptocurrency Mining Poses to Enterprise Security - The Hacker News

The growing popularity of Bitcoin and other cryptocurrencies is generating curiosity - and concern - among security specialists. Crypto mining software has been found on user machines, often installed by botnets. Organizations need to understand the risks posed by this software and what actions, if any, should be taken.

RECENT HEADLINES:

Machine Learning and Artificial Intelligence:

Berkeley Lab ‘Minimalist Machine Learning’ Algorithms Analyze Images From Very Little Data - Berkeley Lab

Mathematicians at the Department of Energy's Lawrence Berkeley National Laboratory (Berkeley Lab) have developed a new approach to machine learning aimed at experimental imaging data. Rather than relying on the tens or hundreds of thousands of images used by typical machine learning methods, this new approach "learns" much more quickly and requires far fewer images.

Mobile Security:

The Feds Can Now (Probably) Unlock Every iPhone Model In Existence — UPDATED - Forbes

In what appears to be a major breakthrough for law enforcement, and a possible privacy problem for Apple customers, a major U.S. government contractor claims to have found a way to unlock pretty much every iPhone on the market.

The FBI, CIA and NSA say American Citizens Shouldn’t use Huawei Phones - CNN Tech

U.S. intelligence agencies have issued a stern warning to Americans: Do not buy smartphones made by Chinese tech companies Huawei or ZTE.

Network Security:

‘First True’ Native IPv6 DDoS Attack Spotted in Wild - SC Magazine

The first documented native IPv6 DDoS attack has been spotted in the wild over the weekend. The DNS dictionary attack originated from around 1,900 different native IPv6 hosts, on more than 650 different networks and targeted authoritative DNS service Neustar's network.

Memcrashed – Major Amplification Attacks From UDP Port 11211 - Cloud Flare

Over last couple of days we've seen a big increase in an obscure amplification attack vector - using the memcached protocol, coming from UDP port 11211.

Private Sector:

Army Research Lab Awards $25 Million Contract for Internet of Battlefield Things - Fifth Domain

The U.S. Army Research Lab (ARL) has awarded a $25 million contract to a consortium of university researchers known as the Alliance for Internet of Battlefield Things Research on Evolving Intelligent Goal-drive Networks (IoBT REIGN) to develop new predictive battlefield analytics and services.

Public Sector:

Marine Corps Announces New Cyberspace Career Track - Fifth Domain

The Marine Corps has created a cyberspace career track that will focus on enhancing the service's ability to compete on the information battlefield, the Marine Corps announced March 1.
Tags: Career in Cyber

DISA Modernizes SIPRNet Delivery, Increases Mission Partner Savings - DISA

The Defense Information Systems Agency (DISA) recently completed the Secret Internet Protocol Router Network (SIPRNet) Access Migration Project to improve and modernize the way mission partners connect to the SIPRNet and deliver cost reductions.

Quantum Computing:

Securing Tomorrow’s Information Through Post-Quantum Cryptography - NIST CSRC

In recent years, there has been a substantial amount of research on quantum computers - machines that exploit quantum mechanical phenomena to solve mathematical problems that are difficult or intractable for conventional computers. If large-scale quantum computers are ever built, they will compromise the security of many commonly used cryptographic algorithms.

Serious Quantum Computers are Finally Here. What are we Going to do With Them? - MIT Technology Review

Quantum computers promise to run calculations far beyond the reach of any conventional supercomputer. They might revolutionize the discovery of new materials by making it possible to simulate the behavior of matter down to the atomic level. Or they could upend cryptography and security by cracking otherwise invincible codes. There is even hope they will supercharge artificial intelligence by crunching through data more efficiently.

Software Security:

Kali Linux Now in Windows Store, but Defender Flags Its Packages as Threats! - Bleeping Computer

The penetration testing and security auditing platform called Kali Linux is now available in the Windows 10 Store as a Linux environment that can be used with the Windows Subsystem for Linux (WSL). The problem is someone forgot one little thing. Some of Kali's more popular packages are detected as hacktools and exploits by Windows Defender.

Intel’s latest set of Spectre microcode fixes is coming to a Windows update - ArsTechnica

Windows users running the latest version of Windows 10 on recent Intel processors will soon be receiving Intel's microcode updates to address the Spectre variant 2 attack.

Microsoft Updates Guideline on Windows Driver Security - Bleeping Computer

Microsoft has released an updated guide on driver security. This new guide offers advice that developers could use to ensure Windows drivers are secured against basic attacks and preventable flaws.

CSIAC Supported Communities

CSIAC supports several communities of practice, such as the Cyber Community of Interest (COI) Group and research & development working groups.

Technical Resources, Policy and Guidance

This list of related sites provides additional sources to pursue the topic of Cybersecurity. The sites include Government organizations, including federal agencies, Department of Defense and military service agencies, commercial organizations, and academic institutions.


The CS Digest provides links to third party Websites. The CSIAC is not responsible for the availability of, and content provided on, third party Websites. You should refer to the policies posted by other Websites regarding their privacy and other topics before you use them. The CSIAC is not responsible for third party content accessible through the CSIAC CS Digest, including opinions, advice, statements, advertisements and endorsements, and you bear all risks associated with the use of such content.

« 20 Feb 2018
20 Mar 2018 »

Reader Interactions

Leave a Comment Cancel

You must be logged in to post a comment.

sidebar

Blog Sidebar

Featured Content

Data Privacy Day - Jan 28

Data Privacy Day is January 28th

You can help create a global community that respects privacy, safeguards data, and enables trust. You can help teach others about privacy at home, at work, and in your community.

Learn How

Featured Subject Matter Expert (SME): Daksha Bhasker

A dynamic CSIAC SME, Senior Principal Cybersecurity Architect, Daksha Bhasker has 20 years of experience in the telecommunications services provider industry. She has worked in systems security design and architecture in production environments of carriers, often leading multidisciplinary teams for cybersecurity integration, from conception to delivery of complex technical solutions. As a CSIAC SME, Daksha's contributions include several published CSIAC Journal articles and a webinar presentation on the sophiscated architectures that phone carriers use to stop robocalls.

View SME's Contributed Content

The DoD Cybersecurity Policy Chart

The DoD Cybersecurity Policy Chart

This chart captures the tremendous breadth of applicable policies, some of which many cybersecurity professionals may not even be aware, in a helpful organizational scheme.

View the Policy Chart

CSIAC Report - Smart Cities, Smart Bases and Secure Cloud Architecture for Resiliency by Design

Integration of Smart City Technologies to create Smart Bases for DoD will require due diligence with respect to the security of the data produced by Internet of Things (IOT) and Industrial Internet of Things (IIOT). This will increase more so with the rollout of 5G and increased automation "at the edge". Commercially, data will be moving to the cloud first, and then stored for process improvement analysis by end-users. As such, implementation of Secure Cloud Architectures is a must. This report provides some use cases and a description of a risk based approach to cloud data security. Clear understanding, adaptation, and implementation of a secure cloud framework will provide the military the means to make progress in becoming a smart military.

Read the Report

CSIAC Journal - Data-Centric Environment: Rise of Internet-Based Modern Warfare “iWar”

CSIAC Journal Cover Volume 7 Number 4

This journal addresses a collection of modern security concerns that range from social media attacks and internet-connected devices to a hypothetical defense strategy for private sector entities.

Read the Journal

CSIAC Journal M&S Special Edition - M&S Applied Across Broad Spectrum Defense and Federal Endeavors

CSIAC Journal Cover Volume 7 Number 3

This Special Edition of the CSIAC Journal highlights a broad array of modeling and simulation contributions – whether in training, testing, experimentation, research, engineering, or other endeavors.

Read the Journal

CSIAC Journal - Resilient Industrial Control Systems (ICS) & Cyber Physical Systems (CPS)

CSIAC Journal Cover Volume 7 Number 2

This edition of the CSIAC Journal focuses on the topic of cybersecurity of Cyber-Physical Systems (CPS), particularly those that make up Critical Infrastructure (CI).

Read the Journal

Recent Video Podcasts

  • Agile Condor: Supercomputing at the Edge for Intelligent Analytics Series: CSIAC Webinars
  • Securing the Supply Chain: A Hybrid Approach to Effective SCRM Policies and Procedures Series: The CSIAC Podcast
  • DoD Vulnerability Disclosure Program (VDP) Series: CSIAC Webinars
  • 5 Best Practices for a Secure Infrastructure Series: The CSIAC Podcast
  • Fifth Generation Cellular – A Discussion with Idaho National Laboratory on 5G – Part 4 Series: Fifth Generation Cellular
View all Podcasts

Upcoming Events

Sat 16

SANS Security East 2021

January 11 - January 16
Organizer: SANS Institute
Sat 16

SANS Cloud Defender 2021

January 11 - January 16
Organizer: SANS Institute
Mon 18

SANS Stay Sharp: Blue Team Operations 2021

January 18 - January 20
Organizer: SANS Institute
Mon 18

SANS Cyber Security Central: Jan 2021

January 18 - January 23
Organizer: SANS Institute
Tue 19

AI Champions, Online – Supply Chain

January 19 @ 14:00 - January 21 @ 15:30 EST
View all Events

Footer

CSIAC Products & Services

  • Free Technical Inquiry
  • Core Analysis Tasks (CATs)
  • Resources
  • Events Calendar
  • Frequently Asked Questions
  • Product Feedback Form

About CSIAC

The CSIAC is a DoD-sponsored Center of Excellence in the fields of Cybersecurity, Software Engineering, Modeling & Simulation, and Knowledge Management & Information Sharing.Learn More

Contact Us

Phone:800-214-7921
Email:info@csiac.org
Address:   266 Genesee St.
Utica, NY 13502
Send us a Message
US Department of Defense Logo USD(R&E) Logo DTIC Logo DoD IACs Logo

Copyright 2012-2021, Quanterion Solutions Incorporated

Sitemap | Privacy Policy | Terms of Use | Accessibility Information
Accessibility / Section 508 | FOIA | Link Disclaimer | No Fear Act | Policy Memoranda | Privacy, Security & Copyright | Recovery Act | USA.Gov

This website uses cookies to provide our services and to improve your experience. By using this site, you consent to the use of our cookies. To read more about the use of our site, please click "Read More". Otherwise, click "Dismiss" to hide this notice. Dismiss Read More
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled

Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.

Non-necessary

Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.