The Cybersecurity (CS) Digest is a curated bi-weekly news summary for cybersecurity professionals. It is transmitted in an HTML-formatted email and provides links to articles and news summaries across a spectrum of cybersecurity topics.
As the threat of cyberattacks on the United States launched by foreign adversaries grows, the federal government has been slow to respond. But changes announced Tuesday at the Department of Homeland Security, along with a new bipartisan bill aimed at shoring up DHS cybersecurity initiatives, could give newfound purpose to defenses against critical infrastructure hacking.
Security analysts have discovered a new hacking group that has been successful in breaching networks of electric utilities in the United States.
The U.S. government, realizing that a cyberattack on energy utilities would have major repercussions for businesses and citizens alike, this November will test the ability of the nation's power grid to bounce back from a simultaneous cyberattack on electric, oil and natural gas infrastructure.
Hackers working for Russia were able to gain access to the control rooms of US electric utilities last year, allowing them to cause blackouts, federal officials tell the Wall Street Journal.
When Russian hackers targeted the staff of Sen. Claire McCaskill, D-Mo., they took aim at maybe the most vulnerable sector of U.S. elections: campaigns.
State Govts. Warned of Malware-Laden CD Sent Via Snail Mail from China - KrebsOnSecurity
Here's a timely reminder that email isn't the only vector for phishing attacks: Several U.S. state and local government agencies have reported receiving strange letters via snail mail that include malware-laden compact discs (CDs) apparently sent from China, KrebsOnSecurity has learned.
Microsoft AccountGuard Service Offers Protection for Political and Election Orgs - Bleeping Computer
Microsoft has launched a pilot program aimed at providing cybersecurity protection for political campaigns and election authorities.
Massive Malvertising Campaign Discovered Attempting 40,000 Infections per Week - Bleeping Computer
A massive malvertising campaign has been exposed today in a report published by cybersecurity firm Check Point. Researchers believe the operators of this malvertising campaign have cozied up to an ad network and ad resellers in order to make sure their hijacked traffic reaches preferred bad actors, who then redirect victims to tech support scams or exploit kits that infect them with ransomware, banking trojans, or others.
Reddit has admitted it suffered a breach that saw hackers make off with some users' current email addresses and a database containing older accounts.
Researchers have discovered a new variant of Spectre, a set of processor vulnerabilities dating back two decades, which they now say can remotely steal data from vulnerable systems.
Many Bluetooth Implementations and OS Drivers Affected by Crypto Bug - Bleeping Computer
A cryptographic bug affects the Bluetooth implementations and operating system drivers of Apple, Broadcom, Intel, Qualcomm, and possibly other hardware vendors.
Looking back at the first six months of 2018, there haven't been as many government leaks and global ransomware attacks as there were by this time last year, but that's pretty much where the good news ends. Corporate security isn't getting better fast enough, critical infrastructure security hangs in the balance, and state-backed hackers from around the world are getting bolder and more sophisticated.
KickICO Platform Loses $7.7 Million in Recent Hack - Bleeping Computer
On Friday, ICO platform KickICO acknowledged a security breach during which an unknown attacker (or attackers) stole over 70 million KICK tokens ($7.7 million at the time of the hack) from the platform's wallets.
The U.S. Congress is sending President Donald Trump legislation that would force technology companies to disclose if they allowed countries like China and Russia to examine the inner workings of software sold to the U.S. military.
Taiwan Semiconductor Manufacturing Co. blamed a variant of the 2017 WannaCry ransomware for the unprecedented shutdown of several plants, as it ramps up chipmaking for Apple Inc.'s next iPhones.
The Pentagon is working on a software "do not buy" list to block vendors who use software code originating from Russia and China, a top Defense Department acquisitions official said on Friday.
The Department of Defense says it has a plan to make sure that all of its public-facing websites are configured in a way that doesn't put the security of their visitors at risk.
The Department of Homeland Security will hold an August industry day focused on public/private collaboration for cybersecurity defense.
CSIAC supports several communities of practice, such as the Cyber Community of Interest (COI) Group and research & development working groups.
This list of related sites provides additional sources to pursue the topic of Cybersecurity. The sites include Government organizations, including federal agencies, Department of Defense and military service agencies, commercial organizations, and academic institutions.
The CS Digest provides links to third party Websites. The CSIAC is not responsible for the availability of, and content provided on, third party Websites. You should refer to the policies posted by other Websites regarding their privacy and other topics before you use them. The CSIAC is not responsible for third party content accessible through the CSIAC CS Digest, including opinions, advice, statements, advertisements and endorsements, and you bear all risks associated with the use of such content.