The Cybersecurity (CS) Digest is a curated bi-weekly news summary for cybersecurity professionals. It is transmitted in an HTML-formatted email and provides links to articles and news summaries across a spectrum of cybersecurity topics.

CSIAC ANNOUNCEMENTS:

Updated DoD Cybersecurity Policy Chart – 08 Jan 2019 - CSIAC

The goal of the DoD Cybersecurity Policy Chart is to capture the tremendous breadth of applicable policies, some of which many cybersecurity professionals may not even be aware, in a helpful organizational scheme. The use of color, fonts and hyperlinks are all designed to provide additional assistance to cybersecurity professionals navigating their way through policy issues in order to defend their networks, systems and data.

In Case You Missed it: CSIAC Webinar – Cybersecurity Arms Race – Modernizing the Arsenal - CSIAC

Cyber Security Ventures, the world's largest research firm on cyber crime, estimates that cyber crime will be a $6T business by 2021. That is more than the economy of the United Kingdom. This presentation reviews the history of computer viruses and the corresponding cyber defenses employed. It is the gap between the technologies used to infect vs the technologies we employ to protect that is driving rampant criminal activity. Lastly, the presentation will review solutions out of this predicament.
Tags: Computer Virus, Cyber Crime, Cyber Defense

NEW CSIAC Podcast – 5th Generation (5G) Technology - CSIAC

The 5th generation (5G) of wireless technology will soon be available with the launching of 5G wireless networks along with compatible cellular technologies. 5G is built on the 802.11ac Institute of Electrical and Electronics Engineers (IEEE) wireless networking standard. Speeds are anywhere from 10x to 100x faster than 4G. CSIAC discusses this further along with the impacts of IoT and mobile devices that 5G will or may cause.

Recently Released CSIAC Podcast – Malvertising Explored - CSIAC

Malvertising is a malicious form of online advertisement used to inject malware into legitimate online advertising networks and webpages. Advertisements are produced with significant effort to attract users and sell or advertise a product, which makes for a prime platform for spreading malware. Malvertising can exist even on the most popular and reputable websites without directly compromising them.

RECENT HEADLINES:

HHS Releases Cyber Guides for Healthcare Orgs - FCW

The Department of Health and Human Services rolled out new guidance to protect organizations in the health care sector from cyberattacks.
Tags: Cybersecurity in Healthcare, Cybersecurity Training

Automated System Bypasses Google reCAPTCHA Again - Security Week

The unCaptcha automated system can once again bypass Google's reCAPTCHA challenges, despite major updates to the security service.
Tags: Autonomy and Autonomous Systems, Google reCAPTCHA

Privacy International Hits Out at Unconsented Facebook Tracking Within Apps - ZDNet

Popular apps like Kayak and Duolingo are firing off users' Google ad IDs to Facebook the moment apps are launched.
Tags: API, Data Privacy, Facebook

Four Big Questions for Cybersecurity in 2019 - Fifth Domain

How will cybersecurity experts remember 2018? In the past year, the Trump administration announced it would take more offensive hacking operations against foreign countries, the Department of Justice announced sweeping indictments against Chinese hackers and the U.S. intelligence community reported that foreign countries continued to interfere in American elections. So what comes next?
Tags: Cyber Operations, Cyberwarfare

Most Concerning Security Controls for Cyberattackers? Deception and IDS - HelpNetSecurity

Attivo Networks surveyed more than 450 cybersecurity professionals and executives globally to gain insights into detection trends, top threat concerns, attack surface concerns, and what's on their 2019 security wish list.
Tags: Cyber Deception, Intrusion Detection

Next Generation Tools: Deception Networks - SC Magazine

There have been several predictions as to where adversary hacking is headed in the foreseeable future. Virtually all credible predictions have one thing in common: emerging attacks will be intelligent. In simple terms that means that these attacks will have the ability to make decisions and, to some extent, control their own actions without the support of a bot herder or other human control entity. Some analysts believe that, because this new generation of malcode operates at machine speed, it will be virtually impossible for humans to react fast enough to have any impact on the attack.
Tags: Autonomous, Cyber Deception, Trickbot

Why Older Satellites Present a Cyber Risk - Fifth Domain

The most cost-effective and simplistic cyberattack in space, one with the intent to bring down a targeted satellite, is likely to use an older satellite now viewed as space junk that still has fuel and can respond to communications. Hackers could then use that satellite to ram or force targeted space assets out of orbit. The benefits for the attacker are numerous.
Tags: cyberattack

How BMC and UEFI can be Exploited to Brick Servers and Take Down Your Data Center - Tech Republic

Out-of-band management systems can be a weak link to securing your data center. Here's how a debug utility can be leveraged to brick your systems.
Tags: BMC, UEFI

Siren Bot Uses 10 Methods to Send DoS Attacks - SC Magazine

Zscaler ThreatLabZ researchers identified a new DoS bot family named Siren that uses 10 different DoS methods to carry out attacks.
Tags: Command and Control (C2), Denial-of-Service Attacks

FEEDBACK FROM PREVIOUS DIGEST:

Most Popular:

Is There Such a Thing as Too Much Supply Chain Cybersecurity? - Fifth Domain

The military supply chain is vast, multifaceted, and riddled with potential cyber vulnerabilities.

This Million-core Supercomputer Inspired by the Human Brain Breaks all the Rules - ZDNet

SpiNNaker's spiking neural network mimics the human brain, and could fuel breakthroughs in robotics and health.

The Rise of Self-Concealing Steganography - Bank Info Security

Steganography is the practice of hiding messages or information in plain sight, especially inside other data or images. And a new toolset, which debuted earlier this month at the Black Hat Europe conference in London, suggests steganography is going to get much more difficult to spot

CSIAC Supported Communities

CSIAC supports several communities of practice, such as the Cyber Community of Interest (COI) Group and research & development working groups.

Technical Resources, Policy and Guidance

This list of related sites provides additional sources to pursue the topic of Cybersecurity. The sites include Government organizations, including federal agencies, Department of Defense and military service agencies, commercial organizations, and academic institutions.

The CS Digest provides links to third party Websites. The CSIAC is not responsible for the availability of, and content provided on, third party Websites. You should refer to the policies posted by other Websites regarding their privacy and other topics before you use them. The CSIAC is not responsible for third party content accessible through the CSIAC CS Digest, including opinions, advice, statements, advertisements and endorsements, and you bear all risks associated with the use of such content.