The Cybersecurity (CS) Digest is a curated bi-weekly news summary for cybersecurity professionals. It is transmitted in an HTML-formatted email and provides links to articles and news summaries across a spectrum of cybersecurity topics.
The identities of a group of American technical experts who have provided assistance to covert operations by the US government overseas have been compromised as the result of cross-referencing of data from the Office of Personnel Management (OPM) and other recent data breaches, according a Los Angeles Timesreport.
Junaid Hussain, the leader of the Islamic State Hacking Division, was killed on Tuesday in a drone strike conducted by the US military, as the Wall Street Journal has reported.
The Obama administration is drafting an unprecedented series of economic sanctions designed to punish China for its persistent hacks on U.S. networks, according to The Washington Post.
More ATM “Insert Skimmer” Innovations - Krebs on Security
ATM fraud experts say they continue to see criminal innovations with "insert skimmers," wafer-thin data theft devices that fit inside the ATM's card acceptance slot and do not alter the outward appearance of a compromised cash machine.
A report by Wombat Security Technologies shows that an average-sized organization can lose up to $3.77 million / Euro 3.34 million per year due to phishing attacks.
By the end of February 2016, you'll have seen the last of RC4 encryption in browsers like Chrome, Firefox, Internet Explorer, and Edge, their parent companies have announced.
Dyre Trojan Uses Semi-Random File Names to Evade Detection - Security Week
The creators of the notorious Dyre banking Trojan have started using some new techniques to make the malware more difficult to detect and remove.
81% of Healthcare Organizations Have Been Compromised - Net-Security
Eighty-one percent of health care executives say that their organizations have been compromised by at least one malware, botnet, or other cyber-attack during the past two years, and only half feel that they are adequately prepared in preventing attacks, according to KPMG.
Researchers Uncover New Italian RAT uWarrior - Threat Post
Details have come to light about a new remote access Trojan called uWarrior that arrives embedded in a rigged .RTF document.
Fake Recruiters on LinkedIn are Targeting Infosec Pros - Net-Security
"There's a group of fake recruiters on LinkedIn mapping infosec people's networks. Not sure what their goal is yet, just a heads-up to others," Yonathan Klijnsma, a threat intelligence analyst working at Dutch infosec firm Fox-IT, warned via his Twitter account.
New Zeus Variant “Sphinx” Offered for Sale - Security Week
Sphinx, a new banking Trojan based on the source code of the notorious Zeus malware, is up for sale for $500.
A massive uptick in malvertising has taken place over the last few years and is becoming so popular that it may become the top technique used for drive by attacks, according to Cyphort Labs' The Rise of Malvertising report.
The Justice Department said Thursday it will require it's law-enforcement agents to get a warrant before using technology that tracks the location of cell phone users by posing as cell phone towers.
A new variant of mobile ransomware that encrypts the content of Android smartphones is putting a new spin on both how it communicates with its masters and how it spurs its victims into action.
Mobile Gambling Apps Expose Enterprise Data - Security Week
The number of gambling applications installed on mobile devices used in corporate environments is on the rise, which creates an increasingly favorable environment for data theft and other types of cyberattacks, a recent report from enterprise security company Veracode shows.
‘KeyRaider’ iOS Malware Targets Jailbroken Devices - Computer World
Credentials for more than 225,000 Apple accounts have been stolen by sophisticated malware that targets modified iOS devices, according to Palo Alto Networks.
An application available in the Google Play store until yesterday took advantage for months of a flaw in the TeamViewer remote support tool for Android to enable screen recording on older devices.
FireEye has revealed a security flaw in Apple iOS devices that could allow malicious applications to remain open for an unlimited time while remaining hidden from unsuspecting users.
CERT Warns of Slew of Bugs in Belkin N600 Routers - Threat Post
The CERT/CC is warning users that some Belkin home routers contain a number of vulnerabilities that could allow an attacker to spoof DNS responses, intercept credentials sent in cleartext, access the web management interface, and take other actions on vulnerable routers.
Moxa Patches Flaws in Industrial Ethernet Switches - Security Week
Researchers have uncovered several serious vulnerabilities in industrial ethernet switches developed by Moxa, a Taiwan-based provider of industrial networking, computing and automation solutions.
CERT Warns of Hard-Coded Credentials in DSL SOHO Routers - Threat Post
DSL routers from a number of manufacturers contain hard-coded credentials that could allow a hacker to access the devices via telnet services and remotely control them.
DoD Implements Stricter Cyber Incident Oversights, Cloud Computing Guidelines - Fierce Government IT
The Defense Department Wednesday initiated two sets of policies to enforce stricter guidelines when dealing with about 10,000 contractors the department trusts with offsite cyber information.
The Cyber COI engages in multiple activities and forums for coordinating cyber S&T strategies, sharing innovative ideas and technical approaches, promoting technology transfer and upcoming business opportunities, and in jointly planning programs across the Department of Defense and other government agencies. Membership is based upon approval by the Cyber COI group administrator.
The CS Digest provides links to third party Websites. The CSIAC is not responsible for the availability of, and content provided on, third party Websites. You should refer to the policies posted by other Websites regarding their privacy and other topics before you use them. The CSIAC is not responsible for third party content accessible through the CSIAC CS Digest, including opinions, advice, statements, advertisements and endorsements, and you bear all risks associated with the use of such content.