The Cybersecurity (CS) Digest is a curated bi-weekly news summary for cybersecurity professionals. It is transmitted in an HTML-formatted email and provides links to articles and news summaries across a spectrum of cybersecurity topics.

CSIAC ANNOUNCEMENTS:

Data Privacy Day – January 28 - CSIAC

CSIAC proudly joins the NCSA and numerous of other organizations in celebrating Data Privacy Day. CSIAC acknowledges the Internet touches all aspects of everyone's daily life and we understand there are many unknown variables on how to stay safe and secure online. Which is why we're so excited to announce we are launching a series of resources during January to help raise privacy awareness. During the entire month of January, you will have the chance to participate in and receive a variety of resources to help you better understand data privacy and the simple steps you can take to protect yourself, your family and your organization. Our goal is to enable you to make the most of today's technology in a safer and more secure environment.

RECENT HEADLINES:

Cloud Computing:

GDPR and Data Localization: The Significant (and Often Unforeseen) Impact on the Cloud - SC Magazine

The EU's General Data Protection Regulations (GDPR) – enforceable on May 18 next year – are proving to be a huge challenge with many twists and turns. One of the most significant parts in the law is data localization. Data localization refers to laws requiring certain customer data to remain within the borders of a particular region or country.
Tags: Cloud Infrastructure, Data Localization, General Data Protection Regulation (GDPR)

Critical Infrastructure:

AF Installation Cyberattack Plans Tested During National Grid Exercise - Air Force

Recently, 32 Air Force installations and representatives from Headquarters Air Force took part in the two-day national Grid Security Exercise IV, or GridEx IV, to simulate a coordinated response to cyber and physical security threats to North America's electricity grid and other critical infrastructure.

Hackers Halt Plant Operations in Watershed Cyber Attack - Reuters

Hackers likely working for a nation-state recently invaded the safety system of a critical infrastructure facility in a watershed attack that halted plant operations, according to cyber investigators and the firm whose software was targeted.

Cyberwarfare:

Naval Dome Exposes Vessel Vulnerabilities to Cyber Attack - Sea Trade-Maritime

More onboard cyber vulnerability has been revealed, with maritime cyber defence firm Naval Dome demonstrating yet more ways hackers can compromise ship safety.

Data Security:

Security Researcher Says DirecTV Hardware Can Be Easily Hacked - Zdnet

An easily-exploitable security flaw was found in the wireless video bridge that ships with DirecTV, which lets laptops, tablets, and phones connect with the main Genie digital video recorder. Because the wireless video bridge, manufactured by Linksys, isn't protected by a login page, anyone with access to the device could obtain sensitive information about the device.

Meltdown and Spectre: Vulnerabilities in Modern Computers Leak Passwords and Sensitive Data. - Meltdown Attack

Meltdown and Spectre exploit critical vulnerabilities in modern processors. These hardware vulnerabilities allow programs to steal data which is currently processed on the computer. A malicious program can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs.

Meltdown, Spectre: The password Theft Bugs at the Heart of Intel CPUs - The Register

The severe design flaw in Intel microprocessors that allows sensitive data, such as passwords and crypto-keys, to be stolen from memory is real – and its details have been revealed.

Three More WordPress Plugins Found Hiding a Backdoor - Bleeping Computer

The massive size of the WordPress plugins ecosystem is starting to show signs of rot, as yet another incident has been reported involving the sale of old abandoned plugins to new authors who immediately proceed to add a backdoor to the original code.
Tags: Cyber Supply Chain

Home Economics: How Life in 123 Million American Households Was Exposed Online - UpGaurd

An Amazon Web Services (AWS) S3 cloud storage bucket containing information from data analytics firm Alteryx has been found publicly exposed, comprising the personal information of 123 million US households.

Internet-of-Things:

Romanian hackers took over D.C. surveillance cameras just before presidential inauguration, federal prosecutors say - The Washington Post

Romanian hackers took over two-thirds of the District’s outdoor surveillance cameras just before President Trump’s inauguration, according to a federal criminal complaint unsealed Thursday.

Legislation and Regulation:

5 Key Updates to Version 1.1 Draft 2 of NIST’s Cybersecurity Framework - Tripwire

Now NIST has incorporated these viewpoints into a second draft for Version 1.1 of its Framework. It's done so in the interest of meeting the demands of those that use the document to stay on top of the latest digital threats. The updates NIST made in Version 1.1 of its Framework (PDF) boil down to five major revisions.

Pentagon Delays Deadline For Military Suppliers to Meet Cybersecurity Rules - Defense One

The Pentagon will delay a Jan. 1 deadline for all of its suppliers to meet a set of new regulations largely designed to better protect sensitive military data and weapon blueprints.

Machine Learning and Artificial Intelligence:

AI cyberattacks will be almost impossible for humans to stop - Wired

As cyberattacks become more refined, they will start mimicking our online traits. This will lead to a battle of the machines.
Tags: Artificial Intelligence (AI)

The Pentagon’s New Artificial Intelligence Is Already Hunting Terrorists - Nextgov

After less than eight months of development, the algorithms are helping intel analysts exploit drone video over the battlefield.
Tags: Artificial Intelligence (AI)

Japanese Scientists Just Used AI to Read Minds and it’s Amazing - CNBC

Scientists from Kyoto developed new techniques of "decoding" thoughts using deep neural networks (artificial intelligence). The new technique allows the scientists to decode more sophisticated "hierarchical" images, which have multiple layers of color and structure, like a picture of a bird or a man wearing a cowboy hat, for example.

Quantum Computing:

Quantum Computers Barely Exist – Here’s Why We’re Writing Languages for Them Anyway - Technology Review

The most recent one comes from Microsoft, which has unveiled Q# (pronounced Q sharp) and some associated tools to help developers use it to create software. It joins a growing list of other high-level quantum programming languages such as QCL and Quipper. But given that practically nobody has a quantum computer, what's the point?

CSIAC Supported Communities

CSIAC supports several communities of practice, such as the Cyber Community of Interest (COI) Group and research & development working groups.

Technical Resources, Policy and Guidance

This list of related sites provides additional sources to pursue the topic of Cybersecurity. The sites include Government organizations, including federal agencies, Department of Defense and military service agencies, commercial organizations, and academic institutions.

The CS Digest provides links to third party Websites. The CSIAC is not responsible for the availability of, and content provided on, third party Websites. You should refer to the policies posted by other Websites regarding their privacy and other topics before you use them. The CSIAC is not responsible for third party content accessible through the CSIAC CS Digest, including opinions, advice, statements, advertisements and endorsements, and you bear all risks associated with the use of such content.