The Cybersecurity (CS) Digest is a curated bi-weekly news summary for cybersecurity professionals. It is transmitted in an HTML-formatted email and provides links to articles and news summaries across a spectrum of cybersecurity topics.
Data Privacy Day – January 28 - CSIAC
CSIAC proudly joins the NCSA and numerous of other organizations in celebrating Data Privacy Day. CSIAC acknowledges the Internet touches all aspects of everyone's daily life and we understand there are many unknown variables on how to stay safe and secure online. Which is why we're so excited to announce we are launching a series of resources during January to help raise privacy awareness. During the entire month of January, you will have the chance to participate in and receive a variety of resources to help you better understand data privacy and the simple steps you can take to protect yourself, your family and your organization. Our goal is to enable you to make the most of today's technology in a safer and more secure environment.
GDPR and Data Localization: The Significant (and Often Unforeseen) Impact on the Cloud - SC Magazine
The EU's General Data Protection Regulations (GDPR) – enforceable on May 18 next year – are proving to be a huge challenge with many twists and turns. One of the most significant parts in the law is data localization. Data localization refers to laws requiring certain customer data to remain within the borders of a particular region or country.
Recently, 32 Air Force installations and representatives from Headquarters Air Force took part in the two-day national Grid Security Exercise IV, or GridEx IV, to simulate a coordinated response to cyber and physical security threats to North America's electricity grid and other critical infrastructure.
Naval Dome Exposes Vessel Vulnerabilities to Cyber Attack - Sea Trade-Maritime
More onboard cyber vulnerability has been revealed, with maritime cyber defence firm Naval Dome demonstrating yet more ways hackers can compromise ship safety.
An easily-exploitable security flaw was found in the wireless video bridge that ships with DirecTV, which lets laptops, tablets, and phones connect with the main Genie digital video recorder. Because the wireless video bridge, manufactured by Linksys, isn't protected by a login page, anyone with access to the device could obtain sensitive information about the device.
Meltdown and Spectre: Vulnerabilities in Modern Computers Leak Passwords and Sensitive Data. - Meltdown Attack
Meltdown and Spectre exploit critical vulnerabilities in modern processors. These hardware vulnerabilities allow programs to steal data which is currently processed on the computer. A malicious program can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs.
The severe design flaw in Intel microprocessors that allows sensitive data, such as passwords and crypto-keys, to be stolen from memory is real – and its details have been revealed.
Three More WordPress Plugins Found Hiding a Backdoor - Bleeping Computer
The massive size of the WordPress plugins ecosystem is starting to show signs of rot, as yet another incident has been reported involving the sale of old abandoned plugins to new authors who immediately proceed to add a backdoor to the original code.
Romanian hackers took over D.C. surveillance cameras just before presidential inauguration, federal prosecutors say - The Washington Post
Romanian hackers took over two-thirds of the District’s outdoor surveillance cameras just before President Trump’s inauguration, according to a federal criminal complaint unsealed Thursday.
Now NIST has incorporated these viewpoints into a second draft for Version 1.1 of its Framework. It's done so in the interest of meeting the demands of those that use the document to stay on top of the latest digital threats. The updates NIST made in Version 1.1 of its Framework (PDF) boil down to five major revisions.
As cyberattacks become more refined, they will start mimicking our online traits. This will lead to a battle of the machines.
After less than eight months of development, the algorithms are helping intel analysts exploit drone video over the battlefield.
Scientists from Kyoto developed new techniques of "decoding" thoughts using deep neural networks (artificial intelligence). The new technique allows the scientists to decode more sophisticated "hierarchical" images, which have multiple layers of color and structure, like a picture of a bird or a man wearing a cowboy hat, for example.
Quantum Computers Barely Exist – Here’s Why We’re Writing Languages for Them Anyway - Technology Review
The most recent one comes from Microsoft, which has unveiled Q# (pronounced Q sharp) and some associated tools to help developers use it to create software. It joins a growing list of other high-level quantum programming languages such as QCL and Quipper. But given that practically nobody has a quantum computer, what's the point?
An Amazon Web Services (AWS) S3 cloud storage bucket containing information from data analytics firm Alteryx has been found publicly exposed, comprising the personal information of 123 million US households.
The Pentagon will delay a Jan. 1 deadline for all of its suppliers to meet a set of new regulations largely designed to better protect sensitive military data and weapon blueprints.
Hackers likely working for a nation-state recently invaded the safety system of a critical infrastructure facility in a watershed attack that halted plant operations, according to cyber investigators and the firm whose software was targeted.
CSIAC supports several communities of practice, such as the Cyber Community of Interest (COI) Group and research & development working groups.
This list of related sites provides additional sources to pursue the topic of Cybersecurity. The sites include Government organizations, including federal agencies, Department of Defense and military service agencies, commercial organizations, and academic institutions.
The CS Digest provides links to third party Websites. The CSIAC is not responsible for the availability of, and content provided on, third party Websites. You should refer to the policies posted by other Websites regarding their privacy and other topics before you use them. The CSIAC is not responsible for third party content accessible through the CSIAC CS Digest, including opinions, advice, statements, advertisements and endorsements, and you bear all risks associated with the use of such content.