The Cybersecurity (CS) Digest is a curated bi-weekly news summary for cybersecurity professionals. It is transmitted in an HTML-formatted email and provides links to articles and news summaries across a spectrum of cybersecurity topics.

CSIAC ANNOUNCEMENTS:

In Case You Missed It: CSIAC Webinar – STIR SHAKE’N SIP to Stop Robocalling - CSIAC

In this webinar Daksha Bhasker will provide an overview of the problem at hand, walk through the STIR/SHAKEN architecture, its components, and discuss security architecture considerations that will bolster the implementation. As international regulatory bodies move towards driving security measures against robocalling, this webinar will enable security professionals partner with voice engineering and operations teams where implementation maybe upcoming, be able to partner and support work underway by their telephony providers and be able to ask their suppliers and vendors pertinent security questions that will enable secure architectures and implementation of STIR/SHAKEN.
Tags: Robocall, STIR/SHAKEN Architecture

RECENT HEADLINES:

Inside the West’s Failed Fight Against China’s ‘Cloud Hopper’ Hackers - Reuters

Eight of the world's biggest technology service providers were hacked by Chinese cyber spies in an elaborate and years-long invasion, Reuters found. The invasion exploited weaknesses in those companies, their customers, and the Western system of technological defense.
Tags: Cyberwarfare, Navy Contractors

FBI, ICE Plunder DMV Driver Database ‘Gold Mine’ for Facial Recognition Scans - ZDNet

The Federal Bureau of Investigation (FBI) and Immigration and Customs Enforcement (ICE) are exploiting state DMV records for facial recognition data without the knowledge or permission of drivers.
Tags: Artificial Intelligence (AI), Facial Recognition, Machine Learning (ML)

Coast Guard Calls for Ships to Update Their Systems After Malware Attack - The Hill

The U.S. Coast Guard recommended on Monday that ships update their cybersecurity in the wake of a malware attack on a "deep draft vessel" in February that "significantly degraded" its computer system.
Tags: Coast Guard, Deep Draft Vessel, Malware

Mac Malware Pushed via Google Search Results, Masquerades as Flash Installer - Threat Post

A new malware is targeting Macs with new tactics to sniff out antivirus and virtual machines.
Tags: Google Search, Mac OS, Trojan

British Airways Hit With 183M Pound GDPR Fine – Could Your Business Be Next? - Tech Republic

British Airways is facing a 183.39 million Pound (about $229.72 million USD) fine for failure to comply with the EU's General Data Protection Regulation (GDPR) - the largest such fine levied so far.
Tags: British Airways, Data Privacy, General Data Protection Regulation (GDPR)

Amazon Confirms It Keeps Alexa Transcripts You Can’t Delete - Gizmodo

Next time you use Amazon Alexa to message a friend or order a pizza, know that the record could be stored indefinitely, even if you ask to delete it.
Tags: Amazon Alexa, Data Privacy

DOD’s Artificial Intelligence Center Wants Pitches From Industry This Fall - Fedscoop

The Department of Defense's Joint Artificial Intelligence Center will take pitches on a range of cybersecurity and AI-related initiatives from select private sector companies in the coming months.
Tags: Artificial Intelligence (AI), Department of Defense

More Than 1,000 Android Apps Harvest Data Even After You Deny Permissions - CNET

The apps gather information such as location, even after owners explicitly say no. Google says a fix won't come until Android Q.
Tags: Data Privacy, Mobile Security

OMB Issues Guidance on NARA’s Transition to Electronic Record Keeping - Fedscoop

The National Archives and Records Administration (NARA) is set to stop accepting paper-based records at the end of 2022, and the White House Office of Management and Budget has a new guidance out to help agencies meet this deadline.
Tags: Guidance, NARA, OMB

Microsoft to Require Multi-Factor Authentication for Cloud Solution Providers - KrebsonSecurity

It might be difficult to fathom how this isn't already mandatory, but Microsoft Corp. says it will soon force all Cloud Solution Providers (CSPs) that help companies manage their Office365 accounts to use multi-factor authentication. The move comes amid a noticeable uptick in phishing and malware attacks targeting CSP employees and contractors.
Tags: Microsoft Azure, Multifactor Authentication

Microsoft Issues Warning For 50M Windows 10 Users - Forbes

Windows 10 continues to be a danger zone. Not only have problems been piling up in recent weeks, Microsoft has also been worryingly deceptive about the operation of key services. And now the company has warned millions about another problem.
Tags: Microsoft, VPN, WIndows 10

US Cyber Command Issues Alert About Hackers Exploiting Outlook Vulnerability - ZDNet

US Cyber Command has issued an alert via Twitter today about threat actors abusing an Outlook vulnerability to plant malware on government networks.
Tags: Microsoft, Outlook, US Cyber Command

CSIAC Supported Communities

CSIAC supports several communities of practice, such as the Cyber Community of Interest (COI) Group and research & development working groups.

Technical Resources, Policy and Guidance

This list of related sites provides additional sources to pursue the topic of Cybersecurity. The sites include Government organizations, including federal agencies, Department of Defense and military service agencies, commercial organizations, and academic institutions.

The CS Digest provides links to third party Websites. The CSIAC is not responsible for the availability of, and content provided on, third party Websites. You should refer to the policies posted by other Websites regarding their privacy and other topics before you use them. The CSIAC is not responsible for third party content accessible through the CSIAC CS Digest, including opinions, advice, statements, advertisements and endorsements, and you bear all risks associated with the use of such content.