The Cybersecurity (CS) Digest is a curated bi-weekly news summary for cybersecurity professionals. It is transmitted in an HTML-formatted email and provides links to articles and news summaries across a spectrum of cybersecurity topics.

RECENT HEADLINES:

Cyberwarfare:

China in Focus as Cyberattack Hits Millions of U.S. Federal Workers - Reuters

Hackers broke into U.S. government computers, possibly compromising the personal data of 4 million current and former federal employees, and investigators were probing whether the culprits were based in China.

US Says it Will Help Japan Defend Against Cyberattacks - The Verge

Countries express concern over 'growing level of sophistication' of cyber threats.

Congress: U.S. Military Highly Vulnerable to Cyber Attacks - Free Beacon

Defense Department 'should expect cyber attacks to be part of all conflicts in the future.'

Smart Computers for the Battlefield - GCN

Computers are more efficient than humans, especially when it comes to calculations, and humans can reason and adapt at lightning speed, a task still beyond most algorithms. But researchers are developing tools to improve man-machine interfaces - to the benefit of both.

Data Security:

Russian Crypto-Malware Encrypts Files Completely - Softpedia

The operators of a new piece of ransomware originating from Russia keep open a communication channel with victims for payment instructions, but this also means there's a possibility for bargaining.

Author of Locker Ransomware Apologizes, Releases Decryption Keys - Softpedia

In an unprecedented move, the author of a piece of ransomware with file encryption routines has released the database with the decryption keys for the data locked on the infected computers and issued an apology.

New Guidance Aims to Plug Peepholes in City Surveillance Systems - Next Gov

A Commerce Department standards body has released preliminary guidelines for masking the personal data of individuals captured by traffic sensors, speed cameras and other Internet-connected government systems.

‘MEDJACK’ Tactic Allows Cyber Criminals to Enter Healthcare Networks Undetected - SC Magazine

A report from TrapX found that a majority of organizations are vulnerable, if not already victim to MEDJACK, or "medical device hijack."

Total Cost of Average Data Breach Reaches $3.8 Million - Net-Security

The average consolidated total cost of a data breach is $3.8 million, according to a Ponemon Institute study of 350 companies spanning 11 countries.

Attackers Use Email Spam to Infect Point-of-Sale Terminals With New Malware - CSO Online

Cybercriminals are targeting employees who browse the Web or check their email from point-of-sale (PoS) computers, a risky but unfortunately common practice.

IRS Believes Massive Data Theft Originated in Russia - CNN

The IRS believes that a major cyber breach that allowed criminals to steal the tax returns of more than 100,000 people originated in Russia, two sources briefed on the data theft tell CNN.

Internet-of-Things:

IoT Devices Entering Enterprises, Opening Company Networks to Attacks - Net-Security

OpenDNS released The 2015 Internet of Things in the Enterprise Report, a worldwide data-driven security assessment of Internet of Things (IoT) devices and infrastructure found in businesses.
Tags: Internet of Things (IoT)

Legislation and Regulation:

Congress’ Passage of NSA Bill Will Rein in Surveillance, a First Since Sept. 11 - LA Times

Congress gave final approval Tuesday to the most sweeping rollback of government surveillance powers in the post-Sept. 11 era, clearing the way for a new program that bans the National Security Agency from collecting and storing Americans' telephone dialing records.

Network Security:

Researchers Find Over 50 Security Flaws in D-Link NAS, NVR Devices - Security Week

Search-Lab, a Hungary-based security testing company that specializes in embedded systems, has identified more than 50 vulnerabilities in network-attached storage (NAS) and network video recorder (NVR) products from D-Link.
Tags: Embedded Systems

New Linux-Based Router Worm Used in Social Network Scheme - Security Week

Researchers at ESET are shining the light on a new piece of malware compromising routers in a scheme to take fraudulent actions on social networks.

Private Sector:

Small, Mid-Sized Businesses Hit by 62% of All Cyberattacks - Property Casualty 360

Timothy Francis, enterprise lead for Cyber insurance, noted that although most of the cyber breaches that make the headlines are from large, national companies, the smaller breaches of local companies are far greater in number.

Quantum Computing:

Protocol Corrects Virtually all Errors in Quantum Memory, but Requires Little Measure of Quantum States - Phys

A new quantum error correcting code requires measurements of only a few quantum bits at a time, to ensure consistency between one stage of a computation and the next.

Software Security:

Apple Vulnerability Could Allow Firmware Modifications - Network World

A zero-day software vulnerability in the firmware of older Apple computers could be used to slip hard-to-remove malware onto a computer, according to a security researcher.

IRS Failed to Upgrade Security Ahead of Cyberattack - Fox News

The IRS failed to implement dozens of security upgrades to its computer systems, some of which could have made it more difficult for hackers to use an IRS website to steal tax information from 104,000 taxpayers.

Threat Intelligence Platforms: The Next “Must-Have” For Harried Security Operations Teams - Dark Reading

New category of technology promises to aggregate all threat intelligence feeds and help security teams find the attacks that could cause the most damage.

The CS Digest provides links to third party Websites. The CSIAC is not responsible for the availability of, and content provided on, third party Websites. You should refer to the policies posted by other Websites regarding their privacy and other topics before you use them. The CSIAC is not responsible for third party content accessible through the CSIAC CS Digest, including opinions, advice, statements, advertisements and endorsements, and you bear all risks associated with the use of such content.