The Cybersecurity (CS) Digest is a curated bi-weekly news summary for cybersecurity professionals. It is transmitted in an HTML-formatted email and provides links to articles and news summaries across a spectrum of cybersecurity topics.

CSIAC ANNOUNCEMENTS:

NEW CSIAC Podcast – CS Digest Roundtable #3 - CSIAC

In this episode of the CSIAC Podcast, SMEs discuss Tricking Neural Networks, CIA Impersonation, International Data Privacy, and Encrypted Malware Detection.

In Case You Missed It: CSIAC Webinar – The Knowledge Temple - CSIAC

In this webinar, Neil Fitzpatrick, Senior Knowledge Manager at Quanterion Solutions Inc., uses the analogy of the construction of a Greek temple to identify the components and processes involved in the development of an efficient and effective organizational data to decision model.

RECENT HEADLINES:

Cyberwarfare:

Cyber-Espionage Group Returns With New Attacks After One Year - Bleeping Computer

A cyber-espionage group that has targeted Palestinian law enforcement last year is now back in action targeting Palestinian government officials.

New Fears Over Chinese Espionage Grip Washington - The Hill

Fresh concerns over Chinese espionage are gripping Washington as lawmakers fear Beijing is gaining sensitive details on U.S. technologies.

China Has Stolen Vast Amounts of Navy Submarine, Missile Data in Multiple Breaches from Contractor’s Servers - USNI

Chinese government-sponsored cyber thieves stole hundreds of gigabytes of data related to sensitive Navy undersea warfare programs from a government contractor earlier this year, a defense official familiar with details of the breach told USNI News on Friday.

Data Security:

Fitness app Polar Even Better at Revealing Secrets Than Strava - The Register

Online investigations outfit Bellingcat has found that fitness tracking kit-maker Polar reveals both the identity and daily activity of its users - including soldiers and spies.

Timehop Discloses July 4 Data Breach Affecting 21 Million - TechCrunch

Timehop has disclosed a security breach that has compromised the personal data (names and emails) of 21 million users (essentially its entire user base). Around a fifth of the affected users - or 4.7M - have also had a phone number that was attached to their account breached in the attack.

The Worst Cybersecurity Breaches of 2018 So Far - Wired

Looking back at the first six months of 2018, there haven't been as many government leaks and global ransomware attacks as there were by this time last year, but that's pretty much where the good news ends. Corporate security isn't getting better fast enough, critical infrastructure security hangs in the balance, and state-backed hackers from around the world are getting bolder and more sophisticated.

Legislation and Regulation:

Senate Panel Announces Hearing on Computer Chip Flaws - The Hill

The Senate Commerce, Science and Transportation Committee has scheduled a hearing later this month to examine two critical vulnerabilities affecting computer processing chips unveiled earlier this year.

Machine Learning and Artificial Intelligence:

Capture the Flag: the emergence of complex cooperative agents - Deep Mind

Mastering the strategy, tactical understanding, and team play involved in multiplayer video games represents a critical challenge for AI research. Now, through new developments in reinforcement learning, our agents have achieved human-level performance in Quake III Arena Capture the Flag, a complex multi-agent environment and one of the canonical 3D first-person multiplayer games. These agents demonstrate the ability to team up with both artificial agents and human players.

Scientists Invented AI Made From DNA - Motherboard

Last Wednesday, researchers at Caltech announced that they created an artificial neural network from synthetic DNA that is able to recognize numbers coded in molecules. It's a novel implementation of a classic machine learning test that demonstrates how the very building blocks of life can be harnessed as a computer.

General: Project Maven Is Just the Beginning of the Military’s Use of AI - Defense One

A top Air Force general said the military needs to expand its use of artificial intelligence - like that being used in the controversial Project Maven effort - if it wants to stay ahead of peer competitors and deter war.

Mobile Security:

DHS Aims to Turn Mobile Devices into No Phishing Zones - Defense One

Phishing attacks remain the bane of information security specialists and missions across government, and as they advance in sophistication, the Homeland Security Department is attempting to better protect against them.

FEEDBACK FROM PREVIOUS DIGEST:

Network Security:

New WPA3 Wi-Fi Standard Released - Bleeping Computer

On Monday, the Wi-Fi Alliance, the organization that manages Wi-Fi technologies, announced the official release of WPA3. WPA3 is the latest version of Wi-Fi Protected Access (WPA), a user authentication technology for Wi-Fi connections.

RECENT HEADLINES:

Software Security:

The Next Big Cyber-Attack Vector: APIs - Security Week

With cyber-attacks on enterprise networks becoming more sophisticated, organizations have stepped up perimeter security by investing in the latest firewall, data and endpoint protection, as well as intrusion prevention technologies. In response, hackers are moving to the path of least resistance and looking for new avenues to exploit. Many security experts believe the next wave of enterprise hacking will be carried out by exploiting Application Programming Interfaces (APIs).

Microsoft Blocks Embedding SettingContent-ms Files in Office 365 Docs - Bleeping Computer

Microsoft has updated the list of dangerous files it blocks inside Office 365 documents, and has added the ".SettingContent-ms" file format to that list.

Hackers Reportedly Stole 600 Gallons of Gas From Detroit Gas Station - Gizmodo

Police in Detroit are looking for two suspects who allegedly managed to hack a gas pump and steal over 600 gallons of gasoline, valued at about $1,800. The theft took place in the middle of the day and went on for about 90 minutes, with the gas station attendant unable to thwart the hackers.

CSIAC Supported Communities

CSIAC supports several communities of practice, such as the Cyber Community of Interest (COI) Group and research & development working groups.

Technical Resources, Policy and Guidance

This list of related sites provides additional sources to pursue the topic of Cybersecurity. The sites include Government organizations, including federal agencies, Department of Defense and military service agencies, commercial organizations, and academic institutions.

The CS Digest provides links to third party Websites. The CSIAC is not responsible for the availability of, and content provided on, third party Websites. You should refer to the policies posted by other Websites regarding their privacy and other topics before you use them. The CSIAC is not responsible for third party content accessible through the CSIAC CS Digest, including opinions, advice, statements, advertisements and endorsements, and you bear all risks associated with the use of such content.