• Home
  • Resources
    • Find Resources by Topic Tags
    • Cybersecurity Policy Chart
    • CSIAC Reports
    • Webinars
    • Podcasts
    • Cybersecurity Digest
    • Standards & Reference Docs
    • Journals
    • Certifications
    • Acronym DB
    • Cybersecurity Related Websites
  • Services
    • Free Technical Inquiry
    • Core Analysis Task (CAT) Program
    • Subject Matter Expert (SME) Network
    • Training
    • Contact Us
  • Community
    • Upcoming Events
    • Cybersecurity
    • Modeling & Simulation
    • Knowledge Management
    • Software Engineering
  • About
    • About the CSIAC
    • The CSIAC Team
    • Subject Matter Expert (SME) Support
    • DTIC’s IAC Program
    • DTIC’s R&E Gateway
    • DTIC STI Program
    • FAQs
  • Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
Login / Register

CSIAC

Cyber Security and Information Systems Information Analysis Center

  • Resources
    • Find Resources by Topic Tags
    • Cybersecurity Policy Chart
    • CSIAC Reports
    • Webinars
    • Podcasts
    • Cybersecurity Digest
    • Standards & Reference Docs
    • Journals
    • Certifications
    • Acronym DB
    • Cybersecurity Websites
  • Services
    • Free Technical Inquiry
    • Core Analysis Task (CAT) Program
    • Subject Matter Expert (SME) Network
    • Training
    • Contact
  • Community
    • Upcoming Events
    • Cybersecurity
    • Modeling & Simulation
    • Knowledge Management
    • Software Engineering
  • About
    • About the CSIAC
    • The CSIAC Team
    • Subject Matter Expert (SME) Support
    • DTIC’s IAC Program
    • DTIC’s R&E Gateway
    • DTIC STI Program
    • FAQs
  • Cybersecurity
  • Modeling & Simulation
  • Knowledge Management
  • Software Engineering
/ CS Digests / 11 Aug 2015

CS Digest: 11 Aug 2015

Posted: 08/11/2015 | Leave a Comment

The Cybersecurity (CS) Digest is a curated bi-weekly news summary for cybersecurity professionals. It is transmitted in an HTML-formatted email and provides links to articles and news summaries across a spectrum of cybersecurity topics.

RECENT HEADLINES:

Cloud Computing:

“Man-in-the-Cloud” Attacks Leverage Storage Services to Steal Data - Security Week

Popular cloud storage services such as Google Drive and Dropbox can be abused by malicious actors in what experts call "Man-in-the-Cloud" (MITC) attacks.

Critical Infrastructure:

Nuclear Nightmare: Industrial Control Switches Need Fixing, Now - Zdnet

Researchers at Black Hat USA have disclosed critical SCADA/ICS vulnerabilities in switches actively used in industrial control management systems, such as substations, factories, refineries, ports, and other areas of industrial automation.
Tags: Critical Infrastructure Protection (CIP)

Cyberwarfare:

American Airlines, Sabre Said to Be Hit in China-Tied Hacks - Bloomberg

A group of China-linked hackers that has mowed through the databanks of major American health insurers and stolen personnel records of U.S. military and intelligence agencies has struck at the heart of the nation's air-travel system, say people familiar with investigations of the attacks.

U.S. Suspects Russia in Hack of Pentagon Computer Network - Washington Post

U.S. military officials said Thursday that they suspect Russian hackers infiltrated an unclassified Pentagon e-mail system used by employees of the Joint Chiefs of Staff, the latest in a series of state-sponsored attacks on sensitive U.S. government computer networks.

Military Still Dealing with Cyberattack ‘Mess’ - CNN

A key military email system remains offline, one week after a cyberattack that one Defense Department official described as "serious."

Data Security:

Fake “Windows 10 Free Upgrade” Emails Deliver Ransomware - Net-Security

Cisco's Talos Group has spotted an email campaign impersonating Microsoft, offering potential victims an attachment that is supposedly a Windows 10 installer.

High Performance Computing:

Just How Deep is the HPC, Hadoop Chasm? - The Platform

The basic assumption is that if powerful high performance computing hardware can be harnessed to pull Hadoop and MapReduce workloads, it might do so at far greater speed-opening the door for far faster analytics.

Internet-of-Things:

Gone in Less Than a Second - Threat Post

Kamkar has built a new device that is about the size of a wallet and can intercept the codes used to unlock most cars and many garage doors.

More Sophisticated, Autonomous Unmanned Aircraft on the Horizon - National Defense Magazine

In the future, unmanned aerial systems will hold even more utility as they become faster, stealthier and more autonomous, experts said. At the same time, they will become more accessible to foreign countries and terrorist groups around the world.
Tags: Autonomy and Autonomous Systems

Legislation and Regulation:

Senate Majority Whip: Cyber Bill Will Have to Wait Until Fall - The Hill

Senate Majority Whip John Cornyn (R-Texas) on Tuesday said the upper chamber is unlikely to move on a stalled cybersecurity bill before the August recess.

Mobile Security:

Easily Exploitable Certifi-Gate Bug Opens Android Devices to Hijacking - Net-Security

Check Point's mobile security research team discovered a vulnerability in Android that affects phones, tablets and devices made by major manufacturers including LG, Samsung, HTC and ZTE. The team disclosed its findings during a briefing session at Black Hat USA 2015.

80 Vulnerabilities Found in iOS in 2015, 10 in Android - Softpedia

During this year's Black Hat USA 2015 conference in Las Vegas, Secunia, a leading provider of IT security solutions, has released a report detailing security vulnerability trends for the first seven months of 2015.

Hacking Team Brewed Potent iOS Poison for Non-Jailbroken iThings - The Register

Hacking Team compromised non-jailbroken iOS devices using a variant of last year's Masque Attack, in which Apple devices were infected via emails and text messages.

After Stagefright, Samsung and LG Join Google with Monthly Android Patches - Zdnet

Google and its main Android partners have vowed to fix the haphazard approach to patching the world's most widely used mobile OS.

Network Security:

Corporate Networks can be Compromised via Windows Updates - Net-Security

Researchers from UK-based Context Information Security demonstrated how Windows Update can be abused for internal attacks on corporate networks by exploiting insecurely configured enterprise implementations of Windows Server Update Services (WSUS).

Private Sector:

Tips on What Organizations Should do After a Breach has Been Discovered - CSO Online

US Attorney Ed McAndrew recently spoke to CSO Online and offered some unique insight into the federal side of incident response and what organizations can to do better prepare for law enforcement involvement.

White House Wants Consistent Cyber Rules for Contractors - The Hill

The White House wants to establish strict, consistent rules for how government contractors should lock down sensitive data.

Cybersecurity Research Institute Receives $1.73B in DOD Funding - Fed Scoop

The DOD will renew its contract with the SoftwareEngineering Institute for five more years, with the option of extending to 10.

Business Needs to Prioritise Cyberattack Detection, says Cisco - Computer Weekly

Early detection of malicious activity is a top priority to defend against cyber attacks by highly motivated threat actors, says Cisco's latest security report.

Public Sector:

Pentagon Unclassified Email System Down - Military Times

Officials are working to determine the cybersecurity risks that may have affected an unclassified email system at the Pentagon.

Quantum Computing:

Researchers Develop Quantum-Computing Safe Crypto - IT News

A team of researchers claim to have developed secure, quantum computing-proof encryption that can be practically implemented today.

Software Security:

Design Flaw in Intel Processors Opens Door to Rootkits - Network World

A design flaw in the x86 processor architecture dating back almost two decades could allow attackers to install a rootkit in the low-level firmware of computers.

Researchers Create First Firmware Worm That Attacks Macs - Wired

Two researchers have found that several known vulnerabilities affecting the firmware of all the top PC makers can also hit the firmware of MACs.

CSIAC SUPPORTED COMMUNITIES:

Cyber Community of Interest (COI) Group - CSIAC

The Cyber COI engages in multiple activities and forums for coordinating cyber S&T strategies, sharing innovative ideas and technical approaches, promoting technology transfer and upcoming business opportunities, and in jointly planning programs across the Department of Defense and other government agencies. Membership is based upon approval by the Cyber COI group administrator.


The CS Digest provides links to third party Websites. The CSIAC is not responsible for the availability of, and content provided on, third party Websites. You should refer to the policies posted by other Websites regarding their privacy and other topics before you use them. The CSIAC is not responsible for third party content accessible through the CSIAC CS Digest, including opinions, advice, statements, advertisements and endorsements, and you bear all risks associated with the use of such content.

« 28 Jul 2015
25 Aug 2015 »

Reader Interactions

Leave a Comment Cancel

You must be logged in to post a comment.

sidebar

Blog Sidebar

Featured Content

The DoD Cybersecurity Policy Chart

The DoD Cybersecurity Policy Chart

This chart captures the tremendous breadth of applicable policies, some of which many cybersecurity professionals may not even be aware, in a helpful organizational scheme.

View the Policy Chart

Featured Subject Matter Expert (SME): Daksha Bhasker

A dynamic CSIAC SME, Senior Principal Cybersecurity Architect, Daksha Bhasker has 20 years of experience in the telecommunications services provider industry. She has worked in systems security design and architecture in production environments of carriers, often leading multidisciplinary teams for cybersecurity integration, from conception to delivery of complex technical solutions. As a CSIAC SME, Daksha's contributions include several published CSIAC Journal articles and a webinar presentation on the sophiscated architectures that phone carriers use to stop robocalls.

View SME's Contributed Content

CSIAC Report - Smart Cities, Smart Bases and Secure Cloud Architecture for Resiliency by Design

Integration of Smart City Technologies to create Smart Bases for DoD will require due diligence with respect to the security of the data produced by Internet of Things (IOT) and Industrial Internet of Things (IIOT). This will increase more so with the rollout of 5G and increased automation "at the edge". Commercially, data will be moving to the cloud first, and then stored for process improvement analysis by end-users. As such, implementation of Secure Cloud Architectures is a must. This report provides some use cases and a description of a risk based approach to cloud data security. Clear understanding, adaptation, and implementation of a secure cloud framework will provide the military the means to make progress in becoming a smart military.

Read the Report

CSIAC Journal - Data-Centric Environment: Rise of Internet-Based Modern Warfare “iWar”

CSIAC Journal Cover Volume 7 Number 4

This journal addresses a collection of modern security concerns that range from social media attacks and internet-connected devices to a hypothetical defense strategy for private sector entities.

Read the Journal

CSIAC Journal M&S Special Edition - M&S Applied Across Broad Spectrum Defense and Federal Endeavors

CSIAC Journal Cover Volume 7 Number 3

This Special Edition of the CSIAC Journal highlights a broad array of modeling and simulation contributions – whether in training, testing, experimentation, research, engineering, or other endeavors.

Read the Journal

CSIAC Journal - Resilient Industrial Control Systems (ICS) & Cyber Physical Systems (CPS)

CSIAC Journal Cover Volume 7 Number 2

This edition of the CSIAC Journal focuses on the topic of cybersecurity of Cyber-Physical Systems (CPS), particularly those that make up Critical Infrastructure (CI).

Read the Journal

Recent Video Podcasts

  • A Brief Side-by-Side Comparison Between C++ and Rust – Part 3 Series: Programming Language Comparisons
  • A Brief Side-by-Side Comparison Between C++ and Rust – Part 2 Series: Programming Language Comparisons
  • A Brief Side-by-Side Comparison Between C++ and Rust – Part 1 Series: Programming Language Comparisons
  • Digital Engineering Implementation Progress and Plans Series: CSIAC Webinars
  • Assessing the Operational Risk Imposed by the Infrastructure Deployment Pipeline Series: The CSIAC Podcast
View all Podcasts

Upcoming Events

Jan 28

Data Privacy Day

January 28, 2022
Jan 28

Data Privacy Day

January 28, 2023
View all Events

Footer

CSIAC Products & Services

  • Free Technical Inquiry
  • Core Analysis Tasks (CATs)
  • Resources
  • Events Calendar
  • Frequently Asked Questions
  • Product Feedback Form

About CSIAC

The CSIAC is a DoD-sponsored Center of Excellence in the fields of Cybersecurity, Software Engineering, Modeling & Simulation, and Knowledge Management & Information Sharing.Learn More

Contact Us

Phone:800-214-7921
Email:info@csiac.org
Address:   266 Genesee St.
Utica, NY 13502
Send us a Message
US Department of Defense Logo USD(R&E) Logo DTIC Logo DoD IACs Logo

Copyright 2012-2021, Quanterion Solutions Incorporated

Sitemap | Privacy Policy | Terms of Use | Accessibility Information
Accessibility / Section 508 | FOIA | Link Disclaimer | No Fear Act | Policy Memoranda | Privacy, Security & Copyright | Recovery Act | USA.Gov

This website uses cookies to provide our services and to improve your experience. By using this site, you consent to the use of our cookies. To read more about the use of our site, please click "Read More". Otherwise, click "Dismiss" to hide this notice. Dismiss Read More
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled

Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.

Non-necessary

Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.

SAVE & ACCEPT