The Cybersecurity (CS) Digest is a curated bi-weekly news summary for cybersecurity professionals. It is transmitted in an HTML-formatted email and provides links to articles and news summaries across a spectrum of cybersecurity topics.

RECENT HEADLINES:

Cloud Computing:

“Man-in-the-Cloud” Attacks Leverage Storage Services to Steal Data - Security Week

Popular cloud storage services such as Google Drive and Dropbox can be abused by malicious actors in what experts call "Man-in-the-Cloud" (MITC) attacks.

Critical Infrastructure:

Nuclear Nightmare: Industrial Control Switches Need Fixing, Now - Zdnet

Researchers at Black Hat USA have disclosed critical SCADA/ICS vulnerabilities in switches actively used in industrial control management systems, such as substations, factories, refineries, ports, and other areas of industrial automation.
Tags: Critical Infrastructure Protection (CIP)

Cyberwarfare:

American Airlines, Sabre Said to Be Hit in China-Tied Hacks - Bloomberg

A group of China-linked hackers that has mowed through the databanks of major American health insurers and stolen personnel records of U.S. military and intelligence agencies has struck at the heart of the nation's air-travel system, say people familiar with investigations of the attacks.

U.S. Suspects Russia in Hack of Pentagon Computer Network - Washington Post

U.S. military officials said Thursday that they suspect Russian hackers infiltrated an unclassified Pentagon e-mail system used by employees of the Joint Chiefs of Staff, the latest in a series of state-sponsored attacks on sensitive U.S. government computer networks.

Military Still Dealing with Cyberattack ‘Mess’ - CNN

A key military email system remains offline, one week after a cyberattack that one Defense Department official described as "serious."

Data Security:

Fake “Windows 10 Free Upgrade” Emails Deliver Ransomware - Net-Security

Cisco's Talos Group has spotted an email campaign impersonating Microsoft, offering potential victims an attachment that is supposedly a Windows 10 installer.

High Performance Computing:

Just How Deep is the HPC, Hadoop Chasm? - The Platform

The basic assumption is that if powerful high performance computing hardware can be harnessed to pull Hadoop and MapReduce workloads, it might do so at far greater speed-opening the door for far faster analytics.

Internet-of-Things:

Gone in Less Than a Second - Threat Post

Kamkar has built a new device that is about the size of a wallet and can intercept the codes used to unlock most cars and many garage doors.

More Sophisticated, Autonomous Unmanned Aircraft on the Horizon - National Defense Magazine

In the future, unmanned aerial systems will hold even more utility as they become faster, stealthier and more autonomous, experts said. At the same time, they will become more accessible to foreign countries and terrorist groups around the world.
Tags: Autonomy and Autonomous Systems

Legislation and Regulation:

Senate Majority Whip: Cyber Bill Will Have to Wait Until Fall - The Hill

Senate Majority Whip John Cornyn (R-Texas) on Tuesday said the upper chamber is unlikely to move on a stalled cybersecurity bill before the August recess.

Mobile Security:

Easily Exploitable Certifi-Gate Bug Opens Android Devices to Hijacking - Net-Security

Check Point's mobile security research team discovered a vulnerability in Android that affects phones, tablets and devices made by major manufacturers including LG, Samsung, HTC and ZTE. The team disclosed its findings during a briefing session at Black Hat USA 2015.

80 Vulnerabilities Found in iOS in 2015, 10 in Android - Softpedia

During this year's Black Hat USA 2015 conference in Las Vegas, Secunia, a leading provider of IT security solutions, has released a report detailing security vulnerability trends for the first seven months of 2015.

Hacking Team Brewed Potent iOS Poison for Non-Jailbroken iThings - The Register

Hacking Team compromised non-jailbroken iOS devices using a variant of last year's Masque Attack, in which Apple devices were infected via emails and text messages.

After Stagefright, Samsung and LG Join Google with Monthly Android Patches - Zdnet

Google and its main Android partners have vowed to fix the haphazard approach to patching the world's most widely used mobile OS.

Network Security:

Corporate Networks can be Compromised via Windows Updates - Net-Security

Researchers from UK-based Context Information Security demonstrated how Windows Update can be abused for internal attacks on corporate networks by exploiting insecurely configured enterprise implementations of Windows Server Update Services (WSUS).

Private Sector:

Tips on What Organizations Should do After a Breach has Been Discovered - CSO Online

US Attorney Ed McAndrew recently spoke to CSO Online and offered some unique insight into the federal side of incident response and what organizations can to do better prepare for law enforcement involvement.

White House Wants Consistent Cyber Rules for Contractors - The Hill

The White House wants to establish strict, consistent rules for how government contractors should lock down sensitive data.

Cybersecurity Research Institute Receives $1.73B in DOD Funding - Fed Scoop

The DOD will renew its contract with the SoftwareEngineering Institute for five more years, with the option of extending to 10.

Business Needs to Prioritise Cyberattack Detection, says Cisco - Computer Weekly

Early detection of malicious activity is a top priority to defend against cyber attacks by highly motivated threat actors, says Cisco's latest security report.

Public Sector:

Pentagon Unclassified Email System Down - Military Times

Officials are working to determine the cybersecurity risks that may have affected an unclassified email system at the Pentagon.

Quantum Computing:

Researchers Develop Quantum-Computing Safe Crypto - IT News

A team of researchers claim to have developed secure, quantum computing-proof encryption that can be practically implemented today.

Software Security:

Design Flaw in Intel Processors Opens Door to Rootkits - Network World

A design flaw in the x86 processor architecture dating back almost two decades could allow attackers to install a rootkit in the low-level firmware of computers.

Researchers Create First Firmware Worm That Attacks Macs - Wired

Two researchers have found that several known vulnerabilities affecting the firmware of all the top PC makers can also hit the firmware of MACs.

CSIAC SUPPORTED COMMUNITIES:

Cyber Community of Interest (COI) Group - CSIAC

The Cyber COI engages in multiple activities and forums for coordinating cyber S&T strategies, sharing innovative ideas and technical approaches, promoting technology transfer and upcoming business opportunities, and in jointly planning programs across the Department of Defense and other government agencies. Membership is based upon approval by the Cyber COI group administrator.

The CS Digest provides links to third party Websites. The CSIAC is not responsible for the availability of, and content provided on, third party Websites. You should refer to the policies posted by other Websites regarding their privacy and other topics before you use them. The CSIAC is not responsible for third party content accessible through the CSIAC CS Digest, including opinions, advice, statements, advertisements and endorsements, and you bear all risks associated with the use of such content.