The Cybersecurity (CS) Digest is a curated bi-weekly news summary for cybersecurity professionals. It is transmitted in an HTML-formatted email and provides links to articles and news summaries across a spectrum of cybersecurity topics.
Free CSIAC Webinar Thursday, Dec 13th @ 12 pm EDT – Phishing for Solutions: Are Cybersecurity Compliance Based Programs Working? - CSIAC
This presentation provides an overview of two quantitative studies conducted at the Pacific Northwest National Laboratory (PNNL) in 2017. These studies were designed to explore psychological and contextual variables that influence users confronted with cybersecurity challenges and their propensity to comply with policies under those conditions. From these studies, a new, cross-disciplinary approach towards assessing cybersecurity risk began to emerge. Ultimately, these efforts could lead to the development of risk assessment instruments that provide a tailored approach towards understanding organizational risk.
New CSIAC Journal – Launching Innovation Through Medical Modeling and Simulation Technologies Special Edition - CSIAC
Medical simulations are an integral part of the military health system, providing opportunities for skills development and performance assessment of both individual and team-level medical-related tasks. This Special Edition of the Journal "Launching Innovation through Medical Modeling and Simulation Technologies" will provide a glimpse into current efforts to improve military medical training with simulation-based solutions.
Cyber Security Ventures, the world's largest research firm on cyber crime, estimates that cyber crime will be a $6T business by 2021. That is more than the economy of the United Kingdom. This presentation reviews the history of computer viruses and the corresponding cyber defenses employed. It is the gap between the technologies used to infect vs the technologies we employ to protect that is driving rampant criminal activity. Lastly, the presentation will review solutions out of this predicament.
Tags: Computer Virus, Cyber Crime, Cyber Defense
A critical privilege-escalation vulnerability (CVE-2018-1002105) has been uncovered in the Kubernetes open-source container software, which is a fixture in much of today's cloud infrastructure. It could allow an attacker unfettered, remote access for stealing data or crashing production applications.
Cybersecurity company Symantec unveiled on Monday a new network aimed at protecting critical infrastructure like the power grid from cyberattacks.
The team of grid operators had spent days restoring power when a digital strike took out one of two operational utility stations. The other utility was also under attack.
3 Lessons the Army is Taking From U.S. Cyber Command - Fifth Domain
For the last two years, U.S. Cyber Command ran pilot programs that focused on supporting operations in Iraq and Syria. Now, the U.S. Army is taking lessons from those experiments and applying them to tactical operations.
In October, Google dramatically announced that it would shut down Google+ in August 2019, because the company had discovered through an internal audit (and a simultaneous Wall Street Journal expose) that a bug in Google+ had exposed 500,000 users' data for about three years. Maybe it should have pulled the plug sooner.
Australia's parliament passed controversial legislation on Thursday that will allow the country's intelligence and law enforcement agencies to demand access to end-to-end encrypted digital communications.
Mismanagement, outdated tech and basic security steps were to blame.
Massive Botnet Chews Through 20,000 WordPress Sites - Naked Security
WordPress users are facing another security worry following the discovery of a massive botnet. Attackers have infected 20,000 WordPress sites by brute-forcing administrator usernames and passwords. They are then using those sites to infect even more WordPress installations.
Apple's WebKit team have added 'experimental support' for Web Authentication, the standard for enabling website logins by plugging a USB security key into a computer.
Marriott Breach Exposes More Than Just Customer Info - SC Magazine
Marriott's massive data breach exposed more than just 500 million customer records, it is also shining a light on the role cybersecurity needs to play when a firm is in acquisition mode, along with the damage that even one slip up by an employee can have on the entire company.
You and 800 million other people now can use hardware authentication keys -- and no password at all -- to log on to Microsoft accounts used for Outlook, Office 365, OneDrive, Skype and Xbox Live.
After a Twitter user hacked over 50,000 printers last week to promote PewDiePie's YouTube channel as part of a guerilla marketing campaign, a new service has spawned over the weekend advertising the same type of functionality, but for everyone.
Making a Ransomware Payment? It May Now Violate U.S. Sanctions - Bleeping Computer
Thinking about making a ransomware payment? If so, you may want to think twice before doing so as it could land you in trouble for violating U.S. government sanctions.
The U.S. Marine Corps is experimenting with artificial intelligence to improve the way it deploys its forces and spot potential weaknesses years in advance.
Microsoft is Rebuilding Edge Browser using Chromium for Windows & macOS - Bleeping Computer
Microsoft has officially confirmed that they are going to be gutting Edge and converting it into a Chromium based browser. While the engine will change, Microsoft has stated that they will continue utilizing the Microsoft Edge name and will now bring the browser to all supported Windows platforms.
Analysis of Cyberattack on U.S. Think Tanks, Non-Profits, Public Sector by Unidentified Attackers - Microsoft
Reuters recently reported a hacking campaign focused on a wide range of targets across the globe. In the days leading to the Reuters publication, Microsoft researchers were closely tracking the same campaign.
CSIAC supports several communities of practice, such as the Cyber Community of Interest (COI) Group and research & development working groups.
This list of related sites provides additional sources to pursue the topic of Cybersecurity. The sites include Government organizations, including federal agencies, Department of Defense and military service agencies, commercial organizations, and academic institutions.
The CS Digest provides links to third party Websites. The CSIAC is not responsible for the availability of, and content provided on, third party Websites. You should refer to the policies posted by other Websites regarding their privacy and other topics before you use them. The CSIAC is not responsible for third party content accessible through the CSIAC CS Digest, including opinions, advice, statements, advertisements and endorsements, and you bear all risks associated with the use of such content.