The Cybersecurity (CS) Digest is a curated bi-weekly news summary for cybersecurity professionals. It is transmitted in an HTML-formatted email and provides links to articles and news summaries across a spectrum of cybersecurity topics.
CVE-2019-0708, dubbed "BlueKeep," is a vulnerability in the Remote Desktop (RDP) protocol. It is present in Windows 7, Windows XP, Server 2003 and 2008, and although Microsoft has issued a patch, potentially millions of machines are still vulnerable.
Tags: BlueKeep, Microsoft Windows, RDP, Vulnerability
That Malware With its Own Backdoor Into Android’s Framework? Don’t Worry; Google’s on it. (Gulp!) - Computer World
Google confirmed that cyberthieves had managed to pre-install malware into the Android framework backdoor. In short, the malware appeared to be blessed by Google at the deepest point within Android.
Tags: Cyber Supply Chain, Google Triada, Mobile Security
FBI Issues Warning on ‘Secure’ Websites Used For Phishing - Bleeping Computer
Your Linux Can Get Hacked Just by Opening a File in Vim or Neovim Editor - The Hacker News
Google Search Ads Infiltrated Again by Tech Support Scams - Bleeping Computer
If you are planning on doing any shopping over the weekend, you may want to be careful when doing searches in Google. This is because scammers have infiltrated Google's ad network to redirect users to tech support scams when they click on popular search terms such as Lowes and PayPal.
Tags: Google Search Ads, Malvertising, Tech Support Scam
Five days ago, the internet had a conniption. In broad patches around the globe, YouTube sputtered. Shopify stores shut down. Snapchat blinked out. And millions of people couldn't access their Gmail accounts. The disruptions all stemmed from Google Cloud, which suffered a prolonged outage-which also prevented Google engineers from pushing a fix.
Tags: Cloud Computing, Google
On Thursday, the agency finally approved phone carriers to begin blocking robocalls by default, a proposal that first surfaced in the Obama administration.
Forget BlueKeep: Beware the GoldBrute - Threat Post
Sysmon Getting DNS Query Logging with Querying Process Name - Bleeping Computer
To the delight of Windows system administrators everywhere, Microsoft has announced that a new version of Sysmon is coming out this week that will include the ability to log DNS queries performed on a monitored computer. Even better, Sysmon will also log the process that performed the query.
Tags: DNS Query Logging, Microsoft Windows, Sysmon
The 2020 Census will be a prime target for digital adversaries, but the plans for fighting those threats are incomplete and outdated, the Government Accountability Office found.
Tags: 2020 Census, Cybersecurity Risks, Government Accountability Office
CSIAC supports several communities of practice, such as the Cyber Community of Interest (COI) Group and research & development working groups.
This list of related sites provides additional sources to pursue the topic of Cybersecurity. The sites include Government organizations, including federal agencies, Department of Defense and military service agencies, commercial organizations, and academic institutions.
The CS Digest provides links to third party Websites. The CSIAC is not responsible for the availability of, and content provided on, third party Websites. You should refer to the policies posted by other Websites regarding their privacy and other topics before you use them. The CSIAC is not responsible for third party content accessible through the CSIAC CS Digest, including opinions, advice, statements, advertisements and endorsements, and you bear all risks associated with the use of such content.