The Cybersecurity (CS) Digest is a curated bi-weekly news summary for cybersecurity professionals. It is transmitted in an HTML-formatted email and provides links to articles and news summaries across a spectrum of cybersecurity topics.
CSIAC ANNOUNCEMENTS:
CSIAC Webinar, Wednesday, Nov 20th @ 12:00 EST: Cyber Deconflicted: Understanding the Layers of Cyberspace - CSIAC
The term cyber has been so broadly applied as to encompass virtually everything in the electronic domain. This webinar captures a consolidated DoD view on Cyber, delineates the layers of cyberspace, the implications of product and infrastructure focused cyber, introduces layered cybersecurity and begins to consider what is new and what we already know to assist in speeding up solutions to this wicked problem.
Tags: Cyberspace, Layered Cybersecurity, Webinar
HDIAC Webinar, Tuesday, Nov 19th @ 12:00 EST: Overview of HDIAC Mission and Capabilities - HDIAC
This webinar will cover the Information Analysis Center program and the capabilities and mission of the Homeland Defense and Security Information Analysis Center. It will include an overview of Information Analysis Center activities, core functions, research and analysis capabilities, and a description of the services and products produced by the Homeland Defense and Security Information Analysis Center.
Tags: HDIAC Webinar
RECENT HEADLINES:
Former Twitter Employees Charged with Spying for Saudi Arabia by Digging into the Accounts of Kingdom Critics - Washington Post
The Justice Department has charged two former Twitter employees with spying for Saudi Arabia by accessing the company's information on dissidents who use the platform, marking the first time federal prosecutors have publicly accused the kingdom of running agents in the United States.
Tags: Cyber-espionage, Twitter
Clear and Creepy Danger of Machine Learning: Hacking Passwords - Towards Data Science
Not too long ago, it was considered state of the art research to make a computer distinguish cats vs dogs. Now image classification is 'Hello World' of Machine Learning (ML), something one can implement in just a few lines of code using TensorFlow.
Tags: Machine Learning (ML), Password Security
Inside the FBI’s Quiet ‘Ransomware Summit’ - Cyber Scoop
The conference, held at Carnegie Mellon University in Pittsburgh, saw organizations from computing giant IBM to consulting firm Kroll share what they've learned from tracking attackers and helping victims recover from ransomware.
Tags: FBI, Ransomware
Bugcrowd Paid Over $500K in Bug Bounties in One Week - Bleeping Computer
Crowdsourced security company Bugcrowd announced today that it paid over $500K ($513,333) to 237 whitehat hackers in a single week for the first time since launching its bug bounty platform more than seven years ago.
Tags: Bug Bounties, Bugcrowd
Specially Crafted ZIP Files Used to Bypass Secure Email Gateways - Bleeping Computer
Attackers are always looking for new tricks to distribute malware without them being detected by antivirus scanners and secure email gateways. This was illustrated in a new phishing campaign that utilized a specially crafted ZIP file that was designed to bypass secure email gateways to distribute the NanoCore RAT.
Tags: NanoCore RAT, Phishing
DNS-over-HTTPS will Eventually Roll Out in All Major Browsers, Despite ISP Opposition - ZDNet
All six major browser vendors have plans to support DNS-over-HTTPS (or DoH), a protocol that encrypts DNS traffic and helps improve a user's privacy on the web.
Tags: DNS-over-HTTPS, DoH
Hackers Could Steal Your Home WI-Fi Password Through Amazon Ring Doorbell Flaw - BeinCrypto
Users of Amazon Ring doorbell were found to be in danger of having their home internet invaded by hackers, as the doorbell comes with a serious security flaw.
Tags: Amazon Ring, Exploit
BlueKeep (CVE 2019-0708) Exploitation Spotted in the Wild - Kryptos Logic
It has been almost six months since an eye opening vulnerability in Microsoft Windows RDP CVE 2019-0708, dubbed BlueKeep, was patched. Today, Security Researcher Kevin Beaumont posted a Twitter thread reporting BSODs (Blue Screen of Death) across his network of BlueKeep Honeypots.
Tags: BlueKeep, Malware
Clever WebEx Spam Use Cisco Redirect to Deliver RAT Malware - Bleeping Computer
A clever spam campaign is underway that pretends to be a WebEx meeting invite and uses a Cisco open redirect that pushes a Remote Access Trojan to the recipient. Using open redirects add legitimacy to spam URLs and increases the chances that victims will click on an URL.
Tags: Cisco, Malware
New York Tech Firm Sold Chinese Equipment to U.S. Military, feds say - NBC News
A New York tech company made millions by selling Chinese-made equipment to the U.S. military that it falsely claimed were built in the U.S., the Justice Department charged Thursday.
Tags: China, Supply Chain
The Pentagon’s AI Ethics Draft Is Actually Pretty Good - Defense One
By seeking reliable, governable, traceable technology, the Defense Department could help set global standards for using artificial intelligence.
Tags: Artificial Intelligence (AI), Ethics, Pentagon
CSIAC Supported Communities
CSIAC supports several communities of practice, such as the Cyber Community of Interest (COI) Group and research & development working groups.
Technical Resources, Policy and Guidance
This list of related sites provides additional sources to pursue the topic of Cybersecurity. The sites include Government organizations, including federal agencies, Department of Defense and military service agencies, commercial organizations, and academic institutions.
The CS Digest provides links to third party Websites. The CSIAC is not responsible for the availability of, and content provided on, third party Websites. You should refer to the policies posted by other Websites regarding their privacy and other topics before you use them. The CSIAC is not responsible for third party content accessible through the CSIAC CS Digest, including opinions, advice, statements, advertisements and endorsements, and you bear all risks associated with the use of such content.
Leave a Comment
You must be logged in to post a comment.