The Cybersecurity (CS) Digest is a curated bi-weekly news summary for cybersecurity professionals. It is transmitted in an HTML-formatted email and provides links to articles and news summaries across a spectrum of cybersecurity topics.

CSIAC ANNOUNCEMENTS:

CSIAC Webinar, Wednesday, Nov 20th @ 12:00 EST: Cyber Deconflicted: Understanding the Layers of Cyberspace - CSIAC

The term cyber has been so broadly applied as to encompass virtually everything in the electronic domain. This webinar captures a consolidated DoD view on Cyber, delineates the layers of cyberspace, the implications of product and infrastructure focused cyber, introduces layered cybersecurity and begins to consider what is new and what we already know to assist in speeding up solutions to this wicked problem.
Tags: Cyberspace, Layered Cybersecurity, Webinar

HDIAC Webinar, Tuesday, Nov 19th @ 12:00 EST: Overview of HDIAC Mission and Capabilities - HDIAC

This webinar will cover the Information Analysis Center program and the capabilities and mission of the Homeland Defense and Security Information Analysis Center. It will include an overview of Information Analysis Center activities, core functions, research and analysis capabilities, and a description of the services and products produced by the Homeland Defense and Security Information Analysis Center.
Tags: HDIAC Webinar

RECENT HEADLINES:

Former Twitter Employees Charged with Spying for Saudi Arabia by Digging into the Accounts of Kingdom Critics - Washington Post

The Justice Department has charged two former Twitter employees with spying for Saudi Arabia by accessing the company's information on dissidents who use the platform, marking the first time federal prosecutors have publicly accused the kingdom of running agents in the United States.
Tags: Cyber-espionage, Twitter

Clear and Creepy Danger of Machine Learning: Hacking Passwords - Towards Data Science

Not too long ago, it was considered state of the art research to make a computer distinguish cats vs dogs. Now image classification is 'Hello World' of Machine Learning (ML), something one can implement in just a few lines of code using TensorFlow.
Tags: Machine Learning (ML), Password Security

Inside the FBI’s Quiet ‘Ransomware Summit’ - Cyber Scoop

The conference, held at Carnegie Mellon University in Pittsburgh, saw organizations from computing giant IBM to consulting firm Kroll share what they've learned from tracking attackers and helping victims recover from ransomware.
Tags: FBI, Ransomware

Bugcrowd Paid Over $500K in Bug Bounties in One Week - Bleeping Computer

Crowdsourced security company Bugcrowd announced today that it paid over $500K ($513,333) to 237 whitehat hackers in a single week for the first time since launching its bug bounty platform more than seven years ago.
Tags: Bug Bounties, Bugcrowd

Specially Crafted ZIP Files Used to Bypass Secure Email Gateways - Bleeping Computer

Attackers are always looking for new tricks to distribute malware without them being detected by antivirus scanners and secure email gateways. This was illustrated in a new phishing campaign that utilized a specially crafted ZIP file that was designed to bypass secure email gateways to distribute the NanoCore RAT.
Tags: NanoCore RAT, Phishing

DNS-over-HTTPS will Eventually Roll Out in All Major Browsers, Despite ISP Opposition - ZDNet

All six major browser vendors have plans to support DNS-over-HTTPS (or DoH), a protocol that encrypts DNS traffic and helps improve a user's privacy on the web.
Tags: DNS-over-HTTPS, DoH

Hackers Could Steal Your Home WI-Fi Password Through Amazon Ring Doorbell Flaw - BeinCrypto

Users of Amazon Ring doorbell were found to be in danger of having their home internet invaded by hackers, as the doorbell comes with a serious security flaw.
Tags: Amazon Ring, Exploit

BlueKeep (CVE 2019-0708) Exploitation Spotted in the Wild - Kryptos Logic

It has been almost six months since an eye opening vulnerability in Microsoft Windows RDP CVE 2019-0708, dubbed BlueKeep, was patched. Today, Security Researcher Kevin Beaumont posted a Twitter thread reporting BSODs (Blue Screen of Death) across his network of BlueKeep Honeypots.
Tags: BlueKeep, Malware

Clever WebEx Spam Use Cisco Redirect to Deliver RAT Malware - Bleeping Computer

A clever spam campaign is underway that pretends to be a WebEx meeting invite and uses a Cisco open redirect that pushes a Remote Access Trojan to the recipient. Using open redirects add legitimacy to spam URLs and increases the chances that victims will click on an URL.
Tags: Cisco, Malware

New York Tech Firm Sold Chinese Equipment to U.S. Military, feds say - NBC News

A New York tech company made millions by selling Chinese-made equipment to the U.S. military that it falsely claimed were built in the U.S., the Justice Department charged Thursday.
Tags: China, Supply Chain

The Pentagon’s AI Ethics Draft Is Actually Pretty Good - Defense One

By seeking reliable, governable, traceable technology, the Defense Department could help set global standards for using artificial intelligence.
Tags: Artificial Intelligence (AI), Ethics, Pentagon

CSIAC Supported Communities

CSIAC supports several communities of practice, such as the Cyber Community of Interest (COI) Group and research & development working groups.

Technical Resources, Policy and Guidance

This list of related sites provides additional sources to pursue the topic of Cybersecurity. The sites include Government organizations, including federal agencies, Department of Defense and military service agencies, commercial organizations, and academic institutions.

The CS Digest provides links to third party Websites. The CSIAC is not responsible for the availability of, and content provided on, third party Websites. You should refer to the policies posted by other Websites regarding their privacy and other topics before you use them. The CSIAC is not responsible for third party content accessible through the CSIAC CS Digest, including opinions, advice, statements, advertisements and endorsements, and you bear all risks associated with the use of such content.