The Cybersecurity (CS) Digest is a curated bi-weekly news summary for cybersecurity professionals. It is transmitted in an HTML-formatted email and provides links to articles and news summaries across a spectrum of cybersecurity topics.
CSIAC ANNOUNCEMENTS:
Cyber Awareness Videos – Accessing Classified Information “Need to Know” - CSIAC
Handling classified information is a serious responsibility. Are you aware of your obligations in regard to need-to-know information?
Free CSIAC Webinar – A Faster Method for Bot Detection On Social Networks That Eliminates The Need For Expensive Algorithms - CSIAC
In this presentation, we present a novel approach to detection of bots on social networks in near real-time. Our approach comprises of computationally simple comparisons and calculations, as opposed to the all too common machine learning approach to this problem, or non-real-time approaches that involve network analysis which is both expensive and time-consuming.
RECENT HEADLINES:
Critical Infrastructure:
San Francisco Rail System Hacker Hacked - Krebs on Security
The San Francisco Municipal Transportation Agency (SFMTA) was hit with a ransomware attack on Friday, causing fare station terminals to carry the message, "You are Hacked. ALL Data Encrypted." Turns out, the miscreant behind this extortion attempt got hacked himself this past weekend, revealing details about other victims as well as tantalizing clues about his identity and location.
ThyssenKrupp Secrets Stolen in ‘Massive’ Cyber Attack - Reuters
Technical trade secrets were stolen from the steel production and manufacturing plant design divisions of ThyssenKrupp AG in cyber attacks earlier this year, the German company said on Thursday.
Russia Says Foreign Spies Plan Cyber Attack on Banking System - Reuters
Russia said on Friday it had uncovered a plot by foreign spy agencies to sow chaos in Russia's banking system via a coordinated wave of cyber attacks and fake social media reports about banks going bust.
Cyberwarfare:
North Korea Cyberattack Traced to City in China, Report Says - UPI
A South Korean military source says it has identified the source of North Korea cyberattacks that targeted the internal networks of the military.
Data Security:
IBM Warns of Rising VoIP Cyber-Attacks - Network World
Cyber-attacks using the VoIP protocol Session Initiation Protocol (SIP) have been growing this year accounting for over 51% of the security event activity analyzed in the last 12 months, according to a report from IBM’s Security Intelligence group this week.
Avalanche Network Dismantled in International Cyber Operation - Justice
The Justice Department today announced a multinational operation involving arrests and searches in four countries to dismantle a complex and sophisticated network of computer servers known as "Avalanche." The Avalanche network allegedly hosted more than two dozen of the world’s most pernicious types of malicious software and several money laundering campaigns.
New NIST Guide Helps Small Businesses Improve Cybersecurity - NIST
Small-business owners may think that they are too small to be victims of cyber hackers, but Pat Toth knows otherwise.
Navy Says Personal Data of Over 134,000 Sailors Was Hacked - ABC News
Personal data belonging to 134,386 current and former sailors in the U.S. Navy has been compromised, the Navy said on Wednesday.
Legislation and Regulation:
Congress Allows Rule Permitting Mass Hacking by Government to Take Effect - USA Today
In a defeat for privacy advocates, Senate leaders rebuffed a last-ditch effort by a bipartisan group of senators Wednesday to allow a vote to block a new rule that allows federal agents armed with a single search warrant to hack millions of Americans' computers or smartphones at once.
Mobile Security:
More Than One Million Google Accounts Hit by Malware - CBS News
More than one million Google accounts have been breached by malware that infiltrated older Android devices, cyber security firm Check Point Software Technologies Ltd. announced Wednesday.
What You Need to Know About the Phones That Were Secretly Sending Data to China - Consumer Reports
A serious, and potentially frightening, security vulnerability involving some Android smartphones came to light Tuesday.
Network Security:
Mirai Botnet Attack Hits Thousands of Home Routers, Throwing Users Offline - ZD Net
Nearly a million users across Europe were thrown off the internet during the weekend into Monday after criminals tried to hijack home routers as part of a coordinated cyber attack.
Private Sector:
Microsoft, Intel, Others Oppose China’s Plans to Get Access to Source Code - Softpedia
Microsoft, Intel, and IBM are three of the most vocal companies that opposed China’s plans to access proprietary source code of software and technology products in order to make sure that they’re hackerproof or do not include backdoors.
Tech Companies Move to Target Terrorist Propaganda Online - AP
Facebook, Microsoft, Twitter and YouTube are joining forces to more quickly identify the worst terrorist propaganda and prevent it from spreading online.
Public Sector:
Cybersecurity Must Become Core Function of Agencies in Next Administration, Commission Says - Federal News Radio
A presidentially commissioned task force on cybersecurity says the incoming Donald Trump administration needs to begin shoring up the federal government's IT security posture by granting a promotion to the White House official who oversees cybersecurity, giving that person the title of "assistant to the president" and having him or her report directly to the National Security Advisor.
White House Orders Intelligence Report of Election Cyberattacks - The Hill
President Obama has directed the intelligence community to conduct “a full review” of the 2016 election in light of reports of Russian interference, homeland security adviser Lisa Monaco said Friday.
Exclusive: U.S. Air Force Inks $19 Million Cybersecurity Deal - Fortune
The United States Air Force has awarded an $18.8 million contract for digital defense software to Endgame, the cybersecurity firm told Fortune.
Quantum Computing:
Construction of Practical Quantum Computers Radically Simplified - PHYS
Scientists at the University of Sussex have invented a ground-breaking new method that puts the construction of large-scale quantum computers within reach of current technology.
FEEDBACK FROM PREVIOUS DIGEST:
Most Popular:
Safer, Less Vulnerable Software Is the Goal of New NIST Computer Publication - NIST
We can create software with 100 times fewer vulnerabilities than we do today, according to computer scientists at the National Institute of Standards and Technology (NIST). To get there, they recommend that coders adopt the approaches they have compiled in a new publication.
CSIAC SUPPORTED COMMUNITIES:
Cyber Security of Critical Infrastructure - Department of Homeland Security
CSIAC serves on the EO 13636/PPD-21 Research & Development (R&D) Working Group (WG) run by DHS S&T. If you would like further information, contact Dr. Paul Losiewicz at plosiewicz@csiac.org
Cyber Community of Interest (COI) Group - CSIAC
The Cyber COI engages in multiple activities and forums for coordinating cyber S&T strategies, sharing innovative ideas and technical approaches, promoting technology transfer and upcoming business opportunities, and in jointly planning programs across the Department of Defense and other government agencies. Membership is based upon approval by the Cyber COI group administrator.
TECHNICAL RESOURCES, POLICY & GUIDANCE:
Presidential Policy Directive – United States Cyber Incident Coordination - The White House
Opportunities Exist for DOD to Share Cybersecurity Resources with Small Businesses - GAO
DOD OSBP officials acknowledged that cybersecurity is an important and timely issue for small businesses -and therefore the office is considering incorporating cybersecurity into its existing outreach and education efforts. During the review, GAO identified 15 existing federal cybersecurity resources that DOD OSBP could disseminate to defense small businesses.
DHS S&T Collaboration Community - Ideascale
The National Conversation is intended to bring together everyone to play a role in shaping the future of homeland security technology. This means responders, operational users, citizens, academia, and industry.
The Department of Defense Cyber Strategy - Department of Defense
The purpose of this strategy is to guide the development of DoD's cyber forces and strengthen our cyber defense and cyber deterrence posture. It focuses on building cyber capabilities and organizations for DoD's three primary cyber missions.
Tags: Cybersecurity Strategy
Information Sharing Environment - ISE
The Information Sharing Environment (ISE) broadly refers to the people, projects, systems, and agencies that enable responsible information sharing for national security.
Standards & Reference Documents - CSIAC
View all Best Practices and Reference Documents on the CSIAC website.
The DoD Cybersecurity Policy Chart (Formerly the IA Policy Chart) - CSIAC
DoD Cyber Domain Resources - Department of Defense
DHS Cyber Security Strategy (“Blueprint for a Secure Cyber Future”, 2011) - Department of Homeland Defense
DIB CS/IA Voluntary Information Sharing Program - DoD DIBNet
DoD's DIB CS/IA program is a voluntary program to enhance and supplement DIB participants' capabilities to safeguard DoD information that resides on, or transits, DIB unclassified information systems.
US-CERT Bulletins - Department of Homeland Security
Bulletins provide weekly summaries of new vulnerabilities. Patch information is provided when available.
US-CERT Alerts - Department of Homeland Security
Alerts provide timely information about current security issues, vulnerabilities, and exploits.
National Vulnerability Database - NIST
NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. NVD includes databases of security checklists, security related software flaws, misconfigurations, product names, and impact metrics.
Trustworthy CyberSpace: Strategic Plan For The Federal Cybersecurity Research and Development Program - NITRD
Committee on National Security Systems (CNSS) - Committee on National Security Systems
The CS Digest provides links to third party Websites. The CSIAC is not responsible for the availability of, and content provided on, third party Websites. You should refer to the policies posted by other Websites regarding their privacy and other topics before you use them. The CSIAC is not responsible for third party content accessible through the CSIAC CS Digest, including opinions, advice, statements, advertisements and endorsements, and you bear all risks associated with the use of such content.
Leave a Comment
You must be logged in to post a comment.