The Cybersecurity (CS) Digest is a curated bi-weekly news summary for cybersecurity professionals. It is transmitted in an HTML-formatted email and provides links to articles and news summaries across a spectrum of cybersecurity topics.
This webinar will cover the realities of the Enterprise Mission Assurance Support Service (eMASS): what works well, what does not work, and how to best make it work for you.
The goal of the DoD Cybersecurity Policy Chart is to capture the tremendous breadth of applicable policies, some of which many cybersecurity professionals may not even be aware, in a helpful organizational scheme.
A completely new kind of non-von-Neumann processor called a HIVE (Hierarchical Identify Verify Exploit) is being funded by the Defense Advanced Research Project Agency (DARPA) to the tune of $80 million over four-and-a-half years. Chipmakers Intel and Qualcomm are participating in the project, along with a national laboratory, a university and a defense contractor North Grumman.
Kaspersky to US: Check Our Source Code - Tech News World
Cybersecurity expert Eugene Kaspersky has volunteered to turn over his company's software source code to allay fears about possible ties with the Russian government, The Australian reported last week. Kaspersky made the offer public at CeBIT Australia.
The Army Can Now Stop Enemy Tanks In Their Tracks Without Firing A Shot - Task and Purpose
U.S. Army personnel have successfully used advanced electronic warfare technology to completely disable enemy armor during a simulated tank assault at the Army National Training Center, Defense Systems reports.
Maxwell’s Cyber College is Next Step in Cyber Warfare - Montgomery Advertiser
The Cyber College at Maxwell Air Force Base is the next step in cyber warfare and the next step in shaping the future of the nation and of the River Region.
A leaked NSA exploit which helped the WannaCry ransomware outbreak become so prolific is now being used to distribute Trojan malware.
On May 24, Chris Vickery, a cyber risk analyst with the security firm UpGuard, discovered a publicly accessible data cache on Amazon Web Services' S3 storage service that contained highly classified intelligence data. The cache was posted to an account linked to defense and intelligence contractor Booz Allen Hamilton.
Hackers have gained access to OneLogin, an online password manager that offers a single sign-on to multiple websites and services.
Hadoop Servers Expose Over 5 Petabytes of Data - Bleeping Computer
Improperly configured HDFS-based servers, mostly Hadoop installs, are exposing over five petabytes of information, according to John Matherly, founder of Shodan, a search engine for discovering Internet-connected devices.
Adware that infects your computer to display pop-ups is an annoyance. But when it infects as many as one in five networks in the world, and hides the capability to do far more serious damage to its victims, it's an epidemic waiting to happen.
Hackers can penetrate the corporate IT network of a manufacturing company, then gain access to a robot's controller software and, by exploiting a vulnerability remotely, download a tampered configuration file.
A bipartisan group of House lawmakers has introduced legislation aimed at boosting congressional oversight of sensitive U.S. military cyber operations and cyber weapons.
Dvmap: the First Android Malware with Code Injection - Secure List
Dvmap is very special rooting malware. It uses a variety of new techniques, but the most interesting thing is that it injects malicious code into the system libraries - libdmv.so or libandroid_runtime.so.
Malware Uses Router LEDs to Steal Data From Secure Networks - Bleeping Computer
Specially-designed malware installed on a router or a switch can take control over the device’s LEDs and use them to transmit data in a binary format to a nearby attacker, who can capture it using simple video recording equipment.
How a Few Yellow Dots Burned the Intercept’s NSA Leaker - ARS Technica
When reporters at The Intercept approached the National Security Agency on June 1 to confirm a document that had been anonymously leaked to the publication in May, they handed over a copy of the document to the NSA to verify its authenticity. When they did so, the Intercept team inadvertently exposed its source because the copy showed fold marks that indicated it had been printed - and it included encoded watermarking that revealed exactly when it had been printed and on what printer.
Researchers in Russia say they've developed and tested the world's first blockchain that won't be vulnerable to encryption-breaking attacks from future quantum computers.
PowerPoint File Downloads Malware When You Hover a Link, No Macros Required - Bleeping Computer
Security researchers have spotted a booby-trapped PowerPoint file that will download malware to a computer whenever a victim hovers a link, no macro scripts required.
CertLock Trojan Blocks Security Programs by Disallowing Their Certificates - Bleeping Computer
A new trend in adware and unwanted program purveyors is to install protection software that makes it more difficult for Windows users to run their security programs and clean infections. This was seen with the SmartService rootkit that blocked AV software from running and now with a protection program being called CertLock.
The Pentagon's Defense Advanced Research Projects Agency, better known as DARPA, has awarded Raytheon multiple contracts to research and develop technologies that will detect and respond to cyber attacks on the U.S. power grid infrastructure. The contracts, which total $9 million, were awarded under DARPA's Rapid Attack Detection, Isolation and Characterization Systems program.
The APT3 hacker group that has been active since at least 2010 and is believed to have stolen intellectual property and confidential data from numerous Western government and military targets is actually a contractor for the Chinese Ministry of State Security (MSS).
WannaCry Ransomware Hits U.S. Critical Infrastructure - eSecurity Planet
A Department of Homeland Security official told Reuters earlier this week that some U.S. critical infrastructure operators have been affected by the recent WannaCry ransomware campaign.
Cyber Security of Critical Infrastructure - Department of Homeland Security
CSIAC serves on the EO 13636/PPD-21 Research & Development (R&D) Working Group (WG) run by DHS S&T. If you would like further information, contact Dr. Paul Losiewicz at email@example.com
The Cyber COI engages in multiple activities and forums for coordinating cyber S&T strategies, sharing innovative ideas and technical approaches, promoting technology transfer and upcoming business opportunities, and in jointly planning programs across the Department of Defense and other government agencies. Membership is based upon approval by the Cyber COI group administrator.
DOD OSBP officials acknowledged that cybersecurity is an important and timely issue for small businesses -and therefore the office is considering incorporating cybersecurity into its existing outreach and education efforts. During the review, GAO identified 15 existing federal cybersecurity resources that DOD OSBP could disseminate to defense small businesses.
DHS S&T Collaboration Community - Ideascale
The National Conversation is intended to bring together everyone to play a role in shaping the future of homeland security technology. This means responders, operational users, citizens, academia, and industry.
The Department of Defense Cyber Strategy - Department of Defense
The purpose of this strategy is to guide the development of DoD's cyber forces and strengthen our cyber defense and cyber deterrence posture. It focuses on building cyber capabilities and organizations for DoD's three primary cyber missions.
The Information Sharing Environment (ISE) broadly refers to the people, projects, systems, and agencies that enable responsible information sharing for national security.
Standards & Reference Documents - CSIAC
View all Best Practices and Reference Documents on the CSIAC website.
DoD Cyber Domain Resources - Department of Defense
DHS Cyber Security Strategy (“Blueprint for a Secure Cyber Future”, 2011) - Department of Homeland Defense
DIB CS/IA Voluntary Information Sharing Program - DoD DIBNet
DoD's DIB CS/IA program is a voluntary program to enhance and supplement DIB participants' capabilities to safeguard DoD information that resides on, or transits, DIB unclassified information systems.
US-CERT Bulletins - Department of Homeland Security
Bulletins provide weekly summaries of new vulnerabilities. Patch information is provided when available.
US-CERT Alerts - Department of Homeland Security
Alerts provide timely information about current security issues, vulnerabilities, and exploits.
NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. NVD includes databases of security checklists, security related software flaws, misconfigurations, product names, and impact metrics.
Trustworthy CyberSpace: Strategic Plan For The Federal Cybersecurity Research and Development Program - NITRD
Committee on National Security Systems (CNSS) - Committee on National Security Systems
The CS Digest provides links to third party Websites. The CSIAC is not responsible for the availability of, and content provided on, third party Websites. You should refer to the policies posted by other Websites regarding their privacy and other topics before you use them. The CSIAC is not responsible for third party content accessible through the CSIAC CS Digest, including opinions, advice, statements, advertisements and endorsements, and you bear all risks associated with the use of such content.