The Cybersecurity (CS) Digest is a curated bi-weekly news summary for cybersecurity professionals. It is transmitted in an HTML-formatted email and provides links to articles and news summaries across a spectrum of cybersecurity topics.

CSIAC ANNOUNCEMENTS:

CSIAC Webinar, TODAY @ 1300 EDT: USAF Software Assurance (SwA) Training Approach - CSIAC

This presentation will examine the 76 SWEG approach from selection, onboarding, integration, and continuing education. Are we doing all the right things? The answer to that should be represented by the performance of the resilient products that we deliver. We haven't gotten all the training right, but our evolutions are continuing to bring us closer.

New CSIAC Podcast – Memory and Class Models – C++ Models Part 3 of 6 - CSIAC

Part 3 of this 6-part video series discusses the memory model paradigm, and foundational concepts behind the usage of memory: static, stack, and heap. The Class Model is described using illustrations of the relationships between code residing in static memory, and instances of objects in stack memory.

RECENT HEADLINES:

Zoom acquires Keybase to beef up encryption, ease security questions - Cyber Scoop

The San Jose-based company behind the now-popular videoconferencing software announced Thursday it has acquired Keybase, known for its secure messaging and file-sharing services. The plan, Zoom says, is to integrate Keybase's personnel to build end-to-end encryption throughout the service. Terms of the deal were not disclosed.
Tags: Encryption, Keybase, Zoom

GoDaddy Hack Breaches Hosting Account Credentials - Threat Post

GoDaddy, the world's largest domain name registrar, is warning customers that attackers may have obtained their web hosting account credentials.
Tags: Data Breach, GoDaddy

Microsoft and Intel project converts malware into images before analyzing it - ZDNet

Microsoft and Intel have recently collaborated on a new research project that explored a new approach to detecting and classifying malware.
Tags: Deep Learning, Intel, Malware, Microsoft

Washington in talks with chipmakers about building U.S. factories - Reuters

The Trump administration is in talks with semiconductor companies about building chip factories in the United States, representatives from two chipmakers said on Sunday.
Tags: Semiconductor, United States (US)

900,000 WordPress sites attacked via XSS vulnerabilities - SC Magazine

Nearly 1 million WordPress sites are being hit by what is likely a single threat actor attempting to inject a redirect into the sites by exploiting a cross site scripting vulnerability.
Tags: Cross-Site Scripting (XSS), Vulnerability, WordPress

Hacker group floods dark web with data stolen from 11 companies - Bleeping Computer

A hacking group has started to flood a dark web hacking marketplace with databases containing a combined total of 73.2 million user records over 11 different companies.
Tags: Dark Web, Data Breach

Black Hat and DEF CON security conferences go virtual due to pandemic - Bleeping Computer

DEF CON and Black Hat announced today that their upcoming security conferences in Las Vegas this summer will no longer be in-person and are instead moving to an all-virtual event.
Tags: Black Hat, Coronavirus, DEF CON

State-linked hacking continues amid race for coronavirus treatments, US and UK agencies warn - Cyber Scoop

Hackers linked with foreign governments continue to target multiple global health care organizations and pharmaceutical companies in a possible bid to gather intelligence or steal research related to the coronavirus pandemic, American and British cybersecurity agencies said Tuesday.
Tags: Advanced Persistent Threat (APT), Coronavirus

Foreign intelligence officials say attempted cyberattack on Israeli water utilities linked to Iran - Washington Post

Iran is being linked to an attempted cyberattack last month that authorities believe was aimed at disrupting water supplies in at least two locations in Israel as that country was seeking to contain a covid-19 outbreak, according to foreign intelligence officials familiar with the matter.
Tags: Critical Infrastructure Protection (CIP), Cyber Attack, Iran, Israel

New NGA Tech Strategy Aims At AI Integration - Breaking Defense

The National Geospatial-Information Agency (NGA) is finalizing its first-ever technology strategy, designed to lay out its evolution to a data-centric operation using machine learning and artificial intelligence to speed information to users in the Intelligence Community and the military, NGA officials said today.

HASC’s Langevin Pushes White House Cyber Coordinator, ‘E-Congress’ - Breaking Defense

By pushing work online - and partially paralyzing Congress - COVID-19 has highlighted shortfalls the co-founder of the Cyber Caucus has warned about for 19 years.

CSIAC Supported Communities

CSIAC supports several communities of practice, such as the Cyber Community of Interest (COI) Group and research & development working groups.

Technical Resources, Policy and Guidance

This list of related sites provides additional sources to pursue the topic of Cybersecurity. The sites include Government organizations, including federal agencies, Department of Defense and military service agencies, commercial organizations, and academic institutions.

The CS Digest provides links to third party Websites. The CSIAC is not responsible for the availability of, and content provided on, third party Websites. You should refer to the policies posted by other Websites regarding their privacy and other topics before you use them. The CSIAC is not responsible for third party content accessible through the CSIAC CS Digest, including opinions, advice, statements, advertisements and endorsements, and you bear all risks associated with the use of such content.