The Cybersecurity (CS) Digest is a curated bi-weekly news summary for cybersecurity professionals. It is transmitted in an HTML-formatted email and provides links to articles and news summaries across a spectrum of cybersecurity topics.
This issue of the Journal of Cyber Security & Information Systems explores how managing fast adoption modern-based system has more to do with understanding capabilities, interdependency between systems and effectively operating in the new paradigm than it has to do with differentiating product features. The link between the effective use of new integrated cyber capabilities and culture change is critical for executive managers to understand - as Peter Drucker said, "culture eats strategy". Emerging technology-based ecosystem are enabling technologies that not only improve government warfighting capabilities, but can assist decision makers and users to better understand challenges being faced in the modernization and securing of increasingly software-enabled components and systems.
Free CSIAC Webinar: Nov 14 @ 12:00 pm EST – Defense Modeling and Simulation (M&S) Catalog: 2018 Update - CSIAC
The Defense M&S Catalog was established by Defense Modeling & Simulation Coordination Office to support the visibility component of the DoD data strategy and to provide an avenue for M&S organizations to make resources available for reuse. The Catalog is a collection point for enterprise discovery and actively seeks contribution of resources from M&S organizations. The EMBR tool complements the Catalog and was developed to offer organizations local control and management of their M&S assets which can then be published to the Defense M&S Catalog. Both the Defense M&S Catalog and EMBR are PKI restricted and require user registration. The webinar however is open to anyone seeking to learn more about these systems. The presentation will share some of the exciting efforts the team has been underway with in 2018 for the Defense M&S Catalog and EMBR.
ICS Devices Vulnerable to Side-Channel Attacks: Researcher - Security Week
Side-channel attacks can pose a serious threat to industrial control systems (ICS), a researcher warned last month at SecurityWeek's ICS Cyber Security Conference in Atlanta, GA.
HSBC Bank Data Breach Exposed Account Numbers, Balances, and More - Bleeping Computer
A data breach at HSBC Bank has allowed attackers to gain access to a limited amount of customer's information such as account numbers, balances, addresses, transaction history, and much more.
Researchers from Radboud University Nijmegen in the Netherlands yesterday disclosed a pair of vulnerabilities in the hardware full-disk encryption mechanisms of self-encrypting solid state drives (SSDs) from Samsung and Crucial. The flaws are present in both internal and external storage devices from these manufacturers, and even affect Microsoft Windows environments that use BitLocker for full-disk encryption.
Private Messages for 81k Hacked Facebook Accounts Being Sold Online - Bleeping Computer
Criminals are selling the private messages of 81,000 hacked Facebook accounts for 10 cents per account.
VMware Unveils New Blockchain Service - Security Week
One of the new technologies announced on Tuesday by VMware at its VMworld 2018 Europe conference is VMware Blockchain, which aims to provide enterprises a decentralized trust infrastructure based on permissioned blockchain.
Recent times have seen banks hedging their bets or even fully integrating cryptocurrencies. The acquisition and filing of patents is how large organizations truly express their interest in a given field, and Bank of America continues to lead the way, now having secured its latest patent in the blockchain and crypto space, one for "tamper-responsive" remote storage of private keys.
The U.S. Food and Drug Administration (FDA) and Department of Homeland Security (DHS) have announced a strengthened partnership to buff up medical device cybersecurity, increasing communication and coordination between the two agencies.
Researchers in California recently published a study in the journal Radiology, and they demonstrated that, once trained, a neural network was able to accurately diagnose Alzheimer's disease in a small number of patients, and it did so based on brain scans taken years before those patients were actually diagnosed by physicians.
IBM Watson Will be Used by NIST to Assign CVSS Scores to Vulnerabilities - Security Affairs
The National Institute of Standards and Technology (NIST) is planning to use Artificial Intelligence to assign the CVSS scores to reported vulnerabilities.
Cisco Systems revealed in a security bulletin Wednesday that it "inadvertently" shipped in-house exploit code that was used in security tests of scripts as part of its TelePresence Video Communication Server and Expressway Series software. The code exploits the Dirty Cow vulnerability (CVE-2016-5195), a well-known privilege escalation vulnerability in the Linux Kernel, which came to light in 2016.
How Cyberspace Makes the DoD Think Differently - Fifth Domain
U.S. Cyber Command has made it clear that it must undertake traditional and nontraditional partnerships in order to succeed in a highly dynamic environment.
The team that develops the Apache Struts framework is alerting users of a critical vulnerability that could allow remote code execution attacks. The Apache Foundation urged developers to update a key component of the framework in order to patch the flaw in an alert posted Monday.
Researchers have uncovered an active phishing campaign which targets Android devices in order to turn them into mobile proxies.
A new Navy policy recognizes the electromagnetic spectrum as a warfighting domain "on par with sea, land, air, space and cyber."
Voice Phishing Scams Are Getting More Clever - KrebsonSecurity
Most of us have been trained to be wary of clicking on links and attachments that arrive in emails unexpected, but it's easy to forget scam artists are constantly dreaming up innovations that put a new shine on old-fashioned telephone-based phishing scams. Think you're too smart to fall for one? Think again: Even technology experts are getting taken in by some of the more recent schemes (or very nearly).
CSIAC supports several communities of practice, such as the Cyber Community of Interest (COI) Group and research & development working groups.
This list of related sites provides additional sources to pursue the topic of Cybersecurity. The sites include Government organizations, including federal agencies, Department of Defense and military service agencies, commercial organizations, and academic institutions.
The CS Digest provides links to third party Websites. The CSIAC is not responsible for the availability of, and content provided on, third party Websites. You should refer to the policies posted by other Websites regarding their privacy and other topics before you use them. The CSIAC is not responsible for third party content accessible through the CSIAC CS Digest, including opinions, advice, statements, advertisements and endorsements, and you bear all risks associated with the use of such content.