The Cybersecurity (CS) Digest is a curated bi-weekly news summary for cybersecurity professionals. It is transmitted in an HTML-formatted email and provides links to articles and news summaries across a spectrum of cybersecurity topics.
Register for CSIAC Webinar Thursday, May 30 @ 12:00 pm EDT: BFAS – Binary File Application Scanner: A Prototype for Scanning, Detecting and Reporting PII in Disparate Binary Formats - CSIAC
This webinar will discuss a CSIAC-developed prototype for detecting and extracting PII from over a thousand binary file formats by leveraging the widely used open source Apache Tika toolkit. The prototype, called "BFAS - Binary File Application Scanner", integrates Tika through the implementation of a custom Powershell cmdlet which seamlessly injects a text extraction facility into the standard (existing) Powershell pipeline. A graphical user interface (GUI) was developed to facilitate multiprocessing and XML-based reporting and visualization. Ideas for extending the BFAS architecture to leverage machine learning (ML) methods will be discussed.
Tags: BFAS, Personally Identifiable Information (PII), Webinar
The Open Web Application Security Project (OWASP) Amass project was originally created when the project lead was showing organizations what they look like on the Internet. During this process, he noticed that the tools available were returning incomplete results relative to what could be discovered manually. With the identification of this gap in capabilities for security experts, the Amass project was born. The OWASP Amass project is focused on DNS enumeration and automated network infrastructure mapping techniques. This presentation will discuss a variety of the techniques utilized by Amass.
Tags: Amass, Open Web Application Security Project (OWASP)
The U.S. intelligence community's research arm wants to train algorithms to track people across sprawling video surveillance networks, and it needs more data to do it.
Tags: Artificial Intelligence (AI), Machine Learning (ML), Surveillance
It’s 2019 and a WhatsApp Call Can Hack a Phone: Zero-day Exploit Infects Mobes With Spyware - The Register
A security flaw in WhatsApp can be, and has been, exploited to inject spyware into victims' smartphones: all a snoop needs to do is make a booby-trapped voice call to a target's number, and they're in. The victim doesn't need to do a thing other than leave their phone on.
Tags: Mobile Security, Spyware, WhatsApp
A vulnerability disclosed today allows hackers to plant persistent backdoors on Cisco gear, even over the Internet, with no physical access to vulnerable devices.
Tags: Advanced Persistent Threat (APT), Cisco, Thrangrycat
CVE-2019-11815 Remote Code Execution affects Linux Kernel prior to 5.0.8 - Security Affairs
Security experts have found a race condition vulnerability (CVE-2019-11815) in Linux Kernel Prior to 5.0.8 that expose systems to remote code execution.
Tags: CVE-2019-11815, Linux, Remote Code Execution
U.S. Govt Issues Microsoft Office 365 Security Best Practices - Bleeping Computer
The Cybersecurity and Infrastructure Security Agency (CISA) issued a set of best practices designed to help organizations to mitigate risks and vulnerabilities associated with migrating their email services to Microsoft Office 365.
Tags: Best Practices, Cybersecurity Information Sharing Act (CISA), Microsoft
Microsoft has passed another milestone on its quest to kill off passwords. The company has now gained official FIDO2 certification for Windows Hello, the Windows 10 biometric authentication system.
Tags: Biometrics, Microsoft Windows, Windows Hello
The U.S. National Institute of Standards and Technology (NIST), through its National Cybersecurity Center of Excellence (NCCoE), this week announced that it's working on a project whose goal is to help the energy sector secure industrial Internet of Things (IIoT) systems.
Tags: Energy Sector, Internet of Things (IoT), National Institute of Standards and Technology (NIST)
Scientists Claim to Have Invented the Unhackable Processor - Hot for Security
An intriguing paper published by researchers at the University of Michigan describes a new processor architecture capable of self-encryption that can fend off any hacks.
Tags: MORPHEUS, Processor Architecture, Self-encryption
A leading cybersecurity firm found evidence Chinese intelligence operatives repurposed National Security Agency (NSA) hacking technology in 2016 to attack American allies and private firms in Europe and Asia, according to The New York Times.
Tags: Cyberwarfare, National Security Agency (NSA)
Android Q Hardens Security, Adds Better Encryption - Bleeping Computer
Google announced the integration of more security features into Android Q designed to further harden the security of critical areas like the kernel, as well as making storage encryption standard and updated biometrics API.
Tags: Android, Mobile Security
North Korean Hackers Use ELECTRICFISH Malware to Steal Data - Bleeping Computer
The Federal Bureau of Investigation (FBI) and the U.S. Department of Homeland Security (DHS) have issued a joint malware analysis report (MAR) on a malware strain dubbed ELECTRICFISH and used by the North-Korean APT group Lazarus to exfiltrate data from victims.
Tags: Cyberwarfare, Malware
Executive Order on America’s Cybersecurity Workforce - White House
The White House has released a new Executive Order on America's Cybersecurity Workforce. The Executive Order will implement programs that will grow and strengthen our Nation's cybersecurity workforce to meet the challenges of the 21st century.
Tags: Cybersecurity Strategy, Excutive Order
The US Department of Homeland Security (DHS) has issued today a binding operational directive that puts a tight deadline on US government agencies during which they must patch security flaws discovered in Internet-accessible systems.
Tags: Department of Homeland Security (DHS), Patching, Vulnerability
CSIAC supports several communities of practice, such as the Cyber Community of Interest (COI) Group and research & development working groups.
This list of related sites provides additional sources to pursue the topic of Cybersecurity. The sites include Government organizations, including federal agencies, Department of Defense and military service agencies, commercial organizations, and academic institutions.
The CS Digest provides links to third party Websites. The CSIAC is not responsible for the availability of, and content provided on, third party Websites. You should refer to the policies posted by other Websites regarding their privacy and other topics before you use them. The CSIAC is not responsible for third party content accessible through the CSIAC CS Digest, including opinions, advice, statements, advertisements and endorsements, and you bear all risks associated with the use of such content.