The Cybersecurity (CS) Digest is a curated bi-weekly news summary for cybersecurity professionals. It is transmitted in an HTML-formatted email and provides links to articles and news summaries across a spectrum of cybersecurity topics.

RECENT HEADLINES:

Critical Infrastructure:

A Single Fire Can Cripple America’s Aging Air-Traffic System. Here’s Why - Wired

The problem started with a fire that authorities said was part of a suicide plot by an FAA contractor. Beyond canceling thousands of flights over the weekend and raising troubling questions about the security of these facilities, the incident calls into question the efficacy of an air traffic system that manages 87,000 flights daily and won’t fully recover for another two weeks.

Data Security:

AT&T Employee Breaches Customer Account Privacy Policy - Softpedia

AT&T mobile carrier announced that it had to deal with an inside breach that resulted in personal customer information being exposed to an unauthorized individual.

The Unpatchable Malware That Infects USB’s is Now on the Loose - Wired

In a talk at the Derbycon hacker conference in Louisville, Kentucky last week, researchers Adam Caudill and Brandon Wilson showed that they’ve reverse engineered the same USB firmware as Nohl’s SR Labs, reproducing some of Nohl’s BadUSB tricks. And unlike Nohl, the hacker pair has also published the code for those attacks on Github, raising the stakes for USB makers to either fix the problem or leave hundreds of millions of users vulnerable.

Variant of Upatre Malware Dropper Seen in Bank Emails - Softpedia

A fresh sample of the Upatre malware downloader is currently distributed via emails claiming to be from different banks.

Cisco, FireEye Announcements: A Microcosm of the Enterprise Cybersecurity Market - Network World

Just as the leaves started to turn here in New England, I headed out to Silicon Valley last week to present at an IT event. While I was in California, there were two announcements that illustrate the state of the cybersecurity industry.

Healthcare Security:

The FDA Wants to Talk About Medical Device Cybersecurity - Washington Post

The Food and Drug Administration is asking the public to weigh in on the cybersecurity of medical devices and holding a conference on the subject, organized in collaboration with the Department of Homeland Security.

Legislation and Regulation:

DHS to Measure, Guide Cybersecurity Progress of Federal Agencies - Executive Gov

Andy Ozment, assistant secretary of the Department of Homeland Security‘s Office of Cybersecurity and Communications, says federal agencies are starting to fully acknowledge the importance of cybersecurity and cyber-risk management, Federal News Radio reported Friday.

Fiscal Year 2014-2015 Guidance on Improving Federal Information Security and Privacy Management Practices - White House

This memorandum identifies current Administration information security priorities, provide agencies with Fiscal Year (FY) 2014-2015 Federal Information Security Management Act (FISMA) and Privacy Management reporting guidance and deadlines, as required by the Federal Information Security Management Act of2002 (P.L. 107-347), and establishes new policy guidelines to improve Federal information security posture.

Mobile Security:

Largest US Bond Insurer Suffers Major Data Leak - Softpedia

Sensitive information about customers has been inadvertently leaked online by MBIA Inc, resulting in search engines indexing the data.

Every Fifth Android User Faces Cyber Attacks - Net-Security

A total of 1,000,000 Android device users around the world encountered dangerous software between August 2013 and July 2014, according to the results of a survey carried out by Kaspersky Lab and INTERPOL. In fact, this period was the peak of cyber attacks registered in recent years.

The Criminal Indictment That Could Finally Hit Spyware Makers Hard - Wired

The case involves StealthGenie, a spy app for iPhones, Android phones and Blackberry devices that until last week was marketed primarily to people who suspected their spouse or lover of cheating on them but it also could be used by stalkers or perpetrators of domestic violence to track victims.

Network Security:

Poland’s TELDAT and Raytheon Partner to Develop New Patriot Router - Providence Journal

Raytheon Company is partnering with TELDAT to develop and produce advanced militarized routers for the Patriot Air and Missile Defense system. TELDAT engineers and technicians will design, integrate and qualify this key communications networking technology for Patriot. Under the initial contract, the engineering teams from each company can begin design work and trade studies.

Report: Crime-as-a-Service Tools and Anonymization Help Any Idiot Be a Cyber-criminal - Computer World

The 2014 Internet Organized Crime Threat Assessment report says 'almost anyone' can become a cybercrook thanks to Crime-as-a-Service tools, anonymization, darknets and crypto-currencies.

Quantum Computing:

A New Approach to On-chip Quantum Computing - Phys

Commercial devices capable of encrypting information in unbreakable codes exist today, thanks to recent quantum optics advances, especially the generation of photon pairs—tiny entangled particles of light.

Molecular Tumbling Motion Can be Stopped by Single Laser: One Step Closer to Quantum Computer? - Tech Times

Quantum computers could be one step closer to reality, as researchers have developed a laser capable of stopping molecules from tumbling.

The CS Digest provides links to third party Websites. The CSIAC is not responsible for the availability of, and content provided on, third party Websites. You should refer to the policies posted by other Websites regarding their privacy and other topics before you use them. The CSIAC is not responsible for third party content accessible through the CSIAC CS Digest, including opinions, advice, statements, advertisements and endorsements, and you bear all risks associated with the use of such content.