The Cybersecurity (CS) Digest is a curated bi-weekly news summary for cybersecurity professionals. It is transmitted in an HTML-formatted email and provides links to articles and news summaries across a spectrum of cybersecurity topics.

RECENT HEADLINES:

Critical Infrastructure:

Global Advance Of ADS-B - Aviation Week

In the not-too-distant future, it will be possible to fly anywhere over the planet in an Automatic Dependent Surveillance-Broadcast environment affording benefits equally to flight crews, operators and air traffic controllers.

DARPA on the Hunt for ‘Early Warning’ Cyberattack Detection Technology - Fierce Government IT

The Defense Advanced Research Projects Agency will bring together potential proposers on Dec. 14 to give industry more information on its cyber threat monitoring needs in advance of forthcoming solicitations under a broad agency announcement known as the Rapid Attack Detection, Isolation and Characterization, or RADICS, program.

House Energy bill Boosts Cybersecurity for Electric Grid - The Hill

A Republican-backed bill overhauling federal energy policy that passed the House on Thursday includes several significant provisions aimed at defending the nation's power supply against cyberattacks.

DHS Hacks Businesses for Free to Test Cybersecurity - The Hill

The Department of Homeland Security (DHS) is peppering U.S. businesses - mostly banks and energy firms with cyberattacks to test their digital defenses. The little-known program, offered to companies free of charge, is part of an ongoing effort to help critical infrastructure companies bolster their cybersecurity.

Cyberwarfare:

Department of Defense Establishes new Cyber Units with Texas National Guard - KXAN

As the threat posed by terrorists and criminal groups continue to go grow in the cyber realm, the Department of Defense is expanding its cyber forces to deal with emerging threats.

Russian Cyberspies use Updated Arsenal to Attack Defense Contractors - Security Week

A Russia-linked cyber espionage group has been using new tools in attacks against defense contractors and other high profile targets, Kaspersky Lab reported.

Air Force’s $49.5M Plan to Outsource CyberWeapon and CounterHack Software - Next Gov

The Air Force is finalizing a $49.5 million plan to hire private sector coders who, by developing software, can sabotage adversary computer systems and thwart incoming hack attacks.

Australian Government Hit by Massive Cyber Attack - E-Security Planet

A major cyber attack on Australia's Bureau of Meteorology (BoM) recently compromised sensitive computer systems throughout the country's Federal Government, the Australian Broadcasting Corporation reports.

Air Force Space Command not Spending on Cyber Defense of Weapons Systems - FCW

Of the $3 billion the Air Force Space Command spent last fiscal year on cybersecurity, not a single penny went to defending software vulnerabilities in weapons systems that Pentagon officials have said are at great risk.

Data Security:

OPM Creates Verification Center for Breach Victims who Haven’t Received Notification Yet - Fierce Government IT

The Office of Personnel Management announced Tuesday the establishment of a verification center for victims of the recent data breaches on its systems discovered this summer.

At First Cyber Meeting, China Claims OPM Hack is “Criminal Case” - Arstechnica

China arrested hackers it says were responsible for OPM breach in September.

How Hackers Are Using Fake LinkedIn Profiles to Steal Your Information - Yahoo!

The LinkedIn request seemed ordinary enough. A technology journalist named "Jenifer Lawrence" had asked to connect to me. I clicked OK without thinking. Then I took a closer look at her profile.

Ponmocup Botnet Infected 15 Million Users Since 2006 - Softpedia

A gigantic botnet has been hiding in the shadows since 2006, and security researchers at Fox-IT are estimating that the botnet that currently has around 500,000 active bots has infected around 15 million machines during the last nine years.

Healthcare Security:

Critical Medical Equipment Vulnerable to LDAP and SQL Injection Attacks - Softpedia

CERT/CC sounded the alarm on users of the Cardio Server ECG Management System, a broad-scope healthcare data management system used in many medical units, from small clinics to large city hospitals.

Internet-of-Things:

Hacker-Friendly Search Engine that Lists Every Internet-Connected Device - The Hacker News

At the end of last month, security researchers from SEC Consult found that the lazy manufacturers of home routers and Internet of Things (IoT) devices have been re-using the same set of hard-coded cryptographic keys, leaving around 3 millions of IoT devices open to mass hijacking.

Legislation:

US Senate Considers Law Forcing Twitter and Facebook to Report ‘Terrorist Activity’ - The Verge

Lawmakers have resurrected legislation that would require tech companies to report online terrorist activity following the mass shooting in San Bernardino last week.

France Proposes Law to Ban Tor and Public WiFi Following ISIS Paris Attacks - Softpedia

French authorities are considering a new law that would ban Tor and restrict access to public WiFi networks across the country, as a result of the ISIS attacks in Paris.

Cybersecurity Bill Would Add Secrecy to Public Records Laws - ABC News

A proposed law meant to encourage companies to share information about cyberthreats with the U.S. government includes measures that could significantly limit what details, if any, the public can review about the program through federal and state public records laws.

Mobile Security:

Rootnik Trojan Modifies Legitimate Root Tool to Hack Android Devices - Security Week

A new Trojan is stealing information from Android devices after gaining root access on them by using a commercial root tool and is affecting users around the world, researchers at Palo Alto Networks warn.

Network Security:

Unpatched Flaws Allow Hackers to Compromise Belkin Routers - Security Week

A researcher has published the details and proof-of-concept (PoC) code for several unpatched vulnerabilities affecting Belkin's N150 wireless home routers.

Popular Mobile Modems Plagued by Zero-Day Flaws - Security Week

Researchers have conducted an analysis of popular mobile broadband modems and routers from various vendors and discovered that the devices are plagued by serious vulnerabilities that can be leveraged in malicious attacks.

Quantum Computing:

IARPA Awards IBM Grant to Further Quantum Computing Research - Fed Scoop

The grant comes after IBM made a big breakthrough in correcting errors that come in the quantum computing process.

Software Security:

Critical Flaw Found in AVG, McAfee, Kaspersky Products - Security Week

A serious vulnerability found in several security products could have been exploited by malicious actors to bypass Windows protection features, data exfiltration prevention firm enSilo reported.

Microsoft Warns of Imminent end of Support for all but the Latest Internet Explorer Versions - Net-Security

Windows users who still prefer Internet Explorer to all other browsers have been urged by Microsoft to update to the latest (and last) version of the browser (v11), as the company plans to end support for all previous versions in January.

FEEDBACK FROM PREVIOUS DIGEST:

Video Follow-ups:

Quantum Computing vs Encryption Update - CSIAC

The CSIAC has produced a short follow-up on recent cybersecurity headlines. Recent advances and speculation in Quantum Computing have created many questions. A look at the NSA's Suite B cryptographic algorithms resource provides a sound reference for understanding the current state of the industry. However, scientific breakthroughs continue to be a driving force in the Quantum Computing realm.

Air University Update - CSIAC

This podcast is an update to previously popular CS Digest articles on Air University's cyber curriculum. Topics cover how this new cyber curriculum assists the Air Force in achieving many of their newly announced immediate and long-term mission goals. Additionally, Lt. General Steven Kwast speaks on a panel that provides additional insight for education and training objectives for future Airmen as leaders.

Most Popular:

The Pentagon’s Plan to Outsource Lethal Cyber-Weapons - Engadget

The Pentagon has quietly put out a call for vendors to bid on a contract to develop, execute and manage its new cyber weaponry and defense program.

Researchers Find Multiple Chrome Extensions Secretly Tracking Users - Softpedia

Analytics code deeply hidden in popular Google Chrome extensions is being used to track users across the Web, in different browser tabs, and without user consent.

Researcher Creates Gadget That Bypasses Credit Card Chip and PIN Safeguards - Softpedia

Samy Kamkar, the inventor of numerous hacking tools, has created another mind-blowing device, one that can accurately read and predict credit card numbers, and bypass chip & PIN safeguards embedded within modern cards.

CSIAC SUPPORTED COMMUNITIES:

Cyber Community of Interest (COI) Group - CSIAC

The Cyber COI engages in multiple activities and forums for coordinating cyber S&T strategies, sharing innovative ideas and technical approaches, promoting technology transfer and upcoming business opportunities, and in jointly planning programs across the Department of Defense and other government agencies. Membership is based upon approval by the Cyber COI group administrator.

The Cyber Shield Newsletter - New Mexico Counterintelligence Working Group (NMCIWG)

The Cyber Shield is a Cyber Newsletter for Counterintelligence, IT and Security Professionals associated with DoD and USG agencies. There are no distribution constraints. If you would like to subscribe, please contact Paul Losiewicz at plosiewicz@csiac.org

The CS Digest provides links to third party Websites. The CSIAC is not responsible for the availability of, and content provided on, third party Websites. You should refer to the policies posted by other Websites regarding their privacy and other topics before you use them. The CSIAC is not responsible for third party content accessible through the CSIAC CS Digest, including opinions, advice, statements, advertisements and endorsements, and you bear all risks associated with the use of such content.