• Home
  • Resources
    • Find Resources by Topic Tags
    • Cybersecurity Policy Chart
    • CSIAC Reports
    • Webinars
    • Podcasts
    • Cybersecurity Digest
    • Standards & Reference Docs
    • Journals
    • Certifications
    • Acronym DB
    • Cybersecurity Related Websites
  • Services
    • Free Technical Inquiry
    • Core Analysis Task (CAT) Program
    • Subject Matter Expert (SME) Network
    • Training
    • Contact Us
  • Community
    • Upcoming Events
    • Cybersecurity
    • Modeling & Simulation
    • Knowledge Management
    • Software Engineering
  • About
    • About the CSIAC
    • The CSIAC Team
    • Subject Matter Expert (SME) Support
    • DTIC’s IAC Program
    • DTIC’s R&E Gateway
    • DTIC STI Program
    • FAQs
  • Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
Login / Register

CSIAC

Cyber Security and Information Systems Information Analysis Center

  • Resources
    • Find Resources by Topic Tags
    • Cybersecurity Policy Chart
    • CSIAC Reports
    • Webinars
    • Podcasts
    • Cybersecurity Digest
    • Standards & Reference Docs
    • Journals
    • Certifications
    • Acronym DB
    • Cybersecurity Websites
  • Services
    • Free Technical Inquiry
    • Core Analysis Task (CAT) Program
    • Subject Matter Expert (SME) Network
    • Training
    • Contact
  • Community
    • Upcoming Events
    • Cybersecurity
    • Modeling & Simulation
    • Knowledge Management
    • Software Engineering
  • About
    • About the CSIAC
    • The CSIAC Team
    • Subject Matter Expert (SME) Support
    • DTIC’s IAC Program
    • DTIC’s R&E Gateway
    • DTIC STI Program
    • FAQs
  • Cybersecurity
  • Modeling & Simulation
  • Knowledge Management
  • Software Engineering
/ CS Digests / 15 Dec 2015

CS Digest: 15 Dec 2015

Posted: 12/15/2015 | Leave a Comment

The Cybersecurity (CS) Digest is a curated bi-weekly news summary for cybersecurity professionals. It is transmitted in an HTML-formatted email and provides links to articles and news summaries across a spectrum of cybersecurity topics.

RECENT HEADLINES:

Critical Infrastructure:

Global Advance Of ADS-B - Aviation Week

In the not-too-distant future, it will be possible to fly anywhere over the planet in an Automatic Dependent Surveillance-Broadcast environment affording benefits equally to flight crews, operators and air traffic controllers.

DARPA on the Hunt for ‘Early Warning’ Cyberattack Detection Technology - Fierce Government IT

The Defense Advanced Research Projects Agency will bring together potential proposers on Dec. 14 to give industry more information on its cyber threat monitoring needs in advance of forthcoming solicitations under a broad agency announcement known as the Rapid Attack Detection, Isolation and Characterization, or RADICS, program.

House Energy bill Boosts Cybersecurity for Electric Grid - The Hill

A Republican-backed bill overhauling federal energy policy that passed the House on Thursday includes several significant provisions aimed at defending the nation's power supply against cyberattacks.

DHS Hacks Businesses for Free to Test Cybersecurity - The Hill

The Department of Homeland Security (DHS) is peppering U.S. businesses - mostly banks and energy firms with cyberattacks to test their digital defenses. The little-known program, offered to companies free of charge, is part of an ongoing effort to help critical infrastructure companies bolster their cybersecurity.

Cyberwarfare:

Department of Defense Establishes new Cyber Units with Texas National Guard - KXAN

As the threat posed by terrorists and criminal groups continue to go grow in the cyber realm, the Department of Defense is expanding its cyber forces to deal with emerging threats.

Russian Cyberspies use Updated Arsenal to Attack Defense Contractors - Security Week

A Russia-linked cyber espionage group has been using new tools in attacks against defense contractors and other high profile targets, Kaspersky Lab reported.

Air Force’s $49.5M Plan to Outsource CyberWeapon and CounterHack Software - Next Gov

The Air Force is finalizing a $49.5 million plan to hire private sector coders who, by developing software, can sabotage adversary computer systems and thwart incoming hack attacks.

Australian Government Hit by Massive Cyber Attack - E-Security Planet

A major cyber attack on Australia's Bureau of Meteorology (BoM) recently compromised sensitive computer systems throughout the country's Federal Government, the Australian Broadcasting Corporation reports.

Air Force Space Command not Spending on Cyber Defense of Weapons Systems - FCW

Of the $3 billion the Air Force Space Command spent last fiscal year on cybersecurity, not a single penny went to defending software vulnerabilities in weapons systems that Pentagon officials have said are at great risk.

The Pentagon’s Plan to Outsource Lethal Cyber-Weapons - Engadget

The Pentagon has quietly put out a call for vendors to bid on a contract to develop, execute and manage its new cyber weaponry and defense program.

Data Security:

OPM Creates Verification Center for Breach Victims who Haven’t Received Notification Yet - Fierce Government IT

The Office of Personnel Management announced Tuesday the establishment of a verification center for victims of the recent data breaches on its systems discovered this summer.

At First Cyber Meeting, China Claims OPM Hack is “Criminal Case” - Arstechnica

China arrested hackers it says were responsible for OPM breach in September.

How Hackers Are Using Fake LinkedIn Profiles to Steal Your Information - Yahoo!

The LinkedIn request seemed ordinary enough. A technology journalist named "Jenifer Lawrence" had asked to connect to me. I clicked OK without thinking. Then I took a closer look at her profile.

Ponmocup Botnet Infected 15 Million Users Since 2006 - Softpedia

A gigantic botnet has been hiding in the shadows since 2006, and security researchers at Fox-IT are estimating that the botnet that currently has around 500,000 active bots has infected around 15 million machines during the last nine years.

Researchers Find Multiple Chrome Extensions Secretly Tracking Users - Softpedia

Analytics code deeply hidden in popular Google Chrome extensions is being used to track users across the Web, in different browser tabs, and without user consent.

Researcher Creates Gadget That Bypasses Credit Card Chip and PIN Safeguards - Softpedia

Samy Kamkar, the inventor of numerous hacking tools, has created another mind-blowing device, one that can accurately read and predict credit card numbers, and bypass chip & PIN safeguards embedded within modern cards.

Healthcare Security:

Critical Medical Equipment Vulnerable to LDAP and SQL Injection Attacks - Softpedia

CERT/CC sounded the alarm on users of the Cardio Server ECG Management System, a broad-scope healthcare data management system used in many medical units, from small clinics to large city hospitals.

Internet-of-Things:

Hacker-Friendly Search Engine that Lists Every Internet-Connected Device - The Hacker News

At the end of last month, security researchers from SEC Consult found that the lazy manufacturers of home routers and Internet of Things (IoT) devices have been re-using the same set of hard-coded cryptographic keys, leaving around 3 millions of IoT devices open to mass hijacking.
Tags: Internet of Things (IoT)

Legislation and Regulation:

US Senate Considers Law Forcing Twitter and Facebook to Report ‘Terrorist Activity’ - The Verge

Lawmakers have resurrected legislation that would require tech companies to report online terrorist activity following the mass shooting in San Bernardino last week.

France Proposes Law to Ban Tor and Public WiFi Following ISIS Paris Attacks - Softpedia

French authorities are considering a new law that would ban Tor and restrict access to public WiFi networks across the country, as a result of the ISIS attacks in Paris.

Cybersecurity Bill Would Add Secrecy to Public Records Laws - ABC News

A proposed law meant to encourage companies to share information about cyberthreats with the U.S. government includes measures that could significantly limit what details, if any, the public can review about the program through federal and state public records laws.

Mobile Security:

Rootnik Trojan Modifies Legitimate Root Tool to Hack Android Devices - Security Week

A new Trojan is stealing information from Android devices after gaining root access on them by using a commercial root tool and is affecting users around the world, researchers at Palo Alto Networks warn.

Network Security:

Unpatched Flaws Allow Hackers to Compromise Belkin Routers - Security Week

A researcher has published the details and proof-of-concept (PoC) code for several unpatched vulnerabilities affecting Belkin's N150 wireless home routers.

Popular Mobile Modems Plagued by Zero-Day Flaws - Security Week

Researchers have conducted an analysis of popular mobile broadband modems and routers from various vendors and discovered that the devices are plagued by serious vulnerabilities that can be leveraged in malicious attacks.

Quantum Computing:

IARPA Awards IBM Grant to Further Quantum Computing Research - Fed Scoop

The grant comes after IBM made a big breakthrough in correcting errors that come in the quantum computing process.

Software Security:

Critical Flaw Found in AVG, McAfee, Kaspersky Products - Security Week

A serious vulnerability found in several security products could have been exploited by malicious actors to bypass Windows protection features, data exfiltration prevention firm enSilo reported.

Microsoft Warns of Imminent end of Support for all but the Latest Internet Explorer Versions - Net-Security

Windows users who still prefer Internet Explorer to all other browsers have been urged by Microsoft to update to the latest (and last) version of the browser (v11), as the company plans to end support for all previous versions in January.

FEEDBACK FROM PREVIOUS DIGEST:

Video Follow-ups:

Quantum Computing vs Encryption Update - CSIAC

The CSIAC has produced a short follow-up on recent cybersecurity headlines. Recent advances and speculation in Quantum Computing have created many questions. A look at the NSA's Suite B cryptographic algorithms resource provides a sound reference for understanding the current state of the industry. However, scientific breakthroughs continue to be a driving force in the Quantum Computing realm.
Tags: Quantum Computing

Air University Update - CSIAC

This podcast is an update to previously popular CS Digest articles on Air University's cyber curriculum. Topics cover how this new cyber curriculum assists the Air Force in achieving many of their newly announced immediate and long-term mission goals. Additionally, Lt. General Steven Kwast speaks on a panel that provides additional insight for education and training objectives for future Airmen as leaders.
Tags: Air University

CSIAC SUPPORTED COMMUNITIES:

Cyber Community of Interest (COI) Group - CSIAC

The Cyber COI engages in multiple activities and forums for coordinating cyber S&T strategies, sharing innovative ideas and technical approaches, promoting technology transfer and upcoming business opportunities, and in jointly planning programs across the Department of Defense and other government agencies. Membership is based upon approval by the Cyber COI group administrator.


The CS Digest provides links to third party Websites. The CSIAC is not responsible for the availability of, and content provided on, third party Websites. You should refer to the policies posted by other Websites regarding their privacy and other topics before you use them. The CSIAC is not responsible for third party content accessible through the CSIAC CS Digest, including opinions, advice, statements, advertisements and endorsements, and you bear all risks associated with the use of such content.

« 01 Dec 2015
29 Dec 2015 »

Reader Interactions

Leave a Comment Cancel

You must be logged in to post a comment.

sidebar

Blog Sidebar

Featured Content

Data Privacy Day - Jan 28

Data Privacy Day is January 28th

You can help create a global community that respects privacy, safeguards data, and enables trust. You can help teach others about privacy at home, at work, and in your community.

Learn How

Featured Subject Matter Expert (SME): Daksha Bhasker

A dynamic CSIAC SME, Senior Principal Cybersecurity Architect, Daksha Bhasker has 20 years of experience in the telecommunications services provider industry. She has worked in systems security design and architecture in production environments of carriers, often leading multidisciplinary teams for cybersecurity integration, from conception to delivery of complex technical solutions. As a CSIAC SME, Daksha's contributions include several published CSIAC Journal articles and a webinar presentation on the sophiscated architectures that phone carriers use to stop robocalls.

View SME's Contributed Content

The DoD Cybersecurity Policy Chart

The DoD Cybersecurity Policy Chart

This chart captures the tremendous breadth of applicable policies, some of which many cybersecurity professionals may not even be aware, in a helpful organizational scheme.

View the Policy Chart

CSIAC Report - Smart Cities, Smart Bases and Secure Cloud Architecture for Resiliency by Design

Integration of Smart City Technologies to create Smart Bases for DoD will require due diligence with respect to the security of the data produced by Internet of Things (IOT) and Industrial Internet of Things (IIOT). This will increase more so with the rollout of 5G and increased automation "at the edge". Commercially, data will be moving to the cloud first, and then stored for process improvement analysis by end-users. As such, implementation of Secure Cloud Architectures is a must. This report provides some use cases and a description of a risk based approach to cloud data security. Clear understanding, adaptation, and implementation of a secure cloud framework will provide the military the means to make progress in becoming a smart military.

Read the Report

CSIAC Journal - Data-Centric Environment: Rise of Internet-Based Modern Warfare “iWar”

CSIAC Journal Cover Volume 7 Number 4

This journal addresses a collection of modern security concerns that range from social media attacks and internet-connected devices to a hypothetical defense strategy for private sector entities.

Read the Journal

CSIAC Journal M&S Special Edition - M&S Applied Across Broad Spectrum Defense and Federal Endeavors

CSIAC Journal Cover Volume 7 Number 3

This Special Edition of the CSIAC Journal highlights a broad array of modeling and simulation contributions – whether in training, testing, experimentation, research, engineering, or other endeavors.

Read the Journal

CSIAC Journal - Resilient Industrial Control Systems (ICS) & Cyber Physical Systems (CPS)

CSIAC Journal Cover Volume 7 Number 2

This edition of the CSIAC Journal focuses on the topic of cybersecurity of Cyber-Physical Systems (CPS), particularly those that make up Critical Infrastructure (CI).

Read the Journal

Recent Video Podcasts

  • Privacy Impact Assessment: The Foundation for Managing Privacy Risk Series: The CSIAC Podcast
  • Agile Condor: Supercomputing at the Edge for Intelligent Analytics Series: CSIAC Webinars
  • Securing the Supply Chain: A Hybrid Approach to Effective SCRM Policies and Procedures Series: The CSIAC Podcast
  • DoD Vulnerability Disclosure Program (VDP) Series: CSIAC Webinars
  • 5 Best Practices for a Secure Infrastructure Series: The CSIAC Podcast
View all Podcasts

Upcoming Events

Fri 22

SANS Cyber Security Central: Jan 2021

January 18 - January 23
Organizer: SANS Institute
Fri 22

SANS Cyber Threat Intelligence Summit 2021

January 21 - January 22
Organizer: SANS Institute
Fri 22

SANS Cyber Threat Intelligence Solutions Track 2021

January 22 @ 09:00 - 17:00 EST
Organizer: SANS Institute
Wed 27

Enterprise Data Governance Online 2021

January 27 @ 08:00 - 13:30 EST
Organizer: DATAVERSITY
Thu 28

Data Privacy Day

January 28
View all Events

Footer

CSIAC Products & Services

  • Free Technical Inquiry
  • Core Analysis Tasks (CATs)
  • Resources
  • Events Calendar
  • Frequently Asked Questions
  • Product Feedback Form

About CSIAC

The CSIAC is a DoD-sponsored Center of Excellence in the fields of Cybersecurity, Software Engineering, Modeling & Simulation, and Knowledge Management & Information Sharing.Learn More

Contact Us

Phone:800-214-7921
Email:info@csiac.org
Address:   266 Genesee St.
Utica, NY 13502
Send us a Message
US Department of Defense Logo USD(R&E) Logo DTIC Logo DoD IACs Logo

Copyright 2012-2021, Quanterion Solutions Incorporated

Sitemap | Privacy Policy | Terms of Use | Accessibility Information
Accessibility / Section 508 | FOIA | Link Disclaimer | No Fear Act | Policy Memoranda | Privacy, Security & Copyright | Recovery Act | USA.Gov

This website uses cookies to provide our services and to improve your experience. By using this site, you consent to the use of our cookies. To read more about the use of our site, please click "Read More". Otherwise, click "Dismiss" to hide this notice. Dismiss Read More
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled

Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.

Non-necessary

Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.