The Cybersecurity (CS) Digest is a curated bi-weekly news summary for cybersecurity professionals. It is transmitted in an HTML-formatted email and provides links to articles and news summaries across a spectrum of cybersecurity topics.
CSIAC SME and member of the American Bar Association's Information Security Committee, Richard "Rick" Aldrich, gives a snapshot of the recent developments in Cyberlaw, policy, standards, court cases and industry legal frameworks. These slides focus emerging issues from cloud data storage, the scope of 3rd Part Doctrine, encryption, warrents for electronic searches, and Artifical Intelligence.
A memo from the Pentagon's chief information officer issues a timeline for some agencies to migrate to the cloud.
The Joint Enterprise Defense Infrastructure cloud contract is just one slice of the Defense Department's potential cloud business, according to Deputy Defense Secretary Patrick Shanahan.
California High Schooler Changes Grades After Phishing Teachers, Gets 14 Felonies for His Efforts - Gizmodo
Police in Concord, California arrested a teenager earlier this week and charged him with 14 felony counts after discovering the high schooler launched a phishing campaign directed at teachers in order to steal their passwords and change grades.
When the US last tightened its sanctions against Iran in 2012, then-president Barack Obama boasted that they were "virtually grinding the Iranian economy to a halt." Iran fired back with one of the broadest series of cyberattacks ever to target the US, bombarding practically every major American bank with months of intermittent distributed denial of service attacks that pummeled their websites with junk traffic, knocking them offline. Three years later, the Obama administration lifted many of those sanctions in exchange for Iran's promise to halt its nuclear development; Tehran has since mostly restrained its state-sponsored online attacks against Western targets.
Researchers explain the attack behind their warning to disable e-mail plugs for now.
Cambridge Analytica, the embattled data firm that worked on President Trump's 2016 presidential campaign, has told employees it is shutting down, along with its UK counterpart SCL Elections. The move, which impacts all offices of both companies worldwide, comes amid recent revelations that the company harvested the data of up to 87 million Facebook users without their consent, according to multiple sources close to the company.
Equifax has published yet more details on the personal records and sensitive information stolen by miscreants after they hacked its databases in 2017.
Hacker Kevin Mitnick Shows How to Bypass 2FA - TechCrunch
A new exploit allows hackers to spoof two-factor authentication requests by sending a user to a fake login page and then stealing the username, password, and session cookie.
Attackers on Tuesday pulled off a complex attack using kinks in core internet infrastructure that caused users of an Ethereum wallet developer's website to be redirected to a phishing site.
The White House Says a New AI Task Force will Protect Workers and Keep America First - MIT Technology Review
The Trump administration has announced a new task force that will promote an "America first" approach to artificial intelligence.
A flaw that allowed apps to monitor user network activity will be fixed, but not for all apps.
Even with all Apple's expertise and investment in cybersecurity, there are some security problems that are so intractable the tech titan will require a whole lot more time and money to come up with a fix. Such an issue has been uncovered by Don A. Bailey, founder of Lab Mouse Security, who described to Forbes a hack that, whilst not catastrophic, exploits iOS devices' trust in Internet of Things devices like connected toasters and TVs. And, as he describes the attack, it can turn Apple's own security chip on iPhones into a kind of "skeleton key."
In late April 2018, a new zero-day vulnerability for Internet Explorer (IE) was found using our sandbox; more than two years since the last in the wild example (CVE-2016-0189). This particular vulnerability and subsequent exploit are interesting for many reasons. The following article will examine the core reasons behind the latest vulnerability, CVE-2018-8174.
That Drupal Bug you Were Told to Patch Weeks Ago? Cryptominers Hope you Haven’t Bothered - The Register
A set of high-severity vulnerabilities in Drupal that were disclosed last month are now the target of widespread attacks by a malware campaign.
Every Major OS Maker Misread Intel’s Docs. Now Their Kernels can be Hijacked or Crashed - The Register
Linux, Windows, macOS, FreeBSD, and some implementations of Xen have a design flaw that could allow attackers to, at best, crash Intel and AMD-powered computers.
CSIAC supports several communities of practice, such as the Cyber Community of Interest (COI) Group and research & development working groups.
This list of related sites provides additional sources to pursue the topic of Cybersecurity. The sites include Government organizations, including federal agencies, Department of Defense and military service agencies, commercial organizations, and academic institutions.
The CS Digest provides links to third party Websites. The CSIAC is not responsible for the availability of, and content provided on, third party Websites. You should refer to the policies posted by other Websites regarding their privacy and other topics before you use them. The CSIAC is not responsible for third party content accessible through the CSIAC CS Digest, including opinions, advice, statements, advertisements and endorsements, and you bear all risks associated with the use of such content.