The Cybersecurity (CS) Digest is a curated bi-weekly news summary for cybersecurity professionals. It is transmitted in an HTML-formatted email and provides links to articles and news summaries across a spectrum of cybersecurity topics.

CSIAC ANNOUNCEMENTS:

In Case You Missed It – OWASP Amass: Discovering Your Exposure on the Internet - CSIAC

The Open Web Application Security Project (OWASP) Amass project was originally created when the project lead was showing organizations what they look like on the Internet. During this process, he noticed that the tools available were returning incomplete results relative to what could be discovered manually. With the identification of this gap in capabilities for security experts, the Amass project was born. The OWASP Amass project is focused on DNS enumeration and automated network infrastructure mapping techniques. This presentation will discuss a variety of the techniques utilized by Amass.
Tags: Amass, Open Web Application Security Project (OWASP)

RECENT HEADLINES:

Security Researcher Exposes Zero-day WordPress Vulnerabilities - Techradar

A trio of critical zero-day vulnerabilities in WordPress plugins has exposed 160,000 websites to attacks after a security researcher publicly disclosed the flaws before patches were made available.
Tags: Cyber Attack, WordPress, Zero-day Exploits

Google Faces Surge in Police Requests for Mobile Location Data - Engadget

It's clearer than ever that police see smartphones as treasure troves of evidence. New York Times sources understand that law enforcement requests for information from Google's mobile Location History database, known internally as Sensorvault, have "risen sharply" in the last six months.
Tags: Data Privacy, Google, Mobile Location Data

Microsoft’s Work with Chinese Military University Raises Eyebrows - Security Week

Microsoft has been collaborating with researchers linked to a Chinese military-backed university on artificial intelligence, elevating concerns that US firms are contributing to China's high-tech surveillance and censorship apparatus.
Tags: Artificial Intelligence (AI), Censorship, Microsoft

Malware Campaign Uses Multiple Propagation Methods, Including EternalBlue - Security Affairs

Hackers are using the EternalBlue exploit and leveraging advantage of Living off the Land (LotL) obfuscated PowerShell-based scripts to deliver malware and a Monero cryptocurrency.
Tags: Cryptocurrency, EternalBlue, Malware

Building a Data Pipeline to Defend New York From Cyber Threats - ZDNet

Responsible for protecting a large, complex and federated network of city systems, NYC Cyber Command built its own, open-source data pipeline.
Tags: Data Security, Open Source

Microsoft Admits Outlook.com Hackers Were Able to Access Emails - The Verge

Microsoft has admitted that its Outlook.com security breach was worse than the company initially revealed.
Tags: Data Breach, Microsoft, Outlook

Mitch McConnell: Democrats’ net neutrality bill is ‘dead on arrival’ in Senate - CNET

Senate Majority Leader Mitch McConnell told reporters on Tuesday that the net neutrality bill Democrats are pushing through the House will be "dead on arrival" in the Senate.
Tags: Legislation, Net Neutrality

A Peek Into the Toolkit of the Dangerous ‘Triton’ Hackers - Wired

When the malware known both as Triton and Trisis came to light in late 2017, it quickly gained a reputation as perhaps the world's most dangerous piece of code: the first ever designed to disable the safety systems that protect industrial facilities from potentially lethal physical accidents. But Triton hackers still have to engage in a far more common forms of hacking to plant that code, in some cases spending close to a year digging their way through IT networks before they reach their targets. They've used a distinct toolkit of custom-made malware to do so-and bringing it to light might now help stop other active intrusions before it's too late.
Tags: Industrial Control Systems (ICS), Malware

A New Breed of ATM Hackers Gets in Through a Bank’s Network - Wired

Over the past few years, scammers have increasingly siphoned cash off of digital payment networks, stealing hundreds of millions of dollars so far. Not only is the problem hard to contain; new findings show that it's evolving and maturing, with new types of ATM malware on the rise.
Tags: ATM, Malware

The Air Force Has a New Cyber Security Defense Plan - National Interest

The Air Force is refining new cloud-oriented cybersecurity technologies to safeguard vulnerable data networks and strengthen defenses against increasingly sophisticated AI-enabled cyber attacks.
Tags: Air Force, Artificial Intelligence (AI), Cybersecurity Defense

CSIAC Supported Communities

CSIAC supports several communities of practice, such as the Cyber Community of Interest (COI) Group and research & development working groups.

Technical Resources, Policy and Guidance

This list of related sites provides additional sources to pursue the topic of Cybersecurity. The sites include Government organizations, including federal agencies, Department of Defense and military service agencies, commercial organizations, and academic institutions.

The CS Digest provides links to third party Websites. The CSIAC is not responsible for the availability of, and content provided on, third party Websites. You should refer to the policies posted by other Websites regarding their privacy and other topics before you use them. The CSIAC is not responsible for third party content accessible through the CSIAC CS Digest, including opinions, advice, statements, advertisements and endorsements, and you bear all risks associated with the use of such content.