The Cybersecurity (CS) Digest is a curated bi-weekly news summary for cybersecurity professionals. It is transmitted in an HTML-formatted email and provides links to articles and news summaries across a spectrum of cybersecurity topics.
Free CSIAC Webinar TODAY May 16 @ 12 PM EDT – Democratize Anomaly Detection Technologies: Challenges, Advances, and Opportunities - CSIAC
This webinar will highlight recent success in demonstrating substantial improvements in the accuracy under control-flow and data-oriented attacks in Linux, including malicious code reuse, security bypass, and service abuse. The webinar will also describe exciting future research directions on hardware-assisted fast tracing, anomaly-detection as a service, supporting domain experts for inter-disciplinary anomaly discovery, and standardizing evaluation.
An insider threat is a malicious threat to an organization that comes from people within the organization. Learn how to spot some possible indicators of an insider threat.
Homeland Security Issues Warning on Cyberattack Campaign - Bank Info Security
The Department of Homeland Security is warning IT services providers, healthcare organizations and three other business sectors about a sophisticated cyberattack campaign that involves using stolen administrative credentials and implanting malware, including PLUGX/SOGU and RedLeaves, on critical systems.
A cyber-attack that hit organizations worldwide including the UK's National Health Service was "unprecedented", Europe's police agency says.
Zipping past a Plan B for cyber defense solutions to the end of the alphabet, the U.S. Defense Department's research arm launched Plan X and advanced platforms to conduct and assess cyber warfare like kinetic warfare.
A comment period has closed on NIST's new password guidelines for federal agencies that challenge the effectiveness of traditional behaviors around authentication such as an insistence on complex passwords and scheduled resets.
The emerging threat becomes clear: criminals with no programming knowledge are now able to target any organization or person with minimal effort. And what better way to maximize the payout than to target those industries where lives immediately depend on network connected devices that can be ransomed?
Real or Fake? AI Is Making It Very Hard to Know - MIT Technology Review
Powerful machine-learning techniques are making it increasingly easy to manipulate or generate realistic video and audio, and to impersonate anyone you want with amazing accuracy.
German officials and lawmakers say the attacks are the latest in a series aimed at disrupting German elections and damaging Chancellor Angela Merkel, who has pushed to maintain sanctions on Russia over its actions in eastern Ukraine.
It's a phishing scheme that even multifactor authentication and changing your password won't fix.
Your smartphone may have some apps that are continuously listening inaudible, high-frequency ultrasonic sounds from your surroundings and they know where you go, what you like and dislike - all without your knowledge.
Both iOS and Android devices are targeted by hackers, but data suggests there is more Android malware in circulation than for iOS; a recent report by F-Secure goes so far as to say 99 percent of all malware that targets mobile devices is designed for Android.
The Department of Homeland Security (DHS) has submitted a report to Congress that details current and emerging threats to the Federal government’s use of mobile devices and recommends security improvements within the mobile device ecosystem.
Intel patched a critical vulnerability that dates back nine years and impacts business desktop PCs that utilize the company's Active Management Technology. According to an Intel security bulletin, the flaw could allow an adversary to elevate privileges on a vulnerable system.
Watching the movie A Beautiful Mind, where Russell Crowe played John Nash, a professor of mathematics who won the Nobel Prize for his contributions to a complex concept called game theory, one would never guess that a hypothesis of his Nash equilibrium would someday help improve cybersecurity strategy.
Memristors have attracted interest for mimicking synapses in more energy-efficient scalable approaches to "brain-like" neuromorphic computing. However, their intrinsic variability has inhibited the performance of memristor-based neural networks, stymying progress. Now researchers in Beijing have shown that by introducing "fuzziness" into their neural network learning algorithm, they can produce synaptic memristor circuits that perform better in neuromorphic computing tasks.
Presidential Executive Order on the Establishment of the American Technology Council - The White House
Establishment of the American Technology Council.
US intelligence officials are expressing concern over a Russian cybersecurity company’s access to US government systems and pushing the General Services Administration for answers on how long it has been approved for use by US agencies.
Eminent cybersecurity expert Dr. Edward Amoroso will be a keynote speaker for the 2017 Cyber Security R&D Showcase and Technical Workshop on July 11-13, 2017 at the Mayflower Hotel in Washington, D.C.
China Builds Five Qubit Quantum Computer Sampling and Will Scale to 20 Qubits by End of This Year and Could Any Beat Regular Computer Next Year - Next Big Future
China builds ten qubit quantum computer, they will scale to 20 qubits by end of this year and could beat the performance of any regular computer next year with a 30 qubit system.
The New Frontier in Cybersecurity is Underwater - Washington Examiner
High-speed wireless "underwater internet" of the type that is now pervasive in the world's cities is still just theory. Without a cable, data just doesn't transmit easily through water (even less so when it is salt water).
Hackers Using Pixel Tracking to Gather Pre-Hack Data - E Hacking News
Pixel tracking is a decades-old email marketing technique that relies on embedding a one-by-one pixel image, usually transparent or of the same colour of the email's background which prevents users from noticing them in most cases.
A group of researchers at the Beijing-based security firm Qihoo 360 recently pulled off the so-called relay hack with a pair of gadgets they built for just $22.
Cyber Security of Critical Infrastructure - Department of Homeland Security
CSIAC serves on the EO 13636/PPD-21 Research & Development (R&D) Working Group (WG) run by DHS S&T. If you would like further information, contact Dr. Paul Losiewicz at firstname.lastname@example.org
The Cyber COI engages in multiple activities and forums for coordinating cyber S&T strategies, sharing innovative ideas and technical approaches, promoting technology transfer and upcoming business opportunities, and in jointly planning programs across the Department of Defense and other government agencies. Membership is based upon approval by the Cyber COI group administrator.
DOD OSBP officials acknowledged that cybersecurity is an important and timely issue for small businesses -and therefore the office is considering incorporating cybersecurity into its existing outreach and education efforts. During the review, GAO identified 15 existing federal cybersecurity resources that DOD OSBP could disseminate to defense small businesses.
DHS S&T Collaboration Community - Ideascale
The National Conversation is intended to bring together everyone to play a role in shaping the future of homeland security technology. This means responders, operational users, citizens, academia, and industry.
The Department of Defense Cyber Strategy - Department of Defense
The purpose of this strategy is to guide the development of DoD's cyber forces and strengthen our cyber defense and cyber deterrence posture. It focuses on building cyber capabilities and organizations for DoD's three primary cyber missions.
The Information Sharing Environment (ISE) broadly refers to the people, projects, systems, and agencies that enable responsible information sharing for national security.
Standards & Reference Documents - CSIAC
View all Best Practices and Reference Documents on the CSIAC website.
DoD Cyber Domain Resources - Department of Defense
DHS Cyber Security Strategy (“Blueprint for a Secure Cyber Future”, 2011) - Department of Homeland Defense
DIB CS/IA Voluntary Information Sharing Program - DoD DIBNet
DoD's DIB CS/IA program is a voluntary program to enhance and supplement DIB participants' capabilities to safeguard DoD information that resides on, or transits, DIB unclassified information systems.
US-CERT Bulletins - Department of Homeland Security
Bulletins provide weekly summaries of new vulnerabilities. Patch information is provided when available.
US-CERT Alerts - Department of Homeland Security
Alerts provide timely information about current security issues, vulnerabilities, and exploits.
NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. NVD includes databases of security checklists, security related software flaws, misconfigurations, product names, and impact metrics.
Trustworthy CyberSpace: Strategic Plan For The Federal Cybersecurity Research and Development Program - NITRD
Committee on National Security Systems (CNSS) - Committee on National Security Systems
The CS Digest provides links to third party Websites. The CSIAC is not responsible for the availability of, and content provided on, third party Websites. You should refer to the policies posted by other Websites regarding their privacy and other topics before you use them. The CSIAC is not responsible for third party content accessible through the CSIAC CS Digest, including opinions, advice, statements, advertisements and endorsements, and you bear all risks associated with the use of such content.