The Cybersecurity (CS) Digest is a curated bi-weekly news summary for cybersecurity professionals. It is transmitted in an HTML-formatted email and provides links to articles and news summaries across a spectrum of cybersecurity topics.
SIMATIC WinCC OA client-server human-machine interface (HMI) susceptible to "crafted" packet attacks w/o authentication
NDI James Clapper; Insider Threat; Joint Information Environment; Data Mining; Cloud and Big Data, and World of Warcraft? A good read...
Biggest DDoS ever aimed at Cloudflare’s content delivery network – Network Time Protocol attack reached 400Gbps - Ars Technica
Network Time Protocol reflection based DDoS can be mitigated against, but the size of the attack set a new record.
More interesting, is that the VFW attack employed a new zero-day vulnerability in I.E. 10, according to FireEye
Email Attack on Vendor Set Up Breach at Target - Krebson Security
Email was conduit for Fazio Mechanical infection. Possible Spear-fishing attack suspected
Kaspersky Lab Uncovers “The Mask” - Kaspersky Labs
Kaspersky claims "Mask" or "Careto" is more sophisticated than "Duqu", uses spear-fishing to infect machines and exfiltrate data and keys
Federal Workers Lax On Mobile Security - Information Week
"We have met the enemy, and he is us" - half of mobile device users in Government admit poor security practices
Transaction malleability flaw undercuts Bitcoin… more to follow
The CS Digest provides links to third party Websites. The CSIAC is not responsible for the availability of, and content provided on, third party Websites. You should refer to the policies posted by other Websites regarding their privacy and other topics before you use them. The CSIAC is not responsible for third party content accessible through the CSIAC CS Digest, including opinions, advice, statements, advertisements and endorsements, and you bear all risks associated with the use of such content.