The Cybersecurity (CS) Digest is a curated bi-weekly news summary for cybersecurity professionals. It is transmitted in an HTML-formatted email and provides links to articles and news summaries across a spectrum of cybersecurity topics.

CSIAC ANNOUNCEMENTS:

Free CSIAC Webinar April 19 @ 12 PM EDT – CryptoLocker: Surviving a Ransomware Attack - CSIAC

Ransomware has been around for years, however, CryptoLocker attacks have risen sharply in recent months leaving organizations exposed and contemplating paying for their data. Join us for an in-depth look at ransomware and how you can avoid being the next target.

RECENT HEADLINES:

Critical Infrastructure:

MIT Experts Urge Trump Administration to Take Immediate Action on Cybersecurity - MIT News

According to MIT experts, over the last 25 years presidents from both parties have paid lip service to the topic while doing little about it, leading to a series of short-term fixes they liken to a losing game of "Whac-a-Mole." This scattershot approach, they say, endangers national security.

Computer Hack Sets off 156 Emergency Sirens across Dallas - Reuters

Dallas' 156 sirens, normally used to warn of tornadoes and other dangerous weather, were triggered at 11:42 p.m. CDT on Friday. The wailing did not end until 1:17 a.m. CDT on Saturday when engineers manually shut down the sirens' radio system and repeaters, city Emergency Management Director Rocky Vaz said.

Data Security:

Canada Court Denies Accused Yahoo Hacker Bail - Yahoo! News

A Canadian court on Tuesday denied bail to a man accused of carrying out devastating cyber attacks on Yahoo as he awaits possible extradition to the United States to face criminal charges.

IRS Data on Up to 100,000 Taxpayers Compromised in Breach of College Financial-Aid Tool - FOX Business News

Personal information for up to 100,000 taxpayers may have been compromised in a security breach of a critical online tool used to fill out student loan applications, Internal Revenue Service Commissioner John Koskinen said Thursday.

Explained: Sage Ransomware - Malwarebytes Labs

Sage is yet another ransomware that has become a common threat nowadays. Similarly to Spora, it has capabilities to encrypt files offline. The malware is actively developed and currently, we are facing an outbreak of version 2.2. of this product.

Microsoft Fixes 45 Security Flaws, Some Allowing Hackers to Hijack Your PC - Softpedia

What's very important to know is that some of the patched security flaws allowed hackers to take control of your system, and this does nothing more than to emphasize how important it is to update computers as soon as possible.

Hackers Are Attacking Word Users with New Microsoft Office Zero-Day Vulnerability - ZDNet

Attackers are exploiting a previously undisclosed vulnerability in Microsoft Word, which security researchers say can be used to quietly install different kinds of malware -- even on fully-patched computers.

High Performance Computing:

Supercomputer Simulation Offers Peek at the Future of Quantum Computers - MIT Tech Review

To find out whether quantum computers will work properly, scientists must simulate them on a classical computer. Now a record-breaking experiment has simulated the largest quantum computer yet.

Google Says Its Custom Machine Learning Chips Are Often 15-30x Faster Than GPUs and CPUs - Tech Crunch

It's no secret that Google has developed its own custom chips to accelerate its machine learning algorithms. The company first revealed those chips, called Tensor Processing Units (TPUs), at its I/O developer conference back in May 2016, but it never went into all that many details about them, except for saying that they were optimized around the company’s own TensorFlow machine-learning framework.

Information Warfare:

Google’s War on Fake News Goes Global: Search Results now Tagged ‘True’ or ‘False’ - ZDNet

The fact-check tagging system, which is rolling out globally on Google Search and News, expands on a program introduced by Google's Jigsaw group to Google News in the UK and US in October.

New Center to Combat Disinformation to be Built in Finland - The Republic

The countries - Britain, Finland, France, Germany, Latvia, Lithuania, Poland, Sweden and the United States - signed the memorandum to set up the so-called "hybrid threat" center in Helsinki with the support of the Finnish government.

Internet-of-Things:

BrickerBot Malware Attacks and Destroys Unsecure IoT Devices - SC Media

"Upon successful access to the device, the PDoS bot performed a series of Linux commands that would ultimately lead to corrupted storage, followed by commands to disrupt Internet connectivity, device performance, and the wiping of all files on the device," Radware said.

Mobile Security:

When Apps Secretly Team Up to Steal Your Data - The Atlantic

When the researchers set DIALDroid loose on the 100,206 most downloaded Android apps, they turned up nearly 23,500 app pairs that leak data. More than 16,700 of those pairs also involved privilege escalation, which means the second app received a type of sensitive information that it's typically forbidden from accessing.

Public Sector:

Legacy IT Makes Federal Agencies Less Secure, Study Says - Cyberscoop

Federal agencies that shift money from maintaining outdated legacy IT systems to modernizing them can expect to see fewer cybersecurity incidents - as can the agencies that migrate legacy systems to the cloud or implement strict data governance policies, according to a new academic study.

FEEDBACK FROM PREVIOUS DIGEST:

Most Popular:

Why American Farmers Are Hacking Their Tractors With Ukrainian Firmware - Motherboard

To avoid the draconian locks that John Deere puts on the tractors they buy, farmers throughout America's heartland have started hacking their equipment with firmware that's cracked in Eastern Europe and traded on invite-only, paid online forums.

The Next Cyberattack Could Come from Sound Waves - The Conversation

You might think your smartphone or laptop is relatively safe from cyber attacks thanks to anti-virus and encryption software. But your devices are increasingly at risk from "side-channel" attacks, where an intruder can bypass traditional network entry points and use another way to compromise the device.

Trump Announces $1.5bn for Cyber-Security and Critical Infrastructure - SC Media

Donald Trump's first federal budget puts forward US $1.5 billion for cyber-security to protect the federal government and US critical infrastructure.

CSIAC SUPPORTED COMMUNITIES:

Cyber Security of Critical Infrastructure - Department of Homeland Security

CSIAC serves on the EO 13636/PPD-21 Research & Development (R&D) Working Group (WG) run by DHS S&T. If you would like further information, contact Dr. Paul Losiewicz at plosiewicz@csiac.org

Cyber Community of Interest (COI) Group - CSIAC

The Cyber COI engages in multiple activities and forums for coordinating cyber S&T strategies, sharing innovative ideas and technical approaches, promoting technology transfer and upcoming business opportunities, and in jointly planning programs across the Department of Defense and other government agencies. Membership is based upon approval by the Cyber COI group administrator.

TECHNICAL RESOURCES, POLICY & GUIDANCE:

Presidential Policy Directive – United States Cyber Incident Coordination - The White House

Opportunities Exist for DOD to Share Cybersecurity Resources with Small Businesses - GAO

DOD OSBP officials acknowledged that cybersecurity is an important and timely issue for small businesses -and therefore the office is considering incorporating cybersecurity into its existing outreach and education efforts. During the review, GAO identified 15 existing federal cybersecurity resources that DOD OSBP could disseminate to defense small businesses.

DHS S&T Collaboration Community - Ideascale

The National Conversation is intended to bring together everyone to play a role in shaping the future of homeland security technology. This means responders, operational users, citizens, academia, and industry.

The Department of Defense Cyber Strategy - Department of Defense

The purpose of this strategy is to guide the development of DoD's cyber forces and strengthen our cyber defense and cyber deterrence posture. It focuses on building cyber capabilities and organizations for DoD's three primary cyber missions.

Information Sharing Environment - ISE

The Information Sharing Environment (ISE) broadly refers to the people, projects, systems, and agencies that enable responsible information sharing for national security.

Standards & Reference Documents - CSIAC

View all Best Practices and Reference Documents on the CSIAC website.

The DoD Cybersecurity Policy Chart (Formerly the IA Policy Chart) - CSIAC

DoD Cyber Domain Resources - Department of Defense

DHS Cyber Security Strategy (“Blueprint for a Secure Cyber Future”, 2011) - Department of Homeland Defense

DIB CS/IA Voluntary Information Sharing Program - DoD DIBNet

DoD's DIB CS/IA program is a voluntary program to enhance and supplement DIB participants' capabilities to safeguard DoD information that resides on, or transits, DIB unclassified information systems.

US-CERT Bulletins - Department of Homeland Security

Bulletins provide weekly summaries of new vulnerabilities. Patch information is provided when available.

US-CERT Alerts - Department of Homeland Security

Alerts provide timely information about current security issues, vulnerabilities, and exploits.

National Vulnerability Database - NIST

NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. NVD includes databases of security checklists, security related software flaws, misconfigurations, product names, and impact metrics.

Trustworthy CyberSpace: Strategic Plan For The Federal Cybersecurity Research and Development Program - NITRD

Committee on National Security Systems (CNSS) - Committee on National Security Systems

The CS Digest provides links to third party Websites. The CSIAC is not responsible for the availability of, and content provided on, third party Websites. You should refer to the policies posted by other Websites regarding their privacy and other topics before you use them. The CSIAC is not responsible for third party content accessible through the CSIAC CS Digest, including opinions, advice, statements, advertisements and endorsements, and you bear all risks associated with the use of such content.