The Cybersecurity (CS) Digest is a curated bi-weekly news summary for cybersecurity professionals. It is transmitted in an HTML-formatted email and provides links to articles and news summaries across a spectrum of cybersecurity topics.
In Cased You Missed It: CSIAC Webinar – Agile, Energy-Efficient and Trustworthy Intelligence at the Edge - CSIAC
Artificial intelligence (AI) has become the linchpin in a growing number of products, services, and research programs which are aimed at automating and enhancing the human decision-making process. However, there are still several application domains (satellites, wearables, wireless, etc.) that cannot afford the size, weight, and power (SWaP) overheads associated with executing state-of-the-art AI algorithms. This webinar discusses previous and ongoing research to bridge the gap and enable AI in the most SWaP-constrained environments.
Tags: Artificial Intelligence (AI)
In part three of the RMF Categorization podcast series, the SMEs discuss the process of aligning the security objectives. The security objectives provide a common understanding of the impact levels on the information types as well as a common viewpoint of a system compromise and its organizational impact. The security objectives allow the system owner to identify security requirements in order to mitigate and reduce risks to the system.
Tags: Risk Management Framework (RMF)
48K Windows Hosts Vulnerable to SMBGhost CVE-2020-0796 RCE Attacks - Bleeping Computer
After an Internet-wide scan, researchers at cybersecurity firm Kryptos Logic discovered roughly 48,000 Windows 10 hosts vulnerable to attacks targeting the pre-auth remote code execution CVE-2020-0796 vulnerability found in Microsoft Server Message Block 3.1.1 (SMBv3).
Tags: SMB, Vulnerability, WIndows 10
Cybercriminals have been busy lately trying to exploit the coronavirus for their own malicious purposes. As such, the spread of COVID-19 has led to an increase in phishing emails and other malware designed to entrap people looking for information about the virus. A new type of ransomware known as CovidLock encrypts key data on an Android device and denies access to the victims unless they pay up, according to the threat intelligence firm DomainTools.
Tags: Android, Mobile Security, Ransomware
According to a report published today by US cyber-security FireEye, 76% of all ransomware infections in the enterprise sector occur outside working hours, with 49% taking place during nighttime over the weekdays, and 27% taking place over the weekend.
The JEDI contract award process might never be done. Following legal challenges from Amazon after the Pentagon's massive, $10 billion cloud contract was awarded to Microsoft in October, the Pentagon indicated in court documents last night that it wishes to reconsider the award.
Tags: Amazon Web Services, Cloud Computing, Microsoft
Bill Gates steps down from Microsoft board - Arstechnica
Just over 20 years after stepping down as CEO of Microsoft and six years after relinquishing his position as Chairman of the Board, Microsoft cofounder Bill Gates has resigned from the Microsoft Board of Directors. Gates, 64, is leaving the board to spend more time on philanthropic ventures.
A study that analyzed all the vulnerability disclosures between 2010 and 2019 found that around 55% of all the security bugs that have been weaponized and exploited in the wild were for two major application frameworks, namely WordPress and Apache Struts.
Tags: Vulnerabilities, web technologies
The ongoing coronavirus outbreak has disrupted business operations across the globe but cybercriminals are showing no signs of slowing down as they attempt to capitalize on people's fears surrounding the virus.
The U.S. Health and Human Services Department suffered a cyber-attack on its computer system, part of what people familiar with the incident called a campaign of disruption and disinformation that was aimed at undermining the response to the coronavirus pandemic and may have been the work of a foreign actor.
Tags: Cyber Attack
The Defense Department is focusing a lot of effort on an array of technologies involving quantum science, but the department's chief technology officer says it's important to be realistic about timelines for the most fantastic applications of that technology - and to focus on what's plausible in the short term for best equipping the warfighter.
A congressionally created commission on Wednesday proposed sweeping changes to how the federal government approaches cybersecurity in an effort to better defend the U.S. against increasingly bold and devastating digital attacks.
Security researchers are warning of a major new security flaw inside Intel processors, and it could defeat hardware-based encryption and DRM protections. The flaw exists at the hardware level of modern Intel processors released in the last five years, and could allow attackers to create special malware (like keyloggers) that runs at the hardware level and is undetectable by traditional antivirus systems. Intel's latest 10th Gen processors are not vulnerable, though.
Tags: Converged Security and Manageability Engine (CSME), Intel
CSIAC supports several communities of practice, such as the Cyber Community of Interest (COI) Group and research & development working groups.
This list of related sites provides additional sources to pursue the topic of Cybersecurity. The sites include Government organizations, including federal agencies, Department of Defense and military service agencies, commercial organizations, and academic institutions.
The CS Digest provides links to third party Websites. The CSIAC is not responsible for the availability of, and content provided on, third party Websites. You should refer to the policies posted by other Websites regarding their privacy and other topics before you use them. The CSIAC is not responsible for third party content accessible through the CSIAC CS Digest, including opinions, advice, statements, advertisements and endorsements, and you bear all risks associated with the use of such content.