The Cybersecurity (CS) Digest is a curated bi-weekly news summary for cybersecurity professionals. It is transmitted in an HTML-formatted email and provides links to articles and news summaries across a spectrum of cybersecurity topics.

CSIAC ANNOUNCEMENTS:

In Cased You Missed It: CSIAC Webinar – Agile, Energy-Efficient and Trustworthy Intelligence at the Edge - CSIAC

Artificial intelligence (AI) has become the linchpin in a growing number of products, services, and research programs which are aimed at automating and enhancing the human decision-making process. However, there are still several application domains (satellites, wearables, wireless, etc.) that cannot afford the size, weight, and power (SWaP) overheads associated with executing state-of-the-art AI algorithms. This webinar discusses previous and ongoing research to bridge the gap and enable AI in the most SWaP-constrained environments.
Tags: Artificial Intelligence (AI)

New CSIAC Podcast – Risk Management Framework (RMF) Categorization Part 3 of 4 - CSIAC

In part three of the RMF Categorization podcast series, the SMEs discuss the process of aligning the security objectives. The security objectives provide a common understanding of the impact levels on the information types as well as a common viewpoint of a system compromise and its organizational impact. The security objectives allow the system owner to identify security requirements in order to mitigate and reduce risks to the system.
Tags: Risk Management Framework (RMF)

RECENT HEADLINES:

48K Windows Hosts Vulnerable to SMBGhost CVE-2020-0796 RCE Attacks - Bleeping Computer

After an Internet-wide scan, researchers at cybersecurity firm Kryptos Logic discovered roughly 48,000 Windows 10 hosts vulnerable to attacks targeting the pre-auth remote code execution CVE-2020-0796 vulnerability found in Microsoft Server Message Block 3.1.1 (SMBv3).
Tags: SMB, Vulnerability, WIndows 10

Virgin Media data breach affects 900,000 people - BBC News

A Virgin Media database containing the personal details of 900,000 people was left unsecured and accessible online for 10 months, the company has admitted.
Tags: Data Leak, Security Misconfiguration

CovidLock ransomware exploits coronavirus with malicious Android app - TechRepublic

Cybercriminals have been busy lately trying to exploit the coronavirus for their own malicious purposes. As such, the spread of COVID-19 has led to an increase in phishing emails and other malware designed to entrap people looking for information about the virus. A new type of ransomware known as CovidLock encrypts key data on an Android device and denies access to the victims unless they pay up, according to the threat intelligence firm DomainTools.
Tags: Android, Mobile Security, Ransomware

Most ransomware attacks take place during the night or over the weekend - ZDNet

According to a report published today by US cyber-security FireEye, 76% of all ransomware infections in the enterprise sector occur outside working hours, with 49% taking place during nighttime over the weekdays, and 27% taking place over the weekend.
Tags: Ransomware

Pentagon asks court for time to reconsider JEDI award to Microsoft - TechCrunch

The JEDI contract award process might never be done. Following legal challenges from Amazon after the Pentagon's massive, $10 billion cloud contract was awarded to Microsoft in October, the Pentagon indicated in court documents last night that it wishes to reconsider the award.
Tags: Amazon Web Services, Cloud Computing, Microsoft

Bill Gates steps down from Microsoft board - Arstechnica

Just over 20 years after stepping down as CEO of Microsoft and six years after relinquishing his position as Chairman of the Board, Microsoft cofounder Bill Gates has resigned from the Microsoft Board of Directors. Gates, 64, is leaving the board to spend more time on philanthropic ventures.
Tags: Microsoft

WordPress and Apache Struts account for 55% of all weaponized vulnerabilities - ZDNet

A study that analyzed all the vulnerability disclosures between 2010 and 2019 found that around 55% of all the security bugs that have been weaponized and exploited in the wild were for two major application frameworks, namely WordPress and Apache Struts.
Tags: Vulnerabilities, web technologies

Microsoft disrupts a botnet that infected 9 million computers - Engadget

Microsoft predicted and blocked six million domains that could have been used for cybercrime.
Tags: Botnet, Microsoft

Hackers are spreading malware through coronavirus maps - TechRadar

The ongoing coronavirus outbreak has disrupted business operations across the globe but cybercriminals are showing no signs of slowing down as they attempt to capitalize on people's fears surrounding the virus.
Tags: Malware

Cyber-Attack Hits U.S. Health Agency Amid Covid-19 Outbreak - Bloomberg

The U.S. Health and Human Services Department suffered a cyber-attack on its computer system, part of what people familiar with the incident called a campaign of disruption and disinformation that was aimed at undermining the response to the coronavirus pandemic and may have been the work of a foreign actor.
Tags: Cyber Attack

The Air Force’s New ‘Glue’ to Pull Information Warfare Together - C4isrnet

The Air Force is creating a new operations center that focuses on information warfare, a move designed to synchronize the operations of 178 units worldwide.
Tags: Air Force, Information Warfare

AMD CPUs for the past 9 years are vulnerable to data leak attacks - Engadget

AMD reportedly heard about the Take A Way flaws several months ago.
Tags: AMD, Data Leaks

DOD Should Focus on Short-Term Goals in Quantum Science - DoD

The Defense Department is focusing a lot of effort on an array of technologies involving quantum science, but the department's chief technology officer says it's important to be realistic about timelines for the most fantastic applications of that technology - and to focus on what's plausible in the short term for best equipping the warfighter.

Panel Outlines Massive Federal Cybersecurity Overhaul - Politico

A congressionally created commission on Wednesday proposed sweeping changes to how the federal government approaches cybersecurity in an effort to better defend the U.S. against increasingly bold and devastating digital attacks.

A major new Intel processor flaw could defeat encryption and DRM protections - The Verge

Security researchers are warning of a major new security flaw inside Intel processors, and it could defeat hardware-based encryption and DRM protections. The flaw exists at the hardware level of modern Intel processors released in the last five years, and could allow attackers to create special malware (like keyloggers) that runs at the hardware level and is undetectable by traditional antivirus systems. Intel's latest 10th Gen processors are not vulnerable, though.
Tags: Converged Security and Manageability Engine (CSME), Intel

CSIAC Supported Communities

CSIAC supports several communities of practice, such as the Cyber Community of Interest (COI) Group and research & development working groups.

Technical Resources, Policy and Guidance

This list of related sites provides additional sources to pursue the topic of Cybersecurity. The sites include Government organizations, including federal agencies, Department of Defense and military service agencies, commercial organizations, and academic institutions.

The CS Digest provides links to third party Websites. The CSIAC is not responsible for the availability of, and content provided on, third party Websites. You should refer to the policies posted by other Websites regarding their privacy and other topics before you use them. The CSIAC is not responsible for third party content accessible through the CSIAC CS Digest, including opinions, advice, statements, advertisements and endorsements, and you bear all risks associated with the use of such content.