The Cybersecurity (CS) Digest is a curated bi-weekly news summary for cybersecurity professionals. It is transmitted in an HTML-formatted email and provides links to articles and news summaries across a spectrum of cybersecurity topics.

CSIAC ANNOUNCEMENTS:

Free CSIAC Webinar Sept 20 @ 12 pm EDT – Cyber Security Game: A Model-based Game Theoretic Approach for Mitigating Cybersecurity Risk - CSIAC

This webinar describes the Cyber Security Game (CSG). CSG is a method that has been implemented in software that quantitatively identifies cyber security risks and uses this metric to determine the optimal employment of security methods for any given investment level. Cyber Security Game maximizes a system’s ability to operate in today’s contested cyber environment by minimizing its mission risk.

FEEDBACK FROM PREVIOUS DIGEST:

Cyber Crime:

The FBI Launches a Combating Foreign Influence Webpage - FBI

Today the FBI is launching a webpage on combating foreign influence. This information is provided to educate the public about the threats faced from disinformation campaigns, cyber attacks, and the overall impact of foreign influence on society. The FBI is the lead federal agency responsible for investigating foreign influence operations.

RECENT HEADLINES:

Cyberwarfare:

Army Looks to Build Stronger Tactical Cyber Teams - Fifth Domain

The Army is looking to build up and resource expeditionary cyber teams that will conduct cyber effects at the tactical edge.

The Art of (Cyber) War: How Adversarial Thinking Strengthens Cybersecurity - Security Week

Cybersecurity is unique compared to most other business operations, even most IT operations. Unlike marketing or network management-both of which tackle difficult and ever-changing challenges in the business operating environment-cybersecurity pits defenders against intelligent, creative and deliberate opponents.

Refining the Defense Department’s Cyberwarrior ‘Carrier’ - Fifth Domain

The Department of Defense cyber community knows it has a critical need for a centralized platform for cyberwarriors, so the joint community is collaborating to ensure the final system has everything everyone needs.

Trump Scraps Obama Rules on Cyberattacks, Giving Military Freer Hand - Politico

President Donald Trump has eliminated rules governing the process for launching cyberattacks, giving the military freer rein to deploy its advanced hacking tools without pushback from the State Department and the intelligence community, an administration official told POLITICO.

Data Security:

GovPayNow Payment Portal May Have Exposed Over 14 Million Customer Records - ZDNet

A company which manages online payments for US government agencies and states has become central to a security incident leading to the potential exposure of 14 million records.

“Bulk Interception” by GCHQ (and NSA) Violated Human Rights Charter, European Court Rules - ArsTechnica

In a set of rulings today, the European Court of Human Rights found that the mass surveillance scheme used by the GCHQ-the United Kingdom's signals intelligence agency-violated the European Convention on Human Rights (ECHR), unlawfully intruding on the private and family life and freedom of expression of British and European citizens. And the case included consideration of intelligence collected by the US National Security Agency shared with GCHQ.

Tech Support Scammers Find a Home on Microsoft TechNet Pages - ZDNet

Security researcher finds over 3,000 TechNet pages flooded with tech support scams pushing shady phone numbers for cryptocurrency exchanges and social media platforms.

Google and Mastercard Reportedly Partner to Track Offline Purchases - TechCrunch

According to a report from Bloomberg, Google and Mastercard have signed a secret deal so that Google could track retail sales using Mastercard transaction data. This is yet another proof that Google's true customers are its advertising partners.

Internet-of-Things:

Dramatic Increase of DDoS Attack Sizes Attributed to IoT Devices - Bleeping Computer

A new report released today shows that distributed denial of service (DDoS) attacks have increased dramatically in the first two quarters of 2018 compared to 2017. The increase in attacks is being attributed to large scale botnets being created by attackers using insecure IoT devices.

Legislation and Regulation:

House Panel Takes up Slate of DHS Cyber, Tech Bills - FCW

The House Homeland Security Committee is expected to advance a series of bills that will impact DHS operations and infrastructure on topics ranging from bug bounties to drones.

NIST Small Business Cybersecurity Act Becomes Law - Security Week

U.S. President Donald Trump signed the NIST Small Business Cybersecurity Act, S. 770 (formerly known as the MAIN STREET Cybersecurity Act) into law on Tuesday (August 14, 2018). It requires NIST to "disseminate clear and concise resources to help small business concerns identify, assess, manage, and reduce their cybersecurity risks."

Network Security:

Ordinary Wi-Fi Devices can be Used to Detect Suspicious Luggage, Bombs, Weapons - ZDNet

Wi-Fi signals from ordinary Wi-Fi equipment can be used to detect suspicious objects, such as bombs or weapons, inside people's bags or luggage, at schools, stadiums, museums, malls, or other public spaces.

Software Security:

The Chilling Reality of Cold Boot Attacks - F Secure

Olle and his fellow cyber security consultant Pasi Saarinen recently discovered a new way to physically hack into PCs. According to their research, this method will work against nearly all modern computers. This includes laptops from some of the world's biggest vendors like Dell, Lenovo, and even Apple.

Microsoft Patches Recent ALPC Zero-Day in September 2018 Patch Tuesday Updates - ZDNet

The monthly Microsoft security updates --known as the Patch Tuesday updates-- are out, and this month, the OS maker has fixed 62 security flaws, including a recent zero-day vulnerability that was dumped on Twitter last month, and later adopted by a malware campaign.

Browser Security Hole on Macs and iPhones – Just How Bad is it? - Naked Security

We've seen quite a few articles out there telling you to beware if you use the Safari browser, because attackers can spoof URLs!

CSIAC Supported Communities

CSIAC supports several communities of practice, such as the Cyber Community of Interest (COI) Group and research & development working groups.

Technical Resources, Policy and Guidance

This list of related sites provides additional sources to pursue the topic of Cybersecurity. The sites include Government organizations, including federal agencies, Department of Defense and military service agencies, commercial organizations, and academic institutions.

The CS Digest provides links to third party Websites. The CSIAC is not responsible for the availability of, and content provided on, third party Websites. You should refer to the policies posted by other Websites regarding their privacy and other topics before you use them. The CSIAC is not responsible for third party content accessible through the CSIAC CS Digest, including opinions, advice, statements, advertisements and endorsements, and you bear all risks associated with the use of such content.