The Cybersecurity (CS) Digest is a curated bi-weekly news summary for cybersecurity professionals. It is transmitted in an HTML-formatted email and provides links to articles and news summaries across a spectrum of cybersecurity topics.
Every activity a person carries out on the Internet leaves behind a trail of data commonly known as a digital footprint. The information left behind can have real-world consequences. As such it is essential that users understand how their digital footprint is created, the magnitude of that digital trail, and the steps they can take to reduce their digital footprint to manage and protect their privacy on the Internet.
Tags: Data Privacy, Digital Footprint, General Data Protection Regulation (GDPR)
CALL FOR PAPERS – 2019 Modeling and Simulation Special Edition of the Journal of Cyber Security & Information Systems - CSIAC
We are pleased to announce a call for papers for this year's special Modeling and Simulation (M&S) edition of the Journal of Cyber Security & Information Systems, published by the Cyber Security & Information Systems Information Analysis Center (CSIAC). This edition will highlight innovations that were achieved across the broad spectrum of defense and federal endeavors including homeland security, law enforcement, medical, engineering, acquisition, testing, and training. We are requesting your help in contributing and finding contributors who can help us meet that goal by sharing their experiences, accomplishments, and creativity.
Tags: CSIAC Journal, Modeling & Simulation
This report details key concerns discussed during the JFAC/DAU/CSIAC Software Assurance (SwA) Cyber Experiment (CYBEX) on 7 Aug 2018. In addition to evaluating newly developed software SwA Program Manager and Developers guides, the exchange included addressing/bringing back foundational software/system engineering in order to address the root of fundamental Software Assurance (SwA) issues as well as adopting common language in the areas of functionality and risk in order to identify issues early.
Tags: CSIAC Report, Software Assurance
The Army’s Next Frontier Demands Transformations - Fifth Domain
The information domain requires a level of speed significantly faster than the traditional domains, so the Army to rapidly integrating these capabilities into formations and even organizational changes, according to a top service official.
Tags: Army Cyber Command, Cyberwarfare
Artificial intelligence will unleash changes humanity is not prepared for as the technology advances at an unprecedented pace, leading experts told an audience at the official opening Monday of Stanford University's new AI center.
Tags: Artificial Intelligence (AI)
The Department of the Navy this week released a scathing assessment of the service's approach to cybersecurity, lamenting that hackers have been relatively unimpeded in their years-long plundering of data from the department and its contractors.
Tags: Cybersecurity Challenges, Navy
The 19-year-old WinRAR vulnerability that was discovered last month is actively being used by hackers to distribute malware and compromise Windows devices, according to an advisory published by security vendor McAfee.
Tags: Malware, Vulnerability, WinRAR
Facebook’s Data Deals Are Under Criminal Investigation - The New York Times
Federal prosecutors are conducting a criminal investigation into data deals Facebook struck with some of the world's largest technology companies, intensifying scrutiny of the social media giant's business practices as it seeks to rebound from a year of scandal and setbacks.
Tags: Cyber Crime, Data Security
WordPress 5.1.1 Patches Remote Code Execution Vulnerability - Security Week
The NSA has released GHIDRA, an advanced cybersecurity tool to the open source world. Unlike the tools previously nicked from the NSA, Ghidra is a more benevolent tool. It's designed to effectively reverse engineer so-called compiled and deployed code and then decompile it into logic that code-savvy humans can understand.
Tags: Ghidra, National Security Agency (NSA), Open Source, Reverse Engineering
Most states ban texting behind the wheel, but a legislative proposal could make Nevada one of the first states to allow police to use a contentious technology to find out if a person was using a cellphone during a car crash.
Tags: Emerging Technology, Legislation, Mobile Security
The system will be fully open source and designed with newly developed secure hardware to make the system not only impervious to certain kinds of hacking, but also allow voters to verify that their votes were recorded accurately.
Tags: Defense Advanced Research Projects Agency (DARPA), Open Source, Voting System
Threat Actors Leverage Credential Dumps, Phishing, and Legacy Email Protocols to Bypass MFA and Breach Cloud Accounts Worldwide - ProofPoint
In a recent six-month study of major cloud service tenants, Proofpoint researchers observed massive attacks leveraging legacy protocols and credential dumps to increase the speed and effectiveness of brute force account compromises at scale.
Tags: Brute Force, ICMP, MFA
Unprotected Elasticsearch DB Exposed 33 Million Job Profiles in China - Security Affairs
Security expert discovered an unprotected Elasticsearch database exposed online that was containing approximately 33 million job profiles in China.
CSIAC supports several communities of practice, such as the Cyber Community of Interest (COI) Group and research & development working groups.
This list of related sites provides additional sources to pursue the topic of Cybersecurity. The sites include Government organizations, including federal agencies, Department of Defense and military service agencies, commercial organizations, and academic institutions.
The CS Digest provides links to third party Websites. The CSIAC is not responsible for the availability of, and content provided on, third party Websites. You should refer to the policies posted by other Websites regarding their privacy and other topics before you use them. The CSIAC is not responsible for third party content accessible through the CSIAC CS Digest, including opinions, advice, statements, advertisements and endorsements, and you bear all risks associated with the use of such content.