The Cybersecurity (CS) Digest is a curated bi-weekly news summary for cybersecurity professionals. It is transmitted in an HTML-formatted email and provides links to articles and news summaries across a spectrum of cybersecurity topics.
In recognition of tax season, CSIAC has created a forum topic to help users detect scams, protect sensitive information, and learn where to report suspicious activity. By posting a series of questions in this forum, CSIAC hopes to promote discussion allowing the CSIAC community to help each other. You are encouraged to provide your own answers and resources. Let's help each other become more cyber aware and thwart tax identify theft.
Free CSIAC Webinar Wed Feb 21 @ 12:00 pm EDT – Leveraging Machine Learning: How to Achieve the Right Balance Between Humans and Automation to Optimize Outcomes - CSIAC
This webinar will study the relationship between human and machine intelligence. It will discuss and explore the process of achieving the appropriate balance between humans and the utilization of automation in order to optimize outcomes.
Each new breaking news situation is an opportunity for trolls to grab attention, provoke emotions, and spread propaganda. The Russian government knows this. Fake-news manufacturing teenagers in Macedonia know this. Twitter bot creators know this. And thanks to data-gathering operations from groups like the Alliance for Securing Democracy and RoBhat Labs, the world knows this.
In what has become an alarmingly routine occurrence, an unsecured Amazon S3 server - this time affiliated with FedEx - has exposed personal information of tens of thousands of users.
Critical Infrastructure More Vulnerable Than Ever Before - InfoSecurity Magazine
Despite widespread awareness of the physical and data-related danger inherent in exposing critical infrastructure to cyberattack, the number of internet-accessible industrial control systems (ICS) is increasing every year.
Olympic Destroyer Data-Wiping Malware Is More Complex Than Previously Thought - Bleeping Computer
The Olympic Destroyer malware that has caused damage to PyeongChang 2018 Winter Olympics computer networks is much more complex than previously thought. Discovered by Cisco Talos researchers, this malware has been deployed before the start of the Olympics and has caused downtime to internal WiFi and television systems, disrupting some operations during the games' opening ceremony.
Navy Plans to Spend $100 Million on Cyber Through New Other Transaction Authority - Federal News Radio
The Navy's Space and Naval Warfare Systems Command is the latest DoD organization to look to Other Transaction Authority as a work-around to the traditional acquisition system in pursuit of new cyber capabilities.
A prototype autonomous ship known as the Medium Displacement Unmanned Surface Vehicle (MDUSV) has officially been transferred to the U.S. Navy from the Defense Advanced Research Projects Agency (DARPA) after a two-year testing and evaluation program. Named "Sea Hunter," the Office of Naval Research will continue to develop the vessel from this point forward.
A Mac malware that can silently, remotely control a vulnerable computer and steal passwords from a user's keychain has gone largely unnoticed by antivirus makers for two years -- even though the code is readily available to download.
The growing popularity of Bitcoin and other cryptocurrencies is generating curiosity - and concern - among security specialists. Crypto mining software has been found on user machines, often installed by botnets. Organizations need to understand the risks posed by this software and what actions, if any, should be taken.
SpaceX's satellite broadband plans are getting closer to reality. The company is about to launch two demonstration satellites, and it is on track to get the Federal Communications Commission's permission to offer satellite Internet service in the US.
AI in the Workplace: How Digital Assistants Impact Cybersecurity - InfoSecurity Magazine
Digital Assistants (sometimes seen as AIs) are becoming ubiquitous in living rooms and smartphones everywhere. Now, these devices are taking the leap to the business world. With Amazon's announcement of the Alexa for Business Platform, AIs may soon be able to assist with everything from conference calls to office supply orders. All that utility may come at the cost of security, however, since these AI devices are vulnerable to potential hacking.
William Andregg ushers me into the cluttered workshop of his startup Fathom Computing and gently lifts the lid from a bulky black box. Inside, green light glows faintly from a collection of lenses, brackets, and cables that resemble an exploded telescope. It’s a prototype computer that processes data using light, not electricity, and it’s learning to recognize handwritten digits. In other experiments the device learned to generate sentences in text.
U.S. intelligence agencies have issued a stern warning to Americans: Do not buy smartphones made by Chinese tech companies Huawei or ZTE.
During their development work on an international news feed, software engineers at Aloha Browser discovered two unicode symbols in a non-English language that can crash any Apple device that uses Apple's default San Francisco font. The bug instigates crashes on iPhones, iPads, Macs and even Watch OS devices that display text containing the symbol on their screens.
U.S. Government Contractors Score Poorly on Cyber Risk Tests - Security Week
Attacks against the supply chain are not uncommon. It represents the soft underbelly of large organizations that are otherwise well defended. The federal government is not an exception -- in fact, federal agencies are especially reliant on their supply chain; and the security posture of that supply chain is of national importance.
Secretary of Energy Rick Perry Forms New Office of Cybersecurity, Energy Security, and Emergency Response - Energy
Today, U.S. Secretary of Energy Rick Perry is establishing a new Office of Cybersecurity, Energy Security, and Emergency Response (CESER) at the U.S. Department of Energy (DOE). $96 million in funding for the office was included in President Trump's FY19 budget request to bolster DOE's efforts in cybersecurity and energy security.
The Air Force paid out nearly $104,000 to a cohort of white-hat hackers as part of Hack the Air Force 2.0, the Pentagon's most recent bug bounty competition. During the 20-day competition, participants uncovered 106 security vulnerabilities across roughly 300 of the branch's public-facing websites. One bug discovered during Hack the Air Force 2.0 earned $12,500 - the largest federal bounty paid out so far.
A security flaw in Skype's updater process can allow an attacker to gain system-level privileges to a vulnerable computer. The bug, if exploited, can escalate a local unprivileged user to the full "system" level rights -- granting them access to every corner of the operating system.
CSIAC supports several communities of practice, such as the Cyber Community of Interest (COI) Group and research & development working groups.
This list of related sites provides additional sources to pursue the topic of Cybersecurity. The sites include Government organizations, including federal agencies, Department of Defense and military service agencies, commercial organizations, and academic institutions.
The CS Digest provides links to third party Websites. The CSIAC is not responsible for the availability of, and content provided on, third party Websites. You should refer to the policies posted by other Websites regarding their privacy and other topics before you use them. The CSIAC is not responsible for third party content accessible through the CSIAC CS Digest, including opinions, advice, statements, advertisements and endorsements, and you bear all risks associated with the use of such content.