The Cybersecurity (CS) Digest is a curated bi-weekly news summary for cybersecurity professionals. It is transmitted in an HTML-formatted email and provides links to articles and news summaries across a spectrum of cybersecurity topics.

RECENT HEADLINES:

Cloud Computing:

Which Cloud Providers had the Best Uptime Last Year? - Computer World

Cloud providers are becoming more reliable, but some still had downtime issues.

Critical Infrastructure:

Energy Sector – Presented the Cybersecurity Framework Implementation Guidance - Security Affairs

The US Energy Department issued the guidance "Energy Sector Cybersecurity Framework Implementation Guidance" for organizations operating in the industry.

Cyberwarfare:

Cyberattack in Germany Shuts Down Official Sites - NY Times

At least three official German websites were inaccessible on Wednesday after an apparent cyberattack.

Cyber Attack War Games to be Staged by U.K. and U.S. - BBC

The UK and US are to carry out "war game" cyber attacks on each other as part of a new joint defence against online criminals.

U.K. Power Grid Under Cyber-Attack Every Minute; Government Hikes Defenses - Insurance Journal

The U.K. government is one step ahead of hackers trying to turn off the country's lights - for now.

A Cyberattack has Caused Confirmed Physical Damage for the Second Time Ever - Wired

A German report released just before Christmas, that hackers had struck an unnamed steel mill in Germany.

N.S.A. Breached North Korean Networks Before Sony Attack, Officials Say - NY Times

The National Security Agency scrambled to break into the computer systems of a country considered one of the most impenetrable targets on earth.

Report: DHS Leaving Federal Buildings Open to Cyber Attacks - Federal Times

The Department of Homeland Security has not developed a strategy to protect federal buildings from cyber attacks, leaving thousands of buildings vulnerable, according to a Government Accountability Report.

FBI Investigating Cyber Attack on US Central Command - VOA News

The FBI is investigating the cyber attack against Twitter and YouTube accounts belonging to the U.S. Central Command, which oversees the U.S.-led airstrikes on Islamic State in Iraq and Syria.

Data Security:

Google Discloses New Unpatched Windows 8.1 Privilege Escalation Flaw - Security Week

Google published the details of a new privilege escalation vulnerability in Windows just as Microsoft was preparing to patch it.

143 Million New Malware Samples Recorded in 2014 - Softpedia

Statistics about the amount of new malicious software show a rise in the occurrence of new threats during 2014, the total count being 143 million.

Internet-of-Things:

Bitstamp Suspends Its Service After Hackers Snatch $5 Million Worth of Bitcoins - Tech Crunch

Bitstamp, a Slovenia-based exchange that raised $10 million last year, suspended its service following a suspected breach.

Legislation and Regulation:

SECURING CYBERSPACE – President Obama Announces New Cybersecurity Legislative Proposal and Other Cybersecurity Efforts - White House

President Obama Announces New Cybersecurity Legislative Proposal and Other Cybersecurity Efforts.

Network Security:

Macs Vulnerable to Virtually Undetectable Virus That “Can’t be Rmoved” - Zdnet

A security researcher has discovered a way to infect Macs with malware virtually undetectable, that "can't be removed," and which can be installed using a modified Apple gigabit Ethernet Thunderbolt adapter.

Unauthorized Root Command Execution Possible in ASUS Routers - Softpedia

A service running on ASUS routers with root privileges can be exploited for unauthenticated command execution by an attacker in the network, giving access to the configuration of the device.

Fake SSL Certificates Enable Variety of Security Threats - Search Security

Experts say the security industry's 'blind trust' may result in a new wave of security threats caused by fake SSL certificates, including man-in-the-middle and DNS attacks.

The CS Digest provides links to third party Websites. The CSIAC is not responsible for the availability of, and content provided on, third party Websites. You should refer to the policies posted by other Websites regarding their privacy and other topics before you use them. The CSIAC is not responsible for third party content accessible through the CSIAC CS Digest, including opinions, advice, statements, advertisements and endorsements, and you bear all risks associated with the use of such content.