The Cybersecurity (CS) Digest is a curated bi-weekly news summary for cybersecurity professionals. It is transmitted in an HTML-formatted email and provides links to articles and news summaries across a spectrum of cybersecurity topics.
Reminder: Free CSIAC Webinar Thursday Mar 22 @ 12:00 pm EDT – Autonomic Cyber Security (ACS) - CSIAC
This webinar will provide an overview of cutting-edge research efforts being conducted at the University of Arizona’s National Science Foundation (NSF) Cloud and Autonomic Computing Center (CAC) along with one of their affiliate members, AVIRTEK Inc.
CSIAC announces the releases of 3 new Cyber Awareness videos: Challenges to Critical Infrastructure, Emerging Concepts to Critical Infrastructure, and Cyber Physical Security!
The Trump administration accused Russia on Thursday of engineering a series of cyberattacks that targeted American and European nuclear power plants and water and electric systems, and could have sabotaged or shut power plants off at will.
Trump Administration Sanctions Russians for 2016 Election Interference, Other Cyber Attacks - ABC News
The Trump administration on Thursday imposed fresh sanctions on Russian government hackers and spy agencies to punish Moscow for interfering in the 2016 presidential election and for a cyberattack against Ukraine and other countries last year that officials have characterized as "the most destructive and costly" in history.
Cambridge Analytica, a data analysis firm that worked on President Trump's 2016 campaign, and its related company, Strategic Communications Laboratories, pilfered data on 50 million Facebook users and secretly kept it, according to two reports in The New York Times and The Guardian. The apparent misuse of Facebook data-and the social media giant's failure to police it-leave both companies with plenty still to answer for.
Chinese Intelligence Agencies Are Doctoring the Country’s Vulnerability Database - Bleeping Computer
Chinese intelligence agencies are doctoring the Chinese National Vulnerabilities Database (CNNVD) to hide security flaws that government hackers might have an interest in, according to a report released on Friday by US threat intelligence firm Recorded Future.
The police chief of Tempe, Arizona, where a woman was struck and killed by one of Uber's self-driving cars Sunday, says the ride-sharing company is likely not at fault for the accident, following a preliminary investigation.
A team of Microsoft researchers announced on Wednesday they've created the first machine translation system that's capable of translating news articles from Chinese to English with the same accuracy as a person. The company says it's tested the system repeatedly on a sample of around 2,000 sentences from various online newspapers, comparing the result to a person's translation in the process - and even hiring outside bilingual language consultants to further verify the machine's accuracy.
Calendar 2 Made $2K in 3 Days Mining Cryptocurrency, but Apple Says it Violated Mac App Store Guidelines - 9to5 Mac
"Yesterday, we reported on a macOS app called Calendar 2 that seemingly added cryptocurrency mining as an alternative to paying for premium features. At the time, the app's developers, Qbix, had made the decision to remove the feature from the app. The company now tells us, however, that Apple ended up pulling the app from the Mac App Store for violating its guidelines..."
MOSQUITO Attack Allows to Exfiltrates Data From Air-Gapped Computers Via Leverage Connected Speakers - Security Affairs
MOSQUITO is new technique devised by a team of researchers at Israel's Ben Gurion University, led by the expert Mordechai Guri, to exfiltrate data from an air-gapped network.
Cavalry Riding to the Rescue of DDoS-deluged Memcached Users - The Register
DDoS attacks taking advantage of ill-advised use of memcached have begun to decline, either because sysadmins are securing the process, or because people are using a potentially-troublesome "kill switch."
Researchers have discovered malware so stealthy it remained hidden for six years despite infecting at least 100 computers worldwide.
Chinese hackers have launched a wave of attacks on mainly U.S. engineering and defense companies linked to the disputed South China Sea, the cybersecurity firm FireEye Inc. said.
AMD Flaws Pose No Immediate Risk of Exploitation, Says Independent Reviewer - Bleeping Computer
A third-party company that was paid to review the validity of the recent AMD flaws -RyzenFall, MasterKey, Fallout, and Chimera- has confirmed that these vulnerabilities are real, but that regular users shouldn't panic for the time being.
When the Spectre and Meltdown bugs hit, it became clear that they wouldn't be fixed with a few quick patches - the problem runs deeper than that. Fortunately, Intel has had plenty of time to work on it, and new chips coming out later this year will include improvements at the hardware/architecture level that protect against the flaws. Well, two out of three, anyway.
CSIAC supports several communities of practice, such as the Cyber Community of Interest (COI) Group and research & development working groups.
This list of related sites provides additional sources to pursue the topic of Cybersecurity. The sites include Government organizations, including federal agencies, Department of Defense and military service agencies, commercial organizations, and academic institutions.
The CS Digest provides links to third party Websites. The CSIAC is not responsible for the availability of, and content provided on, third party Websites. You should refer to the policies posted by other Websites regarding their privacy and other topics before you use them. The CSIAC is not responsible for third party content accessible through the CSIAC CS Digest, including opinions, advice, statements, advertisements and endorsements, and you bear all risks associated with the use of such content.