The Cybersecurity (CS) Digest is a curated bi-weekly news summary for cybersecurity professionals. It is transmitted in an HTML-formatted email and provides links to articles and news summaries across a spectrum of cybersecurity topics.

CSIAC ANNOUNCEMENTS:

Reminder: Free CSIAC Webinar Thursday Mar 22 @ 12:00 pm EDT – Autonomic Cyber Security (ACS) - CSIAC

This webinar will provide an overview of cutting-edge research efforts being conducted at the University of Arizona’s National Science Foundation (NSF) Cloud and Autonomic Computing Center (CAC) along with one of their affiliate members, AVIRTEK Inc.

New Cyber Awareness Videos – Theme: Critical Infrastructure - CSIAC

CSIAC announces the releases of 3 new Cyber Awareness videos: Challenges to Critical Infrastructure, Emerging Concepts to Critical Infrastructure, and Cyber Physical Security!

RECENT HEADLINES:

Critical Infrastructure:

Cyberattacks Put Russian Fingers on the Switch at Power Plants, U.S. Says - NY Times

The Trump administration accused Russia on Thursday of engineering a series of cyberattacks that targeted American and European nuclear power plants and water and electric systems, and could have sabotaged or shut power plants off at will.

Cyberwarfare:

Trump Administration Sanctions Russians for 2016 Election Interference, Other Cyber Attacks - ABC News

The Trump administration on Thursday imposed fresh sanctions on Russian government hackers and spy agencies to punish Moscow for interfering in the 2016 presidential election and for a cyberattack against Ukraine and other countries last year that officials have characterized as "the most destructive and costly" in history.

Chinese Intelligence Agencies Are Doctoring the Country’s Vulnerability Database - Bleeping Computer

Chinese intelligence agencies are doctoring the Chinese National Vulnerabilities Database (CNNVD) to hide security flaws that government hackers might have an interest in, according to a report released on Friday by US threat intelligence firm Recorded Future.

Data Security:

Cambridge Analytica Took 50M Facebook Users’ Data – And Both Companies Owe Answers - Wired

Cambridge Analytica, a data analysis firm that worked on President Trump's 2016 campaign, and its related company, Strategic Communications Laboratories, pilfered data on 50 million Facebook users and secretly kept it, according to two reports in The New York Times and The Guardian. The apparent misuse of Facebook data-and the social media giant's failure to police it-leave both companies with plenty still to answer for.

Machine Learning and Artificial Intelligence:

Police Say Uber Is Likely Not at Fault for Its Self-Driving Car Fatality in Arizona - Fortune

The police chief of Tempe, Arizona, where a woman was struck and killed by one of Uber's self-driving cars Sunday, says the ride-sharing company is likely not at fault for the accident, following a preliminary investigation.

Microsoft Announces Breakthrough in Chinese-to-English Machine Translation - TechCrunch

A team of Microsoft researchers announced on Wednesday they've created the first machine translation system that's capable of translating news articles from Chinese to English with the same accuracy as a person. The company says it's tested the system repeatedly on a sample of around 2,000 sentences from various online newspapers, comparing the result to a person's translation in the process - and even hiring outside bilingual language consultants to further verify the machine's accuracy.

Mobile Security:

Calendar 2 Made $2K in 3 Days Mining Cryptocurrency, but Apple Says it Violated Mac App Store Guidelines - 9to5 Mac

"Yesterday, we reported on a macOS app called Calendar 2 that seemingly added cryptocurrency mining as an alternative to paying for premium features. At the time, the app's developers, Qbix, had made the decision to remove the feature from the app. The company now tells us, however, that Apple ended up pulling the app from the Mac App Store for violating its guidelines..."

Network Security:

MOSQUITO Attack Allows to Exfiltrates Data From Air-Gapped Computers Via Leverage Connected Speakers - Security Affairs

MOSQUITO is new technique devised by a team of researchers at Israel's Ben Gurion University, led by the expert Mordechai Guri, to exfiltrate data from an air-gapped network.

Cavalry Riding to the Rescue of DDoS-deluged Memcached Users - The Register

DDoS attacks taking advantage of ill-advised use of memcached have begun to decline, either because sysadmins are securing the process, or because people are using a potentially-troublesome "kill switch."

Potent Malware That Hid for Six Years Spread Through Routers - ArsTechnica

Researchers have discovered malware so stealthy it remained hidden for six years despite infecting at least 100 computers worldwide.

Private Sector:

Chinese Hackers Hit U.S. Firms Linked to South China Sea Dispute - Bloomberg

Chinese hackers have launched a wave of attacks on mainly U.S. engineering and defense companies linked to the disputed South China Sea, the cybersecurity firm FireEye Inc. said.

Software Security:

AMD Flaws Pose No Immediate Risk of Exploitation, Says Independent Reviewer - Bleeping Computer

A third-party company that was paid to review the validity of the recent AMD flaws -RyzenFall, MasterKey, Fallout, and Chimera- has confirmed that these vulnerabilities are real, but that regular users shouldn't panic for the time being.

Intel Announces Hardware Fixes for Spectre and Meltdown on Upcoming Chips - TechCrunch

When the Spectre and Meltdown bugs hit, it became clear that they wouldn't be fixed with a few quick patches - the problem runs deeper than that. Fortunately, Intel has had plenty of time to work on it, and new chips coming out later this year will include improvements at the hardware/architecture level that protect against the flaws. Well, two out of three, anyway.

CSIAC Supported Communities

CSIAC supports several communities of practice, such as the Cyber Community of Interest (COI) Group and research & development working groups.

Technical Resources, Policy and Guidance

This list of related sites provides additional sources to pursue the topic of Cybersecurity. The sites include Government organizations, including federal agencies, Department of Defense and military service agencies, commercial organizations, and academic institutions.

The CS Digest provides links to third party Websites. The CSIAC is not responsible for the availability of, and content provided on, third party Websites. You should refer to the policies posted by other Websites regarding their privacy and other topics before you use them. The CSIAC is not responsible for third party content accessible through the CSIAC CS Digest, including opinions, advice, statements, advertisements and endorsements, and you bear all risks associated with the use of such content.