• Home
  • Resources
    • Find Resources by Topic Tags
    • Cybersecurity Policy Chart
    • CSIAC Reports
    • Webinars
    • Podcasts
    • Cybersecurity Digest
    • Standards & Reference Docs
    • Journals
    • Certifications
    • Acronym DB
    • Cybersecurity Related Websites
  • Services
    • Free Technical Inquiry
    • Core Analysis Task (CAT) Program
    • Subject Matter Expert (SME) Network
    • Training
    • Contact Us
  • Community
    • Upcoming Events
    • Cybersecurity
    • Modeling & Simulation
    • Knowledge Management
    • Software Engineering
    • Cyber COI
  • About
    • About the CSIAC
    • The CSIAC Team
    • Subject Matter Expert (SME) Support
    • DTIC’s IAC Program
    • DTIC’s R&E Gateway
    • DTIC STI Program
    • FAQs
  • Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
Login / Register

CSIAC

Cyber Security and Information Systems Information Analysis Center

  • Resources
    • Find Resources by Topic Tags
    • Cybersecurity Policy Chart
    • CSIAC Reports
    • Webinars
    • Podcasts
    • Cybersecurity Digest
    • Standards & Reference Docs
    • Journals
    • Certifications
    • Acronym DB
    • Cybersecurity Websites
  • Services
    • Free Technical Inquiry
    • Core Analysis Task (CAT) Program
    • Subject Matter Expert (SME) Network
    • Training
    • Contact
  • Community
    • Upcoming Events
    • Cybersecurity
    • Modeling & Simulation
    • Knowledge Management
    • Software Engineering
    • Cyber COI
  • About
    • About the CSIAC
    • The CSIAC Team
    • Subject Matter Expert (SME) Support
    • DTIC’s IAC Program
    • DTIC’s R&E Gateway
    • DTIC STI Program
    • FAQs
  • Cybersecurity
  • Modeling & Simulation
  • Knowledge Management
  • Software Engineering
  • Cyber COI
/ CS Digests / 20 Oct 2015

CS Digest: 20 Oct 2015

Posted: 10/20/2015 | Leave a Comment

The Cybersecurity (CS) Digest is a curated bi-weekly news summary for cybersecurity professionals. It is transmitted in an HTML-formatted email and provides links to articles and news summaries across a spectrum of cybersecurity topics.

RECENT HEADLINES:

Cloud Computing:

U.S. Critical Infrastructure Continue to Make Risky IT Bets - Network World

More than half of critical infrastructure organizations admit that they have insecure IT products and services deployed on their networks.

DDoS Attacks Can Bypass Mitigation Services by Taking Aim at a Website’s Origin IP - Softpedia

A recent research paper shows that most Cloud-Based Security Providers (CBSP) are ineffective in protecting websites from DDoS attacks, mainly because they cannot entirely hide the origin website's IP address from attackers.

Critical Infrastructure:

ISIS is Attacking the U.S. Energy Grid (and Failing) - CNN Money

The Islamic State is trying to hack American electrical power companies - but they are terrible at it.

Cyberwarfare:

US Arrests Hacker Behind ISIS-Related Cyber-Attacks - Softpedia

Malaysian law enforcement have arrested Ardit Ferizi, a Kosovo citizen, based on an arrest warrant issued by US authorities, who suspect him of being the main person behind the ISIS data leaks.

Russians aim to Stop Military Infrastructure Cyberattacks - SC Magazine UK

Hackers are believed to be seeking to discredit the Russian Minister and Ministry of Defence in recent cyber-attacks which stole confidential military information, so counter-measures are now underway.

Proposed Cyber ‘Squadron’ Cultivates Military-Private Partnerships to Address Cyber Threats - SC Magazine

A proposed "cyber squadron" based out of New York and a cyber center of excellence in California represent the type of coordinated solutions between the private and defense sectors that officials are pushing to defend the U.S. and its interests against the growing threat of cyber attacks.

Pentagon, Military Block Use of Chinese Telecom Gear - Free Beacon

The Pentagon and U.S. Cyber Command have blocked the use of telecommunications equipment produced by the global Chinese company Huawei Technologies over cyber spying fears, according to congressional testimony last week.

US Cyber Command Floats $460m Contract to Outsource Most of Itself - The Register

The United States' Cyber Command has floated a $460m contract to outsource pretty much all of its duties, as the nation seeks to bulk up its offensive cyberspace capabilities.

3 Nations Tried Cyberattacks on Hillary Clinton’s Private Email Server - CBS News

Hillary Rodham Clinton's private email server, which stored some 55,000 pages of emails from her time as secretary of state, was the subject of attempted cyberattacks originating in China, South Korea and Germany after she left office in early 2013, according to a congressional document obtained by The Associated Press.

Data Security:

Factory Settings FAIL: Data Easily Recovered from eBayed Smartphones, Disks - The Register

The research, by Blancco Technology Group and Kroll Ontrack, once again shows that failure to erase data from discarded devices continues to be a problem, years after the issue first surfaced.

New Collision Attack Lowers Cost of Breaking SHA1 - Security Week

A team of researchers has demonstrated that the cost of breaking the SHA1 cryptographic hash function is lower than previously estimated, which is why they believe the industry should accelerate migration to more secure standards.

Mobile Security:

Hackers Can Turn Siri And Google Now Against You - Forbes

According to a report from Wired, though, a pair of researchers at ANSSI- a French government agency - have figured out a way to use radio waves to silently activate Siri or Android's Google Now from across the room.

Android Adware Hits to Google Play Store Once Again - Softpedia

ESET has uncovered another campaign targeting the Google Play Store, one through which attackers once again masqueraded adware inside legitimate-looking apps.

Network Security:

Cisco IOS Rootkits Can Be Created With Limited Resources - Security Week

A paper published last week aims to demonstrate that developing rootkits for devices running Cisco IOS doesn't require advanced knowledge or the resources of a nation state.

Attackers Compromise Cisco Web VPNs to Steal Login Credentials, Backdoor Target Networks - Net-Security

Another Cisco product is being targeted by attackers looking for a permanent way into the computer networks and systems of various organizations, Volexity researchers warn.

Quantum Computing:

A Major Breakthrough has Given These Australian Engineers Everything they Need to Build a new Generation of Super-fast Computers that Would Jeopardize the way we Store Personal Information - Business Insider

Humankind is hot on the trail to designing and building the next-generation of super computers, called quantum computers.

Microsoft Lab Predicts a Working Quantum Computer Within 10 Years - The Verge

The quantum speedup may be closer than we think. According to a new paper lead-authored by researchers at Microsoft's quantum lab, a working quantum device could arrive within the next 10 years.

Software Security:

All Versions of Windows Affected by Critical Security Flaw - Zdnet

The software giant said in its monthly security bulletin as part of its so-called Patch Tuesday that Windows Vista and later, including Windows 10, require patching from a serious remote code execution flaw in Internet Explorer.

European Aviation Body Warns of Cyberattack Risk Against Aircraft - SC Magazine

The chief of Europe's top airline safety agencies warned that cyber-criminals could hack into critical systems on an airplane from the ground.

Canadian Military Seeks Hackers to Build Exploits and Defences Against Connected Car Cyberattacks - IB Times

Canada's military is concerned the advent of connected cars with state-of-the-art computer systems and internet access will see a rise in cyberattacks, and is now looking to hire hackers to help them understand all the ways a car can be hijacked.

Chinese Hackers Breach Company Behind Samsung Pay - Softpedia

Samsung published an official statement regarding a security breach in one of the companies it bought and was responsible for technology integrated in the Samsung Pay mobile payments platform.

FEEDBACK FROM PREVIOUS DIGEST:

Video Follow-ups:

OPM Breach Update - CSIAC

This podcast is an update to previously popular CS Digest articles on the OPM data breach. It examines recent findings regarding the OPM data breach as well as explores possible uses of the compromised data. Statements from intelligence officials also give perspective on the status of the OPM breach and where efforts are currently being focused.
Tags: OPM Data Breach

Air University Update - CSIAC

This podcast is an update to previously popular CS Digest articles on Air University's cyber curriculum. Topics cover how this new cyber curriculum assists the Air Force in achieving many of their newly announced immediate and long-term mission goals. Additionally, Lt. General Steven Kwast speaks on a panel that provides additional insight for education and training objectives for future Airmen as leaders.
Tags: Air University

CSIAC SUPPORTED COMMUNITIES:

Cyber Community of Interest (COI) Group - CSIAC

The Cyber COI engages in multiple activities and forums for coordinating cyber S&T strategies, sharing innovative ideas and technical approaches, promoting technology transfer and upcoming business opportunities, and in jointly planning programs across the Department of Defense and other government agencies. Membership is based upon approval by the Cyber COI group administrator.


The CS Digest provides links to third party Websites. The CSIAC is not responsible for the availability of, and content provided on, third party Websites. You should refer to the policies posted by other Websites regarding their privacy and other topics before you use them. The CSIAC is not responsible for third party content accessible through the CSIAC CS Digest, including opinions, advice, statements, advertisements and endorsements, and you bear all risks associated with the use of such content.

« 06 Oct 2015
03 Nov 2015 »

Reader Interactions

Leave a Comment Cancel

You must be logged in to post a comment.

sidebar

Blog Sidebar

Featured Content

The DoD Cybersecurity Policy Chart

The DoD Cybersecurity Policy Chart

This chart captures the tremendous breadth of applicable policies, some of which many cybersecurity professionals may not even be aware, in a helpful organizational scheme.

View the Policy Chart

Featured Subject Matter Expert (SME): Richard "Rick" Aldrich

CSIAC SME and member of the American Bar Association's Information Security Committee, Richard "Rick" Aldrich, gives updated snapshots of evolving developments in cyberlaw, policy, standards, court cases and industry legal frameworks. His latest work discusses cybersecurity issues of interest to security managers.

Read SME's Contributed Content

CSIAC Journal - Resilient Industrial Control Systems (ICS) & Cyber Physical Systems (CPS)

CSIAC Journal Cover Volume 7 Number 2

This edition of the CSIAC Journal focuses on the topic of cybersecurity of Cyber-Physical Systems (CPS), particularly those that make up Critical Infrastructure (CI).

Read the Journal

CSIAC Journal - Artificial Intelligence

CSIAC Journal Cover Volume 7 Number 1

This edition of the CSIAC Journal highlights three very different views of complex situations where AI might, should, and does intersect with our ability to use AI effectively.

Read the Journal

Recent Video Podcasts

  • Publishing Domain Specific Source Code for Reuse and Maintenance Series: CSIAC Webinars
  • 5 Best Practices for Software Security Series: The CSIAC Podcast
  • Authenticating Devices in Fog Multi-Access Computing Environments through a Wireless Grid Resource Sharing Protocol Series: The CSIAC Podcast
  • Machine-Learning Techniques to Protect Critical Infrastructure From Cybersecurity Incidents or Equipment Incidents Series: CSIAC Webinars
  • Cyber Deconflicted: Understanding the Layers of Cyberspace Series: CSIAC Webinars
View all Podcasts

Upcoming Events

Feb 12

DeveloperWeek SF Bay Area

February 12, 2020 - February 16, 2020
San Francisco CA
United States
Feb 23

BSidesSF

February 23, 2020 - February 24, 2020
San Francisco CA
United States
Feb 29

BSidesTampa

February 29, 2020
Tampa FL
United States
Jun 15

QCon New York

June 15, 2020 - June 19, 2020
New York City NY
United States
Jul 13

OSCON

July 13, 2020 - July 16, 2020
Portland OR
United States
View all Events

Recently Active Members

Profile picture of walkerkoagel98
Profile picture of jreade
Profile picture of mackaybe
Profile picture of rmmm
Profile picture of CSIACAdmin
Profile picture of Mogo
Profile picture of stevechan
Profile picture of jyelle01
Profile picture of PraveenWATI
Profile picture of j.p.doherty
Profile picture of Mathieu Schram
Profile picture of balbuena14
Profile picture of pixelhunters
Profile picture of Rvnth
Profile picture of biggswe
Profile picture of khunearylikethebird
Profile picture of JSchempp
Profile picture of marchbol

Footer

CSIAC Products & Services

  • Free Technical Inquiry
  • Core Analysis Tasks (CATs)
  • Resources
  • Events Calendar
  • Frequently Asked Questions
  • Product Feedback Form

About CSIAC

The CSIAC is a DoD-sponsored Center of Excellence in the fields of Cybersecurity, Software Engineering, Modeling & Simulation, and Knowledge Management & Information Sharing.Learn More

Contact Us

Phone:800-214-7921
Email:info@csiac.org
Address:   266 Genesee St.
Utica, NY 13502
Send us a Message
USD(R&E) LogoUS Department of Defense LogoDoD IACs LogoDTIC LogoTEMS Logo

Copyright 2019, Quanterion Solutions Incorporated

Sitemap | Privacy Policy | Terms of Use | Accessibility Information

This website uses cookies to provide our services and to improve your experience. By using this site, you consent to the use of our cookies. To read more about the use of our site, please click "Read More". Otherwise, click "Dismiss" to hide this notice. Dismiss Read More
Privacy & Cookies Policy

Necessary Always Enabled