The Cybersecurity (CS) Digest is a curated bi-weekly news summary for cybersecurity professionals. It is transmitted in an HTML-formatted email and provides links to articles and news summaries across a spectrum of cybersecurity topics.

RECENT HEADLINES:

Cloud Computing:

U.S. Critical Infrastructure Continue to Make Risky IT Bets - Network World

More than half of critical infrastructure organizations admit that they have insecure IT products and services deployed on their networks.

DDoS Attacks Can Bypass Mitigation Services by Taking Aim at a Website’s Origin IP - Softpedia

A recent research paper shows that most Cloud-Based Security Providers (CBSP) are ineffective in protecting websites from DDoS attacks, mainly because they cannot entirely hide the origin website's IP address from attackers.

Critical Infrastructure:

ISIS is Attacking the U.S. Energy Grid (and Failing) - CNN Money

The Islamic State is trying to hack American electrical power companies - but they are terrible at it.

Cyberwarfare:

US Arrests Hacker Behind ISIS-Related Cyber-Attacks - Softpedia

Malaysian law enforcement have arrested Ardit Ferizi, a Kosovo citizen, based on an arrest warrant issued by US authorities, who suspect him of being the main person behind the ISIS data leaks.

Russians aim to Stop Military Infrastructure Cyberattacks - SC Magazine UK

Hackers are believed to be seeking to discredit the Russian Minister and Ministry of Defence in recent cyber-attacks which stole confidential military information, so counter-measures are now underway.

Proposed Cyber ‘Squadron’ Cultivates Military-Private Partnerships to Address Cyber Threats - SC Magazine

A proposed "cyber squadron" based out of New York and a cyber center of excellence in California represent the type of coordinated solutions between the private and defense sectors that officials are pushing to defend the U.S. and its interests against the growing threat of cyber attacks.

Pentagon, Military Block Use of Chinese Telecom Gear - Free Beacon

The Pentagon and U.S. Cyber Command have blocked the use of telecommunications equipment produced by the global Chinese company Huawei Technologies over cyber spying fears, according to congressional testimony last week.

US Cyber Command Floats $460m Contract to Outsource Most of Itself - The Register

The United States' Cyber Command has floated a $460m contract to outsource pretty much all of its duties, as the nation seeks to bulk up its offensive cyberspace capabilities.

3 Nations Tried Cyberattacks on Hillary Clinton’s Private Email Server - CBS News

Hillary Rodham Clinton's private email server, which stored some 55,000 pages of emails from her time as secretary of state, was the subject of attempted cyberattacks originating in China, South Korea and Germany after she left office in early 2013, according to a congressional document obtained by The Associated Press.

Data Security:

Factory Settings FAIL: Data Easily Recovered from eBayed Smartphones, Disks - The Register

The research, by Blancco Technology Group and Kroll Ontrack, once again shows that failure to erase data from discarded devices continues to be a problem, years after the issue first surfaced.

New Collision Attack Lowers Cost of Breaking SHA1 - Security Week

A team of researchers has demonstrated that the cost of breaking the SHA1 cryptographic hash function is lower than previously estimated, which is why they believe the industry should accelerate migration to more secure standards.

Mobile Security:

Hackers Can Turn Siri And Google Now Against You - Forbes

According to a report from Wired, though, a pair of researchers at ANSSI- a French government agency - have figured out a way to use radio waves to silently activate Siri or Android's Google Now from across the room.

Android Adware Hits to Google Play Store Once Again - Softpedia

ESET has uncovered another campaign targeting the Google Play Store, one through which attackers once again masqueraded adware inside legitimate-looking apps.

Network Security:

Cisco IOS Rootkits Can Be Created With Limited Resources - Security Week

A paper published last week aims to demonstrate that developing rootkits for devices running Cisco IOS doesn't require advanced knowledge or the resources of a nation state.

Attackers Compromise Cisco Web VPNs to Steal Login Credentials, Backdoor Target Networks - Net-Security

Another Cisco product is being targeted by attackers looking for a permanent way into the computer networks and systems of various organizations, Volexity researchers warn.

Quantum Computing:

A Major Breakthrough has Given These Australian Engineers Everything they Need to Build a new Generation of Super-fast Computers that Would Jeopardize the way we Store Personal Information - Business Insider

Humankind is hot on the trail to designing and building the next-generation of super computers, called quantum computers.

Microsoft Lab Predicts a Working Quantum Computer Within 10 Years - The Verge

The quantum speedup may be closer than we think. According to a new paper lead-authored by researchers at Microsoft's quantum lab, a working quantum device could arrive within the next 10 years.

Software Security:

All Versions of Windows Affected by Critical Security Flaw - Zdnet

The software giant said in its monthly security bulletin as part of its so-called Patch Tuesday that Windows Vista and later, including Windows 10, require patching from a serious remote code execution flaw in Internet Explorer.

European Aviation Body Warns of Cyberattack Risk Against Aircraft - SC Magazine

The chief of Europe's top airline safety agencies warned that cyber-criminals could hack into critical systems on an airplane from the ground.

Canadian Military Seeks Hackers to Build Exploits and Defences Against Connected Car Cyberattacks - IB Times

Canada's military is concerned the advent of connected cars with state-of-the-art computer systems and internet access will see a rise in cyberattacks, and is now looking to hire hackers to help them understand all the ways a car can be hijacked.

Chinese Hackers Breach Company Behind Samsung Pay - Softpedia

Samsung published an official statement regarding a security breach in one of the companies it bought and was responsible for technology integrated in the Samsung Pay mobile payments platform.

FEEDBACK FROM PREVIOUS DIGEST:

Video Follow-ups:

OPM Breach Update - CSIAC

This podcast is an update to previously popular CS Digest articles on the OPM data breach. It examines recent findings regarding the OPM data breach as well as explores possible uses of the compromised data. Statements from intelligence officials also give perspective on the status of the OPM breach and where efforts are currently being focused.

Air University Update - CSIAC

This podcast is an update to previously popular CS Digest articles on Air University's cyber curriculum. Topics cover how this new cyber curriculum assists the Air Force in achieving many of their newly announced immediate and long-term mission goals. Additionally, Lt. General Steven Kwast speaks on a panel that provides additional insight for education and training objectives for future Airmen as leaders.

CSIAC SUPPORTED COMMUNITIES:

Cyber Community of Interest (COI) Group - CSIAC

The Cyber COI engages in multiple activities and forums for coordinating cyber S&T strategies, sharing innovative ideas and technical approaches, promoting technology transfer and upcoming business opportunities, and in jointly planning programs across the Department of Defense and other government agencies. Membership is based upon approval by the Cyber COI group administrator.

The CS Digest provides links to third party Websites. The CSIAC is not responsible for the availability of, and content provided on, third party Websites. You should refer to the policies posted by other Websites regarding their privacy and other topics before you use them. The CSIAC is not responsible for third party content accessible through the CSIAC CS Digest, including opinions, advice, statements, advertisements and endorsements, and you bear all risks associated with the use of such content.