CSIAC

Cyber Security and Information Systems Information Analysis Center

/ CS Digests / 24 Jun 2020

CS Digest: 24 Jun 2020

| Leave a Comment

The Cybersecurity (CS) Digest is a curated bi-weekly news summary for cybersecurity professionals. It is transmitted in an HTML-formatted email and provides links to articles and news summaries across a spectrum of cybersecurity topics.

CSIAC ANNOUNCEMENTS:

CSIAC Podcast – Object Model – Rust Models Part 3 - CSIAC

This video discusses the Rust Object model and language facilities for representing user-defined types. Rust does not have support for classes, but does provide structs, which are similar to classes used in other object-oriented languages like C++. "Traits" are similar to interfaces or abstract classes and support polymorphic operations. Rust provides encapsulation of data members and access control through the use of the "pub" keyword which specifies whether members of a struct are accessible to clients.

RECENT HEADLINES:

The DOD Wants Better Cybersecurity for its Contractors. The First Steps Haven’t Been Easy. - FedScoop

One of the biggest, most complicated projects in the defense industrial base isn't a new weapons system or cloud computing environment. It's the Cybersecurity Maturity Model Certification (CMMC), which is set to upend how the Department of Defense does business with 300,000 contractors who provide everything from advanced aircraft to the shoelaces in soldiers' boots.
Tags: , ,

Oracle’s BlueKai tracks you across the web. That data spilled online - Tech Crunch

Have you ever wondered why online ads appear for things that you were just thinking about?
Tags: , ,

The NSA is piloting a secure DNS service for the defense industrial base - Cyber Scoop

In an effort to better protect the U.S. defense industrial base from malware-based threats, the National Security Agency has launched a pilot program on securing Domain Name System use for U.S. defense contractors.
Tags: , ,

Twitter discloses billing info leak after ‘data security incident’ - Bleeping Computer

Twitter has disclosed a 'Data Security Incident' that caused the billing information for Twitter advertisers to be stored in the browser's cache. This bug would have allowed other users on the computer to see this data.
Tags: ,

Microsoft Defender ATP can now protect Linux, Android devices - Bleeping Computer

Microsoft Defender Advanced Threat Protection (ATP) has expanded to non-Windows platforms and is now generally available for enterprise customers using Linux devices and in public preview for those with Android devices.
Tags: , ,

Turn on MFA Before Crooks Do It For You - Krebs on Security

Hundreds of popular websites now offer some form of multi-factor authentication (MFA), which can help users safeguard access to accounts when their password is breached or stolen. But people who don't take advantage of these added safeguards may find it far more difficult to regain access when their account gets hacked, because increasingly thieves will enable multi-factor options and tie the account to a device they control.
Tags:

Facebook accused of trying to bypass GDPR, slurp domain owners’ personal Whois info via an obscure process - The Register

Facebook is accused of attempting to bypass Europe's hard-line privacy legislation and access personal data on domain name holders through an obscure policy process with the Whois registry.
Tags: , ,

NSA Has New Guidance for Teleworking Feds - Defense One

The National Security Agency updated guidance to help federal agencies choose secure collaboration services, changing its determination of whether a number of products offered end-to-end encryption and other security features.
Tags: ,

Microsoft: These hackers got from a broken password to full control of a network – in just days - ZDNet

Microsoft has detailed how one sophisticated hacking group is able to get from a cracked cloud password to full control over a network in less than a week.
Tags: ,

To evade detection, hackers are requiring targets to complete CAPTCHAs - Ars Technica

CAPTCHAs, those puzzles with muffled sounds or blurred or squiggly letters that websites use to filter out bots (often unsuccessfully), have been annoying end users for more than a decade. Now, the challenge-and-response tests are likely to vex targets in malware attacks.
Tags: , ,

FEMA IT Specialist Charged in ID Theft, Tax Refund Fraud Conspiracy - Krebs on Security

An information technology specialist at the Federal Emergency Management Agency (FEMA) was arrested this week on suspicion of hacking into the human resource databases of University of Pittsburgh Medical Center (UPMC) in 2014, stealing personal data on more than 65,000 UPMC employees, and selling the data on the dark web.
Tags: ,

Report finds Russian disinformation group tied to 2016 elections still active - The Hill

A report released Tuesday found evidence that a Russian disinformation group that targeted the 2016 U.S. presidential election is still active and targeting U.S. officials and other governments.
Tags: ,

CSIAC Supported Communities

CSIAC supports several communities of practice, such as the Cyber Community of Interest (COI) Group and research & development working groups.

Technical Resources, Policy and Guidance

This list of related sites provides additional sources to pursue the topic of Cybersecurity. The sites include Government organizations, including federal agencies, Department of Defense and military service agencies, commercial organizations, and academic institutions.


The CS Digest provides links to third party Websites. The CSIAC is not responsible for the availability of, and content provided on, third party Websites. You should refer to the policies posted by other Websites regarding their privacy and other topics before you use them. The CSIAC is not responsible for third party content accessible through the CSIAC CS Digest, including opinions, advice, statements, advertisements and endorsements, and you bear all risks associated with the use of such content.

Reader Interactions

Leave a Comment