The Cybersecurity (CS) Digest is a curated bi-weekly news summary for cybersecurity professionals. It is transmitted in an HTML-formatted email and provides links to articles and news summaries across a spectrum of cybersecurity topics.
CSIAC ANNOUNCEMENTS:
CSIAC Podcast – Object Model – Rust Models Part 3 - CSIAC
This video discusses the Rust Object model and language facilities for representing user-defined types. Rust does not have support for classes, but does provide structs, which are similar to classes used in other object-oriented languages like C++. "Traits" are similar to interfaces or abstract classes and support polymorphic operations. Rust provides encapsulation of data members and access control through the use of the "pub" keyword which specifies whether members of a struct are accessible to clients.
RECENT HEADLINES:
The DOD Wants Better Cybersecurity for its Contractors. The First Steps Haven’t Been Easy. - FedScoop
One of the biggest, most complicated projects in the defense industrial base isn't a new weapons system or cloud computing environment. It's the Cybersecurity Maturity Model Certification (CMMC), which is set to upend how the Department of Defense does business with 300,000 contractors who provide everything from advanced aircraft to the shoelaces in soldiers' boots.
Tags: Certification, CMMC, DoD Contractors
Oracle’s BlueKai tracks you across the web. That data spilled online - Tech Crunch
Have you ever wondered why online ads appear for things that you were just thinking about?
Tags: BlueKai, Data Breach, Data Privacy
The NSA is piloting a secure DNS service for the defense industrial base - Cyber Scoop
In an effort to better protect the U.S. defense industrial base from malware-based threats, the National Security Agency has launched a pilot program on securing Domain Name System use for U.S. defense contractors.
Tags: Domain Name System (DNS), National Security Agency (NSA), Secure DNS
Twitter discloses billing info leak after ‘data security incident’ - Bleeping Computer
Twitter has disclosed a 'Data Security Incident' that caused the billing information for Twitter advertisers to be stored in the browser's cache. This bug would have allowed other users on the computer to see this data.
Tags: Data Breach, Twitter
Microsoft Defender ATP can now protect Linux, Android devices - Bleeping Computer
Microsoft Defender Advanced Threat Protection (ATP) has expanded to non-Windows platforms and is now generally available for enterprise customers using Linux devices and in public preview for those with Android devices.
Tags: Linux OS, Malware Detection, Microsoft
Turn on MFA Before Crooks Do It For You - Krebs on Security
Hundreds of popular websites now offer some form of multi-factor authentication (MFA), which can help users safeguard access to accounts when their password is breached or stolen. But people who don't take advantage of these added safeguards may find it far more difficult to regain access when their account gets hacked, because increasingly thieves will enable multi-factor options and tie the account to a device they control.
Tags: Multifactor Authentication (MFA)
Facebook accused of trying to bypass GDPR, slurp domain owners’ personal Whois info via an obscure process - The Register
Facebook is accused of attempting to bypass Europe's hard-line privacy legislation and access personal data on domain name holders through an obscure policy process with the Whois registry.
Tags: Data Privacy, Facebook, General Data Protection Regulation (GDPR)
NSA Has New Guidance for Teleworking Feds - Defense One
The National Security Agency updated guidance to help federal agencies choose secure collaboration services, changing its determination of whether a number of products offered end-to-end encryption and other security features.
Tags: National Security Agency (NSA), Teleworking
Microsoft: These hackers got from a broken password to full control of a network – in just days - ZDNet
Microsoft has detailed how one sophisticated hacking group is able to get from a cracked cloud password to full control over a network in less than a week.
Tags: Cyber Defense, Microsoft
To evade detection, hackers are requiring targets to complete CAPTCHAs - Ars Technica
CAPTCHAs, those puzzles with muffled sounds or blurred or squiggly letters that websites use to filter out bots (often unsuccessfully), have been annoying end users for more than a decade. Now, the challenge-and-response tests are likely to vex targets in malware attacks.
Tags: CAPTCHA, Malware, Malware Analysis
FEMA IT Specialist Charged in ID Theft, Tax Refund Fraud Conspiracy - Krebs on Security
An information technology specialist at the Federal Emergency Management Agency (FEMA) was arrested this week on suspicion of hacking into the human resource databases of University of Pittsburgh Medical Center (UPMC) in 2014, stealing personal data on more than 65,000 UPMC employees, and selling the data on the dark web.
Tags: Data Theft, Federal Emergency Management Agency (FEMA)
Report finds Russian disinformation group tied to 2016 elections still active - The Hill
A report released Tuesday found evidence that a Russian disinformation group that targeted the 2016 U.S. presidential election is still active and targeting U.S. officials and other governments.
Tags: Election Security, Russia
CSIAC Supported Communities
CSIAC supports several communities of practice, such as the Cyber Community of Interest (COI) Group and research & development working groups.
Technical Resources, Policy and Guidance
This list of related sites provides additional sources to pursue the topic of Cybersecurity. The sites include Government organizations, including federal agencies, Department of Defense and military service agencies, commercial organizations, and academic institutions.
The CS Digest provides links to third party Websites. The CSIAC is not responsible for the availability of, and content provided on, third party Websites. You should refer to the policies posted by other Websites regarding their privacy and other topics before you use them. The CSIAC is not responsible for third party content accessible through the CSIAC CS Digest, including opinions, advice, statements, advertisements and endorsements, and you bear all risks associated with the use of such content.
Leave a Comment
You must be logged in to post a comment.