The Cybersecurity (CS) Digest is a curated bi-weekly news summary for cybersecurity professionals. It is transmitted in an HTML-formatted email and provides links to articles and news summaries across a spectrum of cybersecurity topics.

CSIAC ANNOUNCEMENTS:

In Case You Missed It: CSIAC Webinar – The Knowledge Temple - CSIAC

In this webinar, Neil Fitzpatrick, Senior Knowledge Manager at Quanterion Solutions Inc., uses the analogy of the construction of a Greek temple to identify the components and processes involved in the development of an efficient and effective organizational data to decision model.

Watch the Previous Webinar – Cybersecurity for Energy Systems - CSIAC

This presentation will review various Cybersecurity for Energy Delivery Systems (CEDS) R&D projects in which Schweitzer Engineering Laboratories (SEL) has been involved including an overview of Operational Technology-Software Defined Networking (OT-SDN).

RECENT HEADLINES:

Cyberwarfare:

New Fears Over Chinese Espionage Grip Washington - The Hill

Fresh concerns over Chinese espionage are gripping Washington as lawmakers fear Beijing is gaining sensitive details on U.S. technologies.

Data Security:

New SamSam Variant Requires Special Password Before Infection - Bleeping Computer

New versions of the SamSam ransomware will not execute unless the person running the malware's payload enters a special password via the command-line.

75% of Malware Uploaded on “No-Distribute” Scanners Is Unknown to Researchers - Bleeping Computer

Three-quarters of malware samples uploaded to "no-distribute scanners" are never shared on "multiscanners" like VirusTotal, and hence, they remain unknown to security firms and researchers for longer periods of time.

Equifax Reveals Full Horror of That Monstrous Cyber-heist of its Servers - The Register

Equifax has published yet more details on the personal records and sensitive information stolen by miscreants after they hacked its databases in 2017.

Legislation and Regulation:

Congress Lays Out Tech Funding in Spending Bills and Focuses on Supply Chain Threats - NextGov

The Senate Appropriations subcommittees forwarded a smorgasbord of funding bills to the full committee last week. Here's a rundown.

Supreme Court Rules that Warrants Generally Are Required to Collect Cellphone Data - NY Times

In a major statement on privacy in the digital age, the Supreme Court ruled on Friday that the government generally needs a warrant to collect troves of location data about the customers of cellphone companies.

Machine Learning and Artificial Intelligence:

A Bot Backed by Elon Musk Has Made an AI Breakthrough in Video Game World - Bloomberg

Artificial-intelligence research group OpenAI said it created software capable of beating teams of five skilled human players in the video game Dota 2, a milestone in computer science.

This Japanese AI Security Camera Shows the Future of Surveillance Will be Automated - The Verge

The world of automated surveillance is booming, with new machine learning techniques giving CCTV cameras the ability to spot troubling behavior without human supervision. And sooner or later, this tech will be coming to a store near you - as illustrated by a new AI security cam built by Japanese telecom giant NTT East and startup Earth Eyes Corp.

New IBM Robot Holds its Own in a Debate with a Human - NBC News

The human brain may be the ultimate super computer, but artificial intelligence is catching up so fast that it can now hold a substantive debate with a human.

MIT Fed an AI Data From Reddit, and Now it Only Thinks About Murder - The Verge

This week, researchers at MIT unveiled their latest creation: Norman, a disturbed AI.

Mobile Security:

Thousands of Mobile Apps Leak Data from Firebase Databases - Security Week

Thousands of mobile applications running on iOS and Android have exposed over 113 gigabytes of data from 2,300 unsecured Firebase databases, enterprise mobile security firm Appthority says in a new report.

A Volt Out of the Blue: Phone Batteries Reveal What You Typed and Read - The Register

A group of researchers has demonstrated that smartphone batteries can offer a side-channel attack vector by revealing what users do with their devices through analysis of power consumption.

Network Security:

New WPA3 Wi-Fi Standard Released - Bleeping Computer

On Monday, the Wi-Fi Alliance, the organization that manages Wi-Fi technologies, announced the official release of WPA3. WPA3 is the latest version of Wi-Fi Protected Access (WPA), a user authentication technology for Wi-Fi connections.

Public Sector:

Most Major US Agencies Are Now Feeding the Federal Cyber Threat Dashboard - Defense One

A Homeland Security Department dashboard designed to collect and analyze cybersecurity information from across the government is now receiving data from 20 out of 23 major civilian agencies, a department official said Wednesday.

Software Security:

Android P Will Encourage OEMs to Adopt Stronger Biometric Systems - Toms Hardware

Starting with Android P, device makers will have to pass new security-focused benchmarks for their biometric authentication systems if they want their customers to have a better biometric authentication experience.

Microsoft Edge Bug Exposes Content From Other Sites via HTML5 Audio Tag - Bleeping Computer

A weird Edge bug that was fixed earlier this month, allows a malicious website to retrieve content from other sites by playing audio files in a malformed manner that produces unintended consequences.

CSIAC Supported Communities

CSIAC supports several communities of practice, such as the Cyber Community of Interest (COI) Group and research & development working groups.

Technical Resources, Policy and Guidance

This list of related sites provides additional sources to pursue the topic of Cybersecurity. The sites include Government organizations, including federal agencies, Department of Defense and military service agencies, commercial organizations, and academic institutions.

The CS Digest provides links to third party Websites. The CSIAC is not responsible for the availability of, and content provided on, third party Websites. You should refer to the policies posted by other Websites regarding their privacy and other topics before you use them. The CSIAC is not responsible for third party content accessible through the CSIAC CS Digest, including opinions, advice, statements, advertisements and endorsements, and you bear all risks associated with the use of such content.