The Cybersecurity (CS) Digest is a curated bi-weekly news summary for cybersecurity professionals. It is transmitted in an HTML-formatted email and provides links to articles and news summaries across a spectrum of cybersecurity topics.
CSIAC Webinar, TODAY, Nov 26th @ 12:00 EST: Machine-Learning Techniques to Protect Critical Infrastructure From Cybersecurity Incidents or Equipment Incidents - CSIAC
Join CSIAC, HDIAC and DSIAC for a live webinar presentation on "Machine-Learning Techniques to Protect Critical Infrastructure From Cybersecurity Incidents or Equipment Incidents."
Tags: Critical Infrastructure Protection (CIP), CSIAC Webinar
Incorporating security control measures early on in the software development process will benefit in terms of cost savings and manpower utilization throughout the lifecycle management, thus increasing the reliability and maintainability of the software. This article reiterates commonly observed best practices that can help enhance any organization's software security practices whether using traditional, agile or development operations (DEVOPS) methods for new code or integration.
Tags: Software Assurance, Software Development, Software Engineering Institute (SEI)
New CSIAC Podcast – Authenticating Devices in Fog Multi-Access Computing Environments through a Wireless Grid Resource Sharing Protocol - CSIAC
This article identifies an authentication process required for these ICDs, which will need to prove their identity to authenticate to an IoT Fog multi-access Edge computing (fMEC) cloud network through a wireless grid authentication process. The proposed methodology, called wg-IoT, must include the integration of Fog computing, wireless grids and multi-access Edge computing clouds to support these new IoT architectures.
Tags: Fog Computing, Wireless Grid Resource Sharing Protocol
The Fifth Amendment to the US Constitution bars people from being forced to turn over personal passwords to police, the Pennsylvania Supreme Court ruled this week.
Tags: Cyber Legislation, Data Security, Password Security
Critical Flaws in VNC Threaten Industrial Environments - Threat Post
The open-source Virtual Network Computing (VNC) project, often found in industrial environments, is plagued with 37 different memory-corruption vulnerabilities - many of which are critical in severity and some of which could result in remote code execution (RCE). According to researchers at Kaspersky, they potentially affect 600,000 web-accessible servers in systems that use the code.
Tags: Memory-corruption Vulnerabilities, Remote Code Execution (RCE), VNC
Predicting People’s Driving Personalities - MIT News
Cyberwarriors Lack Planning Tools. That Could Change - Fifth Domain
For six years, the Defense Advanced Research Projects Agency worked on a program known as Plan X to help commanders plan and conduct cyber operations. The goal was for leaders to see the cyber environment just as they would the physical world. Now, the Air Force and the Pentagon's Strategic Capabilities Office are continuing the program and have renamed it Project IKE. The move was first reported by Inside Cybersecurity.
Tags: Defense Advanced Research Projects Agency (DARPA), DoD, Plan X, Project IKE
T-Mobile has confirmed a data breach affecting more than a million of its customers, whose personal data (but no financial or password data) was exposed to a malicious actor. The company alerted the affected customers but did not provide many details in its official account of the hack.
Tags: Data Breach, Data Security, Mobile Security, T-Mobile
The Department of Defense has weighed in against a proposal before the Federal Communications Commission to open the 1 to 2 Gigahertz frequency range-the L band-for use in 5G cellular networks. The reason: segments of that range of radio spectrum are already used by Global Positioning System signals and other military systems.
Tags: 5G, DoD, GPS
At DHS, an Exodus of Tech and Cyber Leaders - Defense One
The rotating cast of officials in top tech and cyber jobs could hinder the department's ability to develop and execute a consistent digital strategy.
Tags: Cyber Leader, Department of Homeland Security (DHS), Jeanette Manfra
Today, at 15:35 (UTC+1) on 25 November 2019, we made our final /22 IPv4 allocation from the last remaining addresses in our available pool. We have now run out of IPv4 addresses.
Tags: IPv4, Networking
Bad News: ‘Unblockable’ Web Trackers Emerge. Good News: Firefox with uBlock Origin Can Stop It. Chrome, Not So Much - The Register
China’s Achilles’ Heel When it Comes to Cyberspace - Fifth Domain
If "mutually assured cyber destruction" were to occur, one Marine Corps leader said, authoritarian nations such as China might have more to lose than the United States.
Tags: cyberattack, Cyberwarfare
Trend Micro Unveils New Cloud Security Platform - Security Week
CSIAC supports several communities of practice, such as the Cyber Community of Interest (COI) Group and research & development working groups.
This list of related sites provides additional sources to pursue the topic of Cybersecurity. The sites include Government organizations, including federal agencies, Department of Defense and military service agencies, commercial organizations, and academic institutions.
The CS Digest provides links to third party Websites. The CSIAC is not responsible for the availability of, and content provided on, third party Websites. You should refer to the policies posted by other Websites regarding their privacy and other topics before you use them. The CSIAC is not responsible for third party content accessible through the CSIAC CS Digest, including opinions, advice, statements, advertisements and endorsements, and you bear all risks associated with the use of such content.