The Cybersecurity (CS) Digest is a curated bi-weekly news summary for cybersecurity professionals. It is transmitted in an HTML-formatted email and provides links to articles and news summaries across a spectrum of cybersecurity topics.
This podcast is a breakdown episode where the CSIAC discusses current topics in further depth. CSIAC tries to breakdown the complexity of the topic.
Free CSIAC Webinar Thursday, Dec 13th @ 12 pm EDT – Phishing for Solutions: Are Cybersecurity Compliance Based Programs Working? - CSIAC
This presentation provides an overview of two quantitative studies conducted at the Pacific Northwest National Laboratory (PNNL) in 2017. These studies were designed to explore psychological and contextual variables that influence users confronted with cybersecurity challenges and their propensity to comply with policies under those conditions. From these studies, a new, cross-disciplinary approach towards assessing cybersecurity risk began to emerge. Ultimately, these efforts could lead to the development of risk assessment instruments that provide a tailored approach towards understanding organizational risk.
The team of grid operators had spent days restoring power when a digital strike took out one of two operational utility stations. The other utility was also under attack.
Why Cyberspace Demands an Always-on Approach - Fifth Domain
The U.S. government has determined it must remain constantly engaged in cyberspace in response to the steps other countries and non-state actors are taking online.
3 Lessons the Army is Taking From U.S. Cyber Command - Fifth Domain
For the last two years, U.S. Cyber Command ran pilot programs that focused on supporting operations in Iraq and Syria. Now, the U.S. Army is taking lessons from those experiments and applying them to tactical operations.
ECC Memory Vulnerable to Rowhammer Attack - Bleeping Computer
Memory modules with error-correcting code (ECC) protection are vulnerable to Rowhammer, an attack that can help corrupt data the computer stores in its volatile memory chips.
You and 800 million other people now can use hardware authentication keys -- and no password at all -- to log on to Microsoft accounts used for Outlook, Office 365, OneDrive, Skype and Xbox Live.
USPS Site Exposed Data on 60 Million Users - KrebsonSecurity
U.S. Postal Service just fixed a security weakness that allowed anyone who has an account at usps.com to view account details for some 60 million other users, and in some cases to modify account details on their behalf.
Researchers from Radboud University Nijmegen in the Netherlands yesterday disclosed a pair of vulnerabilities in the hardware full-disk encryption mechanisms of self-encrypting solid state drives (SSDs) from Samsung and Crucial. The flaws are present in both internal and external storage devices from these manufacturers, and even affect Microsoft Windows environments that use BitLocker for full-disk encryption.
IBM Watson Will be Used by NIST to Assign CVSS Scores to Vulnerabilities - Security Affairs
The National Institute of Standards and Technology (NIST) is planning to use Artificial Intelligence to assign the CVSS scores to reported vulnerabilities.
Donald Trump, the President of U.S., signed today the Cybersecurity and Infrastructure Security Agency Act of 2018 which officializes the new cybersecurity branch of the Department of Homeland Security (DHS).
How Cyberspace Makes the DoD Think Differently - Fifth Domain
U.S. Cyber Command has made it clear that it must undertake traditional and nontraditional partnerships in order to succeed in a highly dynamic environment.
Revolutionizing Cybersecurity Through Quantum Research - Homeland Security News Wire
Scientists have found a novel way to safeguard quantum information during transmission, opening the door for more secure and reliable communication for warfighters on the battlefield.
DoS Vulnerabilities Impact Linux Kernel - Security Week
Two recently disclosed Linux kernel vulnerabilities that remain unpatched could be exploited for local denial-of-service (DoS).
CSIAC supports several communities of practice, such as the Cyber Community of Interest (COI) Group and research & development working groups.
This list of related sites provides additional sources to pursue the topic of Cybersecurity. The sites include Government organizations, including federal agencies, Department of Defense and military service agencies, commercial organizations, and academic institutions.
The CS Digest provides links to third party Websites. The CSIAC is not responsible for the availability of, and content provided on, third party Websites. You should refer to the policies posted by other Websites regarding their privacy and other topics before you use them. The CSIAC is not responsible for third party content accessible through the CSIAC CS Digest, including opinions, advice, statements, advertisements and endorsements, and you bear all risks associated with the use of such content.