The Cybersecurity (CS) Digest is a curated bi-weekly news summary for cybersecurity professionals. It is transmitted in an HTML-formatted email and provides links to articles and news summaries across a spectrum of cybersecurity topics.
As Robert Hinden, Check Point Fellow, described in his Wednesday RSA session, Protecting Critical Infrastructure, hacking physical infrastructure is something that can affect us all, and like IT systems, there are many vulnerabilities, but the consequences are much greater, and the attacks have begun.
Why U.S. Grid Still Vulnerable to Cyberattack - Wall Street Journal
Utilities and their business partners play an unintentional role in increasing the electrical grid's vulnerability to cyber attack.
Russian Hackers Read Obama’s Unclassified Emails, Officials Say - New York Times
Some of President Obama's email correspondence was swept up by Russian hackers last year in a breach of the White House's unclassified computer system that was far more intrusive and worrisome than has been publicly acknowledged, according to senior American officials briefed on the investigation.
The United States on Thursday disclosed a cyber intrusion this year by Russian hackers who accessed an unclassified U.S. military network, in a episode Defense Secretary Ash Carter said showed the growing threat and the improving U.S. ability to respond.
The Pentagon wants cyber weapons that can inflict "blunt force trauma."
An undocumented function in LNK shortcut file type is employed by Janicab, a Trojan that infects Windows and Mac systems alike, to pass command line arguments that are not visible to Windows's file manager.
Aiming to compromise the targets' computers and Outlook accounts, the attackers send spear-phishing emails carrying malware and compromise websites to redirect to exploits that will deliver malware, or trick them into entering their Outlook login credentials into fake Outlook Web Access login pages parked on typosquatted domains.
Now that the period for filing tax reports in the US has reached an end, cybercriminals have adapted their phishing lure and deliver messages claiming to be from the IRS (Internal Revenue Service) in relation with pending refunds.
Smartphones and tablets took time to effectively crossover from consumer device to business staple. Wearables, despite still being the infants of IT hardware, are already starting to make that leap.
Tags: Workplace Security
A day after the House of Representatives passed an information sharing bill that raised concerns among privacy advocates, the chamber passed the National Cybersecurity Protection Advancement Act on a vote of 355-63 (a rare feat in Congress these days).
Attackers with a server certificate can cripple the security of 25,000 iOS apps via man-in-the-middle (MitM) attacks and access in plain text the encrypted information sent from the client device.
For those who can bear the pain, biohacking, where computing devices are injected under the skin, provides a novel way to acquire real stealth to sneak through both physical and digital scans.
The FTC has now settled with a New York startup that stealthily tracks the movements of Americans around stores using their smartphones' Wi-Fi signals.
A vulnerability in cross platform Wi-Fi software "wpa_supplicant" can be exploited by attackers to perpetrate attacks ranging from a denial-of-service state of the wireless connection to reading memory contents during the group owner negotiation process.
D-Link Failed to Patch HNAP Flaws in Routers: Researcher - Security Week
D-Link has failed to properly fix vulnerabilities affecting several router models, according to a researcher. The networking equipment manufacturer says it's currently working on addressing the issues.
The Department of Defense Cyber Strategy - Department of Defense
The purpose of this strategy is to guide the development of DoD's cyber forces and strengthen our cyber defense and cyber deterrence posture. It focuses on building cyber capabilities and organizations for DoD's three primary cyber missions.
Tags: Cybersecurity Strategy
The CS Digest provides links to third party Websites. The CSIAC is not responsible for the availability of, and content provided on, third party Websites. You should refer to the policies posted by other Websites regarding their privacy and other topics before you use them. The CSIAC is not responsible for third party content accessible through the CSIAC CS Digest, including opinions, advice, statements, advertisements and endorsements, and you bear all risks associated with the use of such content.