The Cybersecurity (CS) Digest is a curated bi-weekly news summary for cybersecurity professionals. It is transmitted in an HTML-formatted email and provides links to articles and news summaries across a spectrum of cybersecurity topics.

RECENT HEADLINES:

Critical Infrastructure:

RSA 2015: Critical Infrastructure Operators Told: Make Cybersecurity a Priority - SC Magazine

As Robert Hinden, Check Point Fellow, described in his Wednesday RSA session, Protecting Critical Infrastructure, hacking physical infrastructure is something that can affect us all, and like IT systems, there are many vulnerabilities, but the consequences are much greater, and the attacks have begun.

Why U.S. Grid Still Vulnerable to Cyberattack - Wall Street Journal

Utilities and their business partners play an unintentional role in increasing the electrical grid's vulnerability to cyber attack.

Cyberwarfare:

Russian Hackers Read Obama’s Unclassified Emails, Officials Say - New York Times

Some of President Obama's email correspondence was swept up by Russian hackers last year in a breach of the White House's unclassified computer system that was far more intrusive and worrisome than has been publicly acknowledged, according to senior American officials briefed on the investigation.

Pentagon Says Evicted Russian Hackers, Global Cyber Threat Grows - Yahoo News

The United States on Thursday disclosed a cyber intrusion this year by Russian hackers who accessed an unclassified U.S. military network, in a episode Defense Secretary Ash Carter said showed the growing threat and the improving U.S. ability to respond.

The Pentagon’s New Cyberattack Plan: ‘Blunt Force Trauma’ - Politico

The Pentagon wants cyber weapons that can inflict "blunt force trauma."

Data Security:

Malware Uses Invisible Command Line Argument in Shortcut File - Softpedia

An undocumented function in LNK shortcut file type is employed by Janicab, a Trojan that infects Windows and Mac systems alike, to pass command line arguments that are not visible to Windows's file manager.

Pawn Storm Cyberspies Still at Work, Target NATO and the White House - Net-Security

Aiming to compromise the targets' computers and Outlook accounts, the attackers send spear-phishing emails carrying malware and compromise websites to redirect to exploits that will deliver malware, or trick them into entering their Outlook login credentials into fake Outlook Web Access login pages parked on typosquatted domains.

Users in the US Targeted with Ransomware via Tax Return-Flavored Emails - Softpedia

Now that the period for filing tax reports in the US has reached an end, cybercriminals have adapted their phishing lure and deliver messages claiming to be from the IRS (Internal Revenue Service) in relation with pending refunds.

Internet-of-Things:

The Ticking Cybersecurity Risk: Managing Wearable Tech in the Workplace - Net-Security

Smartphones and tablets took time to effectively crossover from consumer device to business staple. Wearables, despite still being the infants of IT hardware, are already starting to make that leap.

Legislation:

House Passes Complementary Cyber Information-Sharing Bill - Tech Crunch

A day after the House of Representatives passed an information sharing bill that raised concerns among privacy advocates, the chamber passed the National Cybersecurity Protection Advancement Act on a vote of 355-63 (a rare feat in Congress these days).

Mobile Security:

Over 25,000 iOS Apps Affected by Bug Breaking HTTPS - Softpedia

Attackers with a server certificate can cripple the security of 25,000 iOS apps via man-in-the-middle (MitM) attacks and access in plain text the encrypted information sent from the client device.

Hacker Implants NFC Chip In His Hand To Bypass Security Scans And Exploit Android Phones - Forbes

For those who can bear the pain, biohacking, where computing devices are injected under the skin, provides a novel way to acquire real stealth to sneak through both physical and digital scans.

Looking For Laxatives, Miss? Shoppers Stalked via Smartphone Wi-Fi - The Register

The FTC has now settled with a New York startup that stealthily tracks the movements of Americans around stores using their smartphones' Wi-Fi signals.

Network Security:

Improper Parsing of SSID Info Exposes Wi-Fi Client’s Memory Contents - Softpedia

A vulnerability in cross platform Wi-Fi software "wpa_supplicant" can be exploited by attackers to perpetrate attacks ranging from a denial-of-service state of the wireless connection to reading memory contents during the group owner negotiation process.

D-Link Failed to Patch HNAP Flaws in Routers: Researcher - Security Week

D-Link has failed to properly fix vulnerabilities affecting several router models, according to a researcher. The networking equipment manufacturer says it's currently working on addressing the issues.

CSIAC SUPPORTED COMMUNITIES:

The Cyber Shield Newsletter - New Mexico Counterintelligence Working Group (NMCIWG)

The Cyber Shield is a Cyber Newsletter for Counterintelligence, IT and Security Professionals associated with DoD and USG agencies. There are no distribution constraints. If you would like to subscribe, please contact Paul Losiewicz at plosiewicz@csiac.org

GUIDANCE:

The Department of Defense Cyber Strategy - Department of Defense

The purpose of this strategy is to guide the development of DoD's cyber forces and strengthen our cyber defense and cyber deterrence posture. It focuses on building cyber capabilities and organizations for DoD's three primary cyber missions.

The CS Digest provides links to third party Websites. The CSIAC is not responsible for the availability of, and content provided on, third party Websites. You should refer to the policies posted by other Websites regarding their privacy and other topics before you use them. The CSIAC is not responsible for third party content accessible through the CSIAC CS Digest, including opinions, advice, statements, advertisements and endorsements, and you bear all risks associated with the use of such content.