• Home
  • Resources
    • Find Resources by Topic Tags
    • Cybersecurity Policy Chart
    • CSIAC Reports
    • Webinars
    • Podcasts
    • Cybersecurity Digest
    • Standards & Reference Docs
    • Journals
    • Certifications
    • Acronym DB
    • Cybersecurity Related Websites
  • Services
    • Free Technical Inquiry
    • Core Analysis Task (CAT) Program
    • Subject Matter Expert (SME) Network
    • Training
    • Contact Us
  • Community
    • Upcoming Events
    • Cybersecurity
    • Modeling & Simulation
    • Knowledge Management
    • Software Engineering
  • About
    • About the CSIAC
    • The CSIAC Team
    • Subject Matter Expert (SME) Support
    • DTIC’s IAC Program
    • DTIC’s R&E Gateway
    • DTIC STI Program
    • FAQs
  • Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
Login / Register

CSIAC

Cyber Security and Information Systems Information Analysis Center

  • Resources
    • Find Resources by Topic Tags
    • Cybersecurity Policy Chart
    • CSIAC Reports
    • Webinars
    • Podcasts
    • Cybersecurity Digest
    • Standards & Reference Docs
    • Journals
    • Certifications
    • Acronym DB
    • Cybersecurity Websites
  • Services
    • Free Technical Inquiry
    • Core Analysis Task (CAT) Program
    • Subject Matter Expert (SME) Network
    • Training
    • Contact
  • Community
    • Upcoming Events
    • Cybersecurity
    • Modeling & Simulation
    • Knowledge Management
    • Software Engineering
  • About
    • About the CSIAC
    • The CSIAC Team
    • Subject Matter Expert (SME) Support
    • DTIC’s IAC Program
    • DTIC’s R&E Gateway
    • DTIC STI Program
    • FAQs
  • Cybersecurity
  • Modeling & Simulation
  • Knowledge Management
  • Software Engineering
/ CS Digests / 28 Jul 2015

CS Digest: 28 Jul 2015

Posted: 07/28/2015 | Leave a Comment

The Cybersecurity (CS) Digest is a curated bi-weekly news summary for cybersecurity professionals. It is transmitted in an HTML-formatted email and provides links to articles and news summaries across a spectrum of cybersecurity topics.

RECENT HEADLINES:

Cloud Computing:

Cybercom: Big Data Theft at OPM, Private Networks is New Trend in Cyber Attacks - Free Beacon

The commander of U.S. Cyber Command said last week that the Office of Personnel Management hack of millions of records of federal workers shows a new trend toward using Big Data analytics for both nation-state and criminal cyber attacks.

FCC Wants to Operate 100 Percent in the Cloud by the End of 2017 - Next Gov

Most federal agencies are far from maximizing the potential of the cloud to realize enormous efficiency gains and cost reductions.

Critical Infrastructure:

Siemens Energy Automation Device Vulnerable to Authentication Bypass - Info Security

An authentication bypass vulnerability has been discovered in a Siemens energy automation device -meaning that an attacker can gain control of the device without having to enter login details.

Cyberwarfare:

New ‘Cyber College’ to Train Airmen on Cyber Challenges - Air Force Times

Airmen may soon take cybersecurity classes as part of a new school designed to bring the Air Force's digital abilities to the cutting edge.

Chinese Hackers Use US Servers In Cyber Attacks - Free Beacon

Chinese-government linked hackers are using American computer services companies in conducting cyber attacks against private company networks, according to cyber security analysts.

Data Security:

Army National Guard Confirms Breach - CU Times

A breach of personal information stemming from an improperly handled data transfer, not hackers, could affect as many as 850,000 former and current members of the Army National Guard.

UCLA Health Cyberattack Affects Data for Up to 4.5 Million Patients - KTLA

The records of to 4.5 million patients may have been affected by a cyberattack on the UCLA Health network, but there's no evidence individuals' information was accessed, the health care system.

Hacking Team Malware Hides in UEFI BIOS to Survive PC Reinstalls - Softpedia

Using a UEFI BIOS rootkit, the Hacking Team group created a module for their Remote Control System (Galileo) surveillance software, which would check to see if the OS was infected with its malware agent every time the user rebooted the PC and would re-infect the system if its agent was missing.

TeslaCrypt 2.0 Ransomware Comes with Significant Improvements - Security Affairs

Researchers at Kaspersky Lab have discovered a new strain of TeslaCrypt ransomware, version 2.0, which was improved in a significant way.

Darkode Computer Hacking Forum Shuts After Investigation Spanning 20 Countries - Network World

Law enforcement agencies from 20 countries working together have shut down a major computer hacking forum, and U.S. officials have filed criminal charges against a dozen people associated with the website.
Tags: Dark Web

Internet-of-Things:

Firewalls Can’t Protect Today’s Connected Cars - Network World

The automobile industry needs to follow Sun Tzu's advice to secure increasingly connected vehicles from hackers, according to experts.

Security Experts Hack Into Moving Car and Seize Control - Reuters

A pair of veteran cybersecurity researchers have shown they can use the Internet to turn off a car's engine as it drives, sharply escalating the stakes in the debate about the safety of increasingly connected cars and trucks.

Hacking Team Built Drone-Based Wi-Fi Hacking Hardware - Arstechnica

Leaked e-mails from the Italy-based computer and network surveillance company Hacking Team show that the company developed a piece of rugged hardware intended to attack computers and mobile devices via Wi-Fi.

Drones and Security: Where are we Heading? - Kaspersky

The participants had to elaborate use cases for unmanned aerial vehicles (UAVs) in the business, defense and national economy. I think the outcomes would be good for us to know.

Legislation and Regulation:

New Bill Strengthens DHS Role in Federal Cybersecurity - Federal Times

A bipartisan group of senators looking to strengthenthe Department of Homeland Security's ability to intercede at agencies with weak cybersecurityintroduced the Federal Information Security Management Reform Act (FISMA Reform).

Senators Seek Privacy, Anti-Hacking Safeguards in Cars - The Hill

A pair of Democratic senators want rules requiring automakers to develop hacking and privacy protections for their cars and trucks.

House Panel Dents Budget for Cyber Tool That Scoped Out OPM Breaches - Next Gov

A House committee has slightly undercut a White House budget request for Department of Homeland Security network surveillance technology integral to post-megahack cleanup.

Network Security:

Microsoft Released an Out-of-Band Patch for a Remote, Critical Flaw that Affects All Supported Versions of Windows - Network World

Microsoft released an out-of-band patch for a remote, critical flaw in the way Windows Adobe Type Manager Library handles OpenType fonts; all supported versions of Windows are affected.

DHS S&T Transitions Third Cybersecurity Technology - DHS

The Network Mapping System (NeMS), developed by Lawrence Livermore National Laboratory, is a software-based tool that tells users what is connected to their network so that they know what needs to be protected.

Public Sector:

Government Hacked Yet Again. It’s About Time Federal Cybersecurity Became a National Issue - Next Gov

The group of hacktivists, Anonymous, claimed in a tweet on Wednesday they hacked the Census Bureau and leaked employee details online.

How a Fed With Fake Diplomas Worked at the Interior Department for 5 Years - Next Gov

A federal employee occupied a high-ranking technology position at the Interior Department for several years before an investigation found that he had faked his education, according to a report published by the agency's inspector general in 2013 and obtained by National Journal.

Here’s Everything the White House says it’s Done on Cyber in 2015 - Next Gov

The White House issued a fact sheet laying out some of the steps the administration says it's taken to bolster agencies' cybersecurity practices, including some before the OPM hack even came to light.

Software Security:

Office, Java Patches Erase Latest APT 28 Zero Days - Threat Post

An APT group thought to be tied to Russia is flying against conventional wisdom, having as recently as the last three weeks dropped its sixth zero-day in the past four months.

CSIAC SUPPORTED COMMUNITIES:

Cyber Community of Interest (COI) Group - CSIAC

The Cyber COI engages in multiple activities and forums for coordinating cyber S&T strategies, sharing innovative ideas and technical approaches, promoting technology transfer and upcoming business opportunities, and in jointly planning programs across the Department of Defense and other government agencies. Membership is based upon approval by the Cyber COI group administrator.


The CS Digest provides links to third party Websites. The CSIAC is not responsible for the availability of, and content provided on, third party Websites. You should refer to the policies posted by other Websites regarding their privacy and other topics before you use them. The CSIAC is not responsible for third party content accessible through the CSIAC CS Digest, including opinions, advice, statements, advertisements and endorsements, and you bear all risks associated with the use of such content.

« 14 Jul 2015
11 Aug 2015 »

Reader Interactions

Leave a Comment Cancel

You must be logged in to post a comment.

sidebar

Blog Sidebar

Featured Content

The DoD Cybersecurity Policy Chart

The DoD Cybersecurity Policy Chart

This chart captures the tremendous breadth of applicable policies, some of which many cybersecurity professionals may not even be aware, in a helpful organizational scheme.

View the Policy Chart

Featured Subject Matter Expert (SME): Daksha Bhasker

A dynamic CSIAC SME, Senior Principal Cybersecurity Architect, Daksha Bhasker has 20 years of experience in the telecommunications services provider industry. She has worked in systems security design and architecture in production environments of carriers, often leading multidisciplinary teams for cybersecurity integration, from conception to delivery of complex technical solutions. As a CSIAC SME, Daksha's contributions include several published CSIAC Journal articles and a webinar presentation on the sophiscated architectures that phone carriers use to stop robocalls.

View SME's Contributed Content

CSIAC Report - Smart Cities, Smart Bases and Secure Cloud Architecture for Resiliency by Design

Integration of Smart City Technologies to create Smart Bases for DoD will require due diligence with respect to the security of the data produced by Internet of Things (IOT) and Industrial Internet of Things (IIOT). This will increase more so with the rollout of 5G and increased automation "at the edge". Commercially, data will be moving to the cloud first, and then stored for process improvement analysis by end-users. As such, implementation of Secure Cloud Architectures is a must. This report provides some use cases and a description of a risk based approach to cloud data security. Clear understanding, adaptation, and implementation of a secure cloud framework will provide the military the means to make progress in becoming a smart military.

Read the Report

CSIAC Journal - Data-Centric Environment: Rise of Internet-Based Modern Warfare “iWar”

CSIAC Journal Cover Volume 7 Number 4

This journal addresses a collection of modern security concerns that range from social media attacks and internet-connected devices to a hypothetical defense strategy for private sector entities.

Read the Journal

CSIAC Journal M&S Special Edition - M&S Applied Across Broad Spectrum Defense and Federal Endeavors

CSIAC Journal Cover Volume 7 Number 3

This Special Edition of the CSIAC Journal highlights a broad array of modeling and simulation contributions – whether in training, testing, experimentation, research, engineering, or other endeavors.

Read the Journal

CSIAC Journal - Resilient Industrial Control Systems (ICS) & Cyber Physical Systems (CPS)

CSIAC Journal Cover Volume 7 Number 2

This edition of the CSIAC Journal focuses on the topic of cybersecurity of Cyber-Physical Systems (CPS), particularly those that make up Critical Infrastructure (CI).

Read the Journal

Recent Video Podcasts

  • A Brief Side-by-Side Comparison Between C++ and Rust – Part 3 Series: Programming Language Comparisons
  • A Brief Side-by-Side Comparison Between C++ and Rust – Part 2 Series: Programming Language Comparisons
  • A Brief Side-by-Side Comparison Between C++ and Rust – Part 1 Series: Programming Language Comparisons
  • Digital Engineering Implementation Progress and Plans Series: CSIAC Webinars
  • Assessing the Operational Risk Imposed by the Infrastructure Deployment Pipeline Series: The CSIAC Podcast
View all Podcasts

Upcoming Events

Jan 28

Data Privacy Day

January 28, 2022
Jan 28

Data Privacy Day

January 28, 2023
View all Events

Footer

CSIAC Products & Services

  • Free Technical Inquiry
  • Core Analysis Tasks (CATs)
  • Resources
  • Events Calendar
  • Frequently Asked Questions
  • Product Feedback Form

About CSIAC

The CSIAC is a DoD-sponsored Center of Excellence in the fields of Cybersecurity, Software Engineering, Modeling & Simulation, and Knowledge Management & Information Sharing.Learn More

Contact Us

Phone:800-214-7921
Email:info@csiac.org
Address:   266 Genesee St.
Utica, NY 13502
Send us a Message
US Department of Defense Logo USD(R&E) Logo DTIC Logo DoD IACs Logo

Copyright 2012-2021, Quanterion Solutions Incorporated

Sitemap | Privacy Policy | Terms of Use | Accessibility Information
Accessibility / Section 508 | FOIA | Link Disclaimer | No Fear Act | Policy Memoranda | Privacy, Security & Copyright | Recovery Act | USA.Gov

This website uses cookies to provide our services and to improve your experience. By using this site, you consent to the use of our cookies. To read more about the use of our site, please click "Read More". Otherwise, click "Dismiss" to hide this notice. Dismiss Read More
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled

Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.

Non-necessary

Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.

SAVE & ACCEPT