• Home
  • Resources
    • Find Resources by Topic Tags
    • Cybersecurity Policy Chart
    • CSIAC Reports
    • Webinars
    • Podcasts
    • Cybersecurity Digest
    • Standards & Reference Docs
    • Journals
    • Certifications
    • Acronym DB
    • Cybersecurity Related Websites
  • Services
    • Free Technical Inquiry
    • CAT Program
    • Subject Matter Experts
    • Training
    • Contact
  • Community
    • Upcoming Events
    • Cybersecurity
    • Modeling & Simulation
    • Knowledge Management
    • Software Engineering
    • Cyber COI
  • About
    • About the CSIAC
    • The CSIAC Team
    • DTIC’s IAC Program
    • DTIC’s R&E Gateway
    • Inquiries & CAT’s
    • FAQ’s
    • DTIC STI Program
  • Skip to primary navigation
  • Skip to content
  • Skip to primary sidebar
  • Skip to footer
Login / Register

CSIAC

Cyber Security and Information Systems Information Analysis Center

  • Resources
    • Find Resources by Topic Tags
    • Cybersecurity Policy Chart
    • CSIAC Reports
    • Webinars
    • Podcasts
    • Cybersecurity Digest
    • Standards & Reference Docs
    • Journals
    • Certifications
    • Acronym DB
    • Cybersecurity Websites
  • Services
    • Free Technical Inquiry
    • CAT Program
    • Subject Matter Experts
    • Training
    • Contact
  • Community
    • Upcoming Events
    • Cybersecurity
    • Modeling & Simulation
    • Knowledge Management
    • Software Engineering
    • Cyber COI
  • About
    • About the CSIAC
    • The CSIAC Team
    • DTIC’s IAC Program
    • DTIC’s R&E Gateway
    • Inquiries & CAT’s
    • FAQ’s
    • DTIC STI Program
  • Cybersecurity
  • Modeling & Simulation
  • Knowledge Management
  • Software Engineering
  • Cyber COI
/ CS Digests / 28 Jul 2015

CS Digest: 28 Jul 2015

Posted: 07/28/2015 | Leave a Comment

The Cybersecurity (CS) Digest is a curated bi-weekly news summary for cybersecurity professionals. It is transmitted in an HTML-formatted email and provides links to articles and news summaries across a spectrum of cybersecurity topics.

RECENT HEADLINES:

Cloud Computing:

Cybercom: Big Data Theft at OPM, Private Networks is New Trend in Cyber Attacks - Free Beacon

The commander of U.S. Cyber Command said last week that the Office of Personnel Management hack of millions of records of federal workers shows a new trend toward using Big Data analytics for both nation-state and criminal cyber attacks.

FCC Wants to Operate 100 Percent in the Cloud by the End of 2017 - Next Gov

Most federal agencies are far from maximizing the potential of the cloud to realize enormous efficiency gains and cost reductions.

Critical Infrastructure:

Siemens Energy Automation Device Vulnerable to Authentication Bypass - Info Security

An authentication bypass vulnerability has been discovered in a Siemens energy automation device -meaning that an attacker can gain control of the device without having to enter login details.

Cyberwarfare:

New ‘Cyber College’ to Train Airmen on Cyber Challenges - Air Force Times

Airmen may soon take cybersecurity classes as part of a new school designed to bring the Air Force's digital abilities to the cutting edge.

Chinese Hackers Use US Servers In Cyber Attacks - Free Beacon

Chinese-government linked hackers are using American computer services companies in conducting cyber attacks against private company networks, according to cyber security analysts.

Data Security:

Army National Guard Confirms Breach - CU Times

A breach of personal information stemming from an improperly handled data transfer, not hackers, could affect as many as 850,000 former and current members of the Army National Guard.

UCLA Health Cyberattack Affects Data for Up to 4.5 Million Patients - KTLA

The records of to 4.5 million patients may have been affected by a cyberattack on the UCLA Health network, but there's no evidence individuals' information was accessed, the health care system.

Hacking Team Malware Hides in UEFI BIOS to Survive PC Reinstalls - Softpedia

Using a UEFI BIOS rootkit, the Hacking Team group created a module for their Remote Control System (Galileo) surveillance software, which would check to see if the OS was infected with its malware agent every time the user rebooted the PC and would re-infect the system if its agent was missing.

TeslaCrypt 2.0 Ransomware Comes with Significant Improvements - Security Affairs

Researchers at Kaspersky Lab have discovered a new strain of TeslaCrypt ransomware, version 2.0, which was improved in a significant way.

Darkode Computer Hacking Forum Shuts After Investigation Spanning 20 Countries - Network World

Law enforcement agencies from 20 countries working together have shut down a major computer hacking forum, and U.S. officials have filed criminal charges against a dozen people associated with the website.
Tags: Dark Web

Internet-of-Things:

Firewalls Can’t Protect Today’s Connected Cars - Network World

The automobile industry needs to follow Sun Tzu's advice to secure increasingly connected vehicles from hackers, according to experts.

Security Experts Hack Into Moving Car and Seize Control - Reuters

A pair of veteran cybersecurity researchers have shown they can use the Internet to turn off a car's engine as it drives, sharply escalating the stakes in the debate about the safety of increasingly connected cars and trucks.

Hacking Team Built Drone-Based Wi-Fi Hacking Hardware - Arstechnica

Leaked e-mails from the Italy-based computer and network surveillance company Hacking Team show that the company developed a piece of rugged hardware intended to attack computers and mobile devices via Wi-Fi.

Drones and Security: Where are we Heading? - Kaspersky

The participants had to elaborate use cases for unmanned aerial vehicles (UAVs) in the business, defense and national economy. I think the outcomes would be good for us to know.

Legislation and Regulation:

New Bill Strengthens DHS Role in Federal Cybersecurity - Federal Times

A bipartisan group of senators looking to strengthenthe Department of Homeland Security's ability to intercede at agencies with weak cybersecurityintroduced the Federal Information Security Management Reform Act (FISMA Reform).

Senators Seek Privacy, Anti-Hacking Safeguards in Cars - The Hill

A pair of Democratic senators want rules requiring automakers to develop hacking and privacy protections for their cars and trucks.

House Panel Dents Budget for Cyber Tool That Scoped Out OPM Breaches - Next Gov

A House committee has slightly undercut a White House budget request for Department of Homeland Security network surveillance technology integral to post-megahack cleanup.

Network Security:

Microsoft Released an Out-of-Band Patch for a Remote, Critical Flaw that Affects All Supported Versions of Windows - Network World

Microsoft released an out-of-band patch for a remote, critical flaw in the way Windows Adobe Type Manager Library handles OpenType fonts; all supported versions of Windows are affected.

DHS S&T Transitions Third Cybersecurity Technology - DHS

The Network Mapping System (NeMS), developed by Lawrence Livermore National Laboratory, is a software-based tool that tells users what is connected to their network so that they know what needs to be protected.

Public Sector:

Government Hacked Yet Again. It’s About Time Federal Cybersecurity Became a National Issue - Next Gov

The group of hacktivists, Anonymous, claimed in a tweet on Wednesday they hacked the Census Bureau and leaked employee details online.

How a Fed With Fake Diplomas Worked at the Interior Department for 5 Years - Next Gov

A federal employee occupied a high-ranking technology position at the Interior Department for several years before an investigation found that he had faked his education, according to a report published by the agency's inspector general in 2013 and obtained by National Journal.

Here’s Everything the White House says it’s Done on Cyber in 2015 - Next Gov

The White House issued a fact sheet laying out some of the steps the administration says it's taken to bolster agencies' cybersecurity practices, including some before the OPM hack even came to light.

Software Security:

Office, Java Patches Erase Latest APT 28 Zero Days - Threat Post

An APT group thought to be tied to Russia is flying against conventional wisdom, having as recently as the last three weeks dropped its sixth zero-day in the past four months.

CSIAC SUPPORTED COMMUNITIES:

Cyber Community of Interest (COI) Group - CSIAC

The Cyber COI engages in multiple activities and forums for coordinating cyber S&T strategies, sharing innovative ideas and technical approaches, promoting technology transfer and upcoming business opportunities, and in jointly planning programs across the Department of Defense and other government agencies. Membership is based upon approval by the Cyber COI group administrator.


The CS Digest provides links to third party Websites. The CSIAC is not responsible for the availability of, and content provided on, third party Websites. You should refer to the policies posted by other Websites regarding their privacy and other topics before you use them. The CSIAC is not responsible for third party content accessible through the CSIAC CS Digest, including opinions, advice, statements, advertisements and endorsements, and you bear all risks associated with the use of such content.

« 14 Jul 2015
11 Aug 2015 »

Reader Interactions

Leave a Comment Cancel

You must be logged in to post a comment.

sidebar

Blog Sidebar

Featured Content

The DoD Cybersecurity Policy Chart

The DoD Cybersecurity Policy Chart

This chart captures the tremendous breadth of applicable policies, some of which many cybersecurity professionals may not even be aware, in a helpful organizational scheme.

View the Policy Chart

CSIAC Journal - Launching Innovation Through Medical Modeling and Simulation Technologies

CSIAC Journal Cover Volume 5 Number 4

This Special Edition of the Journal will provide a glimpse into current efforts to improve military medical training with simulation-based solutions.

Read the Journal

CSIAC Journal - Innovation Based Ecosystems

CSIAC Journal Cover Volume 5 Number 4

This issue of the Journal of Cyber Security & Information Systems explores how managing fast adoption modern-based system has more to do with understanding capabilities, interdependency between systems and effectively operating in the new paradigm than it has to do with differentiating product features.

Read the Journal

Recent Video Podcasts

  • What is DevOps? from a tools point of view Series: CSIAC Webinars
  • 5th Generation (5G) Technology Series: The CSIAC Podcast
  • Malvertising Explored Series: The CSIAC Podcast
  • Cybersecurity Arms Race – Modernizing the Arsenal Series: CSIAC Webinars
  • Cyber Situational Awareness Series: The CSIAC Podcast
View all Podcasts

Upcoming Events

Thu 28

BSides Columbus 2019

February 28 - March 1
Columbus OH
United States
Organizer: BSides Columbus
Mar 19

1st NATO – Industry Workshop on Autonomous Cyber Defence

March 19 @ 09:30 - 16:00 EDT
Cranfield Bedfordshire MK43 0AL
United Kingdom
Organizer: Cranfield University
View all Events

Recently Active Members

Profile picture of MaksimH
Profile picture of cybercopp
Profile picture of mwisniewski
Profile picture of jsames
Profile picture of rakesh2175
Profile picture of nmaida
Profile picture of jburkhart04
Profile picture of jrice
Profile picture of dcopening
Profile picture of howieBee655
Profile picture of jlinder14
Profile picture of depern
Profile picture of grees
Profile picture of CyberHawk99
Profile picture of mbaw04
Profile picture of TrashPanda
Profile picture of hbolic23
Profile picture of apawloski07

Footer

CSIAC Products & Services

  • Free Technical Inquiry
  • Core Analysis Tasks (CATs)
  • Resources
  • Events Calendar
  • Frequently Asked Questions
  • Product Feedback Form

About CSIAC

The CSIAC is a DoD-sponsored Center of Excellence in the fields of Cybersecurity, Software Engineering, Modeling & Simulation, and Knowledge Management & Information Sharing.Learn More

Contact Us

Phone:800-214-7921
Email:info@csiac.org
Address:   266 Genesee St.
Utica, NY 13502
Send us a Message
ASD(R&E) LogoUS Department of Defense LogoDoD IACs LogoDTIC LogoTEMS Logo

Copyright 2018, Quanterion Solutions Incorporated

Sitemap | Privacy Policy | Terms of Use | Accessibility Information

This website uses cookies to provide our services and to improve your experience. By using this site, you consent to the use of our cookies. To read more about the use of our site, please click "Read More". Otherwise, click "Dismiss" to hide this notice. Dismiss Read More