The Cybersecurity (CS) Digest is a curated bi-weekly news summary for cybersecurity professionals. It is transmitted in an HTML-formatted email and provides links to articles and news summaries across a spectrum of cybersecurity topics.
The commander of U.S. Cyber Command said last week that the Office of Personnel Management hack of millions of records of federal workers shows a new trend toward using Big Data analytics for both nation-state and criminal cyber attacks.
Most federal agencies are far from maximizing the potential of the cloud to realize enormous efficiency gains and cost reductions.
An authentication bypass vulnerability has been discovered in a Siemens energy automation device -meaning that an attacker can gain control of the device without having to enter login details.
New ‘Cyber College’ to Train Airmen on Cyber Challenges - Air Force Times
Airmen may soon take cybersecurity classes as part of a new school designed to bring the Air Force's digital abilities to the cutting edge.
Chinese Hackers Use US Servers In Cyber Attacks - Free Beacon
Chinese-government linked hackers are using American computer services companies in conducting cyber attacks against private company networks, according to cyber security analysts.
Army National Guard Confirms Breach - CU Times
A breach of personal information stemming from an improperly handled data transfer, not hackers, could affect as many as 850,000 former and current members of the Army National Guard.
The records of to 4.5 million patients may have been affected by a cyberattack on the UCLA Health network, but there's no evidence individuals' information was accessed, the health care system.
Using a UEFI BIOS rootkit, the Hacking Team group created a module for their Remote Control System (Galileo) surveillance software, which would check to see if the OS was infected with its malware agent every time the user rebooted the PC and would re-infect the system if its agent was missing.
TeslaCrypt 2.0 Ransomware Comes with Significant Improvements - Security Affairs
Researchers at Kaspersky Lab have discovered a new strain of TeslaCrypt ransomware, version 2.0, which was improved in a significant way.
Law enforcement agencies from 20 countries working together have shut down a major computer hacking forum, and U.S. officials have filed criminal charges against a dozen people associated with the website.
Tags: Dark Web
Firewalls Can’t Protect Today’s Connected Cars - Network World
The automobile industry needs to follow Sun Tzu's advice to secure increasingly connected vehicles from hackers, according to experts.
A pair of veteran cybersecurity researchers have shown they can use the Internet to turn off a car's engine as it drives, sharply escalating the stakes in the debate about the safety of increasingly connected cars and trucks.
Hacking Team Built Drone-Based Wi-Fi Hacking Hardware - Arstechnica
Leaked e-mails from the Italy-based computer and network surveillance company Hacking Team show that the company developed a piece of rugged hardware intended to attack computers and mobile devices via Wi-Fi.
Drones and Security: Where are we Heading? - Kaspersky
The participants had to elaborate use cases for unmanned aerial vehicles (UAVs) in the business, defense and national economy. I think the outcomes would be good for us to know.
New Bill Strengthens DHS Role in Federal Cybersecurity - Federal Times
A bipartisan group of senators looking to strengthenthe Department of Homeland Security's ability to intercede at agencies with weak cybersecurityintroduced the Federal Information Security Management Reform Act (FISMA Reform).
A pair of Democratic senators want rules requiring automakers to develop hacking and privacy protections for their cars and trucks.
A House committee has slightly undercut a White House budget request for Department of Homeland Security network surveillance technology integral to post-megahack cleanup.
Microsoft Released an Out-of-Band Patch for a Remote, Critical Flaw that Affects All Supported Versions of Windows - Network World
Microsoft released an out-of-band patch for a remote, critical flaw in the way Windows Adobe Type Manager Library handles OpenType fonts; all supported versions of Windows are affected.
The Network Mapping System (NeMS), developed by Lawrence Livermore National Laboratory, is a software-based tool that tells users what is connected to their network so that they know what needs to be protected.
Government Hacked Yet Again. It’s About Time Federal Cybersecurity Became a National Issue - Next Gov
The group of hacktivists, Anonymous, claimed in a tweet on Wednesday they hacked the Census Bureau and leaked employee details online.
A federal employee occupied a high-ranking technology position at the Interior Department for several years before an investigation found that he had faked his education, according to a report published by the agency's inspector general in 2013 and obtained by National Journal.
The White House issued a fact sheet laying out some of the steps the administration says it's taken to bolster agencies' cybersecurity practices, including some before the OPM hack even came to light.
Office, Java Patches Erase Latest APT 28 Zero Days - Threat Post
An APT group thought to be tied to Russia is flying against conventional wisdom, having as recently as the last three weeks dropped its sixth zero-day in the past four months.
The Cyber COI engages in multiple activities and forums for coordinating cyber S&T strategies, sharing innovative ideas and technical approaches, promoting technology transfer and upcoming business opportunities, and in jointly planning programs across the Department of Defense and other government agencies. Membership is based upon approval by the Cyber COI group administrator.
The CS Digest provides links to third party Websites. The CSIAC is not responsible for the availability of, and content provided on, third party Websites. You should refer to the policies posted by other Websites regarding their privacy and other topics before you use them. The CSIAC is not responsible for third party content accessible through the CSIAC CS Digest, including opinions, advice, statements, advertisements and endorsements, and you bear all risks associated with the use of such content.