The Cybersecurity (CS) Digest is a curated bi-weekly news summary for cybersecurity professionals. It is transmitted in an HTML-formatted email and provides links to articles and news summaries across a spectrum of cybersecurity topics.

RECENT HEADLINES:

Cloud Computing:

Cybercom: Big Data Theft at OPM, Private Networks is New Trend in Cyber Attacks - Free Beacon

The commander of U.S. Cyber Command said last week that the Office of Personnel Management hack of millions of records of federal workers shows a new trend toward using Big Data analytics for both nation-state and criminal cyber attacks.

FCC Wants to Operate 100 Percent in the Cloud by the End of 2017 - Next Gov

Most federal agencies are far from maximizing the potential of the cloud to realize enormous efficiency gains and cost reductions.

Critical Infrastructure:

Siemens Energy Automation Device Vulnerable to Authentication Bypass - Info Security

An authentication bypass vulnerability has been discovered in a Siemens energy automation device -meaning that an attacker can gain control of the device without having to enter login details.

Cyberwarfare:

New ‘Cyber College’ to Train Airmen on Cyber Challenges - Air Force Times

Airmen may soon take cybersecurity classes as part of a new school designed to bring the Air Force's digital abilities to the cutting edge.

Chinese Hackers Use US Servers In Cyber Attacks - Free Beacon

Chinese-government linked hackers are using American computer services companies in conducting cyber attacks against private company networks, according to cyber security analysts.

Data Security:

Army National Guard Confirms Breach - CU Times

A breach of personal information stemming from an improperly handled data transfer, not hackers, could affect as many as 850,000 former and current members of the Army National Guard.

UCLA Health Cyberattack Affects Data for Up to 4.5 Million Patients - KTLA

The records of to 4.5 million patients may have been affected by a cyberattack on the UCLA Health network, but there's no evidence individuals' information was accessed, the health care system.

Hacking Team Malware Hides in UEFI BIOS to Survive PC Reinstalls - Softpedia

Using a UEFI BIOS rootkit, the Hacking Team group created a module for their Remote Control System (Galileo) surveillance software, which would check to see if the OS was infected with its malware agent every time the user rebooted the PC and would re-infect the system if its agent was missing.

TeslaCrypt 2.0 Ransomware Comes with Significant Improvements - Security Affairs

Researchers at Kaspersky Lab have discovered a new strain of TeslaCrypt ransomware, version 2.0, which was improved in a significant way.

Darkode Computer Hacking Forum Shuts After Investigation Spanning 20 Countries - Network World

Law enforcement agencies from 20 countries working together have shut down a major computer hacking forum, and U.S. officials have filed criminal charges against a dozen people associated with the website.

Internet-of-Things:

Firewalls Can’t Protect Today’s Connected Cars - Network World

The automobile industry needs to follow Sun Tzu's advice to secure increasingly connected vehicles from hackers, according to experts.

Security Experts Hack Into Moving Car and Seize Control - Reuters

A pair of veteran cybersecurity researchers have shown they can use the Internet to turn off a car's engine as it drives, sharply escalating the stakes in the debate about the safety of increasingly connected cars and trucks.

Hacking Team Built Drone-Based Wi-Fi Hacking Hardware - Arstechnica

Leaked e-mails from the Italy-based computer and network surveillance company Hacking Team show that the company developed a piece of rugged hardware intended to attack computers and mobile devices via Wi-Fi.

Drones and Security: Where are we Heading? - Kaspersky

The participants had to elaborate use cases for unmanned aerial vehicles (UAVs) in the business, defense and national economy. I think the outcomes would be good for us to know.

Legislation and Regulation:

New Bill Strengthens DHS Role in Federal Cybersecurity - Federal Times

A bipartisan group of senators looking to strengthenthe Department of Homeland Security's ability to intercede at agencies with weak cybersecurityintroduced the Federal Information Security Management Reform Act (FISMA Reform).

Senators Seek Privacy, Anti-Hacking Safeguards in Cars - The Hill

A pair of Democratic senators want rules requiring automakers to develop hacking and privacy protections for their cars and trucks.

House Panel Dents Budget for Cyber Tool That Scoped Out OPM Breaches - Next Gov

A House committee has slightly undercut a White House budget request for Department of Homeland Security network surveillance technology integral to post-megahack cleanup.

Network Security:

Microsoft Released an Out-of-Band Patch for a Remote, Critical Flaw that Affects All Supported Versions of Windows - Network World

Microsoft released an out-of-band patch for a remote, critical flaw in the way Windows Adobe Type Manager Library handles OpenType fonts; all supported versions of Windows are affected.

DHS S&T Transitions Third Cybersecurity Technology - DHS

The Network Mapping System (NeMS), developed by Lawrence Livermore National Laboratory, is a software-based tool that tells users what is connected to their network so that they know what needs to be protected.

Public Sector:

Government Hacked Yet Again. It’s About Time Federal Cybersecurity Became a National Issue - Next Gov

The group of hacktivists, Anonymous, claimed in a tweet on Wednesday they hacked the Census Bureau and leaked employee details online.

How a Fed With Fake Diplomas Worked at the Interior Department for 5 Years - Next Gov

A federal employee occupied a high-ranking technology position at the Interior Department for several years before an investigation found that he had faked his education, according to a report published by the agency's inspector general in 2013 and obtained by National Journal.

Here’s Everything the White House says it’s Done on Cyber in 2015 - Next Gov

The White House issued a fact sheet laying out some of the steps the administration says it's taken to bolster agencies' cybersecurity practices, including some before the OPM hack even came to light.

Software Security:

Office, Java Patches Erase Latest APT 28 Zero Days - Threat Post

An APT group thought to be tied to Russia is flying against conventional wisdom, having as recently as the last three weeks dropped its sixth zero-day in the past four months.

CSIAC SUPPORTED COMMUNITIES:

Cyber Community of Interest (COI) Group - CSIAC

The Cyber COI engages in multiple activities and forums for coordinating cyber S&T strategies, sharing innovative ideas and technical approaches, promoting technology transfer and upcoming business opportunities, and in jointly planning programs across the Department of Defense and other government agencies. Membership is based upon approval by the Cyber COI group administrator.

The CS Digest provides links to third party Websites. The CSIAC is not responsible for the availability of, and content provided on, third party Websites. You should refer to the policies posted by other Websites regarding their privacy and other topics before you use them. The CSIAC is not responsible for third party content accessible through the CSIAC CS Digest, including opinions, advice, statements, advertisements and endorsements, and you bear all risks associated with the use of such content.