• Home
  • Resources
    • Find Resources by Topic Tags
    • Cybersecurity Policy Chart
    • CSIAC Reports
    • Webinars
    • Podcasts
    • Cybersecurity Digest
    • Standards & Reference Docs
    • Journals
    • Certifications
    • Acronym DB
    • Cybersecurity Related Websites
  • Services
    • Free Technical Inquiry
    • Core Analysis Task (CAT) Program
    • Subject Matter Expert (SME) Network
    • Training
    • Contact Us
  • Community
    • Upcoming Events
    • Cybersecurity
    • Modeling & Simulation
    • Knowledge Management
    • Software Engineering
  • About
    • About the CSIAC
    • The CSIAC Team
    • Subject Matter Expert (SME) Support
    • DTIC’s IAC Program
    • DTIC’s R&E Gateway
    • DTIC STI Program
    • FAQs
  • Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
Login / Register

CSIAC

Cyber Security and Information Systems Information Analysis Center

  • Resources
    • Find Resources by Topic Tags
    • Cybersecurity Policy Chart
    • CSIAC Reports
    • Webinars
    • Podcasts
    • Cybersecurity Digest
    • Standards & Reference Docs
    • Journals
    • Certifications
    • Acronym DB
    • Cybersecurity Websites
  • Services
    • Free Technical Inquiry
    • Core Analysis Task (CAT) Program
    • Subject Matter Expert (SME) Network
    • Training
    • Contact
  • Community
    • Upcoming Events
    • Cybersecurity
    • Modeling & Simulation
    • Knowledge Management
    • Software Engineering
  • About
    • About the CSIAC
    • The CSIAC Team
    • Subject Matter Expert (SME) Support
    • DTIC’s IAC Program
    • DTIC’s R&E Gateway
    • DTIC STI Program
    • FAQs
  • Cybersecurity
  • Modeling & Simulation
  • Knowledge Management
  • Software Engineering
/ CS Digests / 29 Dec 2015

CS Digest: 29 Dec 2015

Posted: 12/29/2015 | Leave a Comment

The Cybersecurity (CS) Digest is a curated bi-weekly news summary for cybersecurity professionals. It is transmitted in an HTML-formatted email and provides links to articles and news summaries across a spectrum of cybersecurity topics.

FEEDBACK FROM PREVIOUS DIGEST:

Critical Infrastructure:

DARPA on the Hunt for ‘Early Warning’ Cyberattack Detection Technology - Fierce Government IT

The Defense Advanced Research Projects Agency will bring together potential proposers on Dec. 14 to give industry more information on its cyber threat monitoring needs in advance of forthcoming solicitations under a broad agency announcement known as the Rapid Attack Detection, Isolation and Characterization, or RADICS, program.

RECENT HEADLINES:

Cyberwarfare:

Army Cyber Command Looks to Build new HQ - Defense Systems

The Army Corps of Engineers recently announced plans to issue an Invitation for Bid on the construction of a new headquarters command and control facility at Fort Gordon, Ga. The facility will also house a cyber protection team operations facility.

Pentagon Memo: U.S. Weapons Open to Cyberattacks - The Daily Beast

The military can't afford to pay top hackers to seal up its systems. That's nothing but good news for those looking to penetrate America's defenses.

Anonymous Takes Credit for DDoS Attacks on Turkey’s DNS Servers, Accuses Turkey of Aiding ISIS - Softpedia

A massive 40 Gbps DDoS attack hit Turkey's root DNS servers managed by NIC.tr, Turkey's administrative body that handles the country's main DNS servers and its .tr domain names inventory.

Data Security:

List of Data Breaches and Cyberattacks in 2015 – Over 290 Million Leaked Records - IT Governance

The volume of data breaches and cyber attacks that marked 2015 could be appropriately described as a 'cascade' or 'torrent', or perhaps 'maelstrom'.

Gomasom Ransomware Decrypted, Get Your Files Back for Free - Softpedia

Users who had the misfortune of getting infected with the Gomasom ransomware can now start sending Christmas gifts to Fabian Wosar, security researcher at Emsisoft, who has managed to create a tool for decrypting files locked by this ransomware.

XRTN Ransomware uses Batch Files to Encrypt your Data - Bleeping Computer

A new ransomware called the XRTN Ransomware is in the wild that encrypts your data with RSA-1024 encryption using the open source Gnu Privacy Guard (GnuPG) encryption software.

TeslaCrypt Ransomware Attacks are Increasing - Computer World

Over the past two weeks security researchers have seen a surge in attacks using a file-encrypting ransomware program called TeslaCrypt, known for targeting gamers in the past.

Healthcare Security:

Nearly 1 in 5 Health Data Breaches Take Years to Spot, says Verizon - The Register

Stolen medical information is a prevalent problem across multiple industries, according to a new study by Verizon.

High Performance Computing:

Supercomputer Benchmark Gains Adherents - PHYS

A software program that ranks supercomputers on their ability to solve complex problems rather than on raw speed alone continues to gain traction in the high-performance computing community.

Legislation and Regulation:

A Practical Path To Cybersecurity - Forbes

With the two bills now reconciled by House and Senate negotiators and included in the omnibus budget spending bill, the combined bills join the Federal Information Security Management Act (FISMA), which modernized roles, responsibilities, and requirements for management of information security and the National Cybersecurity Protection Act, which codified the National Cybersecurity and Communications Integration Center (NCCIC), as significant pieces of legislation to address the growing cybersecurity threat facing the United States.

Obama Signs Cyberthreat Information Sharing Bill - Gov Info Security

On Dec. 18, both houses of Congress enacted the Cybersecurity Information Sharing Act, which is part of a 2,009-page $1.1 trillion omnibus spending bill (see page 1,729). CISA will establish a process for the government to share cyberthreat information with businesses that voluntarily agree to participate in the program.

Long-delayed Cyber Bill Included in Omnibus - The Hill

A long-delayed cybersecurity bill was included in the sweeping omnibus spending deal released early.

Feinstein Vows to Offer Bill to Pierce Encryption - The Hill

Sen. Dianne Feinstein (D-Calif.) is vowing to lead the charge on legislation that would require companies to decrypt data under court order.

Deadline for Better Encryption on Payment Systems Pushed Back Two Years - Softpedia

The Payment Card Industry Security Standards Council (PCI SSC) has announced that it has pushed back the mandatory migration date for TLS 1.1 encryption or higher for organizations that process online or offline payments.

Mobile Security:

Officials: Paris Attackers Used Encrypted Apps - The Hill

Investigators of the Paris attacks have evidence they believe indicates that some of the terrorists used encrypted apps to plan the strikes, officials briefed on the inquiry told CNN.

Network Security:

Four Network Management Systems Vulnerable to SQLi and XSS Attacks - Softpedia

Security researchers have found six vulnerabilities in the products of four vendors of NMSs (Network Management Systems), four cross-site scripting (XSS) and two SQL injection (SQLi) flaws.

Public Sector:

Engaging the International Community on Cybersecurity Standards - White House

The administration releases a new strategy to improve the U.S. government's participation in the development and use of international standards for cybersecurity.

Quantum Computing:

Entangling Different Kinds of Atoms Could be the Way Forward for Quantum Computers - IEEE Spectrum

Last week two research groups, one at the National Institute of Standards and Technology (NIST) in Boulder, Col., and one at the University of Oxfordreported experiments in which particles of different species were entangled for the first time.

Researchers Break “Unbreakable” Quantum Cryptography - Softpedia

Before it even had a chance to be deployed within real-world applications, a group of Swedish scientists have already found a way to break quantum cryptography, a novel, advanced concept for encrypting data using the law of physics themselves.
Tags: Cryptography

Software Security:

Vulnerability in Popular Bootloader puts Locked-down Linux Computers at Risk - PC World

Pressing the backspace key 28 times can bypass the Grub2 bootloader's password protection and allow a hacker to install malware on a locked-down Linux system.

FireEye Security Devices Provide Attackers with Backdoor into Corporate Networks - Softpedia

Two security researchers working for Google have discovered a simple method of compromising FireEye security products, which, ironically, are installed to prevent a network's computers from being compromised.

CSIAC SUPPORTED COMMUNITIES:

Cyber Security of Critical Infrastructure - Department of Homeland Security

CSIAC serves on the EO 13636/PPD-21 Research & Development (R&D) Working Group (WG) run by DHS S&T. If you would like further information, contact Dr. Paul Losiewicz at plosiewicz@csiac.org

Cyber Community of Interest (COI) Group - CSIAC

The Cyber COI engages in multiple activities and forums for coordinating cyber S&T strategies, sharing innovative ideas and technical approaches, promoting technology transfer and upcoming business opportunities, and in jointly planning programs across the Department of Defense and other government agencies. Membership is based upon approval by the Cyber COI group administrator.

TECHNICAL RESOURCES, POLICY & GUIDANCE:

DHS Cyber Security Strategy (“Blueprint for a Secure Cyber Future”, 2011) - Department of Homeland Defense


Trustworthy CyberSpace: Strategic Plan For The Federal Cybersecurity Research and Development Program - NITRD



The CS Digest provides links to third party Websites. The CSIAC is not responsible for the availability of, and content provided on, third party Websites. You should refer to the policies posted by other Websites regarding their privacy and other topics before you use them. The CSIAC is not responsible for third party content accessible through the CSIAC CS Digest, including opinions, advice, statements, advertisements and endorsements, and you bear all risks associated with the use of such content.

« 15 Dec 2015
12 Jan 2016 »

Reader Interactions

Leave a Comment Cancel

You must be logged in to post a comment.

sidebar

Blog Sidebar

Featured Content

The DoD Cybersecurity Policy Chart

The DoD Cybersecurity Policy Chart

This chart captures the tremendous breadth of applicable policies, some of which many cybersecurity professionals may not even be aware, in a helpful organizational scheme.

View the Policy Chart

Featured Subject Matter Expert (SME): Cully Patch

An internal CSIAC SME with a passion for learning, teaching, and supporting the warfighter, Mr. Cully Patch has been a member of the CSIAC staff for 5 years. Cully was instrumental in leading the development and instruction of an extensive course on DoD Cybersecurity Analysis and Reporting (DoDCAR) - a threat-based approach to addressing system cybersecurity. As a senior program manager for cybersecurity and intelligence, Mr. Patch has extensive experience in providing cybersecurity training and education to both university students and military operators. Cully is a retired US Air Force military officer with career accomplishments in the fields of research, Intelligence, cybersecurity operations, planning, and technical course instruction. CSIAC is honored to have Mr. Patch as a subject matter expert, where he leads teams of technologists through problem solving, training program development, scientific and technical information generation, and analysis of complex system requirements.

View SME's Contributed Content

CSIAC Report - Smart Cities, Smart Bases and Secure Cloud Architecture for Resiliency by Design

Integration of Smart City Technologies to create Smart Bases for DoD will require due diligence with respect to the security of the data produced by Internet of Things (IOT) and Industrial Internet of Things (IIOT). This will increase more so with the rollout of 5G and increased automation "at the edge". Commercially, data will be moving to the cloud first, and then stored for process improvement analysis by end-users. As such, implementation of Secure Cloud Architectures is a must. This report provides some use cases and a description of a risk based approach to cloud data security. Clear understanding, adaptation, and implementation of a secure cloud framework will provide the military the means to make progress in becoming a smart military.

Read the Report

CSIAC Journal - Data-Centric Environment: Rise of Internet-Based Modern Warfare “iWar”

CSIAC Journal Cover Volume 7 Number 4

This journal addresses a collection of modern security concerns that range from social media attacks and internet-connected devices to a hypothetical defense strategy for private sector entities.

Read the Journal

CSIAC Journal M&S Special Edition - M&S Applied Across Broad Spectrum Defense and Federal Endeavors

CSIAC Journal Cover Volume 7 Number 3

This Special Edition of the CSIAC Journal highlights a broad array of modeling and simulation contributions – whether in training, testing, experimentation, research, engineering, or other endeavors.

Read the Journal

CSIAC Journal - Resilient Industrial Control Systems (ICS) & Cyber Physical Systems (CPS)

CSIAC Journal Cover Volume 7 Number 2

This edition of the CSIAC Journal focuses on the topic of cybersecurity of Cyber-Physical Systems (CPS), particularly those that make up Critical Infrastructure (CI).

Read the Journal

Recent Video Podcasts

  • Securing the Soft Underbelly of a Supercomputer with BPF Probes Series: The CSIAC Podcast
  • Defense Modeling and Simulation (M&S) Catalog: Art of the Possible Series: CSIAC Webinars
  • Explore the Innovare Advancement Center Series: The CSIAC Podcast
  • Cybersecurity Maturity Model Certification (CMMC): The Road to Compliance Series: The CSIAC Podcast
  • Deep Learning for Radio Frequency Target Classification Series: CSIAC Webinars
View all Podcasts

Upcoming Events

Thu 29

Data Connectors Phoenix Virtual Cybersecurity Summit

April 29
Organizer: Data Connectors
636-778-9495
May 17

SANS Purple Team Summit & Training 2021

May 17 - May 28
Organizer: SANS Institute
May 27

DockerCon LIVE 2021

May 27 @ 06:00 - 14:00 EDT
May 28

LayerOne 2021

May 28 - May 30
Oct 18

IEEE Secure Development Conference

October 18 - October 21
Organizer: Institute of Electrical and Electronics Engineers (IEEE)
View all Events

Footer

CSIAC Products & Services

  • Free Technical Inquiry
  • Core Analysis Tasks (CATs)
  • Resources
  • Events Calendar
  • Frequently Asked Questions
  • Product Feedback Form

About CSIAC

The CSIAC is a DoD-sponsored Center of Excellence in the fields of Cybersecurity, Software Engineering, Modeling & Simulation, and Knowledge Management & Information Sharing.Learn More

Contact Us

Phone:800-214-7921
Email:info@csiac.org
Address:   266 Genesee St.
Utica, NY 13502
Send us a Message
US Department of Defense Logo USD(R&E) Logo DTIC Logo DoD IACs Logo

Copyright 2012-2021, Quanterion Solutions Incorporated

Sitemap | Privacy Policy | Terms of Use | Accessibility Information
Accessibility / Section 508 | FOIA | Link Disclaimer | No Fear Act | Policy Memoranda | Privacy, Security & Copyright | Recovery Act | USA.Gov

This website uses cookies to provide our services and to improve your experience. By using this site, you consent to the use of our cookies. To read more about the use of our site, please click "Read More". Otherwise, click "Dismiss" to hide this notice. Dismiss Read More
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled

Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.

Non-necessary

Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.

SAVE & ACCEPT