The Cybersecurity (CS) Digest is a curated bi-weekly news summary for cybersecurity professionals. It is transmitted in an HTML-formatted email and provides links to articles and news summaries across a spectrum of cybersecurity topics.
RECENT HEADLINES:
Cloud Computing:
DISA Lays Groundwork for Commercial Cloud Computing Contract - AFCEA SIGNAL
Request for Proposals For Commercial Cloud Technologies to support DoD pending
Critical Infrastructure:
An Education in Cyber Security - Automation World
Industrial Control Systems community responding to the E.O. on Cybersecurity of Critical Infrastructure - but much remains to be done
Cyberwarfare:
China says US-based hackers target its military websites, amid competing cybersnooping claims - Washington Post
Official response to Mandiant did not take long
Lessons from the cyber attacks on South Korea - Japan Times
In absence of current legal Self Defense Force responsibility for cyberspace, Japan Times calls for response that includes planned, coordinated attacks, combining cyber and physical (kinetic) offensive means
U.S.-Israeli cyber attack on Iran was ‘act of force’, NATO study found - Washington Times
Reported NATO Cooperative Cyber Defense Centre of Excellence study classifies Stuxnet as act of "force" - Study not released yet in Tallinn - https://web.archive.org/web/20131029205100/http://www.ccdcoe.org/2.html
Data Security:
South Korean cyber attacks used hijacked patch management accounts - TechWorld
South Korean Cyber attack used Update Manager to wipe Master Boot Records
Evernote Hack Exposes User Data, Forces Extensive Password Resets - Wired
50 MILLION accounts compromised in a similar manner to "the many high profile attacks on other Internet-based companies that have taken place over the last several weeks"
Bradley Manning pleads guilty to 10 lesser charges, explains motive - Washington Post
Insider Threat: You can still exfiltrate a lot of classified data on a CD.
High Performance Computing:
A Strange Computer Promises Great Speed - New York Times
Lockheed Martin purchases D-Wave's adiabatic quantum computer for use in defense systems modeling and simulation
Internet-of-Things:
Securing the Internet of Things - Cisco
Wake-up call for pervasive computing - What will the Internet of Everything developers learn from the industrials controls community?
Mobile Security:
Deploying mobility a worthwhile challenge - CIO
Great overview of the technical challenges ahead for BYOD
Network Security:
DISA-provided Network Defense capabilities – new funding plan - DISA
In FY14, pending OSD approval, DISA Network Defense service will move to Defense Working Capital Fund (DWCF)
Cisco switches to weaker hashing scheme, passwords cracked wide open - Ars Technica
Your IT Infrastructure just moved to a higher Level of Risk
Tags: Password Security
Cisco IOS and IOS XE Type 4 Passwords Issue - Cisco
Supposedly stronger Type 4 passwords only used a single pass of SHA-256, thus admitted to be less resilient to brute-force attacks than a Type 5
23-year-old releases new chips that ‘mine’ Bitcoins 50 times faster - The Verge
Bitcoin mining is now DRIVING hardware R&D
Spear Phishing Cause of South Korean Cyber Attack - Kaspersky
Spear-fishing e-mails identified by F-Secure as delivery vector for attack, source still under investigation
Tags: Phishing
Private Sector:
Spam dispute becomes ‘largest cyber attack’ in history of the internet - Sydney Morning Herald
The Private Sector is also capable of major cyber offensives!
Public Sector:
CYBERSECURITY (GAO-13-187) - GAO
14 February GAO report: National Strategy, Roles, and Responsibilities Need to Be Better Defined and More Effectively Implemented
Software Security:
North Korean defector sites report planned cyber attack - ZDNet
This time, the motive appears to support only North Korean aggression
The CS Digest provides links to third party Websites. The CSIAC is not responsible for the availability of, and content provided on, third party Websites. You should refer to the policies posted by other Websites regarding their privacy and other topics before you use them. The CSIAC is not responsible for third party content accessible through the CSIAC CS Digest, including opinions, advice, statements, advertisements and endorsements, and you bear all risks associated with the use of such content.
Leave a Comment
You must be logged in to post a comment.