• Home
  • Resources
    • Find Resources by Topic Tags
    • Cybersecurity Policy Chart
    • CSIAC Reports
    • Webinars
    • Podcasts
    • Cybersecurity Digest
    • Standards & Reference Docs
    • Journals
    • Certifications
    • Acronym DB
    • Cybersecurity Related Websites
  • Services
    • Free Technical Inquiry
    • CAT Program
    • Subject Matter Experts
    • Training
    • Contact
  • Community
    • Upcoming Events
    • Cybersecurity
    • Modeling & Simulation
    • Knowledge Management
    • Software Engineering
    • Cyber COI
  • About
    • About the CSIAC
    • The CSIAC Team
    • DTIC’s IAC Program
    • DTIC’s R&E Gateway
    • Inquiries & CAT’s
    • FAQ’s
    • DTIC STI Program
  • Skip to primary navigation
  • Skip to content
  • Skip to primary sidebar
  • Skip to footer
Login / Register

CSIAC

Cyber Security and Information Systems Information Analysis Center

  • Resources
    • Find Resources by Topic Tags
    • Cybersecurity Policy Chart
    • CSIAC Reports
    • Webinars
    • Podcasts
    • Cybersecurity Digest
    • Standards & Reference Docs
    • Journals
    • Certifications
    • Acronym DB
    • Cybersecurity Websites
  • Services
    • Free Technical Inquiry
    • CAT Program
    • Subject Matter Experts
    • Training
    • Contact
  • Community
    • Upcoming Events
    • Cybersecurity
    • Modeling & Simulation
    • Knowledge Management
    • Software Engineering
    • Cyber COI
  • About
    • About the CSIAC
    • The CSIAC Team
    • DTIC’s IAC Program
    • DTIC’s R&E Gateway
    • Inquiries & CAT’s
    • FAQ’s
    • DTIC STI Program
  • Cybersecurity
  • Modeling & Simulation
  • Knowledge Management
  • Software Engineering
  • Cyber COI
/ CS Digests / 31 Oct 2017

CS Digest: 31 Oct 2017

Posted: 10/31/2017 | Leave a Comment

The Cybersecurity (CS) Digest is a curated bi-weekly news summary for cybersecurity professionals. It is transmitted in an HTML-formatted email and provides links to articles and news summaries across a spectrum of cybersecurity topics.

CSIAC ANNOUNCEMENTS:

CSIAC Podcast Series – Did You Know? – Inviting Other Users - CSIAC

Registered members of CSIAC.org can now easily invite others to join them and take part in CSIAC's free services and resources. Watch the short video to learn how.

Protecting Critical Infrastructure from Cyber Threats – National Cyber Security Awareness Month – Week 5: October 30-31 - CSIAC

The essential systems that support our daily lives - such as electricity, financial institutions, and transportation - are all dependent upon the Internet. Building resilience in critical infrastructure is crucial to our national security. Week 5 will look at cybersecurity in relation to keeping our traffic lights, running water, phone lines, and other critical infrastructure secure. It also facilitates the transition to November's Critical Infrastructure Security and Resilience Month (CISR), highlighting the tie between cybersecurity and our nation's critical infrastructure.

Free CSIAC Webinar Tomorrow Nov 15 @ 12:00PM EST – Software Defined WAN (SD-WAN): Security Implications and Design Solutions - CSIAC

Software Defined WAN (SD-WAN) is transforming Wide Area Networks (WANs) by providing a highly available Secure WAN Transport combined with Direct Internet Access in the branches. With SD-WAN, Enterprises can mix WAN service offerings from multiple providers (MPLS, Internet, Carrier Ethernet, 3G/4G, ...) to optimize their bandwidth costs and dynamically balance applications across the various links. This session will discuss the security implications of this new architecture.

RECENT HEADLINES:

Cyber Crime:

Merck Cyber Attack May Cost Insurers $275 Million: Verisk’s PCS - Reuters

Insurers could pay $275 million to cover the insured portion of drugmaker Merck & Co's loss from a cyber attack in June, according to a forecast by Verisk Analytics Inc's Property Claim Services (PCS) unit.

New Wave of Cyber Attacks Hits Russia, Other Nations - Reuters

Cyber attacks using malware called "BadRabbit" hit Russia and other nations on Tuesday, affecting Russian Interfax news agency and causing flight delays at Ukraine's Odessa airport.

Cyberwarfare:

Cybercom Establishes Strategic Concepts to Mitigate Cyber Threats to Natl Security - Executive Gov

The U.S. Cyber Command has developed an operational approach to defensive cyber operations and strategic concepts which aim to help address a number of cyber threats to national security.

Russia’s Election Hackers Use D.C. Cyber Warfare Conference as Bait - The Daily Beast

The Russian military hackers behind last year's election meddling are using an upcoming cyber warfare conference in Washington D.C. as a lure to infect a new crop of victims with malware, security researchers said Sunday, effectively turning a high-level gathering packed with NATO and U.S. military cyber defenders into an opportunity for more attacks.

“Cyber Conflict” Decoy Document Used In Real Cyber Conflict - Talos

Cisco Talos discovered a new malicious campaign from the well known actor Group 74 (aka Tsar Team, Sofacy, APT28, Fancy Bear...). Ironically the decoy document is a deceptive flyer relating to the Cyber Conflict U.S. conference.

North Korea Hackers Stole South Korea-U.S. Military Plans to Wipe Out North Korea Leadership: Lawmaker - Reuters

Democratic Party representative Rhee Cheol-hee said 235 gigabytes of military documents were taken from the Defense Integrated Data Center in September last year, citing information from unidentified South Korean defense officials.

DOD Tests and Deploys Upgraded JRSS - Defense Systems

The Navy is now assessing its implementation of its Joint Regional Security Stacks data consolidation and interoperability initiative by subjecting data networks to a wide range of attack scenarios, emerging threats and operational conditions.

Data Security:

No Macros? No Problem for New Malware Attack - SecurityIntelligence

Macro-based Microsoft Office malware is a go-to tactic for aspiring cybercriminals because it's reliable and effective. Since macros remain an integral part of Word documents, many companies don't disable them by default, and users often open .doc attachments. But with enterprise IT on the war path for signs of any macro malware attack, criminals are getting creative. According to Bleeping Computer, they're now using an outdated Office feature known as Dynamic Data Exchange (DDE) to infiltrate and infect corporate devices.
Tags: Microsoft

Kaspersky: NSA Staffer’s Laptop Was Infected with Malware - CNET

The Russian cybersecurity company releases details from its internal investigation into an NSA hack, which it's accused of being behind.

Security Vulnerability Puts Linux Kernel at Risk - SecurityIntelligence

The security vulnerability impacts the Advanced Linux Sound Architecture (ALSA), which is a software framework that establishes an application programming interface (API) for sound card drivers in the Linux kernel. While the potential damage from escalated privileges is high, IT decision-makers should note that a patch has already been made available. An active development community helps keep security concerns associated with Linux at bay. However, IT managers and users must stay alert to potential concerns and work to apply recommended fixes at the earliest opportunity.
Tags: Linux

Exclusive: Microsoft Responded Quietly After Detecting Secret Database Hack in 2013 - Reuters

The database contained descriptions of critical and unfixed vulnerabilities in some of the most widely used software in the world, including the Windows operating system. Spies for governments around the globe and other hackers covet such information because it shows them how to create tools for electronic break-ins. The Microsoft flaws were fixed likely within months of the hack, according to the former employees. Yet speaking out for the first time, these former employees as well as U.S. officials informed of the breach by Reuters said it alarmed them because the hackers could have used the data at the time to mount attacks elsewhere, spreading their reach into government and corporate networks.
Tags: Microsoft

Severe Flaw in WPA2 Protocol Leaves Wi-Fi Traffic Open to Eavesdropping - ARS Technica

An air of unease set into the security circles on Sunday as they prepared for the disclosure of high-severity vulnerabilities in the Wi-Fi Protected Access II protocol that make it possible for attackers to eavesdrop Wi-Fi traffic passing between computers and access points. The proof-of-concept exploit is called KRACK, short for Key Reinstallation Attacks.

Healthcare Security:

The Need for Increased Investment in Medical Device Security - Tripwire

In 2014, the FBI warned that healthcare systems, including medical devices, were at an increased risk of cyber-attacks due to the unfortunate coupling of poor cybersecurity practices in the healthcare industry with patient health information (PHI) that commands high value on the dark web. This warning has largely been realized. The cost and frequency of data breaches in healthcare have risen over the past six years. This state of affairs should come as no surprise to medical device manufacturers and healthcare delivery organizations (HDOs). According to a study by the Ponemon Institute, 67% of medical device manufacturers and 56% of HDOs believe that their medical devices are at risk for an attack. Despite recognizing the risk, only 17% of device manufacturers and 15% of HDOs have taken significant steps to prevent an attack. Remarkably, only 41% of device manufacturers and 22% of HDOs have an incident response plan in place in the event of an attack.

Internet-of-Things:

After Quietly Infecting a Million Devices, Reaper Botnet Set to be Worse Than Mirai - ZDnet

A little over a month ago, a sizable botnet of infected Internet of Things devices began appearing on the radar of security researchers. Now, just weeks later, it's on track to become one of the largest botnets recorded in recent years.

Machine Learning and Artificial Intelligence:

Google Built a New Trojan Horse to Get Inside Every Aspect of Your Life - Business Insider

Google is taking hardware seriously after years of experimentation. But it doesn't have a chance at becoming another Apple or Samsung. Instead, Google's hardware division will be used to sneak the company's AI technology into everything else.

Network Security:

The Flawed System Behind the Krack Wi-Fi Meltdown - Wired

The security community scrambled to unpack Krack, a fundamental vulnerability in the ubiquitous, secure Wi-Fi network standard known a WPA2. Though some of the most popular devices are mercifully already protected (like most of those that run Windows and iOS), a staggering population remains exposed to data theft and manipulation every time they connect to WPA2 Wi-Fi. But as another interminable patching process begins, a different conversation is picking up, too, about how to catch flaws in crucial standards more quickly, and make it easier to patch them.

Neuromorphic Computing:

Resistive Memory Components the Computer Industry Can’t Resist - Yale

For years, the computer industry has sought memory technologies with higher endurance, lower cost, and better energy efficiency than commercial flash memories. Now, an international collaboration of scientists may have solved many of those challenges with the discovery of thin, molecular films that can store information.

Public Sector:

Twenty-Five Percent of Email “From” U.S. Federal Agencies is Fraudulent or High-Risk, Agari Finds - Businesswire

Agari, a leading cybersecurity company, today issued the Agari U.S. Federal Government DMARC Adoption report showing that 25 percent of email claiming to be from federal agencies is either fraudulent or otherwise unauthenticated. Among the 400 government domains protected by Agari, cybercriminals targeted 90 percent of them with deceptive emails that appear to come from a federal agency.

Secure Wi-Fi Enters the Battlefield - AFCEA

Secure Wi-Fi for classified operations is now available to the U.S. military, thanks to recent policy, hardware and software improvements. This is of great importance, especially to the Army, which faces challenges with command-post networks. Given size, weight and power constraints, these networks lack mobility, explained Paul Mehney, director of public communications for the Army's Program Executive Office Command, Control, Communications-Tactical (PEO C3T). The Army needs more rapid network initialization and faster command-post setup and teardown.

Roles and Responsibilities for Defending the Nation from Cyber Attack - FBI

As the committee is well aware, the frequency and impact of cyber attacks on our nation's private sector and government networks have increased dramatically in the past decade and are expected to continue to grow. We continue to see an increase in the scale and scope of reporting on malicious cyber activity that can be measured by the amount of corporate data stolen or deleted, personally identifiable information compromised, or remediation costs incurred by U.S. victims. Within the FBI, we are focused on the most dangerous malicious cyber activity: high-level intrusions by state-sponsored hackers and global organized crime syndicates, as well as other technically sophisticated attacks.

Quantum Computing:

Google’s Quantum Computing Plans Threatened by IBM Curveball - New Scientist

Just when it was looking like the underdog, classical computing is striking back. IBM has come up with a way to simulate quantum computers that have 56 quantum bits, or qubits, on a non-quantum supercomputer - a task previously thought to be impossible. The feat moves the goalposts in the fight for quantum supremacy, the effort to outstrip classical computers using quantum ones.

Space-Based Test Proves Light’s Quantum Weirdness - Scientific American

Physicists sometimes say that a beam of light traveling through space is like a "great smoky dragon." One can know much about where the light comes from (the dragon's tail) and where it is seen (the dragon's head), yet still know precious little about the journey in between (the dragon's mysterious, nebulous body). As light travels from source to detection, it can behave as either a particle or a wave-or, paradoxically, both states or neither state. Now an experiment using laser beams shot at satellites in low-Earth orbit has confirmed that this bizarre detail about the nature of light holds true across record-breaking distances.

CSIAC Supported Communities

CSIAC supports several communities of practice, such as the Cyber Community of Interest (COI) Group and research & development working groups.

Technical Resources, Policy and Guidance

This list of related sites provides additional sources to pursue the topic of Cybersecurity. The sites include Government organizations, including federal agencies, Department of Defense and military service agencies, commercial organizations, and academic institutions.


The CS Digest provides links to third party Websites. The CSIAC is not responsible for the availability of, and content provided on, third party Websites. You should refer to the policies posted by other Websites regarding their privacy and other topics before you use them. The CSIAC is not responsible for third party content accessible through the CSIAC CS Digest, including opinions, advice, statements, advertisements and endorsements, and you bear all risks associated with the use of such content.

« 17 Oct 2017
14 Nov 2017 »

Reader Interactions

Leave a Comment Cancel

You must be logged in to post a comment.

sidebar

Blog Sidebar

Featured Content

The DoD Cybersecurity Policy Chart

The DoD Cybersecurity Policy Chart

This chart captures the tremendous breadth of applicable policies, some of which many cybersecurity professionals may not even be aware, in a helpful organizational scheme.

View the Policy Chart

CSIAC Journal - Launching Innovation Through Medical Modeling and Simulation Technologies

CSIAC Journal Cover Volume 5 Number 4

This Special Edition of the Journal will provide a glimpse into current efforts to improve military medical training with simulation-based solutions.

Read the Journal

CSIAC Journal - Innovation Based Ecosystems

CSIAC Journal Cover Volume 5 Number 4

This issue of the Journal of Cyber Security & Information Systems explores how managing fast adoption modern-based system has more to do with understanding capabilities, interdependency between systems and effectively operating in the new paradigm than it has to do with differentiating product features.

Read the Journal

Recent Video Podcasts

  • What is DevOps? from a tools point of view Series: CSIAC Webinars
  • 5th Generation (5G) Technology Series: The CSIAC Podcast
  • Malvertising Explored Series: The CSIAC Podcast
  • Cybersecurity Arms Race – Modernizing the Arsenal Series: CSIAC Webinars
  • Cyber Situational Awareness Series: The CSIAC Podcast
View all Podcasts

Upcoming Events

Thu 28

BSides Columbus 2019

February 28 - March 1
Columbus OH
United States
Organizer: BSides Columbus
Mar 19

1st NATO – Industry Workshop on Autonomous Cyber Defence

March 19 @ 09:30 - 16:00 EDT
Cranfield Bedfordshire MK43 0AL
United Kingdom
Organizer: Cranfield University
View all Events

Recently Active Members

Profile picture of CSIACAdmin
Profile picture of sarapistor
Profile picture of awebb19
Profile picture of SChhom02
Profile picture of emuslic03
Profile picture of nd14
Profile picture of Parlad
Profile picture of lebanghart
Profile picture of Mathieu Schram
Profile picture of aedrgad
Profile picture of nrea13
Profile picture of scottrill10
Profile picture of jburkhart04
Profile picture of woo05
Profile picture of mselby08
Profile picture of jlewis05
Profile picture of mvansteenburg
Profile picture of arena17

Footer

CSIAC Products & Services

  • Free Technical Inquiry
  • Core Analysis Tasks (CATs)
  • Resources
  • Events Calendar
  • Frequently Asked Questions
  • Product Feedback Form

About CSIAC

The CSIAC is a DoD-sponsored Center of Excellence in the fields of Cybersecurity, Software Engineering, Modeling & Simulation, and Knowledge Management & Information Sharing.Learn More

Contact Us

Phone:800-214-7921
Email:info@csiac.org
Address:   266 Genesee St.
Utica, NY 13502
Send us a Message
ASD(R&E) LogoUS Department of Defense LogoDoD IACs LogoDTIC LogoTEMS Logo

Copyright 2018, Quanterion Solutions Incorporated

Sitemap | Privacy Policy | Terms of Use | Accessibility Information

This website uses cookies to provide our services and to improve your experience. By using this site, you consent to the use of our cookies. To read more about the use of our site, please click "Read More". Otherwise, click "Dismiss" to hide this notice. Dismiss Read More