Cyber Security and Information Systems Information Analysis Center
The US Department of Homeland Security (DHS) has issued today a binding operational directive that puts a tight deadline on US government agencies during which they must patch security flaws discovered in Internet-accessible systems.
https://www.zdnet.com/article/dhs-gives-agencies-15-day-deadline-to-patch-security-flaws/
The White House has released a new Executive Order on America's Cybersecurity Workforce. The Executive Order will implement programs that will grow and strengthen our Nation's cybersecurity workforce to meet the challenges of the 21st century.
https://www.whitehouse.gov/presidential-actions/executive-order-americas-cybersecurity-workforce/
The Federal Bureau of Investigation (FBI) and the U.S. Department of Homeland Security (DHS) have issued a joint malware analysis report (MAR) on a malware strain dubbed ELECTRICFISH and used by the North-Korean APT group Lazarus to exfiltrate data from victims.
Google announced the integration of more security features into Android Q designed to further harden the security of critical areas like the kernel, as well as making storage encryption standard and updated biometrics API.
https://www.bleepingcomputer.com/news/security/android-q-hardens-security-adds-better-encryption/
A leading cybersecurity firm found evidence Chinese intelligence operatives repurposed National Security Agency (NSA) hacking technology in 2016 to attack American allies and private firms in Europe and Asia, according to The New York Times.
An intriguing paper published by researchers at the University of Michigan describes a new processor architecture capable of self-encryption that can fend off any hacks.
The U.S. National Institute of Standards and Technology (NIST), through its National Cybersecurity Center of Excellence (NCCoE), this week announced that it's working on a project whose goal is to help the energy sector secure industrial Internet of Things (IIoT) systems.
https://www.securityweek.com/nist-working-industrial-iot-security-guide-energy-companies
Microsoft has passed another milestone on its quest to kill off passwords. The company has now gained official FIDO2 certification for Windows Hello, the Windows 10 biometric authentication system.
https://www.zdnet.com/article/windows-10-says-hello-to-no-passwords-with-fido2-certification/
The Cybersecurity and Infrastructure Security Agency (CISA) issued a set of best practices designed to help organizations to mitigate risks and vulnerabilities associated with migrating their email services to Microsoft Office 365.
Security experts have found a race condition vulnerability (CVE-2019-11815) in Linux Kernel Prior to 5.0.8 that expose systems to remote code execution.
https://securityaffairs.co/wordpress/85451/security/cve-2019-11815-linux-kernel.html
The CSIAC is a DoD-sponsored Center of Excellence in the fields of Cybersecurity, Software Engineering, Modeling & Simulation, and Knowledge Management & Information Sharing.Learn More
| Phone: | 800-214-7921 |
| Email: | info@csiac.org |
| Address: | 266 Genesee St. Utica, NY 13502 |
