The Internet of Things Cybersecurity Improvement Act wants to make sure the federal government isn't buying devices that can be easily hacked.
https://www.cnet.com/news/congress-introduces-bill-to-improve-internet-of-things-security/
Digest Articles
Spam Campaign Uses Recent Boeing 737 Max Crashes to Push Malware
A spam campaign is using two recent crashes involving Boeing 737 Max aircraft to distribute malware to unsuspecting users.
Unprotected Elasticsearch DB Exposed 33 Million Job Profiles in China
Security expert discovered an unprotected Elasticsearch database exposed online that was containing approximately 33 million job profiles in China.
https://securityaffairs.co/wordpress/82532/data-breach/unprotected-elasticsearch-db-china.html
Threat Actors Leverage Credential Dumps, Phishing, and Legacy Email Protocols to Bypass MFA and Breach Cloud Accounts Worldwide
In a recent six-month study of major cloud service tenants, Proofpoint researchers observed massive attacks leveraging legacy protocols and credential dumps to increase the speed and effectiveness of brute force account compromises at scale.
DARPA Is Building a $10 Million, Open Source, Secure Voting System
The system will be fully open source and designed with newly developed secure hardware to make the system not only impervious to certain kinds of hacking, but also allow voters to verify that their votes were recorded accurately.
Nevada Considers Technology to Scan Cellphones After Crashes
Most states ban texting behind the wheel, but a legislative proposal could make Nevada one of the first states to allow police to use a contentious technology to find out if a person was using a cellphone during a car crash.
NSA Releases Ghidra Reverse Engineering Tool Into the Open Source
The NSA has released GHIDRA, an advanced cybersecurity tool to the open source world. Unlike the tools previously nicked from the NSA, Ghidra is a more benevolent tool. It's designed to effectively reverse engineer so-called compiled and deployed code and then decompile it into logic that code-savvy humans can understand.
WordPress 5.1.1 Patches Remote Code Execution Vulnerability
WordPress this week addressed a vulnerability that could allow an unauthenticated attacker to execute code remotely and take over vulnerable websites.
https://www.securityweek.com/wordpress-511-patches-remote-code-execution-vulnerability
CSIAC Report: JFAC/DAU/CSIAC Cyber Experiment (CYBEX)
This report details key concerns discussed during the JFAC/DAU/CSIAC Software Assurance (SwA) Cyber Experiment (CYBEX) on 7 Aug 2018. In addition to evaluating newly developed software SwA Program Manager and Developers guides, the exchange included addressing/bringing back foundational software/system engineering in order to address the root of fundamental
https://www.csiac.org/csiac-report/jfac-dau-csiac-cyber-experiment-cybex/
CALL FOR PAPERS – 2019 Modeling and Simulation Special Edition of the Journal of Cyber Security & Information Systems
We are pleased to announce a call for papers for this year's special Modeling and Simulation (M&S) edition of the Journal of Cyber Security & Information Systems, published by the Cyber Security & Information Systems Information Analysis Center (CSIAC). This edition will highlight innovations that were achieved across the broad spectrum of defense and
