The Cyber Security and Information Systems (csiac) Information Assurance Digest

Yüklə 53,7 Kb.
ölçüsü53,7 Kb.



cyber security and information systems information analysis center

department of defense defense technical information center





The Cyber Security and Information Systems (CSIAC) Information Assurance Digest

If you would like to share your thoughts on the Information Assurance Digest or make suggestions as to what should be included, click the following link:

Recent Headlines:

Big Data & Cloud Computing:

Cloud-Based POS Software- "New Target For Hackers" - Intel Crawler

IntelCrawler, a cyber threat intelligence firm from Los Angeles, has identified new-targeted attacks on cloud-based POS software, used by grocery stores, retailers and other small businesses using web browsers like Internet Explorer, Safari, and/or Google Chrome.

Google Embraces Docker, The Next Big Thing In Cloud Computing - Wired

Google is putting its considerable weight behind an open source technology that’s already one of the hottest new ideas in the world of cloud computing.


Net Losses: Estimating the Global Cost of Cybercrime - McAfee

Cybercrime is a growth industry. The returns are great, and the risks are low. We estimate that the likely annual cost to the global economy from cybercrime is more than $400 billion.

Operationalizing Cyber Is New Commander's Biggest Challenge - Department of Defense

 U.S. Cyber Command’s greatest challenge is to operationalize cyberspace to turn the electro-digital network of networks into a command-and-control environment where warriors can see the adversary and whose operations defense leaders can integrate into options for commanders and policymakers.

Cyber Chief Says Businesses Must 'Own' Cyber-Security Threats - Department of Defense

 Cybersecurity threats are a vital issue for the nation, and like the Defense Department, businesses must own the problem to successfully carry out their missions.

U.S. Disrupts Major Hacking, Extortion Ring; Russian Charged - Reuters

 A U.S.-led international operation disrupted a crime ring that infected hundreds of thousands of PCs around the globe with malicious software used for stealing banking credentials and extorting computer owners.


Putter Panda Targeting U.S. Defense - Crowd Strike

Putter Panda is a determined adversary group, conducting intelligence-gathering operations targeting the Government, Defense, Research, and Technology sectors in the United States, with specific targeting of space, aerospace, and communications.

Lockheed Martin Develops Tools to Fight Viruses - Orlando Sentinel

Buoyed by tens of millions of defense dollars, Lockheed Martin Corp. has made Orlando ground zero for a "test range" to help the military develop antivirus technology to combat hacker attacks and cyber-terrorism.

Data Security:

New Banker Trojan In Town: "Dyreza" - CSIS

A new piece of banking malware, which is targeting some major online banking services.

Zeus Alternative "Pandemiya" Emerges In Cybercrime Underground - Security Week

A new banking Trojan being promoted in underground forums as an alternative to the popular and widely used Zeus Trojan has the potential to become a pervasive threat.

U.S. Army Loses 16,000 Personnel Records In South Korea - United States Forces Korea

United States Forces Korea (USFK) was made aware of a potential theft of personal information from the Korean National Recruitment System (KNRS) maintained by the U.S. Department of the Army.

Mobile Security:

AT&T Confirms Serious Mobile Security Breach - Softpedia

Some AT&T customers received a letter from the company informing them that some of their details have been accessed without authorization by employees of one of their service providers.

First Seen Trojan App That Encrypts Files on Android Devices and Asks For Ransom - Virus Radar

Android/Simplocker.A is a trojan that encrypts files on local drives. The trojan collects various sensitive information. The trojan attempts to send gathered information to a remote machine.

Network Security:

Advanced Exploit Techniques Attacking the IE Script Engine - Fortinet

Exploit mitigation techniques available in Internet Explorer keep the browser strong in face of memory exploits, but attacks could be carried out through the script interpreter engine.

Six More Bugs Found In OpenSSL Security Tool and Patched - OpenSSL

The OpenSSL team has pushed out fixes for six security vulnerabilities in the widely used crypto library. These holes include a flaw that enables man-in-the-middle (MITM) eavesdropping on encrypted connections, and another that allows miscreants to drop malware on at-risk systems.


IoT Revenue to Hit $7.1 Trillion In 2020 - International Data Corporation

A transformation is underway that will see the worldwide market for IoT solutions grow from $1.9 trillion in 2013 to $7.1 trillion in 2020.

CSIAC Communities of Interest:

Systems and Software Producibility Collaboration Environment (SPRUCE) - CSIAC

SPRUCE is an online collaborative Forum for describing CS and SE challenging problems, assembling cannonical data sets, and proposing models and solutions. CSIAC invites free use of this environment by the academic, defense-industrial-base, and Government user community. For more information contact Tom McGibbon at

The Cyber Shield Newsletter - New Mexico CounterIntelligence Working Group (NMCIWG)

The Cyber Shield is a Cyber Newsletter for Counterintelligence, IT and Security Profressionals associated with DoD and USG agencies. There are Distribution constraints. If you would like to subscribe, please contact Dr. Paul Losiewicz at

Cyber Security of Critical Infrastructure - Department of Homeland Security

CSIAC serves on the EO 13636/PPD-21 Research & Development (R&D) Working Group (WG) run by DHS S&T. If you would like further information, contact Dr. Paul Losiewicz at

Software Assurance Community of Practice (SwA COP) - CSIAC

CSIAC serves on the DoD  Software Assurance Community of Practice Working Group. For further information contact Taz Daughtrey at

Technical Resources:

National Vulnerability Database - NIST

NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. NVD includes databases of security checklists, security related software flaws, misconfigurations, product names, and impact metrics.

US-CERT Alerts - Department of Homeland Security

Alerts provide timely information about current security issues, vulnerabilities, and exploits.

US-CERT Bulletins - Department of Homeland Security

Bulletins provide weekly summaries of new vulnerabilities. Patch information is provided when available.

Policy Resources:

CSIAC Information Assurance Policy Chart - CSIAC

Updated 15 April 2014

DoD COI Governance and Guidance - DoD Chief Information Officer

Trustworthy CyberSpace: Strategic Plan For The Federal Cybersecurity Research and Development Program - NITRD

DHS Cyber Security Strategy ("Blueprint for a Secure Cyber Future", 2011) - Department of Homeland Defense

Committee on National Security Systems (CNSS) - Committee on National Security Systems

DoD Cyber Domain Resources - DoD


NIST announces that the Second Public Draft of Special Publication (SP) 800-161, Supply Chain Risk Management Practices for Federal Information Systems and Organizations, has been released for public comment. (June 3, 2014) - NIST

This document provides guidance to federal departments and agencies on identifying, assessing, and mitigating Information and Communications Technology (ICT) supply chain risks at all levels in their organizations. It integrates ICT supply chain risk management (SCRM) into federal agency enterprise risk management activities by applying a multitiered SCRM-specific approach, including supply chain risk assessments and supply chain risk mitigation activities and guidance. 

DoDI 8500.01 - DTIC

DoDD 8500.01E (which it replaced),  DoDI 8500.02, DoDD C-5200.19, DoDI8552.01 and DTM 08-060 were all cancelled because the new DoDI 8500.01 incorporates them all. Effective 14 March 2014.

DoDI 8510.01 - DTIC

Provides procedural guidance for the reciprocal acceptance of authorization decisions and  artifacts within DoD, and between DoD and other federal agencies, for the authorization and  connection of information systems (ISs). Effective 12 March 2014.

GAO February 2013 High Risk Update - Government Accountability Office

GAO recommends assessment of government-wide material weakness in information security be upgraded to a significant deficiency for 2 consecutive years. (p.189)

GAO-13-187 Cybersecurity - Government Accountability Office

National strategy, roles, and responsibilities need to be better defined and more effectively implemented.

Bring Your Own Device - The White House

A Toolkit to Support Federal Agencies Implementing Bring Your Own Device (BYOD) Programs - August 23, 2012. Product of the Digital Services Advisory Group and Federal Chief Information Officers Council.

CNSS Advisory Memorandum Information Assurance 01-12 6 June 2012 - CNSS

NSA-Approved Commercial Solution Guidance.

DoD Commercial Mobile Implementation Plan - DoD

Update to DoD Mobile Device Strategy.

Administration's Strategy to Mitigate the Theft of U.S. Trade Secrets - The White House

White House Economic Cyberwarfare Strategy.

ISO Standards on Vulnerability Handling and Disclosure - Internet Storm Center

Two new ISO standards for vulnerability verification and reporting.

Framework for Improving Critical Infrastructure Cybersecurity - National Institute of Standards and Technology

NIST Framework published 12 February 2014.

Feedback from the last ia digest:

Most Popular:

Cyber-Warfare Goes Wireless - US News

Russian forces intercepted a U.S. surveilance drone. Cyber-warfare is changing rapidly and the U.S. military has to change with it.

A Wake-up Call for SATCOM Security - IO active

U.S. military communication satellites vulnerable to cyberattacks.

The Hacker Who Worked on a Navy Nuclear Aircraft Carrier - The Atlantic

They posted the information—with social security numbers redacted—and crowed about it on Twitter. 



The CSIAC IA Digest is a semi-weekly news summary for information assurance and software reliability professionals protecting the global information grid. It is transmitted in an HTML-formatted email and provides links to articles and news summaries across a spectrum of IA/SE/DIO/IW topics.


This is an automatic message from the Cyber Security and Information Systems Information Analysis Center. To unsubscribe from this email list or other CSIAC email lists, update your subscriptions settings.



Quanterion Solutions Incorporated. Copyright © 2013
811 Court Street. Utica, NY. 13502

Dostları ilə paylaş:

Verilənlər bazası müəlliflik hüququ ilə müdafiə olunur © 2019
rəhbərliyinə müraciət

    Ana səhifə