If you would like to share your thoughts on the Information Assurance Digest or make suggestions as to what should be included, click the following link: https://www.thecsiac.com/discussion/information-assurance-digest-suggestions
Big Data & Cloud Computing:
Cloud-Based POS Software- "New Target For Hackers" - Intel Crawler
IntelCrawler, a cyber threat intelligence firm from Los Angeles, has identified new-targeted attacks on cloud-based POS software, used by grocery stores, retailers and other small businesses using web browsers like Internet Explorer, Safari, and/or Google Chrome.
Google is putting its considerable weight behind an open source technology that’s already one of the hottest new ideas in the world of cloud computing.
Net Losses: Estimating the Global Cost of Cybercrime - McAfee
Cybercrime is a growth industry. The returns are great, and the risks are low. We estimate that the likely annual cost to the global economy from cybercrime is more than $400 billion.
Operationalizing Cyber Is New Commander's Biggest Challenge - Department of Defense
U.S. Cyber Command’s greatest challenge is to operationalize cyberspace to turn the electro-digital network of networks into a command-and-control environment where warriors can see the adversary and whose operations defense leaders can integrate into options for commanders and policymakers.
Cyber Chief Says Businesses Must 'Own' Cyber-Security Threats - Department of Defense
Cybersecurity threats are a vital issue for the nation, and like the Defense Department, businesses must own the problem to successfully carry out their missions.
U.S. Disrupts Major Hacking, Extortion Ring; Russian Charged - Reuters
A U.S.-led international operation disrupted a crime ring that infected hundreds of thousands of PCs around the globe with malicious software used for stealing banking credentials and extorting computer owners.
Putter Panda Targeting U.S. Defense - Crowd Strike
Putter Panda is a determined adversary group, conducting intelligence-gathering operations targeting the Government, Defense, Research, and Technology sectors in the United States, with specific targeting of space, aerospace, and communications.
Lockheed Martin Develops Tools to Fight Viruses - Orlando Sentinel
Buoyed by tens of millions of defense dollars, Lockheed Martin Corp. has made Orlando ground zero for a "test range" to help the military develop antivirus technology to combat hacker attacks and cyber-terrorism.
New Banker Trojan In Town: "Dyreza" - CSIS
A new piece of banking malware, which is targeting some major online banking services.
Zeus Alternative "Pandemiya" Emerges In Cybercrime Underground - Security Week
A new banking Trojan being promoted in underground forums as an alternative to the popular and widely used Zeus Trojan has the potential to become a pervasive threat.
U.S. Army Loses 16,000 Personnel Records In South Korea - United States Forces Korea
United States Forces Korea (USFK) was made aware of a potential theft of personal information from the Korean National Recruitment System (KNRS) maintained by the U.S. Department of the Army.
AT&T Confirms Serious Mobile Security Breach - Softpedia
Some AT&T customers received a letter from the company informing them that some of their details have been accessed without authorization by employees of one of their service providers.
First Seen Trojan App That Encrypts Files on Android Devices and Asks For Ransom - Virus Radar
Android/Simplocker.A is a trojan that encrypts files on local drives. The trojan collects various sensitive information. The trojan attempts to send gathered information to a remote machine.
Exploit mitigation techniques available in Internet Explorer keep the browser strong in face of memory exploits, but attacks could be carried out through the script interpreter engine.
Six More Bugs Found In OpenSSL Security Tool and Patched - OpenSSL
The OpenSSL team has pushed out fixes for six security vulnerabilities in the widely used crypto library. These holes include a flaw that enables man-in-the-middle (MITM) eavesdropping on encrypted connections, and another that allows miscreants to drop malware on at-risk systems.
IoT Revenue to Hit $7.1 Trillion In 2020 - International Data Corporation
A transformation is underway that will see the worldwide market for IoT solutions grow from $1.9 trillion in 2013 to $7.1 trillion in 2020.
CSIAC Communities of Interest:
Systems and Software Producibility Collaboration Environment (SPRUCE) - CSIAC
SPRUCE is an online collaborative Forum for describing CS and SE challenging problems, assembling cannonical data sets, and proposing models and solutions. CSIAC invites free use of this environment by the academic, defense-industrial-base, and Government user community. For more information contact Tom McGibbon at email@example.com
The Cyber Shield Newsletter - New Mexico CounterIntelligence Working Group (NMCIWG)
The Cyber Shield is a Cyber Newsletter for Counterintelligence, IT and Security Profressionals associated with DoD and USG agencies. There are Distribution constraints. If you would like to subscribe, please contact Dr. Paul Losiewicz at firstname.lastname@example.org
Cyber Security of Critical Infrastructure - Department of Homeland Security
CSIAC serves on the EO 13636/PPD-21 Research & Development (R&D) Working Group (WG) run by DHS S&T. If you would like further information, contact Dr. Paul Losiewicz at email@example.com
Software Assurance Community of Practice (SwA COP) - CSIAC
CSIAC serves on the DoD Software Assurance Community of Practice Working Group. For further information contact Taz Daughtrey at firstname.lastname@example.org
National Vulnerability Database - NIST
NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. NVD includes databases of security checklists, security related software flaws, misconfigurations, product names, and impact metrics.
US-CERT Alerts - Department of Homeland Security
Alerts provide timely information about current security issues, vulnerabilities, and exploits.
US-CERT Bulletins - Department of Homeland Security
Bulletins provide weekly summaries of new vulnerabilities. Patch information is provided when available.
DoD COI Governance and Guidance - DoD Chief Information Officer
Trustworthy CyberSpace: Strategic Plan For The Federal Cybersecurity Research and Development Program - NITRD
DHS Cyber Security Strategy ("Blueprint for a Secure Cyber Future", 2011) - Department of Homeland Defense
Committee on National Security Systems (CNSS) - Committee on National Security Systems
DoD Cyber Domain Resources - DoD
NIST announces that the Second Public Draft of Special Publication (SP) 800-161, Supply Chain Risk Management Practices for Federal Information Systems and Organizations, has been released for public comment. (June 3, 2014) - NIST
This document provides guidance to federal departments and agencies on identifying, assessing, and mitigating Information and Communications Technology (ICT) supply chain risks at all levels in their organizations. It integrates ICT supply chain risk management (SCRM) into federal agency enterprise risk management activities by applying a multitiered SCRM-specific approach, including supply chain risk assessments and supply chain risk mitigation activities and guidance.
DoDI 8500.01 - DTIC
DoDD 8500.01E (which it replaced), DoDI 8500.02, DoDD C-5200.19, DoDI8552.01 and DTM 08-060 were all cancelled because the new DoDI 8500.01 incorporates them all. Effective 14 March 2014.
DoDI 8510.01 - DTIC
Provides procedural guidance for the reciprocal acceptance of authorization decisions and artifacts within DoD, and between DoD and other federal agencies, for the authorization and connection of information systems (ISs). Effective 12 March 2014.
GAO February 2013 High Risk Update - Government Accountability Office
GAO recommends assessment of government-wide material weakness in information security be upgraded to a significant deficiency for 2 consecutive years. (p.189)
GAO-13-187 Cybersecurity - Government Accountability Office
National strategy, roles, and responsibilities need to be better defined and more effectively implemented.
Bring Your Own Device - The White House
A Toolkit to Support Federal Agencies Implementing Bring Your Own Device (BYOD) Programs - August 23, 2012. Product of the Digital Services Advisory Group and Federal Chief Information Officers Council.
CNSS Advisory Memorandum Information Assurance 01-12 6 June 2012 - CNSS
Administration's Strategy to Mitigate the Theft of U.S. Trade Secrets - The White House
White House Economic Cyberwarfare Strategy.
ISO Standards on Vulnerability Handling and Disclosure - Internet Storm Center
Two new ISO standards for vulnerability verification and reporting.
Framework for Improving Critical Infrastructure Cybersecurity - National Institute of Standards and Technology
NIST Framework published 12 February 2014.
Feedback from the last ia digest:
Cyber-Warfare Goes Wireless - US News
Russian forces intercepted a U.S. surveilance drone. Cyber-warfare is changing rapidly and the U.S. military has to change with it.
A Wake-up Call for SATCOM Security - IO active
U.S. military communication satellites vulnerable to cyberattacks.
The Hacker Who Worked on a Navy Nuclear Aircraft Carrier - The Atlantic
They posted the information—with social security numbers redacted—and crowed about it on Twitter.
The CSIAC IA Digest is a semi-weekly news summary for information assurance and software reliability professionals protecting the global information grid. It is transmitted in an HTML-formatted email and provides links to articles and news summaries across a spectrum of IA/SE/DIO/IW topics.
This is an automatic message from the Cyber Security and Information Systems Information Analysis Center. To unsubscribe from this email list or other CSIAC email lists, update your subscriptions settings.