SB15-145: Vulnerability Summary for the Week of May 18, 2015
Discussion

SB15-145: Vulnerability Summary for the Week of May 18, 2015

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database(NVD) in the past ...
Cloud Attacks, Threats, and Defenses
Podcast

Cloud Attacks, Threats, and Defenses

As organizations migrate critical services to the cloud, adversaries gain increasing incentive to gain access to these environments. Attacks against cloud environments can range from traditional exploits against an instance to ...
Webinar: Cloud Attacks, Threats, and Defenses
Event

Webinar: Cloud Attacks, Threats, and Defenses

 As organizations migrate critical services to the cloud, adversaries gain increasing incentive to gain access to these environments. Attacks against cloud environments can range from traditional exploits against an ...

Cybersecurity

Cybersecurity (CS) includes managing risks related to the use, processing, storage, and transmission of information and the systems and processes used for those purposes, including analog and physical form. CS includes information availability, identification and authentication, confidentiality, integrity, and non-repudiation as well as the economic considerations with respect to selection of CS techniques, CS processes, and industry trends.

SB15-124 Vulnerability Summary for the Week of April 27, ...

453 reads since posted on 05/04/2015 - 3:42pm by CSIAC Admin
CSIAC Admin
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database(NVD) in the past week.

SB15-117 Vulnerability Summary for the Week of April 20, ...

258 reads since posted on 04/27/2015 - 10:05am by CSIAC Admin
CSIAC Admin
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database(NVD) in the past week.

SB15-110 Vulnerability Summary for the Week of April 13, ...

213 reads since posted on 04/20/2015 - 12:35pm by CSIAC Admin
CSIAC Admin
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database(NVD) in the past week.

US-CERT Alert (TA15-105A) Simda Botnet

174 reads since posted on 04/15/2015 - 1:39pm by CSIAC Admin
CSIAC Admin
The Simda botnet – a network of computers infected with self-propagating malware – has compromised more than 770,000 computers worldwide. The United States Department of Homeland Security (DHS), in collaboration with Interpol and the Federal Bureau of Investigation (FBI), has released this Technical Alert to provide further information about the Simda botnet, along with prevention and mitigation recommendations. To view this alert, click here.

SB15-103 Vulnerability Summary for the Week of April 6, 2015

130 reads since posted on 04/14/2015 - 10:13am by CSIAC Admin
CSIAC Admin
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database(NVD) in the past week.

US-CERT Alert (TA15-098A) AAEH

222 reads since posted on 04/09/2015 - 12:33pm by CSIAC Admin
CSIAC Admin
AAEH is a family of polymorphic downloaders created with the primary purpose of downloading other malware, including password stealers, rootkits, fake antivirus, and ransomware. The United States Department of Homeland Security (DHS), in collaboration with Europol, the Federal Bureau of Investigation (FBI) and the Department of Justice (DOJ), released this Technical Alert to provide further information about the AAEH botnet, along with prevention and mitigation recommendations.

Criminals Host Fake Government Services Web Sites to ...

176 reads since posted on 04/08/2015 - 12:40pm by CSIAC Admin
CSIAC Admin
"From May 2012 to March 2015, the FBI’s Internet Crime Complaint Center (IC3) has received complaints regarding criminals hosting fraudulent government services websites in order to acquire Personally Identifiable Information (PII) and to collect fraudulent fees from consumers." -IC3

AFPM Q&A and Technology Forum Cybersecurity Day Call ...

Monday, October 5, 2015 (All day) - Wednesday, October 7, 2015 (All day)
Oct 5 2015

The inaugural AFPM Cybersecurity Day will be Monday, October 5 in New Orleans, Louisiana. It will take place in conjunction with the 2015 AFPM Q&A and Technical Forum. Cybersecurity Day will provide cybersecurity experts a forum to present information and case studies on the tools and techniques used for cybersecurity in the refining and petrochemical industries.

SB15-082: Vulnerability Summary for the Week of March ...

481 reads since posted on 03/24/2015 - 8:14am by CSIAC Admin
CSIAC Admin
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database(NVD) in the past week.

New submission and notification dates for STC 2015, the ...

237 reads since posted on 03/15/2015 - 4:59pm by pcroll
pcroll
Call for Presentations The 27th Annual IEEE Software Technology Conference (STC 2015) 12 October - 15 OctoberHilton Long Beach, Long Beach, California, USA The IEEE Computer Society is pleased to bring you the 27th Annual Software Technology Conference.

Audit Report: DoD Needs to Reinitiate Migration to ...

252 reads since posted on 03/11/2015 - 3:51pm by CSIAC Admin
CSIAC Admin
The Department of Defense Inspector General recently published an audit report on whether the DoD was effectively migrating to the Internet Protocol Version 6 (IPv6). To view the summary of the findings, management action taken, recommendations and the management comments and response from the DoD Inspector General, click the link below: http://www.dodig.mil/pubs/report_summary.cfm?id=6080

Audit Report: DoD Cloud Computing Strategy Needs ...

164 reads since posted on 03/11/2015 - 3:17pm by CSIAC Admin
CSIAC Admin
The Department of Defense Inspector General recently published an audit report on whether DoD effectively planned and executed a strategy for implementing cloud computing. This report was provided for review and comment. To view the findings, recommendations and management comments click on the link below:  http://www.dodig.mil/pubs/report_summary.cfm?id=6084 What are your suggestions and comments on this topic?

SB15-069: Vulnerability Summary for the Week of March 2, ...

125 reads since posted on 03/11/2015 - 8:55am by CSIAC Admin
CSIAC Admin
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database(NVD) in the past week. Click here to view the document.

SB15-061: Vulnerability Summary for the Week of February ...

199 reads since posted on 03/02/2015 - 2:56pm by CSIAC Admin
CSIAC Admin
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database(NVD) in the past week. Click here to view the document.

SB15-054: Vulnerability Summary for the Week of February ...

167 reads since posted on 02/23/2015 - 11:16am by CSIAC Admin
CSIAC Admin
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database(NVD) in the past week. Click here to view the document.

SB15-047: Vulnerability Summary for the Week of February ...

152 reads since posted on 02/17/2015 - 3:10pm by CSIAC Admin
CSIAC Admin
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database(NVD) in the past week.

New Government Agency: "Cyber Threat Intelligence ...

293 reads since posted on 02/10/2015 - 12:57pm by CSIAC Admin
CSIAC Admin
In the wake of the Sony Pictures hack the Obama administration will establish a new government agency to "combat the deepening threat from cyberattacks," according to the Washington Post. To view the article, click here. What are some thoughts and views on this new agency?

ISIS Threat at Home: FBI Warns US Military About Social ...

598 reads since posted on 12/02/2014 - 4:51pm by Cybersec12
Cybersec12
The FBI on Sunday issued the strongest warning to date about possible attacks by the ISIS terrorist group against the U.S. military inside the homeland, officials tell ABC News. Read More - http://abcnews.go.com/International/isis-threat-home-fbi-warns-us-military-social/story?id=27270662

Vulnerability Alert - Shellshock bash bug discovered

2131 reads since posted on 09/26/2014 - 9:06am by CSIAC Admin
CSIAC Admin
Over the past few days a bug was discovered in bash that allows remote attackers to run any shell command they would like by excersizing a vulnerability in the way environment variables are defined. This is extremely concerning especially for web server administrators running their web environments on CGI. You can obtain additional information from the following sources: National Vulnerability Database - http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271

Cybersecurity Digest Suggestions?

8127 reads since posted on 06/11/2014 - 5:06pm by CSIAC Admin
CSIAC Admin
Please share any thoughts or comments on the Cybersecurity Digest and what you would like to see in it. Suggest any articles, news topics, et cetera that would make it more interesting for the CSIAC community as a whole. The Cybersecurity Digest is a bi-weekly news summary for information assurance professionals. It is transmitted in an HTML formatted e-mail and includes recent headlines to articles across a spectrum of information assurance and cyber-security topics.
Syndicate content