SB15-110 Vulnerability Summary for the Week of April 13, 2015
Discussion

SB15-110 Vulnerability Summary for the Week of April 13, ...

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database(NVD) in the past ...
US-CERT Alert (TA15-105A) Simda Botnet
Discussion

US-CERT Alert (TA15-105A) Simda Botnet

The Simda botnet – a network of computers infected with self-propagating malware – has compromised more than 770,000 computers worldwide.The United States Department of Homeland Security (DHS), in collaboration ...
SB15-103 Vulnerability Summary for the Week of April 6, 2015
Discussion

SB15-103 Vulnerability Summary for the Week of April 6, 2015

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database(NVD) in the past ...

Cybersecurity

Cybersecurity (CS) includes managing risks related to the use, processing, storage, and transmission of information and the systems and processes used for those purposes, including analog and physical form. CS includes information availability, identification and authentication, confidentiality, integrity, and non-repudiation as well as the economic considerations with respect to selection of CS techniques, CS processes, and industry trends.

SB15-110 Vulnerability Summary for the Week of April 13, ...

27 reads since posted on 04/20/2015 - 12:35pm by CSIAC Admin
CSIAC Admin
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database(NVD) in the past week.

US-CERT Alert (TA15-105A) Simda Botnet

90 reads since posted on 04/15/2015 - 1:39pm by CSIAC Admin
CSIAC Admin
The Simda botnet – a network of computers infected with self-propagating malware – has compromised more than 770,000 computers worldwide. The United States Department of Homeland Security (DHS), in collaboration with Interpol and the Federal Bureau of Investigation (FBI), has released this Technical Alert to provide further information about the Simda botnet, along with prevention and mitigation recommendations. To view this alert, click here.

SB15-103 Vulnerability Summary for the Week of April 6, 2015

55 reads since posted on 04/14/2015 - 10:13am by CSIAC Admin
CSIAC Admin
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database(NVD) in the past week.

US-CERT Alert (TA15-098A) AAEH

157 reads since posted on 04/09/2015 - 12:33pm by CSIAC Admin
CSIAC Admin
AAEH is a family of polymorphic downloaders created with the primary purpose of downloading other malware, including password stealers, rootkits, fake antivirus, and ransomware. The United States Department of Homeland Security (DHS), in collaboration with Europol, the Federal Bureau of Investigation (FBI) and the Department of Justice (DOJ), released this Technical Alert to provide further information about the AAEH botnet, along with prevention and mitigation recommendations.

Criminals Host Fake Government Services Web Sites to ...

101 reads since posted on 04/08/2015 - 12:40pm by CSIAC Admin
CSIAC Admin
"From May 2012 to March 2015, the FBI’s Internet Crime Complaint Center (IC3) has received complaints regarding criminals hosting fraudulent government services websites in order to acquire Personally Identifiable Information (PII) and to collect fraudulent fees from consumers." -IC3

AFPM Q&A and Technology Forum Cybersecurity Day Call ...

Monday, October 5, 2015 (All day) - Wednesday, October 7, 2015 (All day)
Oct 5 2015

The inaugural AFPM Cybersecurity Day will be Monday, October 5 in New Orleans, Louisiana. It will take place in conjunction with the 2015 AFPM Q&A and Technical Forum. Cybersecurity Day will provide cybersecurity experts a forum to present information and case studies on the tools and techniques used for cybersecurity in the refining and petrochemical industries.

SB15-082: Vulnerability Summary for the Week of March ...

437 reads since posted on 03/24/2015 - 8:14am by CSIAC Admin
CSIAC Admin
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database(NVD) in the past week.

New submission and notification dates for STC 2015, the ...

188 reads since posted on 03/15/2015 - 4:59pm by pcroll
pcroll
Call for Presentations The 27th Annual IEEE Software Technology Conference (STC 2015) 12 October - 15 OctoberHilton Long Beach, Long Beach, California, USA The IEEE Computer Society is pleased to bring you the 27th Annual Software Technology Conference.

1st Annual Billington Corporate: Cybersecurity Summit

Wednesday, May 27, 2015 - 7:30am - 4:00pm
May 27 2015

Large-scale denial-of-services attacks and point-of-sale thefts capture the headlines, but hackers also are targeting businesses of all sizes. And new legislation may require corporations to report a breach when it occurs rather than months later.

Audit Report: DoD Needs to Reinitiate Migration to ...

224 reads since posted on 03/11/2015 - 3:51pm by CSIAC Admin
CSIAC Admin
The Department of Defense Inspector General recently published an audit report on whether the DoD was effectively migrating to the Internet Protocol Version 6 (IPv6). To view the summary of the findings, management action taken, recommendations and the management comments and response from the DoD Inspector General, click the link below: http://www.dodig.mil/pubs/report_summary.cfm?id=6080

Audit Report: DoD Cloud Computing Strategy Needs ...

112 reads since posted on 03/11/2015 - 3:17pm by CSIAC Admin
CSIAC Admin
The Department of Defense Inspector General recently published an audit report on whether DoD effectively planned and executed a strategy for implementing cloud computing. This report was provided for review and comment. To view the findings, recommendations and management comments click on the link below:  http://www.dodig.mil/pubs/report_summary.cfm?id=6084 What are your suggestions and comments on this topic?

SB15-069: Vulnerability Summary for the Week of March 2, ...

102 reads since posted on 03/11/2015 - 8:55am by CSIAC Admin
CSIAC Admin
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database(NVD) in the past week. Click here to view the document.

SB15-061: Vulnerability Summary for the Week of February ...

182 reads since posted on 03/02/2015 - 2:56pm by CSIAC Admin
CSIAC Admin
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database(NVD) in the past week. Click here to view the document.

SB15-054: Vulnerability Summary for the Week of February ...

138 reads since posted on 02/23/2015 - 11:16am by CSIAC Admin
CSIAC Admin
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database(NVD) in the past week. Click here to view the document.

SB15-047: Vulnerability Summary for the Week of February ...

127 reads since posted on 02/17/2015 - 3:10pm by CSIAC Admin
CSIAC Admin
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database(NVD) in the past week.

New Government Agency: "Cyber Threat Intelligence ...

252 reads since posted on 02/10/2015 - 12:57pm by CSIAC Admin
CSIAC Admin
In the wake of the Sony Pictures hack the Obama administration will establish a new government agency to "combat the deepening threat from cyberattacks," according to the Washington Post. To view the article, click here. What are some thoughts and views on this new agency?

ISIS Threat at Home: FBI Warns US Military About Social ...

546 reads since posted on 12/02/2014 - 4:51pm by Cybersec12
Cybersec12
The FBI on Sunday issued the strongest warning to date about possible attacks by the ISIS terrorist group against the U.S. military inside the homeland, officials tell ABC News. Read More - http://abcnews.go.com/International/isis-threat-home-fbi-warns-us-military-social/story?id=27270662

Vulnerability Alert - Shellshock bash bug discovered

2094 reads since posted on 09/26/2014 - 9:06am by CSIAC Admin
CSIAC Admin
Over the past few days a bug was discovered in bash that allows remote attackers to run any shell command they would like by excersizing a vulnerability in the way environment variables are defined. This is extremely concerning especially for web server administrators running their web environments on CGI. You can obtain additional information from the following sources: National Vulnerability Database - http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271

Cybersecurity Digest Suggestions?

7538 reads since posted on 06/11/2014 - 5:06pm by CSIAC Admin
CSIAC Admin
Please share any thoughts or comments on the Cybersecurity Digest and what you would like to see in it. Suggest any articles, news topics, et cetera that would make it more interesting for the CSIAC community as a whole. The Cybersecurity Digest is a bi-weekly news summary for information assurance professionals. It is transmitted in an HTML formatted e-mail and includes recent headlines to articles across a spectrum of information assurance and cyber-security topics.

NIST announces that the Second Public Draft of Special ...

1639 reads since posted on 06/11/2014 - 5:03pm by CSIAC Admin
CSIAC Admin
This document provides guidance to federal departments and agencies on identifying, assessing, and mitigating Information and Communications Technology (ICT) supply chain risks at all levels in their organizations. It integrates ICT supply chain risk management (SCRM) into federal agency enterprise risk management activities by applying a multitiered SCRM-specific approach, including supply chain risk assessments and supply chain risk mitigation activities and guidance.
Syndicate content