Cyber-Security News and Announcements


The following announcements highlight recent cyber-security news including alerts, threats, vulnerabilities, and malicious activity. They also include up-to-date information on available updates and patches for your operating systems.

Published Jun 06, 2016

National Cybersecurity and Communications Integration Center (NCCIC) under the Department of Homeland Security (DHS) has developed the NCCIC Cyber Incident Scoring System (NCISS). The NCISS is a framework designed to provide a repeatable and consistent mechanism for estimating the impact of a cyber incident.

Published Sep 30, 2015

On October 1, 2015, all Federal Government Departments and Agencies are required to use the new incident notification guidelines. Major changes include the addition of impact classifications, replacement of categories with threat vectors, and a one hour time-limit to notify US-CERT of a confirmed compromise.

Published Sep 25, 2015

The Critical Infrastructure Cyber Community (C3) Voluntary Program has developed two new resources for State, Local, Tribal, & Territorial (SLTT) Governments: the SLTT Toolkit and Geographically Specific Resources.

Published Jun 01, 2015

The Critical Infrastructure Cyber Community (C³) Voluntary Program has developed the SMB Toolkit, a packet of resources specially designed to help SMBs recognize and address their cybersecurity risks.

Published Apr 09, 2015

AAEH (also known as VObfus, VBObfus, Beebone, or Changeup) is a family of polymorphic downloaders created with the primary purpose of downloading other malware, including password stealers, rootkits, fake antivirus, and ransomware.

Published Oct 06, 2014

The Office of Management and Budget (OMB) established an improved process for DHS to conduct regular and proactive scans of Federal civilian agency networks. Revised Incident Notification Guidelines are included that streamline the way agencies report cybersecurity incident information to US-CERT.

Published Sep 25, 2014

A vulnerability in Bash, also known as ‘Shellshock’, affects UNIX-based operating systems such as Linux and Mac OS X. See the TA14-268A and VU#252743 for details and recommended actions.

Published Jul 31, 2014

NCCIC, USSS, and third-party partners have issued an advisory regarding a Point-of-Sale malware dubbed “Backoff” which has been discovered exploiting businesses’ administrator accounts remotely and exfiltrating consumer payment data.

Published Jun 02, 2014

US-CERT has issued an alert describing the GameOver Zeus malware used by cybercriminals to collect banking information such as login credentials.  This alert identifies the systems affected, the impact of the malware and possible solutions.

Published May 02, 2014

Malicious insider activity can have devastating impacts on an organization. The NCCIC has released a new publication on “Combating the Insider Threat” to assist your organization with containing this risk.
Grow some Good in the World!