The following announcements highlight recent cybersecurity news including alerts, threats, vulnerabilities, and malicious activity. They also include up-to-date information on available updates and patches for your operating systems.
Published Apr 09, 2015
AAEH (also known as VObfus, VBObfus, Beebone, or Changeup) is a family of polymorphic downloaders created with the primary purpose of downloading other malware, including password stealers, rootkits, fake antivirus, and ransomware.
Published Oct 06, 2014
The Office of Management and Budget (OMB) established an improved process for DHS to conduct regular and proactive scans of Federal civilian agency networks. Revised Incident Notification Guidelines are included that streamline the way agencies report cybersecurity incident information to US-CERT.
Published Sep 25, 2014
A vulnerability in Bash, also known as 'Shellshock', affects UNIX-based operating systems such as Linux and Mac OS X. See the TA14-268A and VU#252743 for details and recommended actions.
Published Jul 31, 2014
NCCIC, USSS, and third-party partners have issued an advisory regarding a Point-of-Sale malware dubbed "Backoff" which has been discovered exploiting businesses' administrator accounts remotely and exfiltrating consumer payment data.
Published Jun 02, 2014
US-CERT has issued an alert describing the GameOver Zeus malware used by cybercriminals to collect banking information such as login credentials. This alert identifies the systems affected, the impact of the malware and possible solutions.
Published May 02, 2014
Malicious insider activity can have devastating impacts on an organization. The NCCIC has released a new publication on "Combating the Insider Threat" to assist your organization with containing this risk.
Published Apr 09, 2014
Certain OpenSSL versions contain a critical vulnerability which may allow a malicious actor to obtain sensitive or private information. See the '"Heartbleed" OpenSSL Vulnerability' Technical Publication, TA14-098A, and VU#720951 for details and recommended actions.
Published Feb 12, 2014
The Critical Infrastructure Cyber Community Voluntary Program, or C³ (pronounced "C Cubed") Voluntary Program, is an innovative public-private partnership, to help connect companies, as well as Federal, State, local, tribal, and territorial partners, to DHS and other Federal government programs and resources that will assist their efforts in managing their cyber risks.
Published Jan 29, 2014
NCCIC has recently published a DDoS Quick Guide. This guide contains possible DDoS attack methods per OSI layer, potential impact and the applicable recommended mitigation strategies as well as relevant hardware. This report also provides possible DDoS traffic type descriptions.