Cybersecurity and Infrastructure Security Agency

Original release date: November 19, 2018 On November 16, 2018, the President signed into law the Cybersecurity and Infrastructure Security Agency Act of 2018. This Act elevates the mission of the former Department of Homeland Security (DHS) National Protection and Programs Directorate (NPPD) and establishes the Cybersecurity and Infrastructure Security Agency (CISA). CISA is responsible for protecting the Nation’s critical infrastructure from physical and cyber threats, a mission that requires…

November 20, 2018
Read More >>

NCCIC Releases Analysis Report on JexBoss

Original release date: November 08, 2018 NCCIC has released Analysis Report (AR) AR18-312A: JexBoss – JBoss Verify and EXploitation Tool. Cyber threat actors use JexBoss to remotely access victims’ systems. The report provides information on JexBoss’ capabilities, as well as suggestions for detection and mitigation. NCCIC encourages users and administrators to review AR18-312A for more information. This product is provided subject to this Notification and this Privacy & Use policy….

November 8, 2018
Read More >>

Self-Encrypting Solid-State Drive Vulnerabilities

Original release date: November 06, 2018 NCCIC is aware of reports of vulnerabilities in the hardware encryption of certain self-encrypting solid-state drives. An attacker could exploit these vulnerabilities to obtain access to sensitive information. NCCIC encourages users and administrators to review Microsoft’s Security Advisory ADV180028 and Samsung’s Customer Notice regarding Samsung SSDs for more information and refer to vendors for appropriate patches and recommendations, when available. This product is provided…

November 7, 2018
Read More >>

November is National Critical Infrastructure Security and Resilience Month

Original release date: November 01, 2018 November is National Critical Infrastructure Security and Resilience Month. Critical Infrastructure (CI) is our Nation’s backbone; it is the physical and cyber systems and assets that are so vital to the United States that their incapacity or destruction would have a debilitating impact on our physical or economic security or public health or safety. Everyone is involved in the mission to protect CI. Users…

November 1, 2018
Read More >>

Apache Releases Security Update for Apache Tomcat JK Connectors

Original release date: October 31, 2018 The Apache Software Foundation has released a security update to address a vulnerability affecting Apache Tomcat JK Connectors 1.2.0 to 1.2.44. A remote attacker could exploit this vulnerability to obtain access to sensitive information. NCCIC encourages users and administrators to review the Apache security advisory for CVE-2018-11759 and apply the necessary update or mitigation. This product is provided subject to this Notification and this…

November 1, 2018
Read More >>

National Cybersecurity Awareness Month: Staying Secure

Original release date: October 30, 2018 National Cybersecurity Awareness Month is over, but your work securing your home and business systems and networks is not. NCCIC recommends users and administrators subscribe to NCCIC National Cyber Awareness System product notifications to keep on top of cybersecurity threats as they emerge. This product is provided subject to this Notification and this Privacy & Use policy. Source: https://www.us-cert.gov

October 30, 2018
Read More >>

FTC Releases Alert with Cybersecurity Resources for Non-Profits and Small Businesses

Original release date: October 25, 2018 | Last revised: October 26, 2018 The Federal Trade Commission (FTC) has released an alert with new cybersecurity resources for non-profits and small businesses. These resources, which cover topics such as ransomware, phishing, and email authentication, aim to help organizations protect their network and information. NCCIC encourages non-profits and small businesses to review FTC’s Cybersecurity Resources for Non-Profits article, FTC’s Cybersecurity for Small Business…

October 26, 2018
Read More >>

FTC Releases Cyber Resources for Small Businesses

Original release date: October 25, 2018 The Federal Trade Commission (FTC) has released new cyber resources for small businesses, including non-profit and charity organizations. These resources, which cover topics such as ransomware, phishing, and email authentication, aim to help smaller organizations protect their network and information. NCCIC encourages small businesses and consumers to review FTC’s Cybersecurity Resources for Non-Profits article, FTC’s Cybersecurity for Small Business web page, and NCCIC’s Resources…

October 26, 2018
Read More >>

DHS Webinar: Communicating Cyber Risk to Agency Decision Makers and Mission Owners

Original release date: October 25, 2018 DHS Office of Cybersecurity and Communications Assistant Secretary Jeanette Manfra is hosting a webinar on communicating cybersecurity risk issues to federal department and agency executives and mission owners on Tuesday, October 30, 2018, from 12-1 p.m. ET. NCCIC encourages users and administrators to attend the one-hour webinar. For more information, and to register, visit the Communicating Cyber Risk to Agency Decision Makers and Mission Owners…

October 25, 2018
Read More >>

FTC Promotes International Charity Fraud Awareness Week

Original release date: October 22, 2018 The Federal Trade Commission (FTC) has released an announcement promoting the first International Charity Fraud Awareness Week (ICFAW). FTC, the National Association of State Charities Officials, and state and international partners coordinated this effort to raise awareness about donating wisely to charities. ICFAW will feature resources and tips on various topics—including giving after natural disasters, telemarketing solicitations, privacy, and online giving—hosted on FTC’s Twitter…

October 23, 2018
Read More >>