Current Activity

NSA Releases Cyber Advisory: Managing Risk from Transport Layer Security Inspection

17 hours 53 minutes ago
Original release date: November 19, 2019

The National Security Agency (NSA) has released a Cyber Advisory that addresses managing risk from Transport Layer Security Inspection (TLSI). This short, informative document defines TLSI (a security process that allows incoming traffic to be decrypted, inspected, and re-encrypted), explains some risks and associated challenges, and discusses mitigations.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the NSA Cyber Advisory and apply the information, as appropriate. See CISA’s Alert on risks associated with HTTPS inspection.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

FTC Provides Tips on Safeguarding Data Before Upgrading Mobile Phones

21 hours ago
Original release date: November 19, 2019

The Federal Trade Commission (FTC) has released an article with tips on how to protect personal information before trading in a mobile phone for a newer model. FTC recommends the following four steps to safeguard these devices:

  • Back up data.
  • Remove SIM and SD cards.
  • Erase personal information.
  • Verify deletion of personal information.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages consumers to review the FTC article for additional resources on how to perform each of the suggested steps and see CISA’s Tip on Proper Disposal of Electronic Devices for more information.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

National Tax Security Awareness Week is December 2–6

21 hours 8 minutes ago
Original release date: November 19, 2019

The Internal Revenue Service (IRS) has released an article announcing that National Tax Security Awareness Week will be held December 2–6. The annual recognition event will feature a series of resources and tips to help taxpayers and tax professionals protect their data and identities against identity theft.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages taxpayers, businesses, and tax professionals to review CISA’s Tip on Preventing and Responding to Identity Theft and IRS’s article on National Tax Security Awareness Week for details about new resources and the more than 25 tax security events being held across the country throughout the awareness week.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Google Releases Security Updates for Chrome

21 hours 31 minutes ago
Original release date: November 19, 2019

Google has released Chrome 78.0.3904.108 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Chrome Release and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Reminder: Malware Can Exploit Improper Configurations

4 days 19 hours ago
Original release date: November 15, 2019

Protect yourself from unwanted—and potentially harmful—files or programs by adhering to vendor-recommended configurations for hardware and software. Doing so in addition to maintaining regular patch maintenance, will help give your systems and networks the best security possible.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following tips and guidance:

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

NCSC-NZ Releases Annual Cyber Threat Report

5 days 21 hours ago
Original release date: November 14, 2019

The New Zealand National Cyber Security Centre (NCSC-NZ) has released their annual report detailing cyber threats and incidents affecting New Zealand from July 2018 to June 2019. During this period, NCSC-NZ recorded an increase in the severity of cybersecurity incidents—particularly from state-sponsored threat actors. NCSC-NZ provides enhanced cybersecurity services to New Zealand Government and organizations of national significance against cybersecurity threats.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages administrators to review the NCSC Cyber Threat Report for more information.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

VMware Releases Security Updates

1 week ago
Original release date: November 12, 2019

VMware has released security updates to address vulnerabilities in ESXi, Workstation, and Fusion. An attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review VMware Security Advisories VMSA-2019-0020 and VMSA-2019-0021 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Adobe Releases Security Updates

1 week ago
Original release date: November 12, 2019

Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Adobe Security Bulletins and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Intel Releases Security Updates

1 week ago
Original release date: November 12, 2019 | Last revised: November 13, 2019

Intel has released security updates to address vulnerabilities in multiple products. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Intel advisories and apply the necessary updates:

For updates addressing medium severity vulnerabilities, see the Intel technology blog.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Microsoft Releases November 2019 Security Updates

1 week ago
Original release date: November 12, 2019

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Microsoft’s November 2019 Security Update Summary and Deployment Information and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Holiday Shopping, Phishing, and Malware Scams

1 week 4 days ago
Original release date: November 8, 2019

As this holiday season approaches, the Cybersecurity and Infrastructure Security Agency (CISA) encourages users to be aware of potential holiday scams and malicious cyber campaigns, particularly when browsing or shopping online. Cyber actors may send emails and ecards containing malicious links or attachments infected with malware or may send spoofed emails requesting support for fraudulent charities or causes.

CISA encourages users to remain vigilant and take the following precautions:

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Cisco Releases Security Updates

1 week 5 days ago
Original release date: November 7, 2019

Cisco has released security updates to address vulnerabilities in Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities see the Cisco Security Advisories webpage.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Cisco advisories and apply the necessary updates:

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

CISA Launches “Cyber Essentials” for Small Businesses and Small SLTT Governments

1 week 6 days ago
Original release date: November 6, 2019

The Cybersecurity and Infrastructure Security Agency (CISA) has launched Cyber Essentials, an effort to assist small organizations in understanding and addressing cybersecurity risks. Developed in partnership with small businesses and small state, local, tribal, and territorial (SLTT) governments, Cyber Essentials aims to equip these organizations with basic steps and resources to improve their cybersecurity resilience.

CISA’s Fall 2019 Cyber Essentials infographic includes a list of six actions organizations can take to reduce cyber risks:

  • Drive cybersecurity strategy, investment, and culture;
  • Develop security awareness and vigilance;
  • Protect critical assets and applications;
  • Ensure only those who belong on your digital workplace have access;
  • Make backups and avoid the loss of information critical to operations; and
  • Limit damage and quicken restoration of normal operations.

CISA encourages small organizations to review CISA’s Cyber Essentials page to learn more about improving their cybersecurity resilience. 

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

U.S. Cyber Command Shares Seven New Malware Samples

2 weeks ago
Original release date: November 6, 2019

U.S. Cyber Command has released seven malware samples to the malware aggregation tool and repository, VirusTotal. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review U.S. Cyber Command’s VirusTotal page to view the samples. CISA also recommends users and administrators review the CISA Tip on Protecting Against Malicious Code for best practices on protecting systems and networks against malware.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

CSET Version 9.2 Now Available

2 weeks 1 day ago
Original release date: November 4, 2019

The Cybersecurity and Infrastructure Security Agency (CISA) has released version 9.2 of its Cyber Security Evaluation Tool (CSET). CSET is a desktop software tool that guides asset owners and operators through a consistent process for evaluating control system networks as part of a comprehensive cybersecurity assessment that uses recognized government and industry standards and recommendations.

CSET 9.2 includes the following feature enhancements and upgrades:

  • Web-based diagram editor
  • Enhanced reporting
  • New capability maturity model for financial sector customers
  • National Credit Union Administration (NCUA) Automated Cybersecurity Examination Tool (ACET) Standard
  • Financial sector risk assessment wizard
  • New analysis for network diagram questions
  • Transportation Security Administration (TSA) 2018 Pipeline security standard
  • International Society of Automation (ISA)/International Electrotechnical Commission (IEC) 62443 standards  

CISA encourages users to update to CSET version 9.2, available at https://github.com/cisagov/cset/wiki.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

National Critical Infrastructure Security and Resilience Month

2 weeks 4 days ago
Original release date: November 1, 2019

November is National Critical Infrastructure Security and Resilience Month. The Nation’s critical infrastructure (CI) relies on a highly interdependent environment, in which physical and cyber systems converge. CI plays a vital role in keeping our Nation and communities safe and secure. Everyone is involved in the mission to protect CI and can help by using cybersecurity best practices, reporting cybersecurity incidents and phishing attempts, and submitting malware for review.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages critical infrastructure owners and operators to download the Critical Infrastructure Security and Resilience Month Toolkit and to visit CISA’s Critical Infrastructure Security and Resilience Month resource page throughout November for information and updates.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Google Releases Security Updates for Chrome

2 weeks 5 days ago
Original release date: October 31, 2019

Google has released Chrome version 78.0.3904.87 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. One of these vulnerabilities (CVE-2019-13720) was detected in exploits in the wild.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Chrome Release and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

North Korean Malicious Cyber Activity

2 weeks 5 days ago
Original release date: October 31, 2019

The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Defense (DoD) have identified a Trojan malware variant—referred to as HOPLIGHT—used by the North Korean government. The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA.

CISA encourages users and administrators to review Malware Analysis Reports MAR-10135536-8 and the page on HIDDEN COBRA - North Korean Malicious Cyber Activity for more information.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

MS-ISAC Releases EOS Software Report List

2 weeks 6 days ago
Original release date: October 30, 2019 | Last revised: November 1, 2019

The Multi-State Information Sharing and Analysis Center (MS-ISAC) has released an end-of-support (EOS) software report list. Software that has reached its EOS date no longer receives security updates and patches from the vendor and is, therefore, susceptible to exploitation from security vulnerabilities. Unsupported software can also cause compatibility issues as well as decreased system performance and productivity.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review MS-ISAC's EOS Report List: October 2019 and Understanding Patches and Software Updates for more information.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

MS-ISAC Releases Advisory on PHP Vulnerabilities

2 weeks 6 days ago
Original release date: October 30, 2019

The Multi-State Information Sharing & Analysis Center (MS-ISAC) has released an advisory on multiple Hypertext Preprocessor (PHP) vulnerabilities. An attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review MS-ISAC Advisory 2019-116 and the PHP Downloads page and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA
Checked
19 minutes 50 seconds ago
A regularly updated summary of the most frequent, high-impact security incidents currently being reported to the US-CERT.
Subscribe to Current Activity feed