Current Activity

IRS Warns of New Email Scam

4 weeks ago
Original release date: August 23, 2019

The Internal Revenue Service (IRS) has issued a warning about a new email scam in which malicious cyber actors send unsolicited emails to taxpayers from fake (i.e., spoofed) IRS email addresses. The emails contain a link to a spoofed IRS.gov website that displays fake details about the targeted recipient’s tax refund, return, or account. The emails instruct the recipient to access their refund information by entering a provided password on the spoofed website. By entering the password, the victim unintentionally downloads malware that could enable the malicious cyber actors to take control of the affected system or obtain sensitive information.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the IRS news release and the CISA Tip on Avoiding Social Engineering and Phishing Attacks for more information.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

FISMA Annual Report to Congress

4 weeks ago
Original release date: August 23, 2019

The Office of Management and Budget (OMB) has published its Fiscal Year (FY) 2018 Annual Report to Congress on the implementation of the Federal Information Security Modernization Act of 2014 (FISMA). The document includes data reported by agencies to OMB and the Cybersecurity and Infrastructure Security Agency (CISA). The report highlights government-wide cybersecurity programs and initiatives, and agencies’ progress to enhance federal cybersecurity over the past year and into the future. Notably, in FY 2018, agencies reported 31,107 incidents, a 12 percent decrease from FY 2017.

CISA encourages organizations to review the Fiscal Year 2018 Annual Report for more information.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

CISA Strategic Intent: Defend Today, Secure Tomorrow

4 weeks 1 day ago
Original release date: August 22, 2019 | Last revised: August 23, 2019

The Cybersecurity and Infrastructure Security Agency (CISA) has released the CISA Strategic Intent document, framing the new agency’s mission to protect the Nation’s critical infrastructure from physical and cyber threats. The document details CISA Director Christopher Krebs’ strategic vision and operational priorities and will serve as the interim strategy as the agency develops a longer-term strategic plan.

CISA encourages organizations to review the CISA Strategic Intent and the CISA website for more information.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Cisco Releases Security Updates

4 weeks 1 day ago
Original release date: August 22, 2019

Cisco has released security updates to address vulnerabilities in Cisco Integrated Management Controller (IMC) Supervisor, Unified Computing System (UCS) Director, and UCS Director Express for Big Data. A remote attacker could exploit these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates:

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

CISA Insights: Ransomware Outbreak

4 weeks 2 days ago
Original release date: August 21, 2019

The Cybersecurity and Infrastructure Security Agency (CISA) has released its first CISA Insights product, which discusses the rapid emergence of ransomware across our Nation’s networks. CISA Insights – Ransomware Outbreak includes steps in the following key areas to help organizations protect themselves from ransomware attacks—a top priority for CISA: 

  • Actions for Today – Make Sure You’re Not Tomorrow’s Headline
  • Actions to Recover If Impacted – Don’t Let a Bad Day Get Worse
  • Actions to Secure Your Environment Going Forward – Don’t Let Yourself be an Easy Mark

CISA urges organizations to review CISA Insights – Ransomware Outbreak, implement the recommendations, and visit the CISA resource page on ransomware for more information.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Cyber Safety for Students

1 month ago
Original release date: August 20, 2019

As summer break ends, many students will return to school with mobile devices, such as smart phones, tablets, and laptops. Although these devices can help students complete schoolwork and stay in touch with family and friends, there are risks associated with using them. However, there are simple steps that can help students stay safe while using their internet-connected devices.

The Cybersecurity and Infrastructure Security Agency (CISA) recommends reviewing the following resources for more information on cyber safety for students:

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Microsoft Releases Security Update for Windows Elevation of Privilege Vulnerability

1 month ago
Original release date: August 15, 2019

Microsoft has released a security update to address an elevation of privilege vulnerability (CVE-2019-1162) in Windows. An attacker could exploit this vulnerability to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Microsoft Security Advisory and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

IRS Security Summit Series for Tax Professionals: Create a Data Theft Recovery Plan

1 month ago
Original release date: August 14, 2019

The fifth and final step in the Internal Revenue Service (IRS) Security Summit series for tax professionals is creating a data theft recovery plan. IRS issued a news release highlighting the importance of understanding the risks posed by national and international cybersecurity criminal syndicates, working with cybersecurity experts to help prevent and stop data theft, and reporting data theft as soon as possible. Creating a data theft recovery plan is part of the Taxes. Security. Together. Checklist, which IRS created to help tax professionals protect sensitive taxpayer data.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages tax professionals to review the IRS news release and the following Security Summit series topics for more information:

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Microsoft Releases Security Updates to Address Remote Code Execution Vulnerabilities

1 month ago
Original release date: August 14, 2019

Microsoft has released security updates to address two remote code execution vulnerabilities, CVE-2019-1181 and CVE-2019-1182, in the following operating systems:

  • Windows 7 SP1
  • Windows Server 2008 R2 SP1
  • Windows Server 2012
  • Windows 8.1
  • Windows Server 2012 R2
  • Windows 10
  • Windows Server 2016
  • Windows Server 2019

An attacker could exploit these vulnerabilities to take control of an affected system. Similar to CVE-2019-0708—dubbed BlueKeep—these vulnerabilities are considered “wormable” because malware exploiting these vulnerabilities on a system could propagate to other vulnerable systems.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and users and administrators to review the following resources and apply the necessary updates:

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Multiple HTTP/2 Implementation Vulnerabilities

1 month ago
Original release date: August 14, 2019

The CERT Coordination Center (CERT/CC) has released information on vulnerabilities affecting HTTP/2 implementations. An attacker could exploit these vulnerabilities to cause a denial-of-service (DoS) condition. Attacks can consume excessive system resources and lead to distributed DoS (DDoS) attacks.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review CERT/CC’s Vulnerability Note VU#605641 for more information and refer to vendors for updates.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Microsoft Releases August 2019 Security Updates

1 month 1 week ago
Original release date: August 13, 2019

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Microsoft’s August 2019 Security Update Summary and Deployment Information and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Intel Releases Security Updates

1 month 1 week ago
Original release date: August 13, 2019

Intel has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to gain an escalation of privileges on a previously infected machine.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Intel advisories and apply the necessary updates:

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Adobe Releases Security Updates for Multiple Products

1 month 1 week ago
Original release date: August 13, 2019

Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Adobe Security Bulletins and apply the necessary updates:

 

 

 

 

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

NCSA Webinar on Cybersecurity for Small Businesses

1 month 1 week ago
Original release date: August 9, 2019

The National Cyber Security Alliance (NCSA) and INFOSEC are hosting a webinar to educate small businesses on how to protect against phishing, vishing, and smishing threats. The webinar will be held on Tuesday, August 13, 2019 from 2-3 p.m. ET.

The Cybersecurity and Infrastructure Agency (CISA) encourages small businesses to register for the webinar and visit CISA’s Resources for Business page to learn how to defend against cyber criminals.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

ACSC Releases Advisory on Password Spraying Attacks

1 month 1 week ago
Original release date: August 8, 2019

The Australian Cyber Security Centre (ACSC) has released an advisory on password spraying attacks. Password spraying is a type of brute-force attack in which a malicious actor uses a single password against targeted user accounts before moving on to attempt a second password, and so on. This technique allows the actor to remain undetected by avoiding rapid or frequent account lockouts.
 
The ACSC provides recommendations for organizations to detect and mitigate these types of attacks against their external services, such as webmail, remote desktop access, or cloud-based services.
 
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the ACSC advisory on password spraying attacks and the following CISA tips:
•    Choosing and Protecting Passwords
•    Supplementing Passwords

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Google Releases Security Updates for Chrome

1 month 1 week ago
Original release date: August 8, 2019

Google has released Chrome version 76.0.3809.100 for Windows, Mac, and Linux. This version addresses a vulnerability that an attacker could exploit to take control of an affected system.
 
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Chrome Release and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Tips for a Cyber Safe Vacation

3 months 3 weeks ago
Original release date: May 24, 2019

As summer nears, many people will soon be taking vacations. When planning vacations, users should be aware of potential rental scams and “free” vacation ploys. Travelers should also keep in mind risks related to travelling with mobile devices.

The Cybersecurity and Information Security Agency (CISA) encourages travelers to review the following suggested tips and security practices to keep their vacation cyber safe:

This product is provided subject to this Notification and this Privacy & Use policy.


US-CERT

Privacy Awareness Week

3 months 4 weeks ago
Original release date: May 22, 2019

The Federal Trade Commission (FTC) has released an announcement promoting Privacy Awareness Week (PAW). PAW is an annual event fostering awareness of privacy issues and the importance of protecting personal information. This year’s theme, “Protecting Privacy is Everyone’s Responsibility,” focuses on promoting privacy awareness for consumers and businesses.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages consumers and organizations to review FTC’s post and consider the following practices to protect privacy and safeguard data:

This product is provided subject to this Notification and this Privacy & Use policy.


US-CERT

Mozilla Releases Security Updates for Firefox, Thunderbird

3 months 4 weeks ago
Original release date: May 21, 2019 | Last revised: May 22, 2019

Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Mozilla Security Advisories for Firefox 67, Firefox ESR 60.7, and Thunderbird 60.7 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


US-CERT

Staying Cyber Safe During Memorial Day

4 months ago
Original release date: May 20, 2019 | Last revised: May 24, 2019

As Memorial Day approaches, the Cybersecurity and Infrastructure Security Agency (CISA) reminds users to stay cyber safe. Users should be cautious of potential scams, such as unsolicited emails that contain malicious links or attachments with malware. Users should also be aware of the risks associated with online shopping and traveling with mobile devices.

CISA recommends users review the following tips for information on how to guard against these risks:

This product is provided subject to this Notification and this Privacy & Use policy.


US-CERT
Checked
3 months 3 weeks ago
A regularly updated summary of the most frequent, high-impact security incidents currently being reported to the US-CERT.
Subscribe to Current Activity feed