CISA, DOE, and UK’s NCSC Issue Guidance on Protecting Industrial Control Systems

The Cybersecurity and Infrastructure Security Agency CISA, the Department of Energy DOE, and the UK's National Cyber Security Centre NCSC have released Cybersecurity Best Practices for Industrial Control Systems, an infographic providing recommended cybersecurity practices for industrial control...

Adobe Releases Security Updates

Adobe has released security updates to address vulnerabilities affecting Adobe DNG Software Development Kit, Acrobat, and Reader. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourag...

WordPress Releases Security Update

WordPress 5.4 and prior versions are affected by multiple vulnerabilities. An attacker could exploit some of these vulnerabilities to take control of an affected website. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the WordPress Security...

VMware Releases Security Updates for ESXi

VMware has released security updates to address a vulnerability in ESXi. An attacker could exploit this vulnerability to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review VMware Security Advisory...

Google Releases Security Updates for Chrome

Google has released Chrome version 81.0.4044.129 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the...

NSA, ASD Release Guidance for Mitigating Web Shell Malware

The U.S. National Security Agency NSA and the Australian Signals Directorate ASD have jointly released a Cybersecurity Information Sheet CSI on mitigating web shell malware. Malicious cyber actors are increasingly deploying web shell malware on victim web servers to execute arbitrary system...

VMware Releases Security Updates for vRealize Log Insight

VMware has released security updates to address vulnerabilities in VMware vRealize Log Insight. An attacker could exploit these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review VMware...

Adobe Releases Security Updates for Multiple Products

Adobe has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the following...

Mozilla Releases Security Updates for Firefox and Firefox ESR

Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators t...

North Korean Malicious Cyber Activity

The Cybersecurity and Infrastructure Security Agency CISA, the Federal Bureau of Investigation FBI, and the Department of Defense DoD have identified the following malware variants used by the North Korean government. The U.S. Government refers to malicious cyber activity by the North Korean...

Be Cautious of Romance Scams

This Valentine’s Day, the Cybersecurity and Infrastructure Security Agency CISA reminds users to be wary of internet romance scams. Cyber criminals partaking in this type of fraud target victims, gain their confidence, and convince them to transfer funds. When online dating, use caution and never...

Tax Identity Theft Awareness Week

Tax Identity Theft Awareness Week is February 3-7. The Federal Trade Commission FTC Tax Identity Theft Awareness Week webpage will provide webinars and other resources from FTC and its partners throughout the week to help educate the public on how to protect against identity theft this tax season...

Data Privacy Day: A Vision for the Future

January 28 is Data Privacy Day, an annual effort to empower individuals and organizations to respect privacy, safeguard data, and enable trust. This year, the National Cyber Security Alliance NCSA is bringing together experts on U.S. and international privacy for A Vision for the Future, an...

Cisco Releases Security Updates

Cisco has released security updates to address a vulnerability affecting Cisco Webex Meetings Suite and Cisco Webex Meetings Online. A remote attacker could exploit this vulnerability to obtain sensitive information. The Cybersecurity and Infrastructure Security Agency CISA encourages users and...

IC3 Issues Alert on Employment Scams

The Internet Crime Complaint Center IC3 has issued an alert warning consumers of fake jobs and hiring scams targeting applicants’ personally identifiable information PII. Cyber criminals posing as legitimate employers spoof company websites and post fake job openings to lure victims. Cyber...

Oracle Releases January 2020 Security Bulletin

Oracle has released its Critical Patch Update for January 2020 containing 334 new security patches to address vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Securit...

VMware Releases Security Update

VMware has released a security update to address a vulnerability in VMware Tools. An attacker could exploit this vulnerability to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review VMware Security Advisory...

Microsoft Releases December 2019 Security Updates

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review...

Apple Releases Multiple Security Updates

Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the Apple...

Cyber Monday: Tips for Safeguarding Personal Information

Cyber Monday draw millions of shoppers online for deals and savings, but this day also provides opportunities for an attacker to steal personal information. The Cybersecurity and Infrastructure Security Agency CISA reminds users to remain vigilant when browsing or shopping online. CISA encourages...

Caller Poses as CISA Rep in Extortion Scam

The Cybersecurity and Infrastructure Security Agency CISA is aware of a phone scam where a caller pretends to be a CISA representative. The scammer claims to have knowledge of the potential victim’s questionable behavior and attempts to extort money. If you receive a threatening call from someone...

Holiday Shopping, Phishing, and Malware Scams

As this holiday season approaches, the Cybersecurity and Infrastructure Security Agency CISA encourages users to be aware of potential holiday scams and malicious cyber campaigns, particularly when browsing or shopping online. Cyber actors may send emails and ecards containing malicious links or...

FTC Provides Tips for Warding Off Hackers

The Federal Trade Commission FTC has released an article with tips on how protect your personal information from being stolen by hackers. In support of National Cybersecurity Awareness Month NCSAM, FTC provides recommendations on how to safeguard phones, computers, accounts, and personally...

ACSC Releases Advisory on Emotet Malware Campaign

The Australian Cyber Security Centre ACSC has released an advisory on an ongoing, widespread Emotet malware campaign. Emotet is a Trojan—commonly spread via malicious email attachments—that attempts to proliferate within a network by brute forcing user credentials and writing to shared drives. AC...

Cisco Releases Security Updates

Cisco has released security updates to address vulnerabilities in Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities see the Cisco Security Advisories page. The Cybersecurity an...

FBI Releases Article on Defending Against Phishing and Spearphishing Attacks

In recognition of National Cybersecurity Awareness Month NCSAM, the Federal Bureau of Investigation FBI has released an article to raise awareness of phishing and spearphishing. The article provides guidance on recognizing and avoiding these types of attacks. The Cybersecurity and Infrastructure...

Apple Releases Security Updates

Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the Apple...

Cisco Releases Security Updates

Cisco has released security updates to address vulnerabilities affecting multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to...

Cisco Releases Security Advisories

Cisco has released security updates to address vulnerabilities affecting multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to...

Ransomware Protection Strategies

The Cybersecurity and Infrastructure Security Agency CISA has observed an increase in ransomware attacks across the Nation. Helping organizations protect themselves from ransomware is a chief priority for CISA. Organizations are encouraged to review the following resources to help prevent,...

FBI Releases Article on Think Before You Post Campaign

The Federal Bureau of Investigation FBI has released an article on their Think Before You Post campaign, designed to educate students on the use of social media and how to avoid making poor choices when posting, texting, or emailing thoughts or grievances that could lead to disruptive behavior,...

FISMA Annual Report to Congress

The Office of Management and Budget OMB has published its Fiscal Year FY 2018 Annual Report to Congress on the implementation of the Federal Information Security Modernization Act of 2014 FISMA. The document includes data reported by agencies to OMB and the Cybersecurity and Infrastructure Securi...

CISA Insights: Ransomware Outbreak

The Cybersecurity and Infrastructure Security Agency CISA has released its first CISA Insights product, which discusses the rapid emergence of ransomware across our Nation’s networks. CISA Insights – Ransomware Outbreak includes steps in the following key areas to help organizations protect...

Cyber Safety for Students

As summer break ends, many students will return to school with mobile devices, such as smart phones, tablets, and laptops. Although these devices can help students complete schoolwork and stay in touch with family and friends, there are risks associated with using them. However, there are simple...

Multiple HTTP/2 Implementation Vulnerabilities

The CERT Coordination Center CERT/CC has released information on vulnerabilities affecting HTTP/2 implementations. An attacker could exploit these vulnerabilities to cause a denial-of-service DoS condition. Attacks can consume excessive system resources and lead to distributed DoS DDoS attacks. T...

Cisco Releases Security Updates for Multiple Products

Cisco has released security updates to address vulnerabilities in multiple Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the...

Cylance Antivirus Vulnerability

The CERT Coordination Center CERT/CC has released information on a vulnerability affecting Cylance Antivirus products. A remote attacker could bypass Cylance antivirus detection. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review CERT/CC...

IRS Reminds Tax Professionals: Create a Data Security Plan

The Internal Revenue Service IRS has issued a news release reminding professional tax preparers that they are required by law to have a written data security plan. Creating and maintaining a data security plan ensures that tax professionals are reviewing their data security protections and...

Building Resilience to Foreign Interference, Misinformation Activities

As part of the effort to Protect2020, the Cybersecurity and Infrastructure Security Agency CISA is working with national partners to build resilience to foreign interferences, particularly information activities e.g., disinformation, misinformation. The Department of Homeland Security DHS views...

NCSC Releases Advisory on Ongoing DNS Hijacking Campaign

The United Kingdom’s National Cyber Security Centre NCSC has released an advisory about an ongoing Domain Name System DNS hijacking campaign. The advisory details risks and mitigations for organizations to defend against this campaign, in which attackers use compromised credentials to modify the...

Mozilla Releases Security Updates for Firefox and Firefox ESR

Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the...

NIST Releases Report on Managing IoT Risks

The National Institute of Standards and Technology NIST has released the Considerations for Managing Internet of Things IoT Cybersecurity and Privacy Risks report. The publication—the first in a planned series on IoT—aims to help federal agencies and other organizations manage the cybersecurity a...

Privacy Awareness Week

The Federal Trade Commission FTC has released an announcement promoting Privacy Awareness Week PAW. PAW is an annual event fostering awareness of privacy issues and the importance of protecting personal information. This year’s theme, “Protecting Privacy is Everyone’s Responsibility,” focuses on...

Staying Cyber Safe During Memorial Day

As Memorial Day approaches, the Cybersecurity and Infrastructure Security Agency CISA reminds users to stay cyber safe. Users should be cautious of potential scams, such as unsolicited emails that contain malicious links or attachments with malware. Users should also be aware of the risks...

Vulnerability in Multiple VPN Applications

The CERT Coordination Center CERT/CC has released information on a vulnerability affecting multiple Virtual Private Network VPN applications. An attacker could exploit this vulnerability to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages...

VMware Releases Security Updates

VMware has released security updates to address vulnerabilities in ESXi, Workstation, and Fusion. An attacker could exploit some of these vulnerabilities to obtain sensitive information. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review VMware...

Apache Releases Security Update for Apache HTTP Server

The Apache Software Foundation has released Apache HTTP Server version 2.4.39 to address multiple vulnerabilities. An attacker could exploit one of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and...

Now Available: Recording of Chinese Malicious Cyber Activity Briefing

The Cybersecurity and Infrastructure Security Agency CISA has posted the February 14, 2019, Awareness Briefing on Chinese Malicious Cyber Activity. This webinar provides background and mitigation techniques on Chinese malicious cyber activity targeting managed service providers MSPs. CISA...

Cisco Releases Security Updates

Cisco has released security updates to address vulnerabilities in Cisco products. A remote attacker could exploit one of these vulnerabilities to cause a denial-of-service condition. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the...

Google Releases Security Updates for Chrome

Google has released Chrome version 73.0.3683.75 for Windows, Mac, and Linux. This version addresses multiple vulnerabilities that an attacker could exploit to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to revie...