Hurricane-Related Scams

As the 2019 hurricane season approaches, the Cybersecurity and Infrastructure Security Agency CISA warns users to remain vigilant for malicious cyber activity targeting disaster victims and potential donors. Fraudulent emails commonly appear after major natural disasters and often contain links o...

MS-ISAC Highlights Verizon Data Breach Report Release

The Multi-State Information Sharing & Analysis Center MS-ISAC has released a Cybersecurity Spotlight on the 2019 Verizon Data Breach Report to raise awareness of data breach incidents and provide recommended best practices for election officials. The report—produced annually by the Verizon Threat...

ICSJWG Spring Meeting and Call for Abstracts (Deadline Extended)

The Industrial Control Systems Joint Working Group ICSJWG—a collaborative and coordinating body operating under the Critical Infrastructure Partnership Advisory Council CIPAC framework—will hold the 2019 ICSJWG Spring Meeting in Kansas City, MO, April 23–25, 2019. The Spring Meeting kicks off the...

Mozilla Releases Security Updates for Firefox

Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system. The National Cybersecurity and Communications Integration Center NCCIC, part of the Cybersecurity and...

Apple Releases Multiple Security Updates

Apple has released security updates to address vulnerabilities in multiple products, including the recently discovered FaceTime vulnerability. An attacker could exploit some of these vulnerabilities to take control of an affected system. The National Cybersecurity and Communications Integration...

Cisco Releases Security Updates

Cisco has released security updates to address vulnerabilities in Cisco AsyncOS Software for Cisco Email Security Appliance. A remote attacker could exploit these vulnerabilities to cause a denial-of-service condition. The National Cybersecurity and Communications Integration Center NCCIC, part o...

Securing New Devices

During the holidays, internet-connected devices also known as Internet of Things IoT are often popular gifts—such as smart TVs, watches, toys, phones, and tablets. This technology provides a level of convenience to our lives, but it requires that we share more information than ever. The security ...

Cisco Releases Security Updates

Cisco has released security updates to address a vulnerability in Adaptive Security Appliance. A remote attacker could exploit this vulnerability to take control of an affected system. The National Cybersecurity and Communications Integration Center NCCIC, part of the Cybersecurity and...

Apple Releases Multiple Security Updates

Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review the Apple security pages for the following products and apply the...

FTC Issues Alert on Recent Marriott Breach

The Federal Trade Commission FTC has released an alert to provide affected users with recommended precautions against identity theft after the recent breach of the Marriott International Starwood guest reservation database. NCCIC encourages users and administrators to review the FTC Alert and the...

Google Releases Security Updates for Chrome

Google has released Chrome version 71.0.3578.80 for Windows, Mac, and Linux. This version addresses multiple vulnerabilities that an attacker could exploit to take control of an affected system. NCCIC encourages users and administrators to review the Chrome Releases page and apply the necessary...

3ve – Fraudulent Online Advertising

The Department of Homeland Security and the Federal Bureau of Investigation have released a joint Technical Alert TA on a major online ad fraud operation—referred to by the U.S. Government as "3ve." NCCIC encourages users and administrators to review Alert TA18-331A: 3ve – Major Online Ad Fraud...

National Cybersecurity Awareness Month: Cybersecurity at Home

October is National Cybersecurity Awareness Month NCSAM, an annual campaign to raise awareness about cybersecurity. The National Cyber Security Alliance NCSA has published general tips to help you increase your cybersecurity awareness—including whom to contact if you are the victim of cyber...

Cisco Releases Security Updates

Cisco has released security updates to address multiple vulnerabilities in Cisco Webex Network Recording Player. A remote attacker could exploit these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review the Cisco Security Advisory and apply t...

Potential Hurricane Florence Phishing Scams

NCCIC warns users to remain vigilant for malicious cyber activity seeking to exploit interest in Hurricane Florence. Fraudulent emails commonly appear after major natural disasters and often contain links or attachments that direct users to malicious websites. Users should exercise caution in...

Mozilla Releases Security Updates for Firefox

Mozilla has released security updates to address multiple vulnerabilities in Firefox and Firefox ESR. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review the Mozilla Security Advisories for Firefo...

FBI Releases Article on Building a Digital Defense Against Facebook Scams

The Federal Bureau of Investigation FBI has released an article on building a digital defense against a fraud that uses Facebook’s texting app—Facebook Messenger. Scammers send messages that appear to be from trusted sources or trick users into clicking on malicious links or sharing personal...

FTC Issues Alert on Tech Support Scams

The Federal Trade Commission has released an alert on tech support scams. Scammers use pop-up messages, websites, emails, and phone calls to entice users to pay for fraudulent tech support services to repair problems that don’t exist. Users should not pay or give control of their devices to any...

North Korean Malicious Cyber Activity

The Department of Homeland Security DHS and the Federal Bureau of Investigation FBI released a joint Technical Alert TA that identifies two families of malware—referred to as Joanap and Brambul—used by the North Korean government. The U.S. Government refers to malicious cyber activity by the Nort...

FBI Releases Article on Building a Digital Defense with Credit Reports

FBI has released an article on using credit reports to build a digital defense against identify theft. FBI explains how identity theft can deal a devastating blow to consumers' credit history. However, regularly checking the accuracy of credit reports can help consumers minimize risk. NCCIC...

VPNFilter Destructive Malware

NCCIC is aware of a sophisticated modular malware system known as VPNFilter. Devices known to be affected by VPNFilter include Linksys, MikroTik, NETGEAR, and TP-Link networking equipment, as well as QNAP network-attached storage NAS devices. Devices compromised by VPNFilter may be vulnerable to...

Cisco Releases Security Updates

Cisco has released updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review the following Cisco Security Advisories and apply the necessa...

Mozilla Releases Security Updates for Firefox

Mozilla has released security updates to address vulnerabilities in Firefox ESR and Firefox. An attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review the Mozilla Security Advisories for Firefox ESR 52.8 and...

Microsoft Releases May 2018 Security Updates

Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review Microsoft's May 2018 Security Update Summary and Deployment...

Drupal Releases Critical Security Updates

Drupal has released critical updates addressing a vulnerability in Drupal 8.x and 7.x. A remote attacker could exploit this vulnerability to take control of an affected system. NCCIC encourages users and administrators to review Drupal's Security Advisory and apply the necessary updates. This...

Apple Releases Multiple Security Updates

Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review Apple security pages for the following products and apply the...

Oracle Releases April 2018 Security Bulletin

Oracle has released its Critical Patch Update for April 2018 to address 254 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review the Oracle April 2018...

Adobe Releases Security Updates

Adobe has released security updates to address vulnerabilities in Adobe Flash Player, Connect, and Dreamweaver. A remote attacker could exploit these vulnerabilities to take control of an affected system. NCCIC/US-CERT encourages users and administrators to review Adobe Security Bulletin APSB18-0...

National Consumer Protection Week

March 4–10 is National Consumer Protection Week NCPW, an event to encourage people and businesses to learn more about avoiding scams and understanding consumer rights. During NCPW, the Federal Trade Commission FTC and its partners highlight free resources to help protect consumers. NCCIC/US-CERT...

Cisco Releases Security Updates for Multiple Products

Cisco has released several updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC/US-CERT encourages users and administrators to review the following Cisco Security Advisories and...

Cisco Releases Security Updates

Cisco has released an updated advisory and security updates to address a vulnerability affecting its Adaptive Security Appliance software. A remote attacker could exploit this vulnerability to take control of an affected system. NCCIC/US-CERT encourages users and administrators to review Cisco's...

Microsoft Releases January 2018 Security Updates

Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. US-CERT encourages users and administrators to review Microsoft's January 2018 Security Update Summary and Deployme...

Microsoft Releases December 2017 Security Updates

Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. US-CERT encourages users and administrators to review Microsoft's December 2017 Security Update Summary and...

Apple Releases Security Updates

Apple has released security updates to address vulnerabilities in AirPort Base Station. An attacker could exploit some of these vulnerabilities to take control of an affected system. US-CERT encourages users and administrators to review the Apple security pages for AirPort Base Station Firmware...

Mozilla Releases Security Update for Firefox

Mozilla has released a security update to address multiple vulnerabilities in Firefox 57. A remote attacker could exploit these vulnerabilities to take control of an affected system. US-CERT encourages users and administrators to review the Mozilla Security Advisory for Firefox 57.0.1 and apply t...

Cisco Releases Security Updates

Cisco has released security updates to address vulnerabilities in its WebEx Network Recording Player for Advanced Recording Format ARF and WebEx Recording Format WRF files. A remote attacker could exploit these vulnerabilities to take control of an affected system. US-CERT encourages users and...

Adobe Releases Security Updates

Adobe has released security updates to address vulnerabilities in Flash Player, Photoshop CC, Adobe Connect, DNG Converter, InDesign, Digital Editions, Shockwave Player, and Experience Manager. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affecte...

Google Releases Security Update for Chrome

Google has released Chrome version 62.0.3202.75 for Windows, Mac, and Linux. This version addresses a vulnerability that an attacker could exploit to cause a denial-of-service condition. US-CERT encourages users and administrators to review the Chrome Releases page and apply the necessary update...

Cisco Releases Security Updates

Cisco has released updates to address vulnerabilities affecting multiple products. A remote attacker could exploit one of these vulnerabilities to take control of an affected system. US-CERT encourages users and administrators to review the following Cisco Security Advisories and apply the...

Oracle Releases Security Bulletin

Oracle has released its Critical Patch Update for October 2017 to address 252 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. Users and administrators are encouraged to review the Oracle October 2017...

Mozilla Releases Security Update

Mozilla has released a security update to address multiple vulnerabilities in Thunderbird. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system. US-CERT encourages users and administrators to review the Mozilla Security Advisory for...

Apple Releases Security Update for macOS High Sierra

Apple has released a supplemental security update to address vulnerabilities in macOS High Sierra 10.13. An attacker could exploit these vulnerabilities to obtain sensitive information. US-CERT encourages users and administrators to review the Apple security page for macOS High Sierra 10.13 and...

Cisco Releases Security Updates

Cisco has released updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to cause a denial-of-service condition. US-CERT encourages users and administrators to review the following Cisco Security Advisories and apply the...

Google Releases Security Updates for Chrome OS

Google has released Chrome OS version 60.0.3112.80 for Chrome devices to address multiple vulnerabilities. Exploitation of one these vulnerabilities could allow a remote attacker to take control of an affected system. Users and administrators are encouraged to review the Google Chrome blog entry...

DOJ Provides Organizations a Framework for Development of a Vulnerability Disclosure Program

The Department of Justice DOJ Criminal Division Cybersecurity Unit has developed a framework to assist organizations interested in creating a formal vulnerability disclosure program. US-CERT encourages users, administrators, and organizations to review the DOJ publication, A Framework for a...

FTC Releases Alert on Charity Scams

The Federal Trade Commission FTC has released an alert on charity scams. Recent acts of fraud include solicitations from scammers requesting payment to claim a sweepstakes prize. Anytime someone asks you to pay to obtain a prize, it is a scam. US-CERT encourages consumers to refer to the FTC Aler...

FTC Releases Alert on Tech-Support Scams

The Federal Trade Commission FTC has released an alert on technical-support scams. In these schemes, deceptive tech-support operations offer to fix problems that don't exist, placing calls or sending pop-ups to make people think their computers are infected with viruses. Users should not give...

VMware Releases Security Updates

VMware has released security updates to address vulnerabilities in vSphere Data Protection. Exploitation of these vulnerabilities could allow a remote attacker to take control of an affected system. US-CERT encourages users and administrators to review VMware Security Advisory VMSA-2017-0010 and...

Google Releases Security Updates for Chrome

Google has released Chrome version 59.0.3071.86 for Windows, Mac, and Linux. This version addresses multiple vulnerabilities that, if exploited, may allow an attacker to take control of an affected system. Users and administrators are encouraged to review the Chrome Releases page and apply the...

WordPress Releases Security Update

WordPress versions prior to 4.7.5 are affected by multiple vulnerabilities. A remote attacker could exploit some of these vulnerabilities to take control of an affected website. Users and administrators are encouraged to review the WordPress Security Release and upgrade to WordPress 4.7.5. This...