Now Available: Recording of Chinese Malicious Cyber Activity Briefing

Original release date: March 19, 2019 The Cybersecurity and Infrastructure Security Agency (CISA) has posted the February 14, 2019, Awareness Briefing on Chinese Malicious Cyber Activity. This webinar provides background and mitigation techniques on Chinese malicious cyber activity targeting managed service providers (MSPs).    CISA encourages MSPs and their customers to view the February 14, 2019, Awareness Briefing on Chinese Malicious Cyber Activity and to review the page on Chinese…

March 19, 2019
Read More >>

New Zealand-Related Scams and Malware Campaigns

Original release date: March 15, 2019 In the wake of the recent New Zealand mosque shooting, the Cybersecurity and Infrastructure Security Agency (CISA) advises users to watch out for possible malicious cyber activity seeking to capitalize on this tragic event. Users should exercise caution in handling emails related to the shooting, even if they appear to originate from trusted sources. Fraudulent emails often contain links or attachments that direct users…

March 16, 2019
Read More >>

Intel Releases Security Advisories on Multiple Products

Original release date: March 15, 2019 Intel has released security updates and recommendations to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Intel Product Security Center Advisories page, apply the necessary mitigations, and refer to software vendors for appropriate patches, when available. This product…

March 15, 2019
Read More >>

Microsoft Releases Security Update for Azure Linux Guest Agent

Original release date: March 14, 2019 Microsoft has released an update to address a vulnerability in Azure Linux Guest Agent. An attacker could exploit this vulnerability to obtain access to sensitive information. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Microsoft Security Advisory and apply the necessary update. This product is provided subject to this Notification and this Privacy & Use policy. Source: https://www.us-cert.gov

March 15, 2019
Read More >>

MS-ISAC Releases Security Primer on TrickBot Malware

Original release date: March 14, 2019 The Multi-State Information Sharing and Analysis Center (MS-ISAC) has released a security primer on TrickBot malware. TrickBot is a modular banking Trojan that targets users’ financial information and acts as a dropper for other malware. An attacker can leverage TrickBot’s modules to steal banking information, conduct system and network reconnaissance, harvest credentials, and achieve network propagation. The Cybersecurity and Infrastructure Security Agency (CISA) encourages…

March 14, 2019
Read More >>

ICSJWG Spring Meeting and Call for Abstracts (Deadline Extended)

Original release date: March 07, 2019 The Industrial Control Systems Joint Working Group (ICSJWG)—a collaborative and coordinating body operating under the Critical Infrastructure Partnership Advisory Council (CIPAC) framework—will hold the 2019 ICSJWG Spring Meeting in Kansas City, MO, April 23–25, 2019. The Spring Meeting kicks off the 10th anniversary of ICSJWG biannual meetings. ICSJWG has extended its deadline for abstracts to be presented at the meeting to 5 p.m. ET,…

March 7, 2019
Read More >>

IRS Launches ‘Dirty Dozen’ Campaign on Tax Scams

Original release date: March 04, 2019 The Internal Revenue Service (IRS) has launched its annual awareness campaign on the 12 most prevalent tax scams, known as the “Dirty Dozen.” As part of the campaign, IRS will highlight one scam each weekday. The first topic in the campaign focuses on internet phishing scams that lead to tax fraud and identity theft. IRS warns to be on alert for a continuing surge…

March 5, 2019
Read More >>

Internet Romance Scams

Original release date: February 12, 2019 The Federal Trade Commission (FTC) has released an article addressing a rise in reports of internet romance scams. In this type of fraud, cyber criminals gain the confidence of their victims and trick them into sending money. Use caution when online dating, and never send money or gifts to someone you have not met in person. The National Cybersecurity and Communications Integration Center (NCCIC),…

February 12, 2019
Read More >>

New Session Added: CISA Awareness Briefing on Chinese Malicious Cyber Activity

Original release date: February 12, 2019 The Cybersecurity and Infrastructure Security Agency (CISA) has added an additional session to the virtual awareness briefing on Chinese malicious cyber activity targeting managed service providers. The briefing will be held on Thursday, February 14, 2019, from 1-2 p.m. ET. The briefing will provide a background on the identified cyber activity and mitigation techniques. Click here to register. This product is provided subject to…

February 12, 2019
Read More >>

runc Open-Source Container Vulnerability

Original release date: February 11, 2019 The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), is aware of a vulnerability affecting several open-source container management systems that leverage runc. NCCIC encourages users and administrators to review the runc security advisory, and the RedHat and Amazon Web Services blogs; and refer to OS and application vendors for mitigations and updates as they become…

February 11, 2019
Read More >>