FBI Releases Article on Defending Against Phishing and Spearphishing Attacks

In recognition of National Cybersecurity Awareness Month (NCSAM), the Federal Bureau of Investigation (FBI) has released an article to raise awareness of phishing and spearphishing. The article provides guidance on recognizing and avoiding these types of attacks. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users to review the FBI article and CISA’s Tip on Avoiding Social Engineering and Phishing Attacks. For more information on NCSAM, see the NCSAM 2019…

October 10, 2019
Read More >>

ACSC Releases Small Business Cybersecurity Guide

The Australian Cyber Security Centre (ACSC) has released a cybersecurity guide for small businesses. The guide provides checklists to help small business protect themselves against common cybersecurity incidents. The Cybersecurity and Infrastructure Security Agency (CISA) encourages small business owners and administrators to review ACSC’s Small Business Cyber Security Guide and CISA’s Resources for Business page to learn how to defend against cyberattacks. Source: https://www.us-cert.gov

October 10, 2019
Read More >>

iTerm2 Vulnerability

The CERT Coordination Center (CERT/CC) has released information on a vulnerability (CVE-2019-9535) affecting iTerm2, a macOS terminal emulator. An attacker could exploit this vulnerability to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review CERT/CC’s Vulnerability Note VU#763073, Mozilla’s blog post, and iTerm2’s downloads page for patch information and additional details. Source: https://www.us-cert.gov

October 9, 2019
Read More >>

Microsoft Releases October 2019 Security Updates

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Microsoft’s October 2019 Security Update Summary and Deployment Information and apply the necessary updates. Source: https://www.us-cert.gov

October 9, 2019
Read More >>

NSA Releases Advisory on Mitigating Recent VPN Vulnerabilities

The National Security Agency (NSA) has released an advisory on advanced persistent threat (APT) actors exploiting multiple vulnerabilities in Virtual Private Network (VPN) applications. A remote attacker could exploit these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages administrators to review NSA’s Cybersecurity Advisory and CISA’s Current Activity on Vulnerabilities in Multiple VPN Applications for more information and apply the necessary updates or…

October 8, 2019
Read More >>

Microsoft Reports Cyberattacks on Targeted Email Accounts

The Microsoft Threat Intelligence Center (MSTIC) has released a blog post describing an increase in malicious cyber activity from the Iranian group known as Phosphorus. These threat actors are exploiting password reset or account recovery features to take control of targeted email accounts. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users to review the Microsoft blog for additional information and recommendations and CISA’s Tip on Supplementing Passwords. Source: https://www.us-cert.gov

October 5, 2019
Read More >>

Vulnerabilities Exploited in Multiple VPN Applications

The United Kingdom (UK) National Cyber Security Centre (NCSC) has released an alert on advanced persistent threat (APT) actors exploiting vulnerabilities in Virtual Private Network (VPN) applications. A remote attacker could exploit these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages administrators to review the NCSC Alert for more information and to review the following security advisories and apply the necessary updates:…

October 4, 2019
Read More >>

NCSC Releases Fact Sheet on DNS Monitoring

The Dutch National Cyber Security Centre (NCSC) has released a fact sheet on the increasing difficulty of Domain Name System (DNS) monitoring. NCSC warns that although modernization of transport protocols is helpful, it also makes it more difficult to monitor or modify DNS requests. These changes could render an organization’s security controls ineffective. The Cybersecurity and Infrastructure Security Agency (CISA) recommends users and administrators review the Dutch NCSC fact sheet…

October 4, 2019
Read More >>

IC3 Issues Alert on Ransomware

The Internet Crime Complaint Center (IC3) has released an alert on ransomware threats to U.S. businesses and organizations. Ransomware is a type of malware designed to deny access to a computer system or data until a ransom is paid. Cyber criminals often infect organizations with ransomware through email phishing campaigns or exploiting vulnerabilities in software or Remote Desktop Protocol (RDP). The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and…

October 4, 2019
Read More >>

Microsoft Re-Releases Security Updates

Microsoft has re-released security updates to address a vulnerability in Microsoft software. A remote attacker could exploit this vulnerability to take control of an affected system. Updates are now available automatically via Windows Update or Windows Server Update Services. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Microsoft Security Advisory for CVE-2019-1367 and apply the necessary updates. Source: https://www.us-cert.gov

October 3, 2019
Read More >>