ACSC Releases Fundamentals of Cross Domain Solutions

The Australian Cyber Security Centre (ACSC) has released a cybersecurity guide outlining the fundamentals of cross domain solution (CDS) technologies. This guidance provides cross domain security principles to enable organizations to share information securely across separated networks. The Cybersecurity and Infrastructure Security Agency (CISA) encourages organizations with information sharing requirements to review ACSC’s Fundamentals of Cross Domain Solutions to learn how to plan, analyze, design, and implement CDS systems. Source:…

December 5, 2019
Read More >>

Microsoft Releases Security Advisory for Windows Hello for Business

Microsoft has released a Security Advisory to address an issue in Windows Hello for Business (WHfB). An attacker could exploit this issue on devices that were affected by CVE-2017-15361, also known as Return of Coppersmith’s Attack (ROCA), to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Microsoft Security Advisories ADV190026 and ADV170012 and apply the recommended mitigations. Source: https://www.us-cert.gov

December 5, 2019
Read More >>

NCSC-NZ Releases Cyber Governance Resource for Leaders

The New Zealand National Cyber Security Centre (NCSC-NZ) has released an article on a new cybersecurity governance resource to support public and private sector leaders in making decisions about their cybersecurity resilience and risk. NCSC-NZ developed this governance—a series of documents with practical advice and simple steps—following a cybersecurity resilience assessment of  New Zealand’s nationally significant organizations. The Cybersecurity and Infrastructure Security Agency (CISA) encourages senior leaders and security practitioners…

December 5, 2019
Read More >>

CISA Releases Draft of Binding Operational Directive on Developing a Vulnerability Disclosure Policy

The Cybersecurity and Infrastructure Security Agency (CISA) has released a draft of Binding Operational Directive (BOD) 20-01, Develop and Publish a Vulnerability Disclosure Policy. BOD 20-01 will require each federal agency to publish a vulnerability disclosure policy (VDP). CISA has posted the draft directive for public feedback. The deadline for submitting comments is 11:59 PM EST on December 27, 2019. CISA encourages users and administrators to review the CISA blog post,…

December 2, 2019
Read More >>

Cyber Monday: Tips for Safeguarding Personal Information

Cyber Monday draw millions of shoppers online for deals and savings, but this day also provides opportunities for an attacker to steal personal information. The Cybersecurity and Infrastructure Security Agency (CISA) reminds users to remain vigilant when browsing or shopping online. CISA encourages Cyber Monday shoppers to review the following online shopping safety tips: Do business with reputable vendors. Before providing any information, make sure that you are interacting with…

December 2, 2019
Read More >>

Caller Spoofs CISA’s Phone Number in Extortion Scam

The Cybersecurity and Infrastructure Security Agency (CISA) is aware of a phone scam where a caller pretends to be a CISA Service Desk representative. The scammer, whose spoofed call appears to be from CISA’s toll free number, claims to have knowledge of the potential victim’s questionable behavior and attempts to extort money. If you receive a threatening call from someone claiming to be a CISA representative, CISA recommends the following…

November 30, 2019
Read More >>

Caller Poses as CISA Rep in Extortion Scam

The Cybersecurity and Infrastructure Security Agency (CISA) is aware of a phone scam where a caller pretends to be a CISA representative. The scammer claims to have knowledge of the potential victim’s questionable behavior and attempts to extort money. If you receive a threatening call from someone claiming to be a CISA representative, CISA recommends the following actions: Do not respond or try to contact the caller. Do not pay…

November 30, 2019
Read More >>

Black Friday Shopping: Protect Your Identity

Black Friday is one of the most lucrative shopping days of the year for retailers in brick-and-mortar shops and online, but shoppers aren’t the only ones looking for deals. Malicious people may be able to obtain personal information (such as credit card numbers, phone numbers, account numbers, and addresses) by stealing your wallet, overhearing a phone conversation, rummaging through your trash (a practice known as dumpster diving), or picking up…

November 27, 2019
Read More >>

Securing Portable Electronic Devices During Travel

Holiday travelers often use portable electronic devices (PEDs) because they offer a range of conveniences, for example, enabling the traveler to order gifts on-the-go, access to online banking, or download boarding passes. However, these devices are vulnerable to cyberattack or theft, resulting in exposure of personal information. With the holiday season approaching, the Cybersecurity and Infrastructure Security Agency (CISA) reminds users to be mindful of the security risks associated with…

November 22, 2019
Read More >>

NSA Releases Cyber Advisory: Managing Risk from Transport Layer Security Inspection

The National Security Agency (NSA) has released a Cyber Advisory that addresses managing risk from Transport Layer Security Inspection (TLSI). This short, informative document defines TLSI (a security process that allows incoming traffic to be decrypted, inspected, and re-encrypted), explains some risks and associated challenges, and discusses mitigations. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the NSA Cyber Advisory and apply the information, as…

November 19, 2019
Read More >>