CISA Strategic Intent: Defend Today, Secure Tomorrow

The Cybersecurity and Infrastructure Security Agency (CISA) has released the CISA Strategic Intent document, framing the new agency’s mission to protect the Nation’s critical infrastructure from physical and cyber threats. The document details CISA Director Christopher Krebs’ strategic vision and operational priorities and will serve as the interim strategy as the agency develops a longer-term strategic plan. CISA encourages organizations to review the CISA Strategic Intent and the CISA website…

August 22, 2019
Read More >>

CISA Insights: Ransomware Outbreak

The Cybersecurity and Infrastructure Security Agency (CISA) has released its first CISA Insights product, which discusses the rapid emergence of ransomware across our Nation’s networks. CISA Insights – Ransomware Outbreak includes steps in the following key areas to help organizations protect themselves from ransomware attacks—a top priority for CISA:  Actions for Today – Make Sure You’re Not Tomorrow’s Headline Actions to Recover If Impacted – Don’t Let a Bad Day…

August 21, 2019
Read More >>

Cyber Safety for Students

As summer break ends, many students will return to school with mobile devices, such as smart phones, tablets, and laptops. Although these devices can help students complete schoolwork and stay in touch with family and friends, there are risks associated with using them. However, there are simple steps that can help students stay safe while using their internet-connected devices. The Cybersecurity and Infrastructure Security Agency (CISA) recommends reviewing the following…

August 20, 2019
Read More >>

Microsoft Releases Security Update for Windows Elevation of Privilege Vulnerability

Microsoft has released a security update to address an elevation of privilege vulnerability (CVE-2019-1162) in Windows. An attacker could exploit this vulnerability to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Microsoft Security Advisory and apply the necessary update. Source: https://www.us-cert.gov

August 15, 2019
Read More >>

IRS Security Summit Series for Tax Professionals: Create a Data Theft Recovery Plan

The fifth and final step in the Internal Revenue Service (IRS) Security Summit series for tax professionals is creating a data theft recovery plan. IRS issued a news release highlighting the importance of understanding the risks posed by national and international cybersecurity criminal syndicates, working with cybersecurity experts to help prevent and stop data theft, and reporting data theft as soon as possible. Creating a data theft recovery plan is…

August 14, 2019
Read More >>

Microsoft Releases Security Updates to Address Remote Code Execution Vulnerabilities

Microsoft has released security updates to address two remote code execution vulnerabilities, CVE-2019-1181 and CVE-2019-1182, in the following operating systems: Windows 7 SP1 Windows Server 2008 R2 SP1 Windows Server 2012 Windows 8.1 Windows Server 2012 R2 Windows 10 An attacker could exploit these vulnerabilities to take control of an affected system. Similar to CVE-2019-0708—dubbed BlueKeep—these vulnerabilities are considered “wormable” because malware exploiting these vulnerabilities on a system could propagate…

August 14, 2019
Read More >>

Multiple HTTP/2 Implementation Vulnerabilities

The CERT Coordination Center (CERT/CC) has released information on vulnerabilities affecting HTTP/2 implementations. An attacker could exploit these vulnerabilities to cause a denial-of-service (DoS) condition. Attacks can consume excessive system resources and lead to distributed DoS (DDoS) attacks. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review CERT/CC’s Vulnerability Note VU#605641 for more information and refer to vendors for updates. Source: https://www.us-cert.gov

August 14, 2019
Read More >>

Microsoft Releases August 2019 Security Updates

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Microsoft’s August 2019 Security Update Summary and Deployment Information and apply the necessary updates. Source: https://www.us-cert.gov

August 13, 2019
Read More >>

Adobe Releases Security Updates for Multiple Products

Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Adobe Security Bulletins and apply the necessary updates: Source: https://www.us-cert.gov

August 13, 2019
Read More >>