Current high-impact types of security incidents

  • Securing Portable Electronic Devices During Travel
    by CISA on November 22, 2019 at 3:57 pm

    Original release date: November 22, 2019Holiday travelers often use portable electronic devices (PEDs) because they offer a range of conveniences, for example, enabling the traveler to order gifts on-the-go, access to online banking, or download boarding passes. However, these devices are vulnerable to cyberattack or theft, resulting in exposure of personal information. With the holiday season approaching, the Cybersecurity and Infrastructure Security Agency (CISA) reminds users to be mindful of the security risks associated with traveling with PEDs. CISA encourages travelers to take the following steps to protect their personal information: Avoid using public Wi-Fi networks to conduct personal business. Open Wi-Fi networks at places such as airports present an opportunity for attackers to intercept sensitive information. Turn off Bluetooth when not in use. Cyber criminals have the capability to pair with your device's open Bluetooth connection and steal personal information. Be cautious when charging. Avoid connecting your device to any computer or charging station that you do not control, such as a charging station at an airport terminal. Remember physical security. Do not leave your device unattended in public or easily accessible areas. Check out CISA’s Tips on Holiday Traveling with Personal Internet-Enabled Devices and Cybersecurity for Electronic Devices for more information and tips.   This product is provided subject to this Notification and this Privacy & Use policy.

  • ISC Releases Security Advisory for BIND
    by CISA on November 21, 2019 at 3:54 pm

    Original release date: November 21, 2019The Internet Systems Consortium (ISC) has released a security advisory that addresses a vulnerability affecting multiple versions of ISC Berkeley Internet Name Domain (BIND). A remote attacker could exploit this vulnerability to cause a denial-of-service condition. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the ISC advisory for more information and to apply the necessary updates and workarounds. This product is provided subject to this Notification and this Privacy & Use policy.

  • Microsoft Releases Outlook for Android Security Update
    by CISA on November 21, 2019 at 3:47 pm

    Original release date: November 21, 2019Microsoft has released an update to address a vulnerability in Outlook for Android. An attacker could exploit this vulnerability to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Microsoft Security Advisory and apply the necessary update. This product is provided subject to this Notification and this Privacy & Use policy.

  • NSA Releases Cyber Advisory: Managing Risk from Transport Layer Security Inspection
    by CISA on November 19, 2019 at 7:14 pm

    Original release date: November 19, 2019The National Security Agency (NSA) has released a Cyber Advisory that addresses managing risk from Transport Layer Security Inspection (TLSI). This short, informative document defines TLSI (a security process that allows incoming traffic to be decrypted, inspected, and re-encrypted), explains some risks and associated challenges, and discusses mitigations. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the NSA Cyber Advisory and apply the information, as appropriate. See CISA’s Alert on risks associated with HTTPS inspection. This product is provided subject to this Notification and this Privacy & Use policy.

  • FTC Provides Tips on Safeguarding Data Before Upgrading Mobile Phones
    by CISA on November 19, 2019 at 4:07 pm

    Original release date: November 19, 2019The Federal Trade Commission (FTC) has released an article with tips on how to protect personal information before trading in a mobile phone for a newer model. FTC recommends the following four steps to safeguard these devices: Back up data. Remove SIM and SD cards. Erase personal information. Verify deletion of personal information. The Cybersecurity and Infrastructure Security Agency (CISA) encourages consumers to review the FTC article for additional resources on how to perform each of the suggested steps and see CISA’s Tip on Proper Disposal of Electronic Devices for more information. This product is provided subject to this Notification and this Privacy & Use policy.

  • National Tax Security Awareness Week is December 2–6
    by CISA on November 19, 2019 at 3:59 pm

    Original release date: November 19, 2019The Internal Revenue Service (IRS) has released an article announcing that National Tax Security Awareness Week will be held December 2–6. The annual recognition event will feature a series of resources and tips to help taxpayers and tax professionals protect their data and identities against identity theft. The Cybersecurity and Infrastructure Security Agency (CISA) encourages taxpayers, businesses, and tax professionals to review CISA’s Tip on Preventing and Responding to Identity Theft and IRS’s article on National Tax Security Awareness Week for details about new resources and the more than 25 tax security events being held across the country throughout the awareness week. This product is provided subject to this Notification and this Privacy & Use policy.

  • Google Releases Security Updates for Chrome
    by CISA on November 19, 2019 at 3:36 pm

    Original release date: November 19, 2019Google has released Chrome 78.0.3904.108 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Chrome Release and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

  • Reminder: Malware Can Exploit Improper Configurations
    by CISA on November 15, 2019 at 5:19 pm

    Original release date: November 15, 2019Protect yourself from unwanted—and potentially harmful—files or programs by adhering to vendor-recommended configurations for hardware and software. Doing so in addition to maintaining regular patch maintenance, will help give your systems and networks the best security possible. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following tips and guidance: What is Cybersecurity? Handling Destructive Malware Protecting Against Malicious Code Understanding Patches and Software Updates CISA’s Cyber Essentials (for small businesses and small SLTT governments) This product is provided subject to this Notification and this Privacy & Use policy.

  • NCSC-NZ Releases Annual Cyber Threat Report
    by CISA on November 14, 2019 at 4:01 pm

    Original release date: November 14, 2019The New Zealand National Cyber Security Centre (NCSC-NZ) has released their annual report detailing cyber threats and incidents affecting New Zealand from July 2018 to June 2019. During this period, NCSC-NZ recorded an increase in the severity of cybersecurity incidents—particularly from state-sponsored threat actors. NCSC-NZ provides enhanced cybersecurity services to New Zealand Government and organizations of national significance against cybersecurity threats. The Cybersecurity and Infrastructure Security Agency (CISA) encourages administrators to review the NCSC Cyber Threat Report for more information. This product is provided subject to this Notification and this Privacy & Use policy.

  • VMware Releases Security Updates
    by CISA on November 12, 2019 at 9:09 pm

    Original release date: November 12, 2019VMware has released security updates to address vulnerabilities in ESXi, Workstation, and Fusion. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review VMware Security Advisories VMSA-2019-0020 and VMSA-2019-0021 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.