Feed aggregator

Unique Passwords

Aug 21, 2019

Make sure each of your accounts has a separate, unique password. Can't remember all of your passwords/passphrases? Consider using a password manager to securely store all of them for you.

Continue Reading ›

CISA Insights: Ransomware Outbreak

Aug 21, 2019

Original release date: August 21, 2019The Cybersecurity and Infrastructure Security Agency (CISA) has released its first CISA Insights product, which discusses the rapid emergence of ransomware across our Nation’s networks. CISA Insights – Ransomware Outbreak includes steps in the following key areas to help organizations protect themselves from ransomware attacks—a top priority for CISA:  Actions for Today – Make Sure You’re Not Tomorrow’s Headline Actions to Recover If Impacted – Don’t Let a Bad Day Get Worse Actions to Secure Your Environment Going Forward – Don’t Let Yourself be an Easy Mark CISA urges organizations to review CISA Insights – Ransomware Outbreak, implement the recommendations, and visit the CISA resource page on ransomware for more information. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Cyber Safety for Students

Aug 20, 2019

Original release date: August 20, 2019As summer break ends, many students will return to school with mobile devices, such as smart phones, tablets, and laptops. Although these devices can help students complete schoolwork and stay in touch with family and friends, there are risks associated with using them. However, there are simple steps that can help students stay safe while using their internet-connected devices. The Cybersecurity and Infrastructure Security Agency (CISA) recommends reviewing the following resources for more information on cyber safety for students: Stop.Think.Connect. Toolkit Stay Safe Online Before You Connect a New Computer to the Internet Keeping Children Safe Online Rethink Cyber Safety Rules and the “Tech Talk” with Your Teens Concerned Parent’s Internet Safety Toolbox This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Go With Passphrases

Aug 18, 2019

Passphrases are the strongest type of passwords and the easiest to remember. Simply use an entire sentence for your password, such as "What time is coffee?" By using spaces and punctuation, you create a long password that is hard to guess but easy to remember.

Continue Reading ›

Microsoft Releases Security Update for Windows Elevation of Privilege Vulnerability

Aug 15, 2019

Original release date: August 15, 2019Microsoft has released a security update to address an elevation of privilege vulnerability (CVE-2019-1162) in Windows. An attacker could exploit this vulnerability to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Microsoft Security Advisory and apply the necessary update. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

IRS Security Summit Series for Tax Professionals: Create a Data Theft Recovery Plan

Aug 14, 2019

Original release date: August 14, 2019The fifth and final step in the Internal Revenue Service (IRS) Security Summit series for tax professionals is creating a data theft recovery plan. IRS issued a news release highlighting the importance of understanding the risks posed by national and international cybersecurity criminal syndicates, working with cybersecurity experts to help prevent and stop data theft, and reporting data theft as soon as possible. Creating a data theft recovery plan is part of the Taxes. Security. Together. Checklist, which IRS created to help tax professionals protect sensitive taxpayer data. The Cybersecurity and Infrastructure Security Agency (CISA) encourages tax professionals to review the IRS news release and the following Security Summit series topics for more information: Deploying “Security Six” basic safeguards Creating a data security plan Educating yourself on phishing scams Recognizing the signs of client data theft This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Microsoft Releases Security Updates to Address Remote Code Execution Vulnerabilities

Aug 14, 2019

Original release date: August 14, 2019Microsoft has released security updates to address two remote code execution vulnerabilities, CVE-2019-1181 and CVE-2019-1182, in the following operating systems: Windows 7 SP1 Windows Server 2008 R2 SP1 Windows Server 2012 Windows 8.1 Windows Server 2012 R2 Windows 10 Windows Server 2016 Windows Server 2019 An attacker could exploit these vulnerabilities to take control of an affected system. Similar to CVE-2019-0708—dubbed BlueKeep—these vulnerabilities are considered “wormable” because malware exploiting these vulnerabilities on a system could propagate to other vulnerable systems. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and users and administrators to review the following resources and apply the necessary updates: Microsoft Security Blog Post: Patch New Wormable Vulnerabilities in Remote Desktop Services (CVE-2019-1181/1182) Microsoft Security Vulnerability Information for  CVE-2019-1181 Microsoft Security Vulnerability Information for CVE-2019-1182 Microsoft Security Blog Post: Protect Against BlueKeep Microsoft Customer Guidance for CVE-2019-0708 This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Multiple HTTP/2 Implementation Vulnerabilities

Aug 14, 2019

Original release date: August 14, 2019The CERT Coordination Center (CERT/CC) has released information on vulnerabilities affecting HTTP/2 implementations. An attacker could exploit these vulnerabilities to cause a denial-of-service (DoS) condition. Attacks can consume excessive system resources and lead to distributed DoS (DDoS) attacks. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review CERT/CC’s Vulnerability Note VU#605641 for more information and refer to vendors for updates. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

When Away

Aug 13, 2019

Leaving your seat? Ctrl--Alt--Delete! Make sure you lock your workstation or laptop while you are away from it. On a Mac? Try Control--Shift--Eject/Power.

Continue Reading ›

Microsoft Releases August 2019 Security Updates

Aug 13, 2019

Original release date: August 13, 2019Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Microsoft’s August 2019 Security Update Summary and Deployment Information and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Intel Releases Security Updates

Aug 13, 2019

Original release date: August 13, 2019Intel has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to gain an escalation of privileges on a previously infected machine. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Intel advisories and apply the necessary updates: RAID Web Console 2 Advisory INTEL-SA-00246 NUC Advisory INTEL-SA-00272 Authenticate Advisory INTEL-SA-00275 Driver and Support Assistant Advisory INTEL-SA-00276 Remote Displays SDK Advisory INTEL-SA-00277 Processor Identification Utility for Windows Advisory INTEL-SA-00281 Computing Improvement Program Advisory INTEL-SA-00283 This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Adobe Releases Security Updates for Multiple Products

Aug 13, 2019

Original release date: August 13, 2019Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Adobe Security Bulletins and apply the necessary updates: After Effects CC APSB19-31 Character Animator CC APSB19-32 Premiere Pro CC APSB19-33 Prelude CC APSB19-35 Creative Cloud Desktop Application APSB19-39 Acrobat and Reader APSB19-41 Experience Manager APSB19-42 Photoshop CC APSB19-44         This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

NCSA Webinar on Cybersecurity for Small Businesses

Aug 9, 2019

Original release date: August 9, 2019The National Cyber Security Alliance (NCSA) and INFOSEC are hosting a webinar to educate small businesses on how to protect against phishing, vishing, and smishing threats. The webinar will be held on Tuesday, August 13, 2019 from 2-3 p.m. ET. The Cybersecurity and Infrastructure Agency (CISA) encourages small businesses to register for the webinar and visit CISA’s Resources for Business page to learn how to defend against cyber criminals. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

ACSC Releases Advisory on Password Spraying Attacks

Aug 8, 2019

Original release date: August 8, 2019<br/><p>The Australian Cyber Security Centre (ACSC) has released an advisory on password spraying attacks. <a href="https://attack.mitre.org/techniques/T1110/">Password spraying</a> is a type of brute-force attack in which a malicious actor uses a single password against targeted user accounts before moving on to attempt a second password, and so on. This technique allows the actor to remain undetected by avoiding rapid or frequent account lockouts.<br /> &nbsp;<br /> The ACSC provides recommendations for organizations to detect and mitigate these types of attacks against their external services, such as webmail, remote desktop access, or cloud-based services.<br /> &nbsp;<br /> The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the ACSC advisory on <a href="https://www.cyber.gov.au/publications/advisory-2019-130-password-spray-attacks-detection-and-mitigation-strategies">password spraying attacks</a> and the following CISA tips:<br /> •&nbsp;&nbsp;&nbsp; <a href="https://www.us-cert.gov/ncas/tips/ST04-002">Choosing and Protecting Passwords</a><br /> •&nbsp;&nbsp;&nbsp; <a href="https://www.us-cert.gov/ncas/tips/ST05-012">Supplementing Passwords</a></p> <div class="field field--name-body field--type-text-with-summary field--label-hidden field--item"><p class="privacy-and-terms">This product is provided subject to this <a href="https://www.us-cert.gov/privacy/notification">Notification</a> and this <a href="https://www.dhs.gov/privacy-policy">Privacy &amp; Use</a> policy.</p> </div>

Continue Reading ›

Google Releases Security Updates for Chrome

Aug 8, 2019

Original release date: August 8, 2019<br/><p>Google has released Chrome version 76.0.3809.100 for Windows, Mac, and Linux. This version addresses a vulnerability that an attacker could exploit to take control of an affected system.<br /> &nbsp;<br /> The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the <a href="https://chromereleases.googleblog.com/2019/08/stable-channel-update-for-desktop.html">Chrome Release</a> and apply the necessary updates.</p> <div class="field field--name-body field--type-text-with-summary field--label-hidden field--item"><p class="privacy-and-terms">This product is provided subject to this <a href="https://www.us-cert.gov/privacy/notification">Notification</a> and this <a href="https://www.dhs.gov/privacy-policy">Privacy &amp; Use</a> policy.</p> </div>

Continue Reading ›

Cisco Releases Security Updates for Multiple Products

Aug 8, 2019

Original release date: August 8, 2019<br/><p>Cisco has released security updates to address vulnerabilities in multiple Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system.</p> <p>The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates:</p> <ul> <li>Webex Network Recording Player and Webex Player Arbitrary Code Execution Vulnerabilities <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190807-webex-player">cisco-sa-20190807-webex-player</a></li> <li>Enterprise NFV Infrastructure Software VNC Authentication Bypass Vulnerability <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190807-nfvis-vnc-authbypass">cisco-sa-20190807-nfvis-vnc-authbypass</a></li> <li>IOS XR Software Intermediate System-to-Intermediate System Denial of Service Vulnerability <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190807-iosxr-isis-dos-1918">cisco-sa-20190807-iosxr-isis-dos-1918</a></li> <li>IOS XR Software Intermediate System-to-Intermediate System Denial of Service Vulnerability <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190807-iosxr-isis-dos-1910">cisco-sa-20190807-iosxr-isis-dos-1910</a></li> <li>Adaptive Security Appliance Software Web-Based Management Interface Privilege Escalation Vulnerability <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190807-asa-privescala">cisco-sa-20190807-asa-privescala</a></li> <li>Small Business 220 Series Smart Switches Remote Code Execution Vulnerabilities <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190806-sb220-rce">cisco-sa-20190806-sb220-rce</a></li> <li>Small Business 220 Series Smart Switches Authentication Bypass Vulnerability <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190806-sb220-auth_bypass">cisco-sa-20190806-sb220-auth_bypass</a></li> </ul> <div class="field field--name-body field--type-text-with-summary field--label-hidden field--item"><p class="privacy-and-terms">This product is provided subject to this <a href="https://www.us-cert.gov/privacy/notification">Notification</a> and this <a href="https://www.dhs.gov/privacy-policy">Privacy &amp; Use</a> policy.</p> </div>

Continue Reading ›

Ransomware

Aug 7, 2019

Ransomware is a special type of malware. Once it infected your computer, it encrypts all of your files and demands you pay a ransome if you want your files back. Be suspicious of any emails trying to trick you into opening infected attachments or click on malicious links, common sense is your best defense. In addition. backups are often the only way you can recover from ransomware.

Continue Reading ›

Shopping Online

Aug 6, 2019

When shopping online, always use your credit cards instead of a debit card. If any fraud happens, it is far easier to recover your money from a credit card transaction. Gift cards and one-time-use credit card numbers are even more secure.

Continue Reading ›

SWAPGS Spectre Side-Channel Vulnerability

Aug 6, 2019

Original release date: August 6, 2019The Cybersecurity and Infrastructure Security Agency (CISA) is aware of a vulnerability (CVE-2019-1125) known as SWAPGS, which is a variant of Spectre Variant 1—that affects modern computer processors. This vulnerability can be exploited to steal sensitive data present in a computer systems' memory. Spectre is a flaw an attacker can exploit to force a program to reveal its data. The name derives from "speculative execution"—an optimization method a computer system performs to check whether it will work to prevent a delay when actually executed. Spectre affects almost all devices including desktops, laptops, cloud servers, and smartphones. CISA encourages users and administrators to review the following guidance, refer to their hardware and software vendors for additional details, and apply an appropriate patch when available: Microsoft: Windows Kernel Information Disclosure Vulnerability Red Hat: Spectre SWAPGS gadget vulnerability Google: Spectre Side Channels This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

El Paso and Dayton Tragedy-Related Scams and Malware Campaigns

Aug 6, 2019

Original release date: August 6, 2019In the wake of the recent shootings in El Paso, TX, and Dayton, OH, the Cybersecurity and Infrastructure Security Agency (CISA) advises users to watch out for possible malicious cyber activity seeking to capitalize on these tragic events. Users should exercise caution in handling emails related to the shootings, even if they appear to originate from trusted sources. Fraudulent emails often contain links or attachments that direct users to phishing or malware-infected websites. Emails requesting donations from duplicitous charitable organizations are also common after tragic events. Be wary of fraudulent social media pleas, calls, texts, donation websites, and door-to-door solicitations relating to these events. To avoid becoming a victim of malicious activity, users and administrators should consider taking the following preventive measures: Use caution when opening email attachments, and do not click on links in unsolicited email messages. Refer to CISA’s Tip on Using Caution with Email Attachments. Review CISA’s Tip on Staying Safe on Social Networking Sites. Refer to CISA’s Tip on Avoiding Social Engineering and Phishing Attacks. Review the information from the Federal Trade Commission on Before Giving to a Charity. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Pages

Related Content

Best Practices

10 Best Pactices

Our 10 Best Pactices

Contact Us

Contact Information Security at 756-7000

Contacts

Did you know?

Stay Safe Online Tips