Original release date: December 5, 2019 Summary This Alert is the result of recent collaboration between Department of the Treasury Financial Sector Cyber Information Group (CIG) and the Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) to identify and share information with the financial services sector. Treasury and the Cybersecurity and Infrastructure Security Agency (CISA) are providing this report to inform the sector about the Dridex malware and variants. The report provides an overview of the malware, related activity, and a list of previously unreported indicators of compromise derived from information reported to FinCEN by private sector financial institutions. […]
Security
1774 posts
Original release date: December 5, 2019 The Australian Cyber Security Centre (ACSC) has released a cybersecurity guide outlining the fundamentals of cross domain solution (CDS) technologies. This guidance provides cross domain security principles to enable organizations to share information securely across separated networks. The Cybersecurity and Infrastructure Security Agency (CISA) encourages organizations with information sharing requirements to review ACSC’s Fundamentals of Cross Domain Solutions to learn how to plan, analyze, design, and implement CDS systems. This product is provided subject to this Notification and this Privacy & Use policy. from CISA Current Activity http://bit.ly/2LqBnLE via US-CERT Current Activity http://ift.tt/1Btyqkb Stay […]
Original release date: December 5, 2019 Microsoft has released a Security Advisory to address an issue in Windows Hello for Business (WHfB). An attacker could exploit this issue on devices that were affected by CVE-2017-15361, also known as Return of Coppersmith’s Attack (ROCA), to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Microsoft Security Advisories ADV190026 and ADV170012 and apply the recommended mitigations. This product is provided subject to this Notification and this Privacy & Use policy. from CISA Current Activity http://bit.ly/33W5gtj via US-CERT Current Activity http://ift.tt/1Btyqkb Stay safe […]
Original release date: December 5, 2019 The New Zealand National Cyber Security Centre (NCSC-NZ) has released an article on a new cybersecurity governance resource to support public and private sector leaders in making decisions about their cybersecurity resilience and risk. NCSC-NZ developed this governance—a series of documents with practical advice and simple steps—following a cybersecurity resilience assessment of New Zealand’s nationally significant organizations. The Cybersecurity and Infrastructure Security Agency (CISA) encourages senior leaders and security practitioners to review NCSC-NZ’s Charting Your Course: Cyber Security Governance and Cyber Security Resilience of New Zealand’s Nationally Significant Organisations 2017-2018 for more information. This […]
Original release date: December 4, 2019 Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Mozilla Security Advisories for Firefox 71 and Firefox ESR 68.3. This product is provided subject to this Notification and this Privacy & Use policy. from CISA Current Activity http://bit.ly/2ON7eIg via US-CERT Current Activity http://ift.tt/1Btyqkb Stay safe *”This link is provided for informational purposes only and does not represent an endorsement by or […]
Original release date: November 29, 2019 The Cybersecurity and Infrastructure Security Agency (CISA) is aware of a phone scam where a caller pretends to be a CISA Service Desk representative. The scammer, whose spoofed call appear to be from CISA’s toll free number, claims to have knowledge of the potential victim’s questionable behavior and attempts to extort money. If you receive a threatening call from someone claiming to be a CISA representative, CISA recommends the following actions: Do not respond or try to contact the caller. Do not pay the caller. Contact your local FBI field office to file a […]
This report is drawn from recent open source reporting. from NCSC Report Feed http://bit.ly/37ODpPe Content Provided from http://bit.ly/37ODpPe
Original release date: November 22, 2019 Holiday travelers often use portable electronic devices (PEDs) because they offer a range of conveniences, for example, enabling the traveler to order gifts on-the-go, access to online banking, or download boarding passes. However, these devices are vulnerable to cyberattack or theft, resulting in exposure of personal information. With the holiday season approaching, the Cybersecurity and Infrastructure Security Agency (CISA) reminds users to be mindful of the security risks associated with traveling with PEDs. CISA encourages travelers to take the following steps to protect their personal information: Avoid using public Wi-Fi networks to conduct personal […]