The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.

ACSC Releases Fundamentals of Cross Domain Solutions

The Australian Cyber Security Centre (ACSC) has released a cybersecurity guide outlining the fundamentals of cross domain solution (CDS) technologies. This guidance provides cross domain security principles to enable organizations to share information securely across separated networks.

Microsoft Releases Security Advisory for Windows Hello for Business

Microsoft has released a Security Advisory to address an issue in Windows Hello for Business (WHfB). An attacker could exploit this issue on devices that were affected by CVE-2017-15361, also known as Return of Coppersmith’s Attack (ROCA), to take control of an affected system.

NCSC-NZ Releases Cyber Governance Resource for Leaders

The New Zealand National Cyber Security Centre (NCSC-NZ) has released an article on a new cybersecurity governance resource to support public and private sector leaders in making decisions about their cybersecurity resilience and risk. NCSC-NZ developed this governance—a series of documents with practical advice and simple steps—following a cybersecurity resilience assessment of  New Zealand’s nationally significant organizations.

Mozilla Releases Security Updates for Firefox and Firefox ESR

Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA Releases Draft of Binding Operational Directive on Developing a Vulnerability Disclosure Policy

The Cybersecurity and Infrastructure Security Agency (CISA) has released a draft of Binding Operational Directive (BOD) 20-01, Develop and Publish a Vulnerability Disclosure Policy. BOD 20-01 will require each federal agency to publish a vulnerability disclosure policy (VDP). CISA has posted the draft directive for public feedback. The deadline for submitting comments is 11:59 PM EST on December 27, 2019.
 

Cyber Monday: Tips for Safeguarding Personal Information

Cyber Monday draw millions of shoppers online for deals and savings, but this day also provides opportunities for an attacker to steal personal information. The Cybersecurity and Infrastructure Security Agency (CISA) reminds users to remain vigilant when browsing or shopping online.

CISA encourages Cyber Monday shoppers to review the following online shopping safety tips:

This product is provided subject to this Notification and this Privacy & Use policy.