The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.
November is National Critical Infrastructure Security and Resilience Month. Critical Infrastructure (CI) is our Nation’s backbone; it is the physical and cyber systems and assets that are so vital to the United States that their incapacity or destruction would have a debilitating impact on our physical or economic security or public health or safety.
Everyone is involved in the mission to protect CI. Users and administrators can help by using cybersecurity best practices, reporting cybersecurity incidents and phishing attempts, and submitting malware for review. Keeping your systems secured can help NCCIC identify cyber threats and inform the CI community.
Mozilla has released a security update to address vulnerabilities in Thunderbird ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system.
NCCIC encourages users and administrators to review the Mozilla Security Advisory for Thunderbird ESR 60.3 and apply the necessary update.
The Apache Software Foundation has released a security update to address a vulnerability affecting Apache Tomcat JK Connectors 1.2.0 to 1.2.44. A remote attacker could exploit this vulnerability to obtain access to sensitive information.
NCCIC encourages users and administrators to review the Apache security advisory for CVE-2018-11759 and apply the necessary update or mitigation.
Apple has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
NCCIC encourages users and administrators to review the Apple security pages for the following products and apply the necessary updates:
National Cybersecurity Awareness Month is over, but your work securing your home and business systems and networks is not.
NCCIC recommends users and administrators subscribe to NCCIC National Cyber Awareness System product notifications to keep on top of cybersecurity threats as they emerge.
The Federal Trade Commission (FTC) has released an alert with new cybersecurity resources for non-profits and small businesses. These resources, which cover topics such as ransomware, phishing, and email authentication, aim to help organizations protect their network and information.
NCCIC encourages non-profits and small businesses to review FTC's Cybersecurity Resources for Non-Profits article, FTC's Cybersecurity for Small Business web page, and NCCIC's Resources for Small and Midsize Businesses web page for more information.