The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.

Holiday Shopping, Phishing, and Malware Scams

As this holiday season approaches, the Cybersecurity and Infrastructure Security Agency (CISA) encourages users to be aware of potential holiday scams and malicious cyber campaigns, particularly when browsing or shopping online. Cyber actors may send emails and ecards containing malicious links or attachments infected with malware or may send spoofed emails requesting support for fraudulent charities or causes.

CISA encourages users to remain vigilant and take the following precautions:

Cisco Releases Security Updates

Cisco has released security updates to address vulnerabilities in Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities see the Cisco Security Advisories webpage.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Cisco advisories and apply the necessary updates:

CISA Launches “Cyber Essentials” for Small Businesses and Small SLTT Governments

The Cybersecurity and Infrastructure Security Agency (CISA) has launched Cyber Essentials, an effort to assist small organizations in understanding and addressing cybersecurity risks. Developed in partnership with small businesses and small state, local, tribal, and territorial (SLTT) governments, Cyber Essentials aims to equip these organizations with basic steps and resources to improve their cybersecurity resilience.

U.S. Cyber Command Shares Seven New Malware Samples

U.S. Cyber Command has released seven malware samples to the malware aggregation tool and repository, VirusTotal. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review U.S. Cyber Command’s VirusTotal page to view the samples. CISA also recommends users and administrators review the CISA Tip on Protecting Against Malicious Code for best practices on protecting systems and networks against malware.

CSET Version 9.2 Now Available

The Cybersecurity and Infrastructure Security Agency (CISA) has released version 9.2 of its Cyber Security Evaluation Tool (CSET). CSET is a desktop software tool that guides asset owners and operators through a consistent process for evaluating control system networks as part of a comprehensive cybersecurity assessment that uses recognized government and industry standards and recommendations.

CSET 9.2 includes the following feature enhancements and upgrades:

National Critical Infrastructure Security and Resilience Month

November is National Critical Infrastructure Security and Resilience Month. The Nation’s critical infrastructure (CI) relies on a highly interdependent environment, in which physical and cyber systems converge. CI plays a vital role in keeping our Nation and communities safe and secure.

This product is provided subject to this Notification and this Privacy & Use policy.

Technical Documents

Featured Articles

Related Resources