The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.

Cyber Monday: Tips for Safeguarding Personal Information

Cyber Monday draw millions of shoppers online for deals and savings, but this day also provides opportunities for an attacker to steal personal information. The Cybersecurity and Infrastructure Security Agency (CISA) reminds users to remain vigilant when browsing or shopping online.

CISA encourages Cyber Monday shoppers to review the following online shopping safety tips:

Caller Poses as CISA Rep in Extortion Scam

The Cybersecurity and Infrastructure Security Agency (CISA) is aware of a phone scam where a caller pretends to be a CISA representative. The scammer claims to have knowledge of the potential victim’s questionable behavior and attempts to extort money.

If you receive a threatening call from someone claiming to be a CISA representative, CISA recommends the following actions:

Black Friday Shopping: Protect Your Identity

Black Friday is one of the most lucrative shopping days of the year for retailers in brick-and-mortar shops and online, but shoppers aren't the only ones looking for deals. Malicious people may be able to obtain personal information (such as credit card numbers, phone numbers, account numbers, and addresses) by stealing your wallet, overhearing a phone conversation, rummaging through your trash (a practice known as dumpster diving), or picking up a receipt at a restaurant that has your account number on it.

Securing Portable Electronic Devices During Travel

Holiday travelers often use portable electronic devices (PEDs) because they offer a range of conveniences, for example, enabling the traveler to order gifts on-the-go, access to online banking, or download boarding passes. However, these devices are vulnerable to cyberattack or theft, resulting in exposure of personal information.

ISC Releases Security Advisory for BIND

The Internet Systems Consortium (ISC) has released a security advisory that addresses a vulnerability affecting multiple versions of ISC Berkeley Internet Name Domain (BIND). A remote attacker could exploit this vulnerability to cause a denial-of-service condition.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the ISC advisory for more information and to apply the necessary updates and workarounds.

Microsoft Releases Outlook for Android Security Update

Microsoft has released an update to address a vulnerability in Outlook for Android. An attacker could exploit this vulnerability to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Microsoft Security Advisory and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.