The New Zealand National Cyber Security Centre (NCSC-NZ) has released an article on a new cybersecurity governance resource to support public and private sector leaders in making decisions about their cybersecurity resilience and risk. NCSC-NZ developed this governance—a series of documents with practical advice and simple steps—following a cybersecurity resilience assessment of New Zealand’s nationally significant organizations.
The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.
Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system.
CISA Releases Draft of Binding Operational Directive on Developing a Vulnerability Disclosure Policy
The Cybersecurity and Infrastructure Security Agency (CISA) has released a draft of Binding Operational Directive (BOD) 20-01, Develop and Publish a Vulnerability Disclosure Policy. BOD 20-01 will require each federal agency to publish a vulnerability disclosure policy (VDP). CISA has posted the draft directive for public feedback. The deadline for submitting comments is 11:59 PM EST on December 27, 2019.
Cyber Monday draw millions of shoppers online for deals and savings, but this day also provides opportunities for an attacker to steal personal information. The Cybersecurity and Infrastructure Security Agency (CISA) reminds users to remain vigilant when browsing or shopping online.
CISA encourages Cyber Monday shoppers to review the following online shopping safety tips:
The Cybersecurity and Infrastructure Security Agency (CISA) is aware of a phone scam where a caller pretends to be a CISA representative. The scammer claims to have knowledge of the potential victim’s questionable behavior and attempts to extort money.
If you receive a threatening call from someone claiming to be a CISA representative, CISA recommends the following actions:
Black Friday is one of the most lucrative shopping days of the year for retailers in brick-and-mortar shops and online, but shoppers aren't the only ones looking for deals. Malicious people may be able to obtain personal information (such as credit card numbers, phone numbers, account numbers, and addresses) by stealing your wallet, overhearing a phone conversation, rummaging through your trash (a practice known as dumpster diving), or picking up a receipt at a restaurant that has your account number on it.