Original release date: September 10, 2020 | Last revised: September 14, 2020The Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) have issued an advisory about Chinese Ministry of State Security (MSS)-affiliated cyber threat actors targeting U.S. government agencies. Through the National Cybersecurity Protection System, CISA has observed Chinese MSS-affiliated cyber threat […]

Original release date: September 14, 2020The Cybersecurity and Infrastructure Security Agency (CISA) has consistently observed Chinese Ministry of State Security (MSS)-affiliated cyber threat actors using publicly available information sources and common, well-known tactics, techniques, and procedures (TTPs) to target U.S. Government agencies. CISA has observed these—and other threat actors with varying degrees of skill—routinely using

Original release date: September 10, 2020The Cybersecurity and Infrastructure Security Agency (CISA) has released CISA Insights: Actions to Counter Email-Based Attacks on Elections-Related Entities in light of increased sophisticated phishing operations targeting individuals and groups involved in the upcoming U.S. elections. CISA strongly recommends elections-related individuals and organizations to prioritize the protection of email accounts

Original release date: September 10, 2020The Australian Cyber Security Centre (ACSC) has released its annual report on key cyber threats and statistics from 2019–2020. The report highlights that phishing and spearphishing are still the most common cyberattacks, and ransomware has become a significant threat to operations across multiple sectors.     The Cybersecurity and Infrastructure Security

Original release date: September 8, 2020Adobe has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Adobe Security Bulletins and apply the necessary updates. InDesign

Original release date: September 8, 2020Google has released Chrome version 85.0.4183.102 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Chrome Release and apply the necessary updates. This product

Original release date: September 8, 2020Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Microsoft’s September 2020 Security Update Summary and Deployment Information and apply

Original release date: September 4, 2020The Cybersecurity and Infrastructure Security Agency (CISA) is aware of open-source reporting of targeted denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks against finance and business organizations worldwide. A DoS attack is accomplished by flooding the targeted host or network with traffic until the target cannot respond or simply crashes, preventing

Original release date: September 3, 2020September is National Preparedness Month, which promotes family and community disaster planning. This year’s theme is “Disasters Don’t Wait. Make Your Plan Today.” The Cybersecurity and Infrastructure Security Agency (CISA) recommends users and administrators use this month as an opportunity to asses cybersecurity preparedness for cyber-related events, such as identity

Original release date: September 3, 2020The Cybersecurity and Infrastructure Security Agency (CISA) has released Binding Operational Directive (BOD) 20-01, Develop and Publish a Vulnerability Disclosure Policy (VDP). BOD 20-01 requires each federal agency to publish a VDP. Publication of agency VDPs will make it easier for users to report vulnerabilities they find in the Federal