Original release date: January 12, 2021The National Security Agency (NSA) Cybersecurity Directorate has released its 2020 Year in Review, outlining key milestones and mission outcomes achieved during NSA Cybersecurity’s first…
Original release date: January 11, 2021Microsoft has released a security update to address multiple vulnerabilities in Edge (Chromium-based). An attacker could exploit some of these vulnerabilities to take control of…
Original release date: January 8, 2021CISA has evidence of post-compromise advanced persistent threat (APT) activity in the cloud environment. Specifically, CISA has seen an APT actor using compromised applications in…
Original release date: January 8, 2021The Multi-State Information Sharing and Analysis Center (MS-ISAC) has released an advisory on a vulnerability in Zyxel firewalls and AP controllers. A remote attacker could exploit…
Original release date: January 7, 2021Mozilla has released security updates to address a vulnerability in Firefox, Firefox for Android, and Firefox ESR. An attacker could exploit this vulnerability to take…
Original release date: January 6, 2021CISA has released Emergency Directive (ED) 21-01 Supplemental Guidance version 3: Mitigate SolarWinds Orion Code Compromise, providing guidance that supersedes Required Action 4 of ED…
Original release date: January 5, 2021The National Security Agency (NSA) has released a Cybersecurity Information (CSI) sheet on eliminating obsolete Transport Layer Security (TLS) configurations. The information sheet identifies strategies…
Original release date: December 24, 2020CISA has created a free tool for detecting unusual and potentially malicious activity that threatens users and applications in an Azure/Microsoft O365 environment. The tool…
Original release date: December 23, 2020CISA is tracking a known compromise involving SolarWinds Orion products that are currently being exploited by a malicious actor. An advanced persistent threat (APT) actor…
Original release date: December 19, 2020CISA has updated AA20-352A: Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations, originally released December 17. This update states that…
