CIS Logo
tagline: Confidence in the Connected World
HomeCybersecurity Threats
Image of two men reading manual

Cybersecurity Threats

The CIS and MS-ISAC® cybersecurity professionals analyze risks and alert members to current online security threats.

Alert Level: GUARDED
Low
Guarded
Elevated
High
Severe
Learn More Arrow

Our MS-ISAC Advisories

Advisories Released (Last 12 Months)

Monthly MS-ISAC Advisories

 
 

Hot Topic

  MS-ISAC Identified SLTT Data Breach Attack Vector Yearly Breakdown  
The MS-ISAC identified 44 data breaches in Q1 2018. Comparatively, there were 58 data breaches in Q1 2017, a 31% decline attributed to a decrease in successful W-2 variant Business Email Compromise (BEC) scams. Reported data breaches increased 63% between Q4 2017 and Q1 2018. This increase is credited to the increased reporting of data exposed by third parties, which are entrusted with the data management of an SLTT government, the most prolific attack vector this quarter. Third party breaches account for 44% of breaches Q1 2018. The MS-ISAC recommends SLTTs work with their legal teams in order to create stringent data handling service agreements with third party contractors. Furthermore, the education sector remains the most impacted by reported data breaches, a trend that extends back to 2012.
 

Top Malware Last Month

  1. Kovter
  2. ZeuS
  3. NanoCore
  4. Redyms
  5. Mirai
  6. CoinMiner
  7. WannaCry
  8. Emotet
  9. Gh0st
  10. Latentbot
Advisory icon

Latest advisory

Last Advisory 20 Jun 2018

Multiple Vulnerabilities in Microsoft Exchange Server Could Allow for Information Disclosure MS-ISAC ADVISORY NUMBER: 2018-068 DATE(S) ISSUED: 06/20/2018 OVERVIEW: Multiple…

Multiple Vulnerabilities in Microsoft Exchange Server Could Allow for Information Disclosure

Read the Details Arrow

Take Control of Your Organization's Security

ms-isac-office

The information on this page is maintained by our Security Operations Center, which is part of MS-ISAC and EI-ISAC.

Are you an employee at a U.S. state, territorial, local, or tribal government? Join MS-ISAC for more detailed analysis and information sharing.

Arrow Join MS-ISAC

The EI-ISAC is open to U.S. SLTT government organizations that support the elections officials of the United States, and associations thereof.

Arrow Join EI-ISAC

Interested in a particular platform?

Arrow See our CIS Benchmarks for Secure Platforms

Explanation of the Current Alert Level of GUARDED

The alert level is the overall current threat level.

Read more about our approach. Arrow

On June 20, 2018, the Cyber Threat Alert Level was evaluated and is remaining at Blue (Guarded) due to multiple vulnerabilities in Google, Apple, and Microsoft products. On June 13, the MS-ISAC released an advisory for a vulnerability in Google Chrome, which could allow for arbitrary code execution. On June 14, the MS-ISAC released an advisory for a vulnerability in Apple Xcode for macOS High Sierra, which could allow for arbitrary code execution. On June 20, the MS-ISAC released an advisory for multiple vulnerabilities in Microsoft Exchange Server, which could allow for information disclosure. Organizations and users are advised to update and apply all appropriate vendor security patches to vulnerable systems and to continue to update their antivirus signatures daily. Another line of defense includes user awareness training regarding the threats posed by attachments and hypertext links contained in emails especially from un-trusted sources.

Information Hub

Pencil White paper 21 Jun 2018
Pencil Advisory 20 Jun 2018
Pencil Advisory 14 Jun 2018
Pencil Advisory 13 Jun 2018