tagline: Confidence in the Connected World
CIS Logo
HomeCybersecurity Threats
Image of two men reading manual

Cybersecurity Threats

The CIS and MS-ISAC cybersecurity professionals analyze risks and alert members to current online security threats.


Our MS-ISAC Advisories

Advisories Released (Last 12 Months)

MS-ISAC Advisories past 12 months

*Microsoft did not release Patch Tuesday security updates in February 2017

Hot Topic

MS-ISAC Identified SLTT Data Breaches by Attack Vector

SLTT May Data Breaches
  The MS-ISAC observed an increase in the number of data breaches in the first quarter of 2017. In 2016 there were a total of 69 identified data breaches and, as of May 24, 2017, 65 data breaches have been identified. The MS-ISAC attributes the growth to the Business Email Compromise (BEC) scam, specifically the W-2 phishing variant. So far in 2017, the utilization of phishing as a means to carry out data breaches accounted for 64% of all identified data breaches.

Top Malware Last Month

  1. Kovter
  2. Zeus
  3. Ponmocoup
  4. Geodo/Emotet
  5. Tinba
  6. Cerber
  7. DNSChange
  8. Dridex
  9. Hancitor
  10. Virut
Advisory icon

Latest advisory

Last Advisory 19 Jul 2017

Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution MS-ISAC ADVISORY NUMBER: 2017-066 DATE(S) ISSUED: 07/19/2017 OVERVIEW: Multiple…

Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution

Read the Details Arrow

Take Control of Your Organization's Security


The information on this page is maintained by our Security Operations Center, which is part of MS-ISAC

Are you an employee at a U.S. state, territorial, local, or tribal government? Join MS-ISAC for more detailed analysis and information sharing.

Arrow Join MS-ISAC

Interested in a particular platform?

Arrow See our CIS Benchmarks for Secure Platforms

Explanation of the Current Alert Level of GUARDED

The alert level is the overall current threat level.

Read more about our approach. Arrow

On July 19, 2017, the Cyber Threat Alert Level was evaluated and is remaining at Blue (Guarded) due to multiple vulnerabilities affecting Cisco and Oracle products. On July 18, the MS-ISAC released an advisory for a vulnerability in Cisco WebEx Browser Extensions, which could allow for arbitrary code execution. The MS-ISAC also released an advisory for multiple vulnerabilities in multiple Oracle products, the most severe of which could allow for remote code execution. Organizations and users are advised to update and apply all appropriate vendor security patches to vulnerable systems and to continue to update their antivirus signatures daily. Another line of defense includes user awareness training regarding the threats posed by attachments and hypertext links contained in emails especially from un-trusted sources.