CIS Logo
tagline: Confidence in the Connected World
Image of two men reading manual

Cybersecurity Threats

The CIS® and MS-ISAC® cybersecurity professionals analyze risks and alert members to current online security threats.


Our MS-ISAC Advisories

Advisories Released (Last 12 Months)



Hot Topic

In Q2 2019 the MS-ISACobserved a 55% increase in the quantity of reported breaches when compared to the previous quarter and 53% decrease year to year. The significant decrease year to year is attributed to the absence of third-party breaches affecting multiple educational entities. The education sector experienced the most breaches, accounting for 71% of the breaches in Q2. The most prolific identified vector in Q2 was phishing, accounting for a combined 30% of reported breaches. The MS-ISAC did not identify any reports of W2 phishing scams affecting SLTT governments in Q2 2019, scams of this nature typically phase out in the second half the year.

Top Malware Last Month

  1. Emotet
  2. Kovter
  3. ZeuS
  4. NanoCore
  5. Cerber
  6. Gh0st
  7. CoinMiner
  8. Trickbot
  9. WannaCry
  10. Xtrat
Advisory icon

Latest advisory

Last Advisory 22 Oct 2020

Multiple Vulnerabilities with Cisco Adaptive Security Appliance and Firepower Threat Defense Could Allow for Denial of Service MS-ISAC ADVISORY NUMBER:…

A Vulnerability with Cisco Adaptive Security Appliance and Firepower Threat Defense Could Allow for Denial of Service

Read the Details Arrow

Take Control of Your Organization's Security


The information on this page is maintained by our Security Operations Center, which is part of MS-ISAC and EI-ISAC.

Are you an employee at a U.S. state, territorial, local, or tribal government? Join MS-ISAC for more detailed analysis and information sharing.

Arrow Join MS-ISAC

The EI-ISAC is open to U.S. SLTT government organizations that support the elections officials of the United States, and associations thereof.

Arrow Join EI-ISAC

Interested in a particular platform?

Arrow See our CIS Benchmarks for Secure Platforms

Explanation of the Current Alert Level of ELEVATED

The alert level is the overall current threat level.

Read more about our approach. Arrow

On October 28, 2020, the Cyber Threat Alert Level was evaluated and is being raised to Yellow (Elevated) due to vulnerabilities in Mozilla and Cisco products and for heightened awareness of cyber activity in advance of the upcoming General Election. On October 21, the MS-ISAC released an advisory for a vulnerability in Mozilla Firefox which could allow for arbitrary code execution. On October 23, the MS-ISAC released an updated advisory for multiple vulnerabilities in Cisco Adaptive Security Appliance and Firepower Threat Defense, the most severe of which could allow for denial of service. On October 22, CISA and the FBI released joint advisories calling for heightened awareness regarding Russian and Iranian Advanced Persistent Threat (APT) actors attempting to compromise election-related systems. The advisories detailed vulnerabilities being used by the APT actors, as well as how to prevent and mitigate the effects of these compromise attempts. Organizations and users are advised to update and apply all appropriate vendor security patches to vulnerable systems and to continue to update their antivirus signatures daily. Another line of defense includes user awareness training regarding the threats posed by attachments and hypertext links contained in emails especially from un-trusted sources.

Information Hub


Pencil White paper 26 Oct 2020