CIS Logo
tagline: Confidence in the Connected World
Image of two men reading manual

Cybersecurity Threats

The CIS® and MS-ISAC® cybersecurity professionals analyze risks and alert members to current online security threats.

Alert Level: GUARDED
Low
Guarded
Elevated
High
Severe
Learn More Arrow

Our MS-ISAC Advisories

Advisories Released (Last 12 Months)

 
 

Hot Topic

  data-breach-breakdown  
The MS-ISAC identified 17 SLTT government data breaches in Q3 2018, yielding a decrease of 39% when compared to the previous quarter, while increasing 13% year-to-year. The education sector experienced the most data breaches this quarter, capturing 47% of the total. Additionally, the local sector also experienced a high rate of data breaches, absorbing 41% of the total, making it the second most affected sector type this quarter. Phishing and third-party breaches were the most prolific identified attack vectors this quarter, together accounting for 59% of total breaches. This quarter a Government Payment Services Inc. data breach affected approximately 2,300 state and local level entities across 35 states, this is represented as one third party breach in the data although 2,300 were impacted by the breach. The MS-ISAC recommends SLTT governments work with their legal teams to ensure service agreements enforce appropriate cybersecurity precautions with third-party contractors to mitigate the risk of breaches. Additionally, end user training plays a vital role in reducing the risks associated with phishing emails. Helpful information detailing how to identify phishing emails is available in the June 2018 newsletter.
 

Top Malware Last Month

  1. Emotet
  2. Kovter
  3. ZeuS
  4. NanoCore
  5. Cerber
  6. Gh0st
  7. CoinMiner
  8. Trickbot
  9. WannaCry
  10. Xtrat
Advisory icon

Latest advisory

Last Advisory 15 Jan 2019

Oracle Quarterly Critical Patches Issued January 15, 2019 MS-ISAC ADVISORY NUMBER: 2019-006 DATE(S) ISSUED: 01/15/2019 OVERVIEW: Multiple vulnerabilities have been…

Oracle Quarterly Critical Patches Issued January 15, 2019

Read the Details Arrow

Take Control of Your Organization's Security

ms-isac-office

The information on this page is maintained by our Security Operations Center, which is part of MS-ISAC and EI-ISAC.

Are you an employee at a U.S. state, territorial, local, or tribal government? Join MS-ISAC for more detailed analysis and information sharing.

Arrow Join MS-ISAC

The EI-ISAC is open to U.S. SLTT government organizations that support the elections officials of the United States, and associations thereof.

Arrow Join EI-ISAC

Interested in a particular platform?

Arrow See our CIS Benchmarks for Secure Platforms

Explanation of the Current Alert Level of GUARDED

The alert level is the overall current threat level.

Read more about our approach. Arrow

On January 16, 2019, the Cyber Threat Alert Level was evaluated and is remaining at Blue (Guarded) due to vulnerabilities in PHP and Oracle Products. On January 10, the MS-ISAC released an advisory for multiple vulnerabilities in PHP, the most severe of which could allow for arbitrary code execution. On January 15, the MS-ISAC released an advisory for multiple vulnerabilities in Oracle Products, the most severe of which could allow for arbitrary code execution. Organizations and users are advised to update and apply all appropriate vendor security patches to vulnerable systems and to continue to update their antivirus signatures daily. Another line of defense includes user awareness training regarding the threats posed by attachments and hypertext links contained in emails especially from un-trusted sources.

Information Hub

Pencil Advisory 15 Jan 2019
Pencil Advisory 10 Jan 2019
Pencil Advisory 08 Jan 2019
Pencil Advisory 08 Jan 2019