The CIS and MS-ISAC® cybersecurity professionals analyze risks and alert members to current online security threats.
Advisories Released (Last 12 Months)
Multiple Vulnerabilities in Cisco WebEx Network Recording Player for Advanced Recording Format Files Could Allow for Arbitrary Code Execution MS-ISAC…
Multiple Vulnerabilities in Cisco WebEx Network Recording Player for Advanced Recording Format Files Could Allow for Arbitrary Code Execution
Read the Details
The information on this page is maintained by our Security Operations Center, which is part of MS-ISAC and EI-ISAC.
Are you an employee at a U.S. state, territorial, local, or tribal government? Join MS-ISAC for more detailed analysis and information sharing.
Join MS-ISAC
The EI-ISAC is open to U.S. SLTT government organizations that support the elections officials of the United States, and associations thereof.
Join EI-ISAC
Subscribe to Advisories
Timely Updates When You Need to Take Action
See our CIS Benchmarks for Secure Platforms
The alert level is the overall current threat level.
Read more about our approach.
On October 17, 2018, the Cyber Threat Alert Level was evaluated and is remaining at Blue (Guarded) due to multiple vulnerabilities in Juniper, PHP, IBM, Oracle, and Google Chrome. On October 11, the MS-ISAC released an advisory for multiple vulnerabilities in Juniper products, the most severe of which could allow for remote code execution. On October 12, the MS-ISAC released an advisory for multiple vulnerabilities in PHP, the most severe of which could allow for arbitrary code execution. On October 15, the MS-ISAC released an advisory for multiple vulnerabilities in IBM WebSphere, the most severe of which could allow for remote code execution. On October 16, the MS-ISAC released an advisory for multiple vulnerabilities in Oracle, as well as an advisory for multiple vulnerabilities in Google Chrome. Both advisories detail vulnerabilities which could allow for arbitrary code execution. Organizations and users are advised to update and apply all appropriate vendor security patches to vulnerable systems and to continue to update their antivirus signatures daily. Another line of defense includes user awareness training regarding the threats posed by attachments and hypertext links contained in emails especially from un-trusted sources.
