|
Secure Your Organization |
|
CIS Controls®
Prioritized & simplified best practices CIS Controls CommunityHelp develop and maintain the Controls CIS RAMInformation security risk assessment method CIS CSATAssess & measure Controls implementation |
|
|
Secure Specific Platforms |
|
CIS Benchmarks™
100+ vendor-neutral configuration guides CIS Benchmarks CommunityDevelop & update secure configuration guides CIS-CAT®Assess system conformance to CIS Benchmarks CIS Hardened Images®Virtual images hardened to CIS Benchmarks |
|
CIS SecureSuite®
Start secure and stay secure with integrated cybersecurity tools and resources designed to help you implement CIS Benchmarks and CIS Controls Learn More Apply Now |
|
U.S. State, Local, Tribal & Territorial Governments |
MembershipsMS-ISAC®Cybersecurity resource for SLTT Governments EI-ISAC®Election-focused cyber defense suite Services for MembersAlbert Network Monitoring®Cost-effective Intrusion Detection System Managed Security ServicesSecurity monitoring of enterprises devices CIS Endpoint Security ServicesDevice-level protection and response CIS CyberMarket®Savings on training and software Malicious Domain Blocking & ReportingPrevent Connection to harmful web domains View All CIS Services |
|
| View All Products & Services | |
|
Resources |
|
|
|
|
Learn |
|
|
|
|
Filter by Topic |
|
|
|
| View All Resources | |
|
|
The CIS® and MS-ISAC® cybersecurity professionals analyze risks and alert members to current online security threats.
Advisories Released (Last 12 Months)
Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution MS-ISAC ADVISORY NUMBER: 2022-010 DATE(S) ISSUED: 01/19/2022 OVERVIEW: Multiple…
Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution
Read the Details
The information on this page is maintained by our Security Operations Center, which is part of MS-ISAC and EI-ISAC.
Are you an employee at a U.S. state, territorial, local, or tribal government? Join MS-ISAC for more detailed analysis and information sharing.
Join MS-ISAC
The EI-ISAC is open to U.S. SLTT government organizations that support the elections officials of the United States, and associations thereof.
Join EI-ISAC
Subscribe to Advisories
Timely Updates When You Need to Take Action
See our CIS Benchmarks for Secure Platforms
The alert level is the overall current threat level.
Read more about our approach.
On January 26, the Cyber Threat Alert Level was evaluated and is remaining at Blue (Guarded) due to vulnerabilities in Google, Cisco, WordPress, F5Networks and Polkit products. On January 19, the MS-ISAC released and advisory for multiple vulnerabilities in Google Chrome, the most severe of which could allow for arbitrary code execution. On January 21, the MS-ISAC released two advisories. The first advisory was for multiple vulnerabilities in Cisco products, the most severe of which could allow for arbitrary code execution. The second advisory was for a backdoor in WordPress AccessPress plugins that could allow for a malicious actor to gain full access to a vulnerable website. On January 25, the MS-ISAC released an advisory for a vulnerability in F5Networks BIG-IP that could allow for denial of service. On January 26, the MS-ISAC released an advisory for a vulnerability in Polkit’s pkexec component that could allow for local escalation of privilege. Organizations and users are advised to update and apply all appropriate vendor security patches to vulnerable systems and to continue to update their antivirus signatures daily. Another line of defense includes user awareness training regarding the threats posed by attachments and hypertext links contained in emails especially from un-trusted sources.
