Entries by JES

FBI Releases Article on Privacy Risks Associated with Internet-Connected Children’s Toys

National Cyber Awareness System: Original release date: July 17, 2017 The Federal Bureau of Investigation (FBI) has released an article on the privacy risks associated with Internet-connected children’s toys. FBI warns that Internet-connected toys may contain “sensors, microphones, cameras, data storage components, and other multimedia capabilities – including speech recognition and GPS options” that may […]

Urgent :TA17-132A: Indicators Associated With WannaCry Ransomware

Original release date: May 12, 2017 | Last revised: May 13, 2017 Systems Affected Microsoft Windows operating systems Overview According to numerous open-source reports, a widespread ransomware campaign is affecting various organizations with reports of tens of thousands of infections in as many as 74 countries, including the United States, United Kingdom, Spain, Russia, Taiwan, […]

Tax Identity Theft Awareness Week

  This is Tax Identity Theft Awareness Week, and many federal agencies are offering consumers information and resources on the topic. US-CERT encourages taxpayers, business owners, and tax preparers to educate themselves on tax identity theft by reading Internal Revenue Service (IRS) publication Taxes.Security.Together. and the US-CERT Tip on Identity Theft. Users can also check […]

Guidance for Defending Against Destructive Malware

National Cyber Awareness System: The National Security Agency (NSA)’s Information Assurance Directorate has released a report on Defensive Best Practices for Destructive Malware. This report details several  steps network defenders can take to detect, contain and minimize destructive malware infections. US-CERT encourages users and administrators to review the NSA report and ICS-CERT TIP-15-022-01 for more […]

Microsoft Releases February 2015 Bulletin

National Cyber Awareness System Microsoft has released updates to address vulnerabilities in Windows as part of the Microsoft Security Bulletin Summary for February 2015. Some of these vulnerabilities could allow remote code execution, security feature bypass, elevation of privilege, or disclosure of information. US-CERT encourages users and administrators to review Microsoft Security Bulletin Summary MS15-FEB […]

Linux “Ghost” Remote Code Execution Vulnerability

National Cyber Awareness System: The Linux GNU C Library (glibc) versions prior to 2.18 are vulnerable to remote code execution via a vulnerability in the gethostbyname function. Exploitation of this vulnerability may allow a remote attacker to take control of an affected system. Linux distributions employing glibc-2.18 and later are not affected. US-CERT recommends users […]