Main
Broadband
Reviews
Articles
Forums
Info
The Broadband Guide
SG
search advanced
Main
Broadband
Reviews
Articles
Forums
Info
The Internet Traffic Report monitors the flow of data around the world. It then displays a value between zero and 100. Higher values indicate faster and more reliable connections.

Login
Please Login
Shortcuts

Security Information

This page is dedicated to security, it includes local security information, as well as a number of syndicated security feeds, alerts, tools and news from major security portals. This page aims to provide a single security information access point, helping you stay current with recent security threats. You can check the SG Security FAQ and visit the SG Security forum with any questions you might have.



SG Security Scan

The SG Security Scan is a great tool that tests a number of ports on your computer for the most common vulnerabilities.

SG Security Scanner
Vulterable Ports
Commonly Open Ports
SG Ports - comprehensive database of known TCP/UDP ports

 

SG Security Articles

General Security Guide
How To Crack WEP and WPA Wireless Networks
How to Secure your Wireless Network
How to Stop Denial of Service (DoS) Attacks
IRDP Security Vulnerability in Windows 9x
Which VPN Protocol to use?
Why encrypt your online traffic with VPN ?



Latest Security Advisories (US-CERT)


CISA Adds Three Known Exploited Vulnerabilities to Catalog (2025.04.28)

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

  • CVE-2025-1976 Broadcom Brocade Fabric OS Code Injection Vulnerability
  • CVE-2025-42599 Qualitia Active! Mail Stack-Based Buffer Overflow Vulnerability
  • CVE-2025-3928 Commvault Web Server Unspecified Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.



CISA Releases Seven Industrial Control Systems Advisories (2025.04.24)

CISA released seven Industrial Control Systems (ICS) advisories on April 24, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.



CISA Releases Five Industrial Control Systems Advisories (2025.04.22)

CISA released five Industrial Control Systems (ICS) advisories on April 22, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.



CISA Releases Six Industrial Control Systems Advisories (2025.04.17)

CISA released six Industrial Control Systems (ICS) advisories on April 17, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.



CISA Adds Three Known Exploited Vulnerabilities to Catalog (2025.04.17)

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

  • CVE-2025-31200 Apple Multiple Products Memory Corruption Vulnerability
  • CVE-2025-31201 Apple Multiple Products Arbitrary Read and Write Vulnerability
  • CVE-2025-24054 Microsoft Windows NTLM Hash Disclosure Spoofing Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.



CISA Releases Guidance on Credential Risks Associated with Potential Legacy Oracle Cloud Compromise (2025.04.16)

CISA is aware of public reporting regarding potential unauthorized access to a legacy Oracle cloud environment. While the scope and impact remains unconfirmed, the nature of the reported activity presents potential risk to organizations and individuals, particularly where credential material may be exposed, reused across separate, unaffiliated systems, or embedded (i.e., hardcoded into scripts, applications, infrastructure templates, or automation tools). When credential material is embedded, it is difficult to discover and can enable long-term unauthorized access if exposed.

The compromise of credential material, including usernames, emails, passwords, authentication tokens, and encryption keys, can pose significant risk to enterprise environments. Threat actors routinely harvest and weaponize such credentials to: 

  • Escalate privileges and move laterally within networks.
  • Access cloud and identity management systems.
  • Conduct phishing, credential-based, or business email compromise (BEC) campaigns.  
  • Resell or exchange access to stolen credentials on criminal marketplaces.
  • Enrich stolen data with prior breach information for resale and/or targeted intrusion. 

CISA recommends the following actions to reduce the risks associated with potential credential compromise: 

  • For Organizations:
    • Reset passwords for any known affected users across enterprise services, particularly where local credentials may not be federated through enterprise identity solutions.  
    • Review source code, infrastructure-as-code templates, automation scripts, and configuration files for hardcoded or embedded credentials and replace them with secure authentication methods supported by centralized secret management.
    • Monitor authentication logs for anomalous activity, especially involving privileged, service, or federated identity accounts, and assess whether additional credentials (such as API keys and shared accounts) may be associated with any known impacted identities.
    • Enforce phishing-resistant multi-factor authentication (MFA) for all user and administrator accounts wherever technically feasible.
    • For additional information for or on Cloud security best practices please review the following Cybersecurity Information Sheets: CISA and NSA Release Cybersecurity Information Sheets on Cloud Security Best Practices.
  • For Users:
    • Immediately update any potentially affected passwords that may have been reused across other platforms or services.
    • Use strong, unique passwords for each account and enable phishing-resistant multifactor authentication (MFA) on services and applications that support it. For more information on using strong passwords, see CISAs Use Strong Passwords web page. For more information on phishing-resistant MFA see CISAs Implementing Phishing-Resistant MFA Fact Sheet.
    • Remain alert against phishing attempts (e.g., referencing login issues, password resets, or suspicious activity notifications) and reference Phishing Guidance: Stopping the Attack Cycle at Phase One.

Organizations should report incidents and anomalous activity to CISAs 24/7 Operations Center at Report@cisa.gov or (888) 282-0870. 

 Disclaimer:  

The information in this report is being provided as is for informational purposes only. CISA does not endorse any commercial entity, product, company, or service, including any entities, products, or services linked within this document. Any reference to specific commercial entities, products, processes, or services by service mark, trademark, manufacturer, or otherwise, does not constitute or imply endorsement, recommendation, or favoring by CISA. 



CISA Adds One Known Exploited Vulnerability to Catalog (2025.04.16)

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

  • CVE-2021-20035 SonicWall SMA100 Appliances OS Command Injection Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.



CISA Releases Nine Industrial Control Systems Advisories (2025.04.15)

CISA released nine Industrial Control Systems (ICS) advisories on April 15, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.



 

top
Recent News
News Glossary of Terms FAQs Polls Cool Links SpeedGuide Teams SG Premium Services SG Gear Store
Registry Tweaks Broadband Tools Downloads/Patches Broadband Hardware SG Ports Database Security Default Passwords User Stories
Broadband Routers Wireless Firewalls / VPNs Software Hardware User Reviews
Broadband Security Editorials General User Articles Quick Reference
Broadband Forums General Discussions
Advertising Awards Link to us Server Statistics Helping SG About