The Broadband Guide
SG
search advanced
The Internet Traffic Report monitors the flow of data around the world. It then displays a value between zero and 100. Higher values indicate faster and more reliable connections.

 Username:
 Password:
Register
 forgot password?

Security Information

This page is dedicated to security, it includes local security information, as well as a number of syndicated security feeds, alerts, tools and news from major security portals. This page aims to provide a single security information access point, helping you stay current with recent security threats. You can check the SG Security FAQ and visit the SG Security forum with any questions you might have.



SG Security Scan

The SG Security Scan is a great tool that tests a number of ports on your computer for the most common vulnerabilities.

SG Security Scanner
Vulterable Ports
Commonly Open Ports
SG Ports - comprehensive database of known TCP/UDP ports

 

SG Security Articles

General Security Guide
How To Crack WEP and WPA Wireless Networks
How to Secure your Wireless Network
How to Stop Denial of Service (DoS) Attacks
IRDP Security Vulnerability in Windows 9x
Which VPN Protocol to use?
Why encrypt your online traffic with VPN ?



Latest Security Advisories (US-CERT)


CISA Adds One Known Exploited Vulnerability to Catalog (2023.05.26)

CISA has added one new vulnerability to itsKnown Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

  • CVE-2023-2868Barracuda Networks ESG Appliance Improper Input Validation Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.Note:To view other newly added vulnerabilities in the catalog, click on the arrow in the "Date Added to Catalog" columnwhich will sort by descending dates.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilitiesestablished the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See theBOD 22-01 Fact Sheetfor more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation ofCatalog vulnerabilitiesas part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet thespecified criteria.

This product is provided subject to thisNotificationand thisPrivacy & Usepolicy.



CISA Warns of Hurricane Typhoon-Related Scams (2023.05.25)

CISA urges users to remain on alert for malicious cyber activity following a natural disaster such as a hurricane or typhoon, as attackers target potential disaster victims by leveraging social engineering tactics, techniques, and procedures (TTPs). Social engineering TTPs include phishing attacks that use email or malicious websites to solicit personal information by posing as a trustworthy organization, notably as charities providing relief. Exercise caution in handling emails with hurricane/typhoon-related subject lines, attachments, or hyperlinks to avoid compromise. In addition, be wary of social media pleas, texts, or door-to-door solicitations related to severe weather events.

CISA encourages users to review the Federal Trade Commissions Staying Alert to Disaster-related Scamsand Before Giving to a Charity, and CISAs Using Caution with Email Attachmentsand Tips on Avoiding Social Engineering and Phishing Attacksto avoid falling victim to malicious attacks.



CISA Releases One Industrial Control Systems Advisory (2023.05.25)

CISA released one Industrial Control Systems (ICS) advisory on May 25, 2023. This advisory provides timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

CISA encourages users and administrators to review the newly released ICS advisory for technical details and mitigations.



CISA and Partners Release Cybersecurity Advisory Guidance detailing PRC state-sponsored actors evading detection by Living off the Land (2023.05.24)

Today, CISA joined the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and international partners in releasing a joint cybersecurity advisory highlighting recently discovered activities conducted by a Peoples Republic of China (PRC) state-sponsored cyber threat actor.

This advisory highlights how PRC cyber actors use techniques called living off the land to evade detection by using built-in networking administration tools to compromise networks and conduct malicious activity. This enables the cyber actor to blend in with routine Windows system and network activities, limit activity and data captured in default logging configurations, and avoid endpoint detection and response (EDR) products that could alert to the introduction of third-party applications on the host or network. Private sector partners have identified that this activity affects networks across U.S. critical infrastructure sectors, and the authoring agencies believe the actor could apply the same techniques against these and other sectors worldwide.

The authoring agencies have identified potential indicators associated with these techniques. To hunt for this activity, CISA and partners encourage network defenders to use the actors commands and detection signatures provided in this advisory. CISA and partners further encourage network defenders to view the indicators of compromise (IOCs) and mitigations summaries to detect this activity.



CISA and Partners Update the #StopRansomware Guide, Developed through the Joint Ransomware Task Force JRTF (2023.05.23)

Today, CISA, the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) published an updated version of the #StopRansomware Guide, as ransomware actors have accelerated their tactics and techniques since its initial release in 2020. The updateincorporates lessons learned from the past two years and includes additional recommended actions, resources, and tools to maximize its relevancy and effectiveness and to further help reduce the prevalence and impacts of ransomware.

The #StopRansomware Guideserves as a one-stop resource to help organizations reduce the risk of ransomware incidents through best practices to detect, prevent, respond, and recover, including step-by-step approaches to address potential attacks. The authoring organizations recommend that entities review this joint guide to prepare and protect their facilities, personnel, and customers from the impacts of ransomware and data exfiltration. For more information and to access the latest resources about how to stop ransomware, please visit stopransomware.gov.

This joint guide was developed through the Joint Ransomware Task Force (JRTF), an interagency collaborative effort to reduce the prevalence and impact of ransomware attacks. JRTF was established by Congress in 2022 and is co-chaired by CISA and FBI. For additional information about the JRTF, please visit CISA's newly launched Joint Ransomware Task Force (JRTF) webpage.



CISA Releases Four Industrial Control Systems Advisories (2023.05.23)

CISA released four Industrial Control Systems (ICS) advisories on May 23, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations.



      CISA Adds Three Known Exploited Vulnerabilities to Catalog (2023.05.22)

      CISA has added three new vulnerabilities to itsKnown Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

      • CVE-2023-32409Apple Multiple Products WebKit Sandbox Escape Vulnerability
      • CVE-2023-28204Apple Multiple Products WebKit Out-of-Bounds Read Vulnerability
      • CVE-2023-32373Apple Multiple Products WebKit Use-After-Free Vulnerability

      These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.Note:To view other newly added vulnerabilities in the catalog, click on the arrow in the "Date Added to Catalog" columnwhich will sort by descending dates.

      Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilitiesestablished the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See theBOD 22-01 Fact Sheetfor more information.

      Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation ofCatalog vulnerabilitiesas part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet thespecified criteria.



      CISA Adds Three Known Exploited Vulnerabilities to Catalog (2023.05.19)

      CISA has added three new vulnerabilities to itsKnown Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

      • CVE-2004-1464Cisco IOS Denial-of-Service Vulnerability
      • CVE-2016-6415Cisco IOS, IOS XR, and IOS XE IKEv1 Information Disclosure Vulnerability
      • CVE-2023-21492Samsung Mobile Devices Insertion of Sensitive Information Into Log File Vulnerability

      These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.Note:To view other newly added vulnerabilities in the catalog, click on the arrow in the "Date Added to Catalog" columnwhich will sort by descending dates.

      Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilitiesestablished the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See theBOD 22-01 Fact Sheetfor more information.

      Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation ofCatalog vulnerabilitiesas part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet thespecified criteria.



       

      top
      News Glossary of Terms FAQs Polls Cool Links SpeedGuide Teams SG Premium Services SG Gear Store
      Registry Tweaks Broadband Tools Downloads/Patches Broadband Hardware SG Ports Database Security Default Passwords User Stories
      Broadband Routers Wireless Firewalls / VPNs Software Hardware User Reviews
      Broadband Security Editorials General User Articles Quick Reference
      Broadband Forums General Discussions
      Advertising Awards Link to us Server Statistics Helping SG About