![]() ![]() |
Security InformationThis page is dedicated to security, it includes local security information, as well as a number of syndicated security feeds, alerts, tools and news from major security portals. This page aims to provide a single security information access point, helping you stay current with recent security threats. You can check the SG Security FAQ and visit the SG Security forum with any questions you might have. SG Security ScanThe SG Security Scan is a great tool that tests a number of ports on your computer for the most common vulnerabilities.![]() ![]() ![]() ![]()
SG Security Articles![]() ![]() ![]() ![]() ![]() ![]() ![]() Latest Security Advisories (US-CERT)CISA Releases Two Industrial Control Systems Advisories (2024.07.25) CISA released two Industrial Control Systems (ICS) advisories on July 25, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.
CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations. FBI, CISA, and Partners Release Advisory Highlighting North Korean Cyber Espionage Activity (2024.07.25) Today, CISAin partnership with the Federal Bureau of Investigation (FBI)released a joint Cybersecurity Advisory, North Korea State-Sponsored Cyber Group Conducts Global Espionage Campaign to Advance Regimes Military and Nuclear Programs. The advisory was coauthored with the following organizations:
This advisory was crafted to highlight cyber espionage activity associated with the Democratic Peoples Republic of Korea (DPRK)s Reconnaissance General Bureau (RGB) 3rd Bureau based in Pyongyang and Sinuiju. The group primarily targets defense, aerospace, nuclear, and engineering entities to obtain sensitive and classified technical information and intellectual property to advance the regimes military and nuclear programs and ambitions. The authoring agencies believe the group and the cyber techniques remain an ongoing threat to various industry sectors worldwide, including but not limited to entities in their respective countries, as well as in Japan and India. All critical infrastructure organizations are encouraged to review the advisory and implement the recommended mitigations. For more information on North Korean state-sponsored threat actor activity, see CISAs North Korea Cyber Threat Overview and Advisories page. Andariel actors fund their espionage activity through ransomware operations against U.S. healthcare entities. For more information on this ransomware activity, see joint advisories #StopRansomware: Ransomware Attacks on Critical Infrastructure Fund DPRK Malicious Cyber Activities and North Korean State-Sponsored Cyber Actors Use Maui Ransomware to Target the Healthcare and Public Health Sector. ISC Releases Security Advisories for BIND 9 (2024.07.24) The Internet Systems Consortium (ISC) released security advisories to address vulnerabilities affecting multiple versions of ISCs Berkeley Internet Name Domain (BIND) 9. A cyber threat actor could exploit one of these vulnerabilities to cause a denial-of-service condition. CISA encourages users and administrators to review the following advisories and apply the necessary updates:
CISA Releases Four Industrial Control Systems Advisories (2024.07.23) CISA released four Industrial Control Systems (ICS) advisories on July 23, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.
CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations. CISA Adds Two Known Exploited Vulnerabilities to Catalog (2024.07.23) CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria. Widespread IT Outage Due to CrowdStrike Update (2024.07.19) Note: CISA will update this Alert with more information as it becomes available. Update 12:30 p.m., EDT, July 26, 2024:
Update 12:00 p.m., EDT, July 24, 2024:
Update 9:45 a.m., EDT, July 21, 2024:
Update 12:30 p.m., EDT, July 20, 2024:
Update 7:30 p.m., EDT, July 19, 2024:
CISA continues to monitor the situation and will update this Alert to provide continued support. Initial Alert (11:30 a.m., EDT, July 19, 2024): CISA is aware of the widespread outage affecting Microsoft Windows hosts due to an issue with a recent CrowdStrike update and is working closely with CrowdStrike and federal, state, local, tribal and territorial (SLTT) partners, as well as critical infrastructure and international partners to assess impacts and support remediation efforts. CrowdStrike has confirmed the outage:
According to CrowdStrike, the issue has been identified, isolated and a fix has been deployed. CrowdStrike customer organizations should reference CrowdStrike guidance and their customer portal to resolve the issue. Of note, CISA has observed threat actors taking advantage of this incident for phishing and other malicious activity. CISA urges organizations and individuals to remain vigilant and only follow instructions from legitimate sources. CISA recommends organizations to remind their employees to avoid clicking on phishing emails or suspicious links. Ivanti Releases Security Updates for Endpoint Manager (2024.07.18) Ivanti released security updates to address vulnerabilities in Ivanti Endpoint Manager (EPM) and Ivanti Endpoint Manager for Mobile (EPMM). A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following Ivanti advisories and apply the necessary updates: Cisco Releases Security Updates for Multiple Products (2024.07.18) Cisco released security updates to address vulnerabilities in Cisco software. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following advisories and apply necessary updates:
|
Recent News
|