The Broadband Guide
SG
search advanced
The Internet Traffic Report monitors the flow of data around the world. It then displays a value between zero and 100. Higher values indicate faster and more reliable connections.

 Username:
 Password:
Register
 forgot password?

Security Information

This page is dedicated to security, it includes local security information, as well as a number of syndicated security feeds, alerts, tools and news from major security portals. This page aims to provide a single security information access point, helping you stay current with recent security threats. You can check the SG Security FAQ and visit the SG Security forum with any questions you might have.



SG Security Scan

The SG Security Scan is a great tool that tests a number of ports on your computer for the most common vulnerabilities.

SG Security Scanner
Vulterable Ports
Commonly Open Ports
SG Ports - comprehensive database of known TCP/UDP ports

 

SG Security Articles

General Security Guide
How To Crack WEP and WPA Wireless Networks
IRDP Security Vulnerability in Windows
Why encrypt your online traffic with VPN ?



Latest Threats - Symantec

Backdoor.Exemyr - (2019.01.22) Risk Level: Very Low. Type: Trojan.
Trojan.Cartbat g2 - (2019.01.21) Risk Level: Very Low. Type: Trojan.
Trojan.Cartbat - (2019.01.21) Risk Level: Very Low. Type: Trojan.
Trojan.Cartbat g1 - (2019.01.20) Risk Level: Very Low. Type: Trojan.
ISB.Downloader gen198 - (2019.01.06) Risk Level: Very Low. Type: Trojan.
Ransom.MongoLock - (2019.01.16) Risk Level: Very Low. Type: Trojan.
Bloodhound.RTF.15 - (2019.01.15) Risk Level: Very Low. Type: Trojan.
Bloodhound.RTF.16 - (2019.01.15) Risk Level: Very Low. Type: Trojan.
Bloodhound.RTF.17 - (2019.01.15) Risk Level: Very Low. Type: Trojan.
Bloodhound.RTF.18 - (2019.01.15) Risk Level: Very Low. Type: Trojan.

 

Latest Security Advisories (US-CERT)


CISA Emergency Directive on DNS Infrastructure Tampering (2019.01.22)
Original release date: January 22, 2019

The U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive to address ongoing incidents associated with global Domain Name System (DNS) infrastructure tampering. CISA is aware of multiple executive branch agency domains that were impacted by the tampering campaign and has notified the agencies that maintain them.The directive requires Federal agencies to take specific steps and comply with reporting procedures to mitigate risks from undiscovered tampering, prevent illegitimate DNS activity, and detect unauthorized certificates.

Federal agencies should review Emergency Directive 19-01 for required actions and reporting procedures.




Apple Releases Multiple Security Updates (2019.01.22)
Original release date: January 22, 2019

Apple has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), encourages users and administrators to review the Apple Security Updates page and apply the necessary updates.




Adobe Releases Security Updates (2019.01.22)
Original release date: January 22, 2019

Adobe has released security updates to address vulnerabilities in Adobe Experience Manager. An attacker could exploit these vulnerabilities to obtain sensitive information.

The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), encourages users and administrators to review Adobe Security Bulletins APSB19-03 and APSB19-09 and apply the necessary updates.




Data Privacy Day (2019.01.22)
Original release date: January 22, 2019

January 28 is Data Privacy Day (DPD), an annual effort to promote data privacy awareness and education. This years DPD events, sponsored by the National Cyber Security Alliance (NCSA), focus around the theme, A New Era in Privacy.

The NCSA Stay Safe Online website will feature a live stream of the Data Privacy Day 2019 Live From LinkedIn event, which includes presentations on opportunities and challenges and the future of privacy, as well as a TED-style talk with the Amazon Web Services Global principal security architect.

The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), encourages users and administrators to review NCSAs tips on Managing Your Privacy and the following NCCIC tips:




Drupal Releases Security Updates (2019.01.16)
Original release date: January 16, 2019

Drupal has released security updates addressing vulnerabilities in Drupal 7.x, 8.5.x, and 8.6.x. A remote attacker could exploit these vulnerabilities to take control of an affected system.

The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), encourages users and administrators to review Drupals security advisories SA-CORE-2019-001 and SA-CORE-2019-002 and apply the necessary updates.




Oracle Releases January 2019 Security Bulletin (2019.01.15)
Original release date: January 15, 2019

Oracle has released its Critical Patch Update for January 2019 to address 284 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), encourages users and administrators to review the Oracle January 2019 Critical Patch Update and apply the necessary updates.




DNS Infrastructure Hijacking Campaign (2019.01.10)
Original release date: January 10, 2019 | Last revised: January 11, 2019

The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), is aware of a global Domain Name System (DNS) infrastructure hijacking campaign. Using compromised credentials, an attacker can modify the location to which an organizations domain name resources resolve. This enables the attacker to redirect user traffic to attacker-controlled infrastructure and obtain valid encryption certificates for an organizations domain names, enabling man-in-the-middle attacks.

NCCIC encourages administrators to review the FireEye and Cisco Talos Intelligence blogs on global DNS infrastructure hijacking for more information. Additionally, NCCIC recommends the following best practices to help safeguard networks against this threat:

  • Implement multifactor authentication on domain registrar accounts, or on other systems used to modify DNS records.
  • Verify that DNS infrastructure (second-level domains, sub-domains, and related resource records) points to the correct Internet Protocol addresses or hostnames.
  • Search for encryption certificates related to domains and revoke any fraudulently requested certificates.



Juniper Networks Releases Multiple Security Updates (2019.01.09)
Original release date: January 09, 2019

Juniper Networks has released multiple security updates to address vulnerabilities in various Juniper products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), encourages users and administrators to review Junipers Security Advisories webpage and apply the necessary updates.




 

top
News Glossary of Terms FAQs Polls Cool Links SpeedGuide Teams SG Premium Services SG Gear Store
Registry Tweaks Broadband Tools Downloads/Patches Broadband Hardware SG Ports Database Security Default Passwords User Stories
Broadband Routers Wireless Firewalls / VPNs Software Hardware User Reviews
Broadband Security Editorials General User Articles Quick Reference
Broadband Forums General Discussions
Advertising Awards Link to us Server Statistics Helping SG About