This page is dedicated to security, it includes local security information, as well as a number of syndicated security feeds, alerts, tools and news from major security portals. This page aims to provide a single security information access point, helping you stay current with recent security threats. You can check the SG Security FAQ and visit the SG Security forum with any questions you might have.
SG Security ScanThe SG Security Scan is a great tool that tests a number of ports on your computer for the most common vulnerabilities.
SG Security Scanner
Commonly Open Ports
SG Ports - comprehensive database of known TCP/UDP ports
SG Security ArticlesGeneral Security Guide
How To Crack WEP and WPA Wireless Networks
How to Secure your Wireless Network
How to Stop Denial of Service (DoS) Attacks
IRDP Security Vulnerability in Windows 9x
Which VPN Protocol to use?
Why encrypt your online traffic with VPN ?
Latest Security Advisories (US-CERT)
CISA Releases Resource Guide for University Cybersecurity Clinics (2024.02.28)
Today, CISA released a Resource Guide for Cybersecurity Clinics to outline ways CISA can partner with and support cybersecurity clinics and their clients.
University cybersecurity clinics train students from diverse backgrounds and academic expertise to strengthen the digital defenses of non-profits, hospitals, municipalities, small businesses, and other under-resourced organizations. They can help address the national cyber workforce gap by developing a talent pipeline for cyber civil defense and helping students see themselves in a cybersecurity career.
CISA encourages clinics to engage with CISA and leverage the CISA resources outlined in the guide. CISA also encourages more universities to consider starting their own cybersecurity clinics as they play an important role in strengthening the cybersecurity posture of small organizations at the local level.
CISA Releases Two Industrial Control Systems Advisories (2024.02.27)
CISA released two Industrial Control Systems (ICS) advisories on February 27, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.
CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations.
CISA, FBI, and HHS Release an Update to #StopRansomware Advisory on ALPHV Blackcat (2024.02.27)
Today, CISA, the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS) released an update to the joint advisory #StopRansomware: ALPHV Blackcat to provide new indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) associated with the ALPHV Blackcat ransomware as a service (RaaS). ALPHV Blackcat affiliates have been observed primarily targeting the healthcare sector.
CISA, the FBI, and HHS urge network defenders to review the updated joint advisory to protect and detect against malicious activity.
All organizations are encouraged to share information on incidentsand anomalous activity to CISAs 24/7 Operations Center at firstname.lastname@example.org or via our Report page, and/or to the FBI via your local FBI field office or the FBIs 24/7 CyWatch at (855) 292-3937 or CyWatch@fbi.gov. For more on ransomware, visit stopransomware.gov.
CISA, NCSC-UK, and Partners Release Advisory on Russian SVR Actors Targeting Cloud Infrastructure (2024.02.26)
CISA, in partnership with UK National Cyber Security Centre (NCSC) and other U.S. and international partners released the joint advisory, SVR Cyber Actors Adapt Tactics for Initial Cloud Access. This advisory provides recent tactics, techniques, and procedures (TTPs) used by Russian Foreign Intelligence Service (SVR) cyber actorsalso known as APT29, the Dukes, CozyBear, and NOBELIUM/Midnight Blizzardto gain initial access into a cloud environment.
The authoring agencies encourage network defenders and organizations review the joint advisory for recommended mitigations. For more information on APT29, see joint CSA Russian Foreign Intelligence Service (SVR) Exploiting JetBrains TeamCity CVE Globally or visit CISAs Russia Cyber Threat Overview and Advisories page. For more guidance on cloud security best practices, see CISAs Secure Cloud Business Applications (SCuBA) Project.
Updated Top Cyber Actions for Securing Water Systems (2024.02.23)
Today, CISA, the Environmental Protection Agency (EPA), and the Federal Bureau of Investigation (FBI) updated the joint fact sheet Top Cyber Actions for Securing Water Systems. This update includes additional resourcesfrom American Water Works Association, the WaterISAC, and MS-ISACto support water systems in defending against from malicious cyber activity.
The fact sheet outlines the following practical actions Water and Wastewater Systems (WWS) Sector entities can take to better protect water systems from malicious cyber activity and provides actionable guidance to implement concurrently:
CISA, EPA, and FBI urge all WWS Sector and critical infrastructure organizations to review the fact sheet and implement the actions to improve resilience to cyber threat activity. Organizations can visit cisa.gov/water for additional sector tools, information, and resources.
CISA Releases One Industrial Control Systems Advisory (2024.02.22)
CISA released one Industrial Control Systems (ICS) advisory on February 22, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.
CISA encourages users and administrators to review the newly released ICS advisory for technical details and mitigations.
CISA Adds One Known Exploited ConnectWise Vulnerability, CVE-2024-1709, to Catalog (2024.02.22)
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.
Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.
Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
Mozilla Releases Security Updates for Firefox and Thunderbird (2024.02.21)
Mozilla released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected system.
CISA encourages users and administrators to review the following Mozilla Security Advisories and apply the necessary updates: