Security Articles

Cisco Releases Security Updates

Original release date: February 27, 2019

Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit one of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Cisco Advisories and apply the necessary updates:

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Security Articles

National Consumer Protection Week

Original release date: February 27, 2019

National Consumer Protection Week (NCPW) is March 3–9. This annual event encourages individuals and businesses to learn about their consumer rights and how to keep themselves secure. The Federal Trade Commission (FTC) and its NCPW partners provide free resources to protect consumers from fraud, scams, and identity theft.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages consumers to review FTC’s NCPW resource page, participate in the NCPW Twitter chats and Facebook Live event, and review the following CISA tips:

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Security Articles

OpenSSL Releases Security Update

Original release date: February 26, 2019

OpenSSL version 1.0.2r has been released to address a vulnerability for users of versions 1.0.2–1.0.2q. An attacker could exploit this vulnerability to obtain sensitive information.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the OpenSSL Security Advisory and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Security Articles

ISC Releases Security Updates for BIND

Original release date: February 22, 2019

The Internet Systems Consortium (ISC) has released security updates that address vulnerabilities affecting multiple versions of ISC Berkeley Internet Name Domain (BIND). A remote attacker could exploit one of these vulnerabilities to cause a denial-of-service condition.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the ISC advisories for CVE-2018-5744, CVE-2018-5745, and CVE-2019-6465, and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Security Articles

Drupal Releases Security Updates

Original release date: February 21, 2019

Drupal has released security updates to address a vulnerability in Drupal Core. A remote attacker could exploit this vulnerability to take control of an affected system.


The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Drupal’s security advisory and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Security Articles

Adobe Releases Security Updates

Original release date: February 21, 2019

Adobe has released security updates to address a vulnerability in Adobe Acrobat and Reader. An attacker could exploit this vulnerability to obtain sensitive information.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Adobe Security Bulletin APSB19-13 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Security Articles

Cisco Releases Security Updates

Original release date: February 20, 2019

Cisco has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Cisco Security Advisory and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Security Articles

VMware Releases Security Updates

Original release date: February 15, 2019

VMware has released security updates to address a vulnerability affecting multiple VMware products. An attacker could exploit this vulnerability to take control of an affected system.  

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review VMware Security Advisory VMSA-2019-0001 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Security Articles

Mozilla Releases Security Update for Thunderbird

Original release date: February 14, 2019

Mozilla has released a security update to address vulnerabilities in Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Mozilla Security Advisory for Thunderbird 60.5.1 and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Security Articles

Mozilla Releases Security Updates for Firefox

Original release date: February 12, 2019

Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system.

The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), encourages users and administrators to review the Mozilla Security Advisories for Firefox 65.0.1 and Firefox ESR 60.5.1 and apply the necessary updates. 

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Security Articles

ST18-007: Questions Every CEO Should Ask About Cyber Risks

Cyber Security Tips from US-CERT - Tue, 12/04/2018 - 11:52
Original release date: December 04, 2018 | Last revised: December 14, 2018

As technology continues to evolve, cyber threats continue to grow in sophistication and complexity. Cyber threats affect businesses of all sizes and require the attention and involvement of chief executive officers (CEOs) and other senior leaders. To help companies understand their risks and prepare for cyber threats, CEOs should discuss key cybersecurity risk management topics with their leadership and implement cybersecurity best practices. The best practices listed in this document have been compiled from lessons learned from incident response activities and managing cyber risk.

What should CEOs know about the cybersecurity threats their companies face?

CEOs should ask the following questions about potential cybersecurity threats:

  • How could cybersecurity threats affect the different functions of my business, including areas such as supply chain, public relations, finance, and human resources?
  • What type of critical information could be lost (e.g., trade secrets, customer data, research, personally identifiable information)?
  • How can my business create long-term resiliency to minimize our cybersecurity risks?
  • What kind of cyber threat information sharing does my business participate in? With whom does my business exchange this information?
  • What type of information sharing practices could my business adopt that would help foster community among the different cybersecurity groups where my business is a member?
What can CEOs do to mitigate cybersecurity threats?

The following questions will help CEOs guide discussions about their cybersecurity risk with management:

  • What is the threshold for notifying executive leadership about cybersecurity threats?
  • What is the current level of cybersecurity risk for our company?
  • What is the possible business impact to our company from our current level of cybersecurity risk?
  • What is our plan to address identified risks?
  • What cybersecurity training is available for our workforce?
  • What measures do we employ to mitigate insider threats?
  • How does our cybersecurity program apply industry standards and best practices?
  • Are our cybersecurity program metrics measureable and meaningful? 
  • How comprehensive are our cybersecurity incident response plan and our business continuity and disaster recovery plan?
  • How often do we exercise our plans?
  • Do our plans incorporate the whole company or are they limited to information technology (IT)?
  • How prepared is my business to work with federal, state, and local government cyber incident responders and investigators, as well as contract responders and the vendor community?
Recommended Organizational Cybersecurity Best Practices

The cybersecurity best practices listed below can help organizations manage cybersecurity risks.

  • Elevate cybersecurity risk management discussions to the company CEO and the leadership team.
    • CEO and senior company leadership engagement in defining an organization's risk strategy and levels of acceptable risk is critical to a comprehensive cybersecurity risk plan. The company CEO—with assistance from the chief information security officer, chief information officer, and the entire leadership team—should ensure that they know how their divisions affect the company’s overall cyber risk. In addition, regular discussion with the company board of directors regarding these risk decisions ensures visibility to all company decision makers.
      • Executives should construct policy from the top down to ensure everyone is empowered to perform the tasks related to their role in reducing cybersecurity risk. A top-down policy defines roles and limits the power struggles that can hurt IT security.
  • Implement industry standards and best practices rather than relying solely on compliance standards or certifications.
    • Lower cybersecurity risks by implementing industry benchmarks and best practices (e.g., follow best practices from organizations like the Center for Internet Security). Organizations should tailor best practices to ensure they are relevant for their specific use cases.
    • Follow consistent best practices to establish an organizational baseline of expected enterprise network behavior. This allows organizations to be proactive in combatting cybersecurity threats, rather than expending resources to "put out fires."
    • Compliance standards and regulations (e.g., the Federal Information Security Modernization Act) provide guidance on minimal requirements; however, there is more businesses can do to go beyond the requirements.
  • Evaluate and manage organization-specific cybersecurity risks.
    • Identify your organization’s critical assets and the associated impacts from cybersecurity threats to those assets to understand your organization’s specific risk exposure—whether financial, competitive, reputational, or regulatory. Risk assessment results are a key input to identify and prioritize specific protective measures, allocate resources, inform long-term investments, and develop policies and strategies to manage cybersecurity risks.
    • Ask the questions that are necessary to understanding your security planning, operations, and security-related goals. For example, it is better to focus on the goals your organization will achieve by implementing overall security controls instead of inquiring about specific security controls, safeguards, and countermeasures.
    • Focus cyber enterprise risk discussions on "what-if" situations and resist the "it can't happen here" patterns of thinking.
    • Create a repeatable process to cross-train employees to conduct risk and incident management as an institutional practice. Often, there are only a few employees with subject matter expertise in key areas.
  • Ensure cybersecurity risk metrics are meaningful and measurable.
    • An example of a useful metric is the time it takes an organization to patch a critical vulnerability across the enterprise. In this example, reducing the days it takes to patch a vulnerability directly reduces the risk to the organization.
    • An example of a less useful metric is the number of alerts a Security Operations Center (SOC) receives in a week. There are too many variables in the number of alerts a SOC receives for this number to be consistently relevant.
  • Develop and exercise cybersecurity plans and procedures for incident response, business continuity, and disaster recovery.
    • It is critical that organizations test their incident response plans across the whole organization, not just in the IT environment. Each part of the organization should know how to respond to both basic and large-scale cybersecurity incidents. Testing incident response plans and procedures can help prevent an incident from escalating.
    • Incident response plans should provide instructions on when to elevate an incident to the next level of leadership. Regularly exercising incident response plans enables an organization to respond to incidents quickly and minimize impacts.
  • Retain a quality workforce.
    • Cybersecurity tools are only as good as the people reviewing the tools’ results. It is also important to have people who can identify the proper tools for your organization. It can take a significant amount of time to learn a complex organization’s enterprise network, making retaining skilled personnel just as important as acquiring them. There is no perfect answer to stopping all cybersecurity threats, but knowledgeable IT personnel are critical to reducing cybersecurity risks.
    • New cybersecurity threats are constantly appearing. The personnel entrusted with detecting cybersecurity threats need continual training. Training increases the likelihood of personnel detecting cybersecurity threats and responding to threats in a manner consistent with industry best practices.
    • Ensure there is appropriate planning to account for the additional workload related to mitigating cybersecurity risks. 
    • Cybersecurity is emerging as a formal discipline with task orientation that requires specific alignments to key knowledge, skills, and abilities. The National Initiative for Cybersecurity Careers and Studies (NICCS) is a useful resource for workforce planning
  • Maintain situational awareness of cybersecurity threats.

 

Authors:

This product is provided subject to this Notification and this Privacy & Use policy.

Categories: Security Articles

Electronic Medical Records: Success Requires an Information Security Culture

Sans - Mon, 06/10/2013 - 23:43

Categories: HIPAA,Compliance

Paper Added: June 5, 2013

Categories: Security Articles

Analyzing Polycom® Video Conference Traffic

Sans - Mon, 06/10/2013 - 23:43

Category: Protocols

Paper Added: June 4, 2013

Categories: Security Articles

Corporate vs. Product Security

Sans - Mon, 06/10/2013 - 23:43

Categories: Best Practices,Incident Handling,Security Policy Issues,Management & Leadership

Paper Added: June 3, 2013

Categories: Security Articles

Securing BYOD With Network Access Control, a Case Study

Sans - Mon, 06/10/2013 - 23:43

Category: Network Access Control

Paper Added: May 23, 2013

Categories: Security Articles

Event Monitoring and Incident Response

Sans - Mon, 06/10/2013 - 23:43

Categories: Incident Handling,Intrusion Detection

Paper Added: May 15, 2013

Categories: Security Articles

Dead Linux Machines Do Tell Tales

Sans - Mon, 06/10/2013 - 23:43

Category: GIAC Honors Papers

Paper Added: May 15, 2013

Categories: Security Articles

Setting Up a Database Security Logging and Monitoring Program

Sans - Mon, 06/10/2013 - 23:43

Category: Application and Database Security

Paper Added: May 10, 2013

Categories: Security Articles

Managing the Implementation of a BYOD Policy

Sans - Mon, 06/10/2013 - 23:43

Category: Management & Leadership

Paper Added: May 8, 2013

Categories: Security Articles

Analysis of the building blocks and attack vectors associated with the Unified Extensible Firmware Interface (UEFI)

Sans - Mon, 06/10/2013 - 23:43

Category: Managed Services

Paper Added: May 2, 2013

Categories: Security Articles