Keeping up with new vulnerabilities can be challenging. To help, CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild: the Known Exploited Vulnerability (KEV) catalog. CISA strongly recommends all organizations review and monitor the KEV catalog and prioritize remediation of the listed vulnerabilities to reduce the likelihood of compromise by [...]
If you are still writing your passwords on sticky notes, or using your dog's name, you need to make some time to learn how to create strong passwords to protect your data. Click here for resources and information provided by the National Cyber Security Alliance.
The Cybersecurity & Infrastructure Security Agency (CISA) recommends all organizations—regardless of size—adopt a heightened posture when it comes to cybersecurity and protecting their most critical assets. Here are some recommendations to help protect your organization: Reduce the likelihood of a damaging cyber intrusion Validate that all remote access to the organization’s network and privileged or [...]
he Multi-State Information Sharing and Analysis Center has issued another advisory relating to vulnerabilities in Google Android OS that could allow for remote code executition with no additional privileges needed. This includes, phones, smart watches, tablets and other devices. Threat Intelligence: Google indicates limited, targeted exploitation of CVE-2024-43093 and CVE-2024-50302. Systems Affected: Android OS patch [...]
Critical Patches Issued for Microsoft Products Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution in the context of the logged-on user. Depending on the privileges associated with the user, threat actors could then install programs, view, change, or delete data, or create new accounts [...]
Multiple vulnerabilities have been discovered in Google Android OS (Patch levels prior to 2025-02-05), the most severe of which could allow for privilege escalation. Android is an operating system developed by Google for mobile devices, including, but not limited to, smartphones, tablets, and watches. Successful exploitation of the most severe of these vulnerabilities could allow [...]
Take Charge of Your Data is the theme of Data Privacy Week 2025, an international effort to empower individuals and businesses to respect privacy, safeguard data and enable trust. For more information, resources and helpful tips to protect your data visit the National Cybersecurity Alliance website: https://www.staysafeonline.org/data-privacy-week
What cybersecurity issues and challenges are being predicted for 2025? Here are some links to recent articles published by experts: Cybersecurity Predictions for 2025: Challenges & Opportunities (National Cyber Security Alliance) 4 Cybersecurity Trends to Watch in 2025 (Cybersecurity Dive) Predictions for 2025 and Beyond (Cyber Security Defense Magazine) The Top 25 Security Predictions for [...]
The Cybersecurity and Infrastructure Security Agency (CISA) and the Environmental Protection Agency (EPA) published a fact sheet providing mitigations and resources for the Water and Wastewater Systems (WWS) Sector using human machine interfaces (HMIs) to limit exposure on the internet and secure them against malicious cyber activity. HMIs enable operational technology owners and operators to [...]
Analysts began monitoring a phishing scam known as “Payroll Pirates” that involves payroll redirection and primarily targets employees of various organizations, particularly those using Workday. The threat actors use malicious SEO poisoning and spoofed Human Resources (HR) pages to trick victims into providing employee portal credentials. Once they gain account access, they change banking information [...]
© Copyright 2025 | NJ MEL-JIF | All rights reserved
