Home > Cyber Threat Advisory

Cyber Threat Advisory

Cyber Threat Updates

New BLUFFS Bluetooth Attack Expose Devices to Adversary-in-the-Middle Attacks
New research has unearthed multiple novel attacks that break Bluetooth Classic's forward secrecy and future secrecy guarantees, resulting in adversary-in-the-middle (AitM) scenarios between two a …

Make a Fresh Start for 2024: Clean Out Your User Inventory to Reduce SaaS Risk
As work ebbs with the typical end-of-year slowdown, now is a good time to review user roles and privileges and remove anyone who shouldn’t have access as well as trim unnecessary permissions. In addit …

New P2PInfect Botnet MIPS Variant Targeting Routers and IoT Devices
Cybersecurity researchers have discovered a new variant of an emerging botnet called P2PInfect that's capable of targeting routers and IoT devices. The latest version, per Cado Security …

LogoFAIL: UEFI Vulnerabilities Expose Devices to Stealth Malware Attacks
The Unified Extensible Firmware Interface (UEFI) code from various independent firmware/BIOS vendors (IBVs) has been found vulnerable to potential attacks through high-impact flaws in image parsing li …

Microsoft Warns of Malvertising Scheme Spreading CACTUS Ransomware
Microsoft has warned of a new wave of CACTUS ransomware attacks that leverage malvertising lures to deploy DanaBot as an initial access vector. The DanaBot infections led to "hands-on-keyboard ac …

MS-ISAC Updates

The LLM Misinformation Problem I Was Not Expecting
Kathleen Moriarty discusses an unexpected LLM misinformation problem: students incorporating non-vetted AI results into their assignments.

CIS Hardened Images Now in Microsoft Azure Marketplace
Microsoft Azure is a major cloud provider of virtual machine images – and one of four where the Center for Internet Security offers CIS Hardened Images.

How CIS Can Help You Enact Defense-in-Depth in the Cloud
In a previous post, we introduced the concept of defense-in-depth and explained how it strengthens an enterprise’s security program against a

CIS Benchmarks November 2023 Update
Here is an overview of the CIS Benchmarks that the Center for Internet Security updated or released for November 2023.

Who Is CIS?
At CIS, we are innovators in developing prioritized guidance that is proven to help organizations mitigate cyber risk. Here's how we do it.

Subscribe to receive our monthly “Be Cyber Aware” report focused on regional cyber topics related to the Coastal Cyber District which includes Bryan, Bulloch, Camden, Chatham, Effingham, Glynn, Jenkins, Liberty, Long, McIntosh and Screven counties:

Last updated: 1/21/2023

Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution
Multiple vulnerabilities have been discovered in Apple products, the most severe of which could […]
Multiple Vulnerabilities in Mozilla Products Could Allow for Arbitrary Code Execution
Multiple vulnerabilities have been discovered in Mozilla products, the most severe of which could […]
A Vulnerability in Fortinet FortiSIEM Could Allow for Remote Code Execution
A vulnerability has been discovered in Fortinet FortiSIEM, which could allow for remote code […]
Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution
Multiple vulnerabilities have been discovered in Adobe products, the most severe of which could […]
Critical Patches Issued for Microsoft Products, November 14, 2023
Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could […]
A Vulnerability in Google Chrome Could Allow for Arbitrary Code Execution
A vulnerability has been discovered in Google Chrome, which could allow for arbitrary code […]
Multiple Vulnerabilities in Google Android OS Could Allow for Privilege Escalation
Multiple vulnerabilities have been discovered in Google Android OS, the most severe of which […]
A Vulnerability in Atlassian Confluence Server and Data Center Could Allow for Data Destruction
A vulnerability has been discovered in Atlassian Confluence Server and Data Center which could […]
Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution
Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could […]
Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution
Multiple vulnerabilities have been discovered in Apple products, the most severe of which could […]

Cyber Threat Advisory

Cyber Advisory