The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.

CISA and CNMF Identify a New Malware Variant

The Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Defense (DOD) Cyber National Mission Force (CNMF) have identified a malware variant—referred to as SLOTHFULMEDIA—used by a sophisticated cyber actor. In addition, U.S. Cyber Command has released the malware sample to the malware aggregation tool and repository, VirusTotal.

October is National Cybersecurity Awareness Month

October is National Cybersecurity Awareness Month (NCSAM), which is a collaborative effort between the Cybersecurity and Infrastructure Security Agency (CISA) and its public and private partners—including the National Cyber Security Alliance—to ensure every American has the resources they need to stay safe and secure online. This year’s theme, “Do your Part. #BeCyberSmart.,” encourages individuals and organizations to take proactive steps to enhance cybersecurity and protect their part of cyberspace.

CISA and MS-ISAC Release Ransomware Guide

The Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing & Analysis Center (MS-ISAC) have released a joint Ransomware Guide that details practices that organizations should continuously engage in to help manage the risk posed by ransomware and other cyber threats.

CISA Releases Telework Essentials Toolkit

The Cybersecurity and Infrastructure Security Agency (CISA) has released the Telework Essentials Toolkit, a comprehensive resource of telework best practices. The Toolkit provides three personalized modules for executive leaders, IT professionals, and teleworkers. Each module outlines distinctive security considerations appropriate for their role:

Cisco Releases Security Updates for Multiple Products

Cisco has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Cisco security page and apply the necessary updates.

Apple Releases Security Updates

Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Apple security pages for the following products and apply the necessary updates: