Today's Cyber Alert Level Indicator: Guarded [Blue]

RSS Feed
Web Feed
 

On April 23, 2014, the Threat Based Cyber Alert Level was evaluated and lowered to Blue (Guarded) from Yellow (Elevated). This change is due to the OpenSSL "Heartbleed" vulnerability being patched on most critical systems. Although there are credible reports that the OpenSSL vulnerability is currently being exploited, the threat from this activity is now lower because of the mitigation steps that have been taken. To date, the MS-ISAC has scanned 236,208 IP addresses for SLTT governments and only discovered 56 IP addresses that were vulnerable to this issue. The impacted entities have all been notified.

The vulnerability, for which CIS issued an advisory on 4/8/14, could allow an attacker to read sensitive data in memory on server and client machines. CIS also issued recent advisories for vulnerabilities in Adobe Flash, multiple Microsoft products, Word Press, Cisco and Google Chrome that could allow remote code execution.

At this level, malicious activity has been identified with minor impact.

  • Organizations and users are advised to update and apply all appropriate vendor security patches to vulnerable systems.
  • Organizations are advised to revoke/reissue certificates on their public facing systems that use OpenSSL/TLS certificates.
  • Users are advised to change their passwords for all online accounts, giving first priority to critical accounts. We are also getting reports of phishing campaigns related to this vulnerability to lure victims to credential-stealing sites. If you are changing your password, please type the URL of the organization in a browser and do not click on links in emails that ask you to reset your passwords.

 

Another line of defense includes user awareness training regarding the threats posed by attachments and hypertext links contained in emails especially from un-trusted sources.