Today's Cyber Alert Level Indicator:
The vulnerability, for which CIS issued an advisory on 4/8/14, could allow an attacker to read sensitive data in memory on server and client machines. CIS also issued recent advisories for vulnerabilities in Adobe Flash, multiple Microsoft products, Word Press, Cisco and Google Chrome that could allow remote code execution.
At this level, malicious activity has been identified with minor impact.
- Organizations and users are advised to update and apply all appropriate vendor security patches to vulnerable systems.
- Organizations are advised to revoke/reissue certificates on their public facing systems that use OpenSSL/TLS certificates.
- Users are advised to change their passwords for all online accounts, giving first priority to critical accounts. We are also getting reports of phishing campaigns related to this vulnerability to lure victims to credential-stealing sites. If you are changing your password, please type the URL of the organization in a browser and do not click on links in emails that ask you to reset your passwords.
Another line of defense includes user awareness training regarding the threats posed by attachments and hypertext links contained in emails especially from un-trusted sources.