FBI Releases Article on Defending Against Payroll Phishing Scams

Original release date: October 16, 2018

The Federal Bureau of Investigation (FBI) has released an article on building a digital defense against phishing scams targeting electronically deposited paychecks. In these schemes, scammers use phishing …

Original release date: October 16, 2018

The Federal Bureau of Investigation (FBI) has released an article on building a digital defense against phishing scams targeting electronically deposited paychecks. In these schemes, scammers use phishing emails to direct employees to fraudulent websites and collect their work credentials. Scammers then use victims’ credentials to replace legitimate direct deposit information with their own account details.

NCCIC encourages users to review the FBI Article and NCCIC Tip on Avoiding Social Engineering and Phishing Attacks for more information. If you believe you have been a victim of these scams, report it to the FBI’s Internet Crime Complaint Center at www.ic3.gov.


This product is provided subject to this Notification and this Privacy & Use policy.


Apple, Google, Microsoft, and Mozilla come together to end TLS 1.0

Almost everyone has now migrated to TLS 1.2, and a few have moved to TLS 1.3.

A green exterior door is sealed with a padlock.

Enlarge (credit: Indigo girl / Flickr)

Apple, Google, Microsoft, and Mozilla have announced a unified plan to deprecate the use of TLS 1.0 and 1.1 early in 2020.

TLS (Transport Layer Security) is used to secure connections on the Web. TLS is essential to the Web, providing the ability to form connections that are confidential, authenticated, and tamper-proof. This has made it a big focus of security research, and over the years, a number of bugs that had significant security implications have been found in the protocol. Revisions have been published to address these flaws.

The original TLS 1.0, heavily based on Netscape's SSL 3.0, was first published in January 1999. TLS 1.1 arrived in 2006, while TLS 1.2, in 2008, added new capabilities and fixed these security flaws. Irreparable security flaws in SSL 3.0 saw support for that protocol come to an end in 2014; the browser vendors now want to make a similar change for TLS 1.0 and 1.1.

Read 2 remaining paragraphs | Comments

VMware Releases Security Updates

Original release date: October 16, 2018

VMware has released security updates to address a vulnerability in ESXi, Workstation, and Fusion. An attacker could exploit this vulnerability to take control of an affected system.NCCIC encourages users a…

Original release date: October 16, 2018

VMware has released security updates to address a vulnerability in ESXi, Workstation, and Fusion. An attacker could exploit this vulnerability to take control of an affected system.

NCCIC encourages users and administrators to review VMware Security Advisory VMSA-2018-0026 and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.


Google Releases Security Update for Chrome

Original release date: October 16, 2018

Google has released Chrome version 70.0.3538.67 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.NCCIC encourages use…

Original release date: October 16, 2018

Google has released Chrome version 70.0.3538.67 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.

NCCIC encourages users and administrators to review the Chrome Releases page and apply the necessary update.


This product is provided subject to this Notification and this Privacy & Use policy.