Mozilla Releases Security Updates for Firefox

Original release date: January 29, 2019

Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system.

The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), encourages users and administrators to review the Mozilla Security Advisories for Firefox 65 and Firefox ESR 60.5 and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.


CERT/CC Reports Microsoft Exchange 2013 and Newer are Vulnerable to NTLM Relay Attacks

Original release date: January 28, 2019

The CERT Coordination Center (CERT/CC) has released information to address NTLM relay attacks affecting Microsoft Exchange 2013 and newer versions. A remote attacker could exploit this vulnerability to take control of an affected system.

The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), encourages users and administrators to review CERT/CC’s Vulnerability Note VU#465632 and consider the listed workarounds until patches are made available.


This product is provided subject to this Notification and this Privacy & Use policy.


CISA Releases Blog on Emergency Directive

Original release date: January 24, 2019 | Last revised: January 25, 2019

The U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) Director Christopher Krebs, has released a blog, titled “Why CISA Issued Our First Emergency Directive,” to explain considerations in issuing Emergency Directive 19-01 on January 22, 2019. The directive requires Federal civilian agencies to take a series of immediate actions in response to a global Domain Name System (DNS) hijacking campaign.

The National Cybersecurity and Communications Integration Center (NCCIC), part of CISA, recommends Federal agencies review the CISA Blog for more information.


This product is provided subject to this Notification and this Privacy & Use policy.


Tax Identity Theft Awareness Week

Original release date: January 24, 2019

Tax Identity Theft Awareness Week is January 28 to February 1. This annual campaign aims to help consumers be more informed about protecting themselves from tax-related identity theft and scams. Tax-related identity theft occurs when someone steals a Social Security number and uses it to claim a tax refund or get a job.

The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), encourages consumers to review the Internal Revenue Service (IRS) publication Taxes. Security. Together., and NCCIC Tips on Preventing and Responding to Identity Theft and IRS and NCCIC Caution Users: Prepare for Heightened Phishing Risk This Tax Season for more information.


This product is provided subject to this Notification and this Privacy & Use policy.