ACSC Releases Fundamentals of Cross Domain Solutions

Original release date: December 5, 2019

The Australian Cyber Security Centre (ACSC) has released a cybersecurity guide outlining the fundamentals of cross domain solution (CDS) technologies. This guidance provides cross domain security principles to enable organizations to share information securely across separated networks.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages organizations with information sharing requirements to review ACSC’s Fundamentals of Cross Domain Solutions to learn how to plan, analyze, design, and implement CDS systems.

This product is provided subject to this Notification and this Privacy & Use policy.

Microsoft Releases Security Advisory for Windows Hello for Business

Original release date: December 5, 2019

Microsoft has released a Security Advisory to address an issue in Windows Hello for Business (WHfB). An attacker could exploit this issue on devices that were affected by CVE-2017-15361, also known as Return of Coppersmith’s Attack (ROCA), to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Microsoft Security Advisories ADV190026 and ADV170012 and apply the recommended mitigations.

This product is provided subject to this Notification and this Privacy & Use policy.

NCSC-NZ Releases Cyber Governance Resource for Leaders

Original release date: December 5, 2019

The New Zealand National Cyber Security Centre (NCSC-NZ) has released an article on a new cybersecurity governance resource to support public and private sector leaders in making decisions about their cybersecurity resilience and risk. NCSC-NZ developed this governance—a series of documents with practical advice and simple steps—following a cybersecurity resilience assessment of  New Zealand’s nationally significant organizations.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages senior leaders and security practitioners to review NCSC-NZ’s Charting Your Course: Cyber Security Governance and Cyber Security Resilience of New Zealand’s Nationally Significant Organisations 2017-2018 for more information.

This product is provided subject to this Notification and this Privacy & Use policy.

Mozilla Releases Security Updates for Firefox and Firefox ESR

Original release date: December 4, 2019

Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Mozilla Security Advisories for Firefox 71 and Firefox ESR 68.3.

This product is provided subject to this Notification and this Privacy & Use policy.