This article is contributed. See the original author and article here.
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerabilities listed in the table below. These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types and pose significant risk to the federal enterprise.
CVE Number
CVE Title
Remediation Due Date
CVE-2021-43890
Microsoft Windows AppX Installer Spoofing Vulnerability
12/29/2021
CVE-2021-4102
Google Chromium V8 Engine Use-After-Free Vulnerability
Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the Catalog that meet the meet the specified criteria.
This article was originally posted by the FTC. See the original article here.
If you have a federal student loan, you probably already know that the Coronavirus emergency relief program that has paused your payments is ending. Repayments will begin again after January 31, 2022. Scammers know it, too, and are looking for ways to take advantage: they’re calling, texting, and e-mailing to try to use any confusion around restarting your student loan payments to steal your money and personal information.
Check out what some of these scam calls sound like.
If you get a call, text, e-mail, or message on social media from someone about your federal student loan, here are some things to keep in mind:
Never pay an upfront fee. It’s illegal for companies to charge you before they help you. If you pay up front to reduce or get rid of your student loan debt, you might not get any help — or your money back. Also, remember that there’s nothing a company can do for you that you can’t do yourself for free. And you never have to pay to get help from the Department of Education.
Never give out your Federal Student Aid ID, your Social Security number, or other personal information to anyone who contacts you. Scammers posing as student loan servicers can use this information to log into your account, change your contact information, and even divert your payments to them. Instead of giving out your FSA ID, call or contact your servicer.
Don’t sign up for quick loan forgiveness. Scammers might say they can get rid of your loans before they know the details of your situation. Or they might promise a loan forgiveness program — that most people won’t qualify for. They might even say they’ll wipe out your loans by disputing them. But they can’t.
Scammers use fake seals and logos to lure people in. They promise special access to repayment plans, new federal loan consolidations, or loan forgiveness programs. It’s a lie. If you have federal loans, go to the Department of Education directly at StudentAid.gov.
This article is contributed. See the original author and article here.
In light of persistent and ongoing cyber threats, CISA urges critical infrastructure owners and operators to take immediate steps to strengthen their computer network defenses against potential cyberattacks. CISA has released CISA Insights: Preparing For and Mitigating Potential Cyber Threats to provide critical infrastructure leaders with steps to proactively strengthen their organization’s operational resiliency against sophisticated threat actors, including nation-states and their proxies.
CISA encourages leadership at all organizations—and critical infrastructure owners and operators in particular—to review the CISA Insights and adopt a heighted state of awareness.
This article is contributed. See the original author and article here.
Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system.
CISA encourages users and administrators to review Adobe’s Security Bulletins and apply the necessary updates.
This article was originally posted by the FTC. See the original article here.
As residents across Kentucky, Illinois, Tennessee, Arkansas, and Missouri begin taking stock following the devastating series of tornadoes that hit their states, you might be looking for ways to help the people and communities affected. Unfortunately, scammers also are busy trying to take advantage. You want to make sure your money gets in the hands of charities you want to help.
If you’re looking for a way to help, the FTC urges you to be cautious of potential charity scams. Do some research to ensure that your donation will go to a reputable organization that will use the money as promised.
Consider these tips:
Donate to charities you know and trust with a proven track record with dealing with disasters.
Designate the disaster so you can ensure your funds are going to disaster relief, rather than a general fund that the charity could use for any of its work.
If you get donation requests by email, never click on links or open attachments in e-mails unless you know who sent it. You could unknowingly install malware on your computer.
Don’t assume that charity messages posted on social media are legitimate. Research the organization yourself.
When texting to donate, confirm the number with the source before you donate. The charge will show up on your mobile phone bill, but donations are not immediate.
Find out if the charity or fundraiser must be registered in your state by contacting the National Association of State Charity Officials. If they should be registered, but they’re not, consider donating through another charity.
Recent Comments