
Today’s Cyber Threat Level: BLUE /GUARDED
The Cyber Alert Level remains at Blue (Guarded):
Explanation of the Current Cyber Threat Level: GUARDED
The alert level is the overall current cyber threat level.
On June 25, the Cyber Threat Alert Level was evaluated and is remaining at Blue (Guarded). The MS-ISAC is currently assessing reports of the potential for cyber activity related to ongoing tensions between the United States and Iran including Iranian-aligned hacktivist groups targeting the United States. Claimed attacks have included distributed denial of service (DDoS) attacks, network compromises, web defacements, and hacking/leaking operations. Organizations and users are advised to update and apply all appropriate vendor security patches to vulnerable systems and to continue to update their antivirus signatures daily. Another line of defense includes user awareness training regarding the threats posed by attachments and hypertext links contained in emails especially from un-trusted sources.
On June 11, the Cyber Threat Alert Level was evaluated and is remaining at Blue (Guarded) due to vulnerabilities in Mozilla, Microsoft, and Adobe products.
On June 10, the MS-ISAC released 3 advisories. The first advisory for multiple vulnerabilities in Mozilla Firefox, the most severe of which could allow for arbitrary code execution. The second advisory was for multiple vulnerabilities in Microsoft products, the most severe of which could allow for arbitrary code execution. The third advisory was for multiple vulnerabilities in Adobe products, the most severe of which could allow for arbitrary code execution. Organizations and users are advised to update and apply all appropriate vendor security patches to vulnerable systems and to continue to update their antivirus signatures daily. Another line of defense includes user awareness training regarding the threats posed by attachments and hypertext links contained in emails especially from un-trusted sources.
On June 4, the Cyber Threat Alert Level was evaluated and is remaining at Blue (Guarded) due to vulnerabilities in Google Chrome.
On June 3, the MS-ISAC released an advisory for multiple vulnerabilities in Google Chrome, the most severe of which could allow for arbitrary code execution. Organizations and users are advised to update and apply all appropriate vendor security patches to vulnerable systems and to continue to update their antivirus signatures daily. Another line of defense includes user awareness training regarding the threats posed by attachments and hypertext links contained in emails especially from un-trusted sources.
On May 28, the Cyber Threat Alert Level was evaluated and is remaining at Blue (Guarded).
On May 21, the MS-ISAC released a joint advisory from CISA, National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and other partners detailing Russian GRU targeting western logistics entities and technology companies.
On May 22, the MS-ISAC released a joint advisory from CISA and the FBI that details the LummaC2 malware that has been in use by threat actors targeting US critical infrastructure sectors. Organizations and users are advised to update and apply all appropriate vendor security patches to vulnerable systems and to continue to update their antivirus signatures daily. Another line of defense includes user awareness training regarding the threats posed by attachments and hypertext links contained in emails especially from un-trusted sources.
On May 14, the Cyber Threat Alert Level was evaluated and is remaining at Blue (Guarded) due to vulnerabilities in Microsoft, Fortinet, and Adobe products.
On May 14, the MS-ISAC released three advisories. The first advisory was for multiple vulnerabilities in Microsoft products, the most severe of which could allow for remote code execution. The second advisory was for multiple vulnerabilities in Fortinet products, the most severe of which could allow for arbitrary code execution. The third advisory was for multiple vulnerabilities in Adobe products, the most severe of which could allow for arbitrary code execution. Organizations and users are advised to update and apply all appropriate vendor security patches to vulnerable systems and to continue to update their antivirus signatures daily. Another line of defense includes user awareness training regarding the threats posed by attachments and hypertext links contained in emails especially from un-trusted sources.
On May 7, the Cyber Threat Alert Level was evaluated and is remaining at Blue (Guarded) due to vulnerabilities in SonicWall and Google products.
On May 5, the MS-ISAC released two advisories. The first advisory was for multiple vulnerabilities in SonicWall Secure Mobile Access (SMA) 100 Series Management Interface, the most severe of which could allow for remote code execution. The second advisory was for multiple vulnerabilities in Google Android OS, the most severe of which could allow for remote code execution. Organizations and users are advised to update and apply all appropriate vendor security patches to vulnerable systems and to continue to update their antivirus signatures daily. Another line of defense includes user awareness training regarding the threats posed by attachments and hypertext links contained in emails especially from un-trusted sources.
On April 30, the Cyber Threat Alert Level was evaluated and is remaining at Blue (Guarded) due to vulnerabilities in SAP and Mozilla products.
On April 25, the MS-ISAC released an advisory for a vulnerability in SAP Netweaver Visual Composer, the most severe of which could allow for remote code execution.
On April 29, the MS-ISAC released an advisory for multiple vulnerabilities in Mozilla products, the most severe of which could allow for arbitrary code execution. Organizations and users are advised to update and apply all appropriate vendor security patches to vulnerable systems and to continue to update their antivirus signatures daily. Another line of defense includes user awareness training regarding the threats posed by attachments and hypertext links contained in emails especially from un-trusted sources.
On April 23, the Cyber Threat Alert Level was evaluated and is remaining at Blue (Guarded) due to vulnerabilities in Apple and SonicWALL. On April 23, the MS-ISAC released an advisory for a vulnerability in SonicWall Secure Mobile Access 100 Series Management Interface that could allow for remote code execution. Organizations and users are advised to update and apply all appropriate vendor security patches to vulnerable systems and to continue to update their antivirus signatures daily. Another line of defense includes user awareness training regarding the threats posed by attachments and hypertext links contained in emails, especially from untrusted sources.
On April 17, the MS-ISAC released an advisory for multiple vulnerabilities in Apple products, the most severe of which could allow for arbitrary code execution.
On April 9, the Cyber Threat Alert Level was evaluated and is remaining at Blue (Guarded) due to vulnerabilities in Ivanti, Mozilla, Microsoft, Google, Adobe, and Fortinet products.
On April 3, the MS-ISAC released two advisories. The first advisory was for a vulnerability in Ivanti products that could allow for remote code execution. The second advisory was for multiple vulnerabilities in Mozilla products, the most severe of which could allow for arbitrary code execution. On April 8, the MS-ISAC released 5 advisories. The first advisory was for multiple vulnerabilities in Microsoft products, the most severe of which could allow for remote code execution. The second advisory was for multiple vulnerabilities in Ivanti Endpoint Manager, the most severe of which could allow for remote code execution. The third advisory was for a vulnerability in Google Chrome that could allow for arbitrary code execution. The fourth advisory was for multiple vulnerabilities in Adobe products, the most severe of which could allow for arbitrary code execution. The final advisory was for multiple vulnerabilities in Fortinet products, the most severe of which could allow for remote code execution. Organizations and users are advised to update and apply all appropriate vendor security patches to vulnerable systems and to continue to update their antivirus signatures daily. Another line of defense includes user awareness training regarding the threats posed by attachments and hypertext links contained in emails especially from un-trusted sources.
The Cyber Threat Level indicator displays the current level of malicious cyber activity and indicates the potential for or actual damage. The indicator comprises 5 levels:
Red or Severe Cyber Threat Level
Indicates a severe risk of hacking, virus, or other malicious activity resulting in widespread outages and/or significantly destructive compromises to systems with no known remedy or debilitating one or more critical infrastructure sectors. At this level, vulnerabilities are being exploited with severe or widespread damage or disruption of Critical Infrastructure Assets.
Orange or High Level
Indicates a high risk of increased hacking, virus, or other malicious cyber activity that targets or compromises core infrastructure, causes multiple service outages, multiple system compromises, or compromises critical infrastructure. At this level, vulnerabilities are being exploited with a high level of damage or disruption, or the potential for severe damage or disruption is high.
Yellow or Elevated Level
This indicates a significant risk due to increased hacking, viruses, or malicious activity that compromises systems or diminishes service. At this level, known vulnerabilities are being exploited with a moderate level of damage or disruption, or the potential for significant damage or disruption is high.
Blue or Guarded Cyber Threat Level
Indicates a general risk of increased hacking, viruses, or other malicious activity. The potential exists for malicious cyber activities, but no known exploits have been identified or known exploits have been identified, but no significant impact has occurred.
Green or Low Cyber Threat Level
Indicates a low risk.
Contact Commonwealth Sentinel to learn more about how the Cyber Threat Level affects your organization and what steps you can take to lower your Level.