Center for Internet Security

6.3 Tbps in 45 seconds. A botnet-driven DDoS attack shows the scale of emerging threats. CIS breaks down how CTAs are weaponizing IoT devices. 🔗 Get the insights: https://bit.ly/3V0Mtu4 #cybersecurity #DDoS #botnet #IoT

From automated assessments to streamlined compliance, the CIS SecureSuite Platform empowers organizations to operationalize cybersecurity best practices with confidence. Whether you're in the public sector or private sector, CIS SecureSuite helps you do more with less by protecting systems, saving time, and reducing risk. https://bit.ly/47EJVbW

In Q3 2025, the MS-ISAC saw an increase in member-reported phishing attacks likely tied to Tycoon2FA, a Phishing as a Service (PhaaS) kit which arms threat actors with sophisticated multi-layered obfuscation, fake CAPTCHA pages, QR-code bait, and Adversary in the Middle (AiTM) techniques to bypass MFA. What makes Tycoon2FA notable: 1️⃣ Abuses legitimate services like Microsoft Dynamics 365 and Cloudflare Turnstile 2️⃣ Delivers malicious links in email bodies as well as through PDFs and QR codes 3️⃣ Leverages fake CAPTCHA pages to redirect victims to credential-harvesting sites 4️⃣Uses heavily obfuscated JavaScript and anti-analysis tactics to evade detection 💡 If your organization protects public services or critical systems, this blog offers crucial insights and mitigation strategies. Read the full analysis here: https://bit.ly/4oLnwjc The MS-ISAC is here to equip your organization with a robust cyber defense ecosystem to stay protected. Join today to take your cyber defense to the next level. https://bit.ly/47OZiyD

Members of our teams are teaching cybersecurity courses at University at Albany College of Emergency Preparedness, Homeland Security, and Cybersecurity sharing their insights and the skills needed to defend against today’s increasingly complex digital threats. Read the full story now! https://bit.ly/3X3ybd2

[POLL 📊] From stealthy strains to modular malware that evolves faster than defenses can adapt, today's threats are more terrifying than ever. As we wrap up our Halloween episode, we want to know what makes malware truly scary in 2025: https://bit.ly/4hz6iCY #malware #halloween

Looking for a way to streamline audit prep, boost regulatory readiness, and enhances cybersecurity posture? Our new CIS SecureSuite Platform helps you accomplish it all! https://bit.ly/47EJVbW #cyberdefense #compliance #cybersecurity

[POLL 📊] CMMC compliance can be a heavy lift for many organizations. Let us know your thoughts on the biggest challenge in achieving it. Take a listen to episode 158 of Cybersecurity Where You Are to hear experts discuss how organizations can navigate the complexities of CMMC. Listen now! https://bit.ly/4np3dqp

It's now easier to identify gaps, track progress, and prioritize actions that will help improve your cybersecurity posture and compliance efforts. Learn more about CIS SecureSuite and the new Platform today. https://bit.ly/47EJVbW #compliance #cybersecurity

We’re proud to announce that the Center for Internet Security has achieved Amazon Web Services (AWS) Government Competency status in both Citizen Services and Defense & National Security. This recognizes our proven ability to help government agencies reduce costs, meet mandates, and innovate securely. 👉 Learn more here: https://bit.ly/4nP8VTe #cybersecurity #aws #cloudsecurity

🚨 Cryptographic failures are rising. From weak ciphers to misconfigured SSL certificates, these vulnerabilities can expose sensitive data and enable adversary-in-the-middle attacks. This blog outlines the top 5 external network risks and how to fix them—backed by real-world scans and expert recommendations. 🔗 https://bit.ly/3V7PtoC #EOL #TLS #cti #cybersecurity