CISA encourages Cyber Monday shoppers to review the following online shopping safety
             tips:


             • Do business with reputable vendors. Before providing any information, make sure that
                you are interacting with a reputable, established vendor. Some attackers may try to trick
                you by creating malicious websites that appear to be legitimate, so you should verify the
                legitimacy before supplying any information. (See Avoiding Social Engineering and
                Phishing Attacks.)
             • Use caution with email links and attachments. Take appropriate precautions when using
                email and web browsers to reduce the risk of an infection. Be wary of unsolicited email
                attachments and avoid clicking on email links, even if they seem to come from people or
                businesses you know. (See Using Caution with Email Attachments.)
             • Pay using a credit card. There are laws to limit your liability for fraudulent credit card
                charges, but debit cards may not have the same level of protection.
             • Ensure your information is encrypted. Check website URLs to ensure they begin with
                "https:" (instead of "http:") accompanied by a padlock icon to verify that the site is
                secure.





             Vulnerabilities and Indicators of Compromise


                    ➢ Weekly Vulnerability Summary from US-CERT
                    ➢ Talos weekly alerts
                    ➢ Atlassian scrambles to fix zero-day security hole accidentally disclosed on Twitter
                    ➢ CyrusOne, one of the major US data center provider, hit by ransomware attack
                    ➢ FBI warns about snoopy smart TVs spying on you
                    ➢ Facebook and Twitter warn of malicious SDK harvesting personal data from its accounts
                    ➢ Tetris game app used to distribute PyXie Python RAT
                    ➢ Researchers disclose DLL loading vulnerabilities in Autodesk, Trend Micro, Kaspersky
                       software
                    ➢ Smith & Wesson Web Site Hacked to Steal Customer Payment Info
                    ➢ StrandHogg Vulnerability exploited by tens of rogue Android Apps
                    ➢ Authorities Break Up Imminent Monitor Spyware Organization
                    ➢ Fake Steam Skin Giveaway Site Steals your Login Credentials

















                                                      “Thinking of cybersecurity solely as an IT issue is like believing that a

                                                company’s entire workforce, from the CEO down, is just one big HR issue.”
                                                                                                       --Steven Chabinsky