DERUUA

Latest news about information security vulnerabilities, threats, incidents and events

information security incidents

Prevention of security vulnerabilities, threats, and incidents described below is wiser and cheaper than forensic investigations and mitigation of the consequences of a cyber-attack.

You can get evidence of this fact from the news below.

Use our services to find and mitigate your security vulnerabilities before the security threat agents find them.




F5 patches critical BIG-IP ADC remote code execution vulnerability

F5 Networks (F5) patched a critical remote code execution (RCE) vulnerability found in undisclosed pages of Traffic Management User Interface (TMUI) of the BIG-IP application delivery controller (ADC)...
More details.

Posted on 3 July 2020 10:52 pm


Nigerian man charged with cyber fraud against US companies - Seymour Tribune

CHICAGO A Nigerian national appeared in federal court in Chicago Friday accused of orchestrating an international cyber fraud scheme that federal prosecutors say defrauded U.S. businesses in six states out of tens of millions of dollars...
More details.

Posted on 3 July 2020 9:11 pm


Iran threatens retaliation after what it calls possible cyber attack on nuclear site

Iran will retaliate against any country that carries out cyberattacks on its nuclear sites, the head of civilian defence said, after a fire at its Natanz plant which some Iranian officials said may have been caused by cyber sabotage...
More details.

Posted on 3 July 2020 8:55 pm


Hacked by Police

Read the original article: Hacked by Police French police hacked EncroChat secure phones, which are widely used by criminals: Encrochat’s phones are essentially modified Android devices, with some models using the “BQ Aquaris X2,” an Android handset released in 2018 by a Spanish electronics company, according to the leaked documents...
More details.

Posted on 3 July 2020 8:16 pm


European Police Hacked Encrypted Phones Used By Thousands Of Criminals

Read the original article: European Police Hacked Encrypted Phones Used By Thousands Of Criminals European police and crime agencies have hacked an encrypted communications platform used by thousands of criminals and drug traffickers in one of the largest law enforcement busts ever, according to Endgadget...
More details.

Posted on 3 July 2020 8:16 pm


Samba Releases Security Updates

Sorin Mustaca's aggregated IT Security News and articles about information security, vulnerabilities, exploits, patches, releases, software, features, hacks, laws, spam, viruses, malware, breaches. The Samba Team has released security updates to address vulnerabilities in multiple versions of Samba...
More details.

Posted on 3 July 2020 8:16 pm


SUSE: 2020:1839-1 important: mozilla-nspr, mozilla-nss>

An update that solves three vulnerabilities and has three fixes is now available. SUSE Security Update: Security update for mozilla-nspr, mozilla-nss ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1839-1 Rating: important References:...
More details.

Posted on 3 July 2020 5:52 pm


Xerox allegedly hit by Maze ransomware group

The threat group posted several screenshots to its website that show computers on at least one Xerox domain have been encrypted, according to BleepingComputer. Maze ransomware operators claim to have stolen more than 100 GB of files from Xerox and will make them public if the Norwalk, Conn...
More details.

Posted on 3 July 2020 4:43 pm


Operators Behind Valak Malware Expand Malicious Campaign

Spam email as part of a threat that is used to deliver Valak malware (Source: Cisco Talos) The operators behind a malware strain called Valak have expanded their malicious campaigns over the past several months to other parts of the world, targeting financial, manufacturing, healthcare and insurance...
More details.

Posted on 3 July 2020 4:01 pm


Credit Card info stolen through Alina point-of-sale malware using DNS

DNS ‘tunnelling’ used to take data from retail systems – mostly stolen credit card information. Security researchers have found that hackers have increased the capabilities of the Alina point-of-sale malware in order to steal credit card data using DNS tunnelling...
More details.

Posted on 3 July 2020 3:11 pm


CISA and FBI Issue Advisory on Dealing with Tor Malicious Internet Traffic

The Cybersecurity Security and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have issued an advisory for companies regarding the detection and mitigation of malicious traffic coming from Tor (The Onion Router...
More details.

Posted on 3 July 2020 3:01 pm


Cyberattacks Possibly Involved in Explosions at Iranian Nuclear, Military Facilities

Recent fires and explosions at important Iranian facilities may have been caused deliberately as part of an operation that involved cyberattacks, according to reports. There have been several incidents at major Iranian industrial facilities in recent weeks, including a fire at the Natanz nuclear...
More details.

Posted on 3 July 2020 1:55 pm


CVE-2020-14172

This vulnerability is currently undergoing analysis and not all information is available. Please check back soon to view the completed vulnerability summary Affected versions of Atlassian Jira Server and Data Center allow remote attackers to achieve template injection via the Web Resources Manager...
More details.

Posted on 3 July 2020 1:13 pm


New EvilQuest ransomware targets macOS users – Hackademicus

Experts discovered a new ransomware dubbed EvilQuest designed to target macOS systems, it also installs a keylogger and a reverse shell to take over them. Security experts have uncovered a new piece of ransomware dubbed EvilQuest designed to encrypt macOS systems, it is also able to install...
More details.

Posted on 3 July 2020 12:52 pm


Bad Actors Target MongoDB Databases, Threatening to Contact GDPR Legislators Unless Ransom is Paid

Bad actors are targeting unsecured MongoDB servers, wiping their database and leaving ransom notes outlining threats to leak the stolen information and report owners for GDPR violations. According to Victor Gevers, the chairman of the international non-profit organizations GDI Foundation, hackers...
More details.

Posted on 3 July 2020 12:20 pm


Detecting Network Security Incidents

Rosella Mattioli, network and information security expert, ENISA. Rossella Mattioli, a network and information security expert at ENISA , the European Union Agency for Cybersecurity, discusses a new report offering insights on detecting network security incidents...
More details.

Posted on 3 July 2020 9:26 am


National Security Agency releases Securing IPsec Virtual Private Networks

Many organizations currently utilize IP Security (IPsec) Virtual Private Networks (VPNs) to connect remote sites and enable telework capabilities. These connections use cryptography to protect sensitive information that traverses untrusted networks...
More details.

Posted on 3 July 2020 9:13 am


Cisco Releases Security Updates for Multiple Products

Original release date: July 2, 2020 Cisco has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system...
More details.

Posted on 3 July 2020 5:29 am


Los Angeles-area man sentenced to more than 21 years in federal prison for running $3.3 million scheme that used stolen identities of children

LOS ANGELES – A San Fernando Valley man was sentenced today to 259 months in federal prison for overseeing a long-running $3.3 million credit card, loan and real estate fraud scheme using stolen identities -- primarily those of children...
More details.

Posted on 3 July 2020 4:10 am


Morocco asks Amnesty for proof it used spyware on journalist - FRANCE 24

Rabat (AFP) Morocco's prime minister has demanded Amnesty International provide evidence to support its allegations that Rabat used spyware to bug a journalist's phone. Amnesty said in June the Moroccan authorities used software developed by Israeli security firm NSO to insert spyware onto the...
More details.

Posted on 3 July 2020 3:53 am


Trend Micro Finds 72% of Remote Workers Have Gained Cybersecurity Awareness During Lockdown - MarTech Series

Survey reveals users take security training seriously, but may still engage in risky behaviour. Incorporated a global leader in cybersecurity solutions, released survey results that show how remote workers address cybersecurity...
More details.

Posted on 3 July 2020 3:03 am


SafeGuard Cyber Adds Malware Protection - IDM.net.au

SafeGuard Cyber has announced new capabilities within its SaaS security platform to protect collaboration, chat, and social media. SafeGuard 7.6 now performs threat analysis on managed social and digital accounts to detect and remediate malware, including zero day exploits and associated messaging,...
More details.

Posted on 3 July 2020 2:23 am


Vulcan Cyber Adds Customizable Risk Modeling to its Vulnerability Remediation Platform

Read the original article: Vulcan Cyber Adds Customizable Risk Modeling to its Vulnerability Remediation Platform Vulcan Cyber now offers customizable vulnerability prioritization to help security and IT operations teams secure digital infrastructure through targeted remediation Tel Aviv – July 1,...
More details.

Posted on 3 July 2020 2:09 am


TrickBot malware now checks screen resolution to evade analysis

The infamous TrickBot trojan has started to check the screen resolutions of victims to detect whether the malware is running in a virtual machine. When researchers analyze malware, they typically do it in a virtual machine that is configured with various analysis tools...
More details.

Posted on 3 July 2020 12:51 am


Protecting Your Organization: Eastern District of Virginia Rules Cybersecurity Incident Report Not Privileged Work Product

On May 26, 2020, in In re Capital One Consumer Data Security Breach Litigation , MDL 1:19md2915 (E.D. Va.) the Federal District Court for the Eastern District of Virginia (Alexandria Division) ( Anderson, J...
More details.

Posted on 2 July 2020 11:56 pm


Microsoft just sank to a new low by shoving Edge down our throats

If I told you that my entire computer screen just got taken over by a new app that I’d never installed or asked for — it just magically appeared on my desktop, my taskbar, and preempted my next website launch — you’d probably tell me to run a virus scanner and stay away from shady websites, no? But...
More details.

Posted on 2 July 2020 9:04 pm


Mozilla Releases Security Updates for Firefox and Firefox ESR

Sorin Mustaca's aggregated IT Security News and articles about information security, vulnerabilities, exploits, patches, releases, software, features, hacks, laws, spam, viruses, malware, breaches. Read the original article: Mozilla Releases Security Updates for Firefox and Firefox ESR Original release date: July 2, 2020...
More details.

Posted on 2 July 2020 8:07 pm


Expert Advise After Dozens Of US News Sites Hacked In WastedLocker Ransomware Attacks

The Evil Corp gang hacked into dozens of US newspaper websites owned by the same company to infect the employees of over 30 major US private firms using fake software update alerts displayed by the malicious SocGholish JavaScript-based framework...
More details.

Posted on 2 July 2020 7:35 pm


CI Security Announces Strategic Agreement with Phoenix 2.0 to Provide Cybersecurity to Regulated Industries - Yahoo Finance

, a leading Managed IT Services, Managed Cybersecurity and Strategic Technology Consulting Provider. Together, CI Security combines its Critical Insight™ MDR solution with Phoenix 2.0’s core strengths in Corporate IT Infrastructure...
More details.

Posted on 2 July 2020 7:31 pm


Why Zero-Click Cyberthreats Should Be on Your Radar

For years, the statistics have told us that human error is the greatest contributor to cyberattacks . We’ve stressed the importance of training, training and more training to prevent the almost inevitable from happening...
More details.

Posted on 2 July 2020 4:52 pm


One in Every 142 Passwords is ‘123456’, New Research Shows

“123456” is the most widely used password on breached accounts, according to a recent password re-use study c by computer engineering students at Cyprus University. Last month, student Ata Hakçıl analyzed more than 1 billion username and password combinations that were leaked online from various...
More details.

Posted on 2 July 2020 4:30 pm


Vulnerability management explained

This blog was written by a third party author. What is vulnerability management? Every year, thousands of new vulnerabilities are discovered, requiring organizations to patch operating systems (OS) and applications and reconfigure security settings throughout the entirety of their network environment...
More details.

Posted on 2 July 2020 4:22 pm


SonicWall Lands in Ireland, Expands Channel Partner Strategy

today announced it had appointed Tristan Bateup as country manager for Ireland, building on the company’s long-established collaboration with distributors in the region as it continues to expand its presence and capabilities in the country...
More details.

Posted on 2 July 2020 4:22 pm


WastedLocker Ransomware Targets US Newspaper Company

An alert about a Wastedlocker ransomware attack (Source: Symantec) The cybercriminal gang behind the WastedLocker ransomware strain recently targeted dozens of newspaper websites operated by a U.S. media company, according to the security firm See Also: Targeted vs...
More details.

Posted on 2 July 2020 4:10 pm


Ex-Fraudster Brett Johnson: 'There Are Going to Be a Lot of Victims'

Brett Johnson, cybersecurity consultant. Tens of millions of Americans have lost jobs because of COVID-19 . As a result, former "most wanted" fraudster Brett Johnson predicts a surge in fraud, saying bluntly: "There are going to be a lot of victims...
More details.

Posted on 2 July 2020 1:44 pm


Artificial Intelligence Systems Will Need to Have Certification, CISA Official Says

Vendors of artificial intelligence technology should not be shielded by intellectual property claims and will have to disclose elements of their designs and be able to explain how their offering works in order to establish accountability, according to a leading official from the Cybersecurity and Infrastructure Security Agency...
More details.

Posted on 2 July 2020 12:51 pm


Critical Apache Guacamole Flaws Put Remote Desktops at Risk of Hacking

By GIXnews A new research has uncovered multiple critical reverse RDP vulnerabilities in Apache Guacamole, a popular remote desktop application used by system administrators to access and manage Windows and Linux machines remotely...
More details.

Posted on 2 July 2020 11:56 am


DDoS explained: How distributed denial of service attacks are evolving

What is a DDoS attack? A distributed denial of service (DDoS) attack is when an attacker, or attackers, attempt to make it impossible for a service to be delivered. This can be achieved by thwarting access to virtually anything: servers, devices, services, networks, applications, and even specific transactions within applications...
More details.

Posted on 2 July 2020 10:24 am


IoT security report

02nd July 2020. Cyber IoT connections will exceed 23 billion across all major IoT markets, by 2026. Almost all those connections will be faced with incessant and constantly evolving cyber-threats, forcing users and IoT vendors to embrace new digital security options to protect assets, according to a market research firm...
More details.

Posted on 2 July 2020 10:02 am


Siemens and NATO CCDCOE announce cooperation on cybersecurity for critical infrastructure

Siemens Smart Infrastructure and the NATO Cooperative Cyber Defense Centre of Excellence (CCDCOE) have signed a Memorandum of Understanding (MoU) to continue the cooperation on cybersecurity for critical infrastructure...
More details.

Posted on 2 July 2020 7:38 am


Incident Response Playbooks for Cyberattacks: Got One? | #networksecurity | #cybersecurity | #informationsecurity

Organizations have slowly improved their ability to plan for, detect and respond to cyberattacks over the past five years, but their capacity to contain an attack has declined by 13 percent over the same period, a new IBM report said...
More details.

Posted on 2 July 2020 6:14 am


Fujitsu launches Threat Response Service to help SMEs counter cyber threats | London Business News - London Loves Business

To help businesses stay ahead of cyber security threats, Fujitsu has launched its Threat Response service in the UK. This is a new way for customers to rapidly access its cyber security experts in the event of a breach or attack...
More details.

Posted on 2 July 2020 5:54 am


White House clashes with legislators over new cyber post - Defense Systems

Cyber White House clashes with legislators over new cyber post By Derek B. Johnson; Jul 01, 2020. Members of the Cyberspace Solarium Commission are hopeful that they can pass legislation establishing a National Cyber Director, but they're still working to figure out what specific objections the White House may have to the proposal...
More details.

Posted on 2 July 2020 5:54 am


Australia seeks long-range missiles in Indo-Pacific defence shift

Australia's naval operations will be focused more on its region. Australia says it will significantly increase military spending and focus on the Indo-Pacific region amid rising tensions between the US and China...
More details.

Posted on 2 July 2020 4:15 am


Ransomware Gangs Don’t Need PR Help

Often the rationale behind couching these events as newsworthy is that the attacks involve publicly traded companies or recognizable brands, and that investors and the public have a right to know. But absent any additional information from the victim company or their partners who may be affected by...
More details.

Posted on 2 July 2020 2:54 am


CVE-2019-15311

An issue was discovered on Zolo Halo devices via the Linkplay firmware. There is Zolo Halo LAN remote code execution. The Zolo Halo Bluetooth speaker had a GoAhead web server listening on the port 80. The /httpapi...
More details.

Posted on 2 July 2020 2:49 am


AA20-183A: Defending Against Malicious Cyber Activity Originating from Tor

Original release date: July 1, 2020 | Last revised: July 2, 2020. Summary. This advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) and Pre-ATT&CK framework...
More details.

Posted on 2 July 2020 1:00 am


The Navy aims to install cyber baselines aboard 180 ships

Naval Information Warfare Systems Command plans to deploy technology that will certify a ship’s compliance with cybersecurity requirements to 180 vessels by fiscal 2022. The cyber baseline system — deployed by FRD 300, which is short for the Cybersecurity Office of the command’s Fleet Readiness Directorate — is a web-based application...
More details.

Posted on 2 July 2020 12:50 am


Qatar accused of hiring hackers to discredit US critics - Saudi Gazette

Saudi Gazette report WASHINGTON — Qatar had hired hackers based in the United States to carry out a cyber espionage operation in 2018 on a prominent Republican financier, Washington Free Beacon, a US-based news website reported citing a new lawsuit...
More details.

Posted on 1 July 2020 9:58 pm


CVE-2020-4363

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges...
More details.

Posted on 1 July 2020 8:48 pm


Google Playstore Removes 25 Android Apps that Stole User Login Credentials

Read the original article: Google Playstore Removes 25 Android Apps that Stole User Login Credentials In a recent cybersecurity incident, Google cleared 25 applications from its google play store as they were alleged to steal the users’ FB credentials...
More details.

Posted on 1 July 2020 7:56 pm


Android Spyware Tools Emerge in Widespread Surveillance Campaign

Sorin Mustaca's aggregated IT Security News and articles about information security, vulnerabilities, exploits, patches, releases, software, features, hacks, laws, spam, viruses, malware, breaches. Read the original article: Android Spyware Tools Emerge in Widespread Surveillance Campaign Four...
More details.

Posted on 1 July 2020 7:56 pm


US Cyber Command Says Foreign Hackers Will Most Likely Exploit New Palo Alto Networks Security Bug – Expert Insight

Read the original article: US Cyber Command Says Foreign Hackers Will Most Likely Exploit New Palo Alto Networks Security Bug – Expert Insight US Cyber Command said today that foreign state-sponsored hacking groups are likely to exploit a major security bug disclosed today in PAN-OS, the operating...
More details.

Posted on 1 July 2020 7:56 pm


CVE-2020-1425 and CVE-2020-1457 in Microsoft Windows Codecs Library

Two out-of-band security updates were just released by Microsoft, addressing remote code execution (RCE) security flaws in Microsoft Windows Codecs Library. Several Windows 10 and Windows Server versions are affected by the vulnerabilities, which are known as CVE-2020-1425 and CVE-2020-1457...
More details.

Posted on 1 July 2020 7:47 pm


San Francisco will end mug shots release in bid to stem racial bias

San Francisco police will stop releasing the mug shots of people who have been arrested unless they pose a threat to the public, as part of an effort to stop perpetuating racial stereotypes, the city's police chief announced Wednesday...
More details.

Posted on 1 July 2020 6:34 pm


US govt warns foreign hackers 'will likely try to exploit' critical firewall bypass bug in Palo Alto gear – patch now

Palo Alto Networks has issued a fix for a security hole in its firewall products – one so serious, Uncle Sam urged organizations to patch it ASAP as foreign hackers "will likely attempt to exploit it soon...
More details.

Posted on 1 July 2020 6:18 pm


New report: COVID-19 Threat Intelligence Insight from the Telco Security Alliance

[ This was originally published AT&T Cybersecurity along with three members of the Telco Security Alliance (TSA) published a new report today, “COVID-19 Insight from the Telco Security Alliance...
More details.

Posted on 1 July 2020 5:46 pm


Guarding Against COVID-19 Fraud Schemes

Attorney Robert Egan Discusses Trends, Mitigation Steps July 1, 2020 With the COVID-19 pandemic continuing to surge, organizations must remain vigilant in their defense against coronavirus-themed phishing, business email compromise and other fraud campaigns, says attorney Robert Egan...
More details.

Posted on 1 July 2020 4:41 pm


CVE-2020-9413

Description. The MFT Browser file transfer client and MFT Browser admin client components of TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center and TIBCO Managed File Transfer Internet Server contain a vulnerability that theoretically allows an attacker to craft an URL that will execute arbitrary commands on the affected system...
More details.

Posted on 1 July 2020 4:20 pm


How Growing Businesses Should Tackle Cybersecurity Challenges

When we think about the most public cyber attacks and data breaches, we generally associate them with large enterprises. The truth is cyber attacks are not limited by company size. A significant cyber attack can happen to any company, in any industry and of any size...
More details.

Posted on 1 July 2020 3:17 pm


A New Ransomware Targeting Apple macOS Users Through Pirated Apps

Sorin Mustaca's aggregated IT Security News and articles about information security, vulnerabilities, exploits, patches, releases, software, features, hacks, laws, spam, viruses, malware, breaches. Read the original article: A New Ransomware Targeting Apple macOS Users Through Pirated Apps...
More details.

Posted on 1 July 2020 1:54 pm


New Intelligence Reveals that Alina Point-of-Sale Malware is Still Lurking in DNS

DENVER July 1, 2020 /PRNewswire/ -- Point-of-Sale (POS) malware is nothing new, and the Alina malware – which cyber criminals use to scrape credit card numbers from POS systems – has been around for many years...
More details.

Posted on 1 July 2020 1:13 pm


Trump’s New Russia Problem: Unread Intelligence and Missing Strategy

with the Taliban in February. peace deal was signed The White House says it was not even appropriate for him to be briefed because the president only sees “verified” intelligence — prompting derision from officials who have spent years working on the daily brief and say it is most valuable when...
More details.

Posted on 1 July 2020 9:45 am


Vulnerable drivers can enable crippling attacks against ATMs and POS systems

ATMs and point-of-sale (POS) systems have been a target for many cybercriminal groups over the past several years resulting in some of the largest card breaches and money heists in history. While attackers have various ways to break into these machines, researchers now warn that vulnerabilities in...
More details.

Posted on 1 July 2020 9:15 am


FCC designates Huawei and ZTE as security threats: What that means

Explainer Provides context or background, definition and detail on a specific topic. The Federal Communications Commission, a regulatory body in the US, has officially designated Huawei and ZTE as threats to national security, a final step in blocking the two Chinese telecommunications companies...
More details.

Posted on 1 July 2020 4:49 am


Australia to revamp defences as China tensions rise

Prime Minister Scott Morrison earmarked Aus$270 billion ($185 billion) for new and upgraded defence capabilities over the next decade -- a nearly 40 percent increase -- saying the defence force would significantly shift its focus to projecting military power across the Indo-Pacific...
More details.

Posted on 1 July 2020 3:04 am


RedShield appoints Senior Verizon Cyber Security VP as Chief Revenue Officer in U.S. Push

AUCKLAND, New Zealand RedShield , June 30, 2020 /PRNewswire/ -- RedShield, specialists in web application shielding, has announced the appointment of global cyber security leader, James Carrigan Jr. as Chief Revenue Officer (CRO), responsible for sales globally...
More details.

Posted on 1 July 2020 2:53 am


Encrypted Traffic Inspection | Avast

Sorin Mustaca's aggregated IT Security News and articles about information security, vulnerabilities, exploits, patches, releases, software, features, hacks, laws, spam, viruses, malware, breaches. Read the original article: Encrypted Traffic Inspection | Avast While encryption technologies have...
More details.

Posted on 1 July 2020 1:51 am


AA20-182A: EINSTEIN Data Trends – 30-day Lookback

Original release date: June 30, 2020. Summary. Cybersecurity and Infrastructure Security Agency (CISA) analysts have compiled the top detection signatures that have been the most active over the month of May in our national Intrusion Detection System (IDS), known as EINSTEIN...
More details.

Posted on 30 June 2020 2:34 pm


AA20-133A: Top 10 Routinely Exploited Vulnerabilities

Original release date: May 12, 2020. Summary. The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the broader U.S. Government are providing this technical guidance to advise IT security professionals at public and private sector organizations to place an increased priority on patching the most commonly known vulnerabilities exploited by sophisticated foreign cyber actors...
More details.

Posted on 12 May 2020 1:00 pm


AA20-126A: APT Groups Target Healthcare and Essential Services

Original release date: May 5, 2020. Summary. This is a joint alert from the United States Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC)...
More details.

Posted on 5 May 2020 12:58 pm


AA20-120A: Microsoft Office 365 Security Recommendations

Original release date: April 29, 2020. Summary. As organizations adapt or change their enterprise collaboration capabilities to meet “telework” requirements, many organizations are migrating to Microsoft Office 365 (O365) and other cloud collaboration services...
More details.

Posted on 29 April 2020 2:41 pm


AA20-107A: Continued Threat Actor Exploitation Post Pulse Secure VPN Patching

Original release date: April 16, 2020 | Last revised: June 30, 2020. Summary. Note: This Activity Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework...
More details.

Posted on 16 April 2020 1:21 pm


AA20-106A: Guidance on the North Korean Cyber Threat

Original release date: April 15, 2020 | Last revised: June 23, 2020. Summary. The U.S. Departments of State, the Treasury, and Homeland Security, and the Federal Bureau of Investigation are issuing this advisory as a comprehensive resource on the North Korean cyber threat for the international community, network defenders, and the public...
More details.

Posted on 15 April 2020 12:31 pm


AA20-099A: COVID-19 Exploited by Malicious Cyber Actors

Original release date: April 8, 2020. Summary. This is a joint alert from the United States Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC)...
More details.

Posted on 8 April 2020 12:00 pm


AA20-073A: Enterprise VPN Security

Original release date: March 13, 2020 | Last revised: April 15, 2020. Summary. As organizations prepare for possible impacts of Coronavirus Disease 2019 (COVID-19), many may consider alternate workplace options for their employees...
More details.

Posted on 13 March 2020 12:08 pm


SweynTooth Vulnerabilities

This ALERT details vulnerabilities in SweynTooth's Bluetooth Low Energy (BLE) proof-of-concept (PoC) exploit code. This report was released without coordination with some of the affected vendors and without advance coordination with CISA...
More details.

Posted on 3 March 2020 3:20 pm


AA20-049A: Ransomware Impacting Pipeline Operations

Original release date: February 18, 2020 | Last revised: June 30, 2020. Summary. Note: This Activity Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK™) framework...
More details.

Posted on 18 February 2020 1:06 pm


Mitsubishi Electric Europe B.V. smartRTU and INEA ME-RTU (Update A)

This updated alert is a follow-up to the original alert titled ICS-ALERT-19-225-01 Mitsubishi Electric smartRTU and INEA ME-RTU that was published August 13, 2019, on the ICS webpage on us-cert.gov. CISA is aware of a public report of a proof-of-concept (PoC) exploit code vulnerability affecting Mitsubishi Electric smartRTU devices...
More details.

Posted on 10 September 2019 2:30 pm


CAN Bus Network Implementation in Avionics

CISA is aware of a public report of insecure implementation of CAN bus networks affecting aircraft. According to this report, the CAN bus networks are exploitable when an attacker has unsupervised physical access to the aircraft...
More details.

Posted on 30 July 2019 1:00 pm


DICOM Standard in Medical Devices

NCCIC is aware of a public report of a vulnerability in the DICOM (Digital Imaging and Communications in Medicine) standard with proof-of-concept (PoC) exploit code. The DICOM standard is the international standard to transmit, store, retrieve, print, process, and display medical imaging information...
More details.

Posted on 11 June 2019 4:15 pm


Meltdown and Spectre Vulnerabilities (Update J)

This updated alert is a follow-up to the updated alert titled ICS-ALERT-18-011-01 Meltdown and Spectre Vulnerabilities (Update I) that was published September 11, 2018, on the NCCIC/ICS-CERT website.
More details.

Posted on 11 January 2018 5:51 pm


WAGO PFC200

NCCIC is aware of a public report of an improper authentication vulnerability affecting WAGO PFC200, a Programmable Logic Controller (PLC) device. According to this report, the vulnerability is exploitable by sending a TCP payload on the bound port...
More details.

Posted on 7 December 2017 9:11 pm


Eaton ELCSoft Vulnerabilities

NCCIC/ICS-CERT is aware of a public report of buffer overflow vulnerabilities affecting Eaton ELCSoft, a PLC programming software for Eaton Logic Control (ELC) controllers. According to the public report, which was coordinated with ICS-CERT prior to its public release, researcher Ariele Caltabiano (kimiya) working with Trend Micro's Zero Day Initiative, identified that an attacker can leverage these vulnerabilities to execute arbitrary code in the context of the process...
More details.

Posted on 4 August 2017 7:11 pm


CAN Bus Standard Vulnerability

NCCIC/ICS-CERT is aware of a public report of a vulnerability in the Controller Area Network (CAN) Bus standard with proof-of-concept (PoC) exploit code affecting CAN Bus, a broadcast based network standard...
More details.

Posted on 28 July 2017 7:34 pm


CRASHOVERRIDE Malware

CRASHOVERRIDE, aka, Industroyer, is the fourth family of malware publically identified as targeting industrial control systems (ICS). It uses a modular design, with payloads that target several industrial communication protocols and are capable of directly controlling switches and circuit breakers...
More details.

Posted on 25 July 2017 4:45 pm


Petya Malware Variant (Update C)

This updated alert is a follow-up to the updated alert titled ICS-ALERT-17-181-01B Petya Malware Variant that was published July 5, 2017, on the NCCIC/ICS-CERT web site. ICS-CERT is aware of reports of a variant of the Petya malware that is affecting several countries...
More details.

Posted on 30 June 2017 9:09 pm



What we do and what we offer.

About penetration tests and about our news.


Our certificates:

(ISC)2
CISSP
Offensive Security
OSCP
ISACA
CISA
CISM
Microsoft
PECB
LPTP
Qualys
PECB
LPTP
BSI