Latest news about information security threats and incidents
Prevention of security threats and incidents described below is wiser and cheaper than forensic investigations and mitigation of the consequences of a cyber attack.
You can get evidence of this fact from the news below.
Use our services to find and mitigate your security vulnerabilities before the security threat agents find them.
Jeff Bezos Allegations Put Phone Hacking Tech in the Spotlight
Allegations that Amazon.com boss and Washington Post owner Jeff Bezos had his phone hacked by Saudi Crown Prince Mohammed bin Salman have put a spotlight on the security of smartphones and the secretive tools used to hack them. Smartphones are effectively pocket-sized computers that run apps on.... More details.
Posted on 25 January 2020 5:59 am
#cybersecurity | #hackerspace | Personal Online Security – Account Management
Category: cyber security Continuing a series on how to better strengthen your personal online privacy, we are looking to take personal inventory of how we connect online. These were themes covered during our webinar “Security Beyond Your Website: Personal Online Privacy” and in a Twitter.... More details.
Posted on 25 January 2020 3:50 am
New U.S. law requires government to report risks of overseas activities by ex-spies - Reuters
WASHINGTON WASHINGTON (Reuters) - Troubled that former American spies are plying their trade for foreign governments, Congress has passed new legislation requiring U.S. spy agencies to provide an annual assessment detailing the risks such conduct poses for national security. More details.
Posted on 25 January 2020 3:26 am
NIST Privacy Framework Version 1.0 Issued
On January 16, 2020, the National Institute of Standards and Technology (NIST) issued its NIST Privacy Framework Version 1.0 (Privacy Framework). The Privacy Framework follows the same type of structure as the NIST Framework for Improving Critical Infrastructure Cybersecurity, which was first issued in February 2014 (NIST Cybersecurity Framework). More details.
Posted on 24 January 2020 11:45 pm
Greece: Government Websites Hit by Cyberattack
Sorin Mustaca's IT Security news and articles about information security, vulnerabilities, exploits, patches, releases, software, features, hacks, laws, spam, viruses, malware, breaches. The Greek government said Friday that the official state websites of the prime minister, the national police and.... More details.
Posted on 24 January 2020 11:22 pm
Why You Should Take Social Media Account Takeover as Seriously as a BEC Attack
Posted by on Jan 24, '20 Stacy Shelley Social media account compromise is nothing new. If you haven’t had an account hacked in the past, most of us know someone who has. According to a study by the University of Phoenix , almost two-thirds of US adults have had at least one social media account hacked. More details.
Posted on 24 January 2020 9:15 pm
Protecting Websites from Magecart and Other In-Browser Threats
Posted on 24 January 2020 8:18 pm
Citrix Releases Security Updates for SD-WAN WANOP
Original release date: January 23, 2020 Citrix has released security updates to address the CVE-2019-19781 vulnerability in Citrix SD-WAN WANOP. An attacker could exploit this vulnerability to take control of an affected system. Citrix has also released an Indicators of Compromise Scanner that aims.... More details.
Posted on 24 January 2020 7:25 pm
Russian National Pleads Guilty to Having Run Cardplanet Marketplace
Russian National Pleads Guilty to Having Run Cardplanet Marketplace. A Russian national pleaded guilty to having operated Cardplanet and another website that provided digital criminal services to its customers. Appearing before Senior U.S. District Judge T.S. More details.
Posted on 24 January 2020 7:10 pm
New Bill Proposes NSA Surveillance Reforms
A newly-introduced bill is proposing sweeping privacy reforms to a controversial government surveillance program, which has been previously used by the National Security Agency (NSA) to vacuum up the call records of millions of Americans. The “Safeguarding Americans’ Private Records Act” was introduced Thursday by Sen. More details.
Posted on 24 January 2020 6:10 pm
Stolen Payment Card Trafficking Mastermind Pleads Guilty
Aleksey Burkov, a Russian national who was extradited to the U.S. from Israel in November, pleaded guilty Thursday to federal charges related to owning and operating a site called "Cardplanet," which trafficked in stolen payment card data, according to the See Also: Webinar | Beyond Managed.... More details.
Posted on 24 January 2020 5:15 pm
MOST EMPLOYERS DON’T PAY FULL COST OF CERTIFICATIONS
Sorin Mustaca's IT Security news and articles about information security, vulnerabilities, exploits, patches, releases, software, features, hacks, laws, spam, viruses, malware, breaches. This post was originally published by (ISC)² Management. One of the most common complaints cybersecurity.... More details.
Posted on 24 January 2020 5:05 pm
Hackers Target European Energy Firm: Researchers
Hackers who may have ties to Iran have recently turned their attention to the European energy sector, using open source tools to target one firm's network as part of an cyberespionage operation, according to the security firm See Also: Unlocking IAM - Balancing Frictionless Registration & Data.... More details.
Posted on 24 January 2020 4:22 pm
SWITCHING FROM OTHER FIELDS TO CYBERSECURITY IS PROFITABLE
Here’s a bit of good news for anyone contemplating a career in cybersecurity: Cybersecurity workers who started their careers in other fields tend to get paid more than career-long cybersecurity professionals, according to new research. Read more here: Photo:blog.eccouncil.org. More details.
Posted on 24 January 2020 3:51 pm
The Bezos Phone Hack: Narrative Framed by Loose Facts
Amazon CEO Jeff Bezos (Source: via Wikimedia Commons/CC) Steve Jurvetson It's a seductive story line: A chat app belonging to Saudi Arabia's Crown Prince is used to deliver malware to an American billionaire's phone. See Also: Live Webinar | Empowering Your Human Firewall: The Art and Science of.... More details.
Posted on 24 January 2020 3:40 pm
Gregory D. Evans | Ex-Hacker | TV Personality | Author | Public Speaker
By Patrick Burnson, Executive Editor. January 23, 2020. Airports Council International (ACI) World and A-ISAC announced today they have signed an agreement that better enables ACI members to join the A-ISAC for access to airport-specific cyber threat intelligence and actionable data that will enhance their ability to build cyber resiliency. More details.
Posted on 24 January 2020 3:05 pm
Mastercard Debuts Intelligence And Cyber Center | PYMNTS.com
Mastercard has launched a new center called the Intelligence and Cyber Centre in Vancouver, Canada, focused on speeding innovation in artificial intelligence (AI), cybersecurity and Internet of Things (IoT), according to a The Vancouver center, which will create 380 jobs, is going to be one of six.... More details.
Posted on 24 January 2020 3:05 pm
Examining Risk in the Corporate Environment
Of all the possible concerns global businesses can have, cyber security threats are at the top of the list, according to recent research by insurance firm The Travelers Companies. The company’s 2019 Travelers Risk Index found that cyber risks are the biggest worry among businesses of all sizes for.... More details.
Posted on 24 January 2020 12:27 pm
Never-Before-Seen Malware Downloader In Phishing Emails Targeting US Gov Agencies – Expert Commentary
with a spear-phishing campaign that leverages the increasing geopolitical relations issues surrounding North Korea to lure targets into opening malicious email attachments that contain malware strains, including a never-before-seen malware downloader, coined “Carrotball”. More details.
Posted on 24 January 2020 12:21 pm
Over half of organizations were successfully phished in 2019
Nearly 90 percent of global organizations were targeted with BEC and spear phishing attacks in 2019, reflecting cybercriminals’ continued focus on compromising individual end users, a Proofpoint survey reveals. More details.
Posted on 24 January 2020 11:03 am
CISOs: Make 2020 the year you focus on third-party cyber risk
While cybersecurity professionals are certainly aware of the growing threat posed by sharing data with third parties, many seem to lack the urgency required to address this challenge. More details.
Posted on 24 January 2020 11:03 am
Russian Pleads Guilty in Virginia to Large-Scale Card Fraud
Sorin Mustaca's IT Security news and articles about information security, vulnerabilities, exploits, patches, releases, software, features, hacks, laws, spam, viruses, malware, breaches. A Russian national pleaded guilty Thursday to running a website that helped people commit more than $20 million in credit-card fraud. More details.
Posted on 24 January 2020 10:47 am
'Doomsday Clock' closer to midnight than ever
The Doomsday Clock reads 100 seconds to midnight, a decision made by The Bulletin of Atomic Scientists, during an announcement at the National Press Club in Washington, DC on January 23, 2020. PHOTO | AFP The danger level was compounded by information warfare and disruptive technologies; On the.... More details.
Posted on 24 January 2020 10:11 am
Space Cybersecurity Information Sharing Group Moves Forward - SpacePolicyOnline.com
Private sector and academic institutions involved in commercial space activities are moving forward in establishing a mechanism to share information about cybersecurity threats to satellites and their ground systems. The founding members of the Space Information Sharing and Analysis Center (Space.... More details.
Posted on 24 January 2020 7:25 am
Russian super-crook behind $20m internet fraud den Cardplanet and malware-exchange forum pleads guilty
Posted on 24 January 2020 5:57 am
UN Officials Barred From Using WhatsApp Since June 2019 Over Security Concerns
United Nations officials do not use WhatsApp to communicate because "it's not supported as a secure mechanism," a UN spokesman said on Thursday, after UN experts accused Saudi Arabia of using the online communications platform to hack the phone of Amazon chief executive and Washington Post owner Jeff Bezos. More details.
Posted on 24 January 2020 3:19 am
FDA warns hospitals about security flaws in some GE medical equipment
Some GE medical equipment have vulnerabilities that make them easy to tamper with, according to the FDA. The agency has warned hospitals and healthcare providers that a third-party cybersecurity firm has identified flaws in certain GE Healthcare Clinical Information Central Stations and Telemetry Server models. More details.
Posted on 24 January 2020 2:23 am
Best password managers: Reviews of the top products
We are terrible at passwords. We suck at creating them (the top two most popular remain “123456” and “password”), we , and we forget them all the time . Indeed, the very thing that can ensure our online security has become our biggest obstacle to it. This is what makes a good password manager essential. More details.
Posted on 24 January 2020 12:53 am
Ransomware Claims Driving Up Cyber Insurance Costs - Claims Journal
U.S. insurers are ramping up cyber-insurance rates by as much as 25% and trying to curb exposure to vulnerable customers after a surge of costly claims, industry sources said. The changes follow a challenging year of hackers using malicious programs, known as ransomware, to take down systems that.... More details.
Posted on 23 January 2020 9:21 pm
NSA Offers Guidance on Mitigating Cloud Flaws
A new document separates cloud vulnerabilities into four classes and offers mitigations to help businesses protect cloud resources. The National Security Agency (NSA) today published a new document outlining common types of cloud vulnerabilities and offering different ways for companies to protect cloud environments. More details.
Posted on 23 January 2020 9:00 pm
Vulnerabilities Found in GE Healthcare Patient Monitoring Products
Several potentially serious vulnerabilities have been found in patient monitoring products made by GE Healthcare, the DHS’s Cybersecurity and Infrastructure Security Agency (CISA) and healthcare cybersecurity firm CyberMDX revealed on Thursday. The vulnerabilities were discovered by CyberMDX.... More details.
Posted on 23 January 2020 8:54 pm
Treasury Wants to Collect More Cyber Risk Details From Banks
The U.S. Treasury Department is proposing to collect more information from banks and financial markets about the cybersecurity risks they face, according to notices posted in the See Also: Live Webinar | Scaling Security at the Internet Edge with Stateless Technology The goal is to better secure.... More details.
Posted on 23 January 2020 8:08 pm
#cybersecurity | hacker | PupyRAT found sniffing around EU energy concern
A command and Cyber Security Alert control server used by the Iranian-associate group PupyRAT that is communicating with the mail server of a European energy sector organization for the last several months. Recorded Future’s Insikt Group reported PupyRAT, a remote access trojan, had been chatting with the November2019 until about January 5, 2020. More details.
Posted on 23 January 2020 7:52 pm
2020 Cyber Security Predictions - free White Paper download - Neowin
The top 5 cybersecurity and cybercrime predictions for 2020. Take a look at the top 5 most interesting findings and projections The Hacker News compiled after working their way through 30 independent reports dedicated to cybersecurity and cybercrime predictions for 2020. More details.
Posted on 23 January 2020 7:40 pm
Severe Vulnerabilities Discovered in GE Medical Devices
CISA has released an advisory for six high-severity CVEs for GE Carescape patient monitors, Apex Pro, and Clinical Information Center systems. The US Cybersecurity and Infrastructure Agency (CISA) today issued an advisory for six high-severity security vulnerabilities in patient monitoring devices manufactured by GE Healthcare. More details.
Posted on 23 January 2020 7:18 pm
US County Suffers Two Cyber-attacks in Three Weeks
Albany County in the state of New York has been struck by two separate cyber-attacks in three weeks. A five-figure ransom in Bitcoin was paid by Albany County Airport Authority (ACAA) earlier this month after their servers became infected with on Christmas day. More details.
Posted on 23 January 2020 6:30 pm
FBI Warns: Beware of Spoofed Job Application Portals
The FBI's Internet Crime Complaint Center has issued an alert warning that fraudsters are using spoofed job application portals and websites to steal personal information, including payment card details, from would-be applicants. See Also: Key Trends in Payments Intelligence: Machine Learning for.... More details.
Posted on 23 January 2020 5:48 pm
White House says it takes reports of Amazon chief Bezos' phone hack seriously
WASHINGTON (Reuters) - The White House on Thursday said it is taking reports about the hacking of Amazon chief and Washington Post owner Jeff Bezos’ phone seriously, after reports raised questions about the possible involvement of Saudi Arabia’s crown prince. More details.
Posted on 23 January 2020 5:44 pm
What We Know, And Don’t, About the Alleged Bezos Phone Hack
U.N. human rights experts are asking Washington to investigate a suspected Saudi hack that may have siphoned data from the personal smartphone of Jeff Bezos, Amazon founder and owner of The Washington Post. But the forensic evidence they cite comes from an incomplete study of Bezos’s phone, raising multiple questions. More details.
Posted on 23 January 2020 5:42 pm
Over Half of Organizations Were Successfully Phished in 2019
An annual report into the virulence of phishing scams has found that more than half of organizations dealt with at least one successful phishing attack in 2019. The 2020 "State of the Phish" report , by cybersecurity and compliance firm Proofpoint, was produced using data from nearly 50 million.... More details.
Posted on 23 January 2020 5:05 pm
For Mismanaged SOCs, The Price Is Not Right
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security.... More details.
Posted on 23 January 2020 4:53 pm
#cybersecurity | #hackerspace | Cryptomining Malware Vivin Uses Pirated Software as Attack Vector
Monero, is one of the many examples of such software roaming the dark corners of the Internet. Security researchers have been tracking it for the last couple of years, and it shows no sign of slowing down. Cryptomining took a bit of a tumble as the cryptocurrency market dwindled in the past couple of years, but it didn’t really stop. More details.
Posted on 23 January 2020 4:30 pm
Shlayer Trojan Accounted for 30 Percent of Detections for macOS in 2019
The Shlayer trojan accounted for approximately 30 percent of all of Kaspersky Lab’s malware detections for the macOS platform in 2019. Kaspersky Lab revealed on Securelist that Shlayer has been the most common threat to target its macOS userbase for the past two years. More details.
Posted on 23 January 2020 4:07 pm
Ryuk Ransomware Hit Multiple Oil & Gas Facilities, ICS Security Expert Says
Attackers 'weaponized' Active Directory to spread the ransomware. S4x20 CONFERECE - Miami - More signs that the industrial control system (ICS) sector has become one of the latest favorite targets of ransomware attacks: The head of an operational technology (OT) cybersecurity services firm says.... More details.
Posted on 23 January 2020 3:57 pm
Experts On Findings: Researchers Create OT Honeypot, Attract Exploits And Fraud
It has been reported that researchers at Trend Mirco built a honeypot that mimicked the environment of a real factory. The fake factory featured some common cybersecurity vulnerabilities to make it appealing for hackers to discover and target. Trend Micro launched the honeypot in May last year,.... More details.
Posted on 23 January 2020 3:33 pm
Looking for silver linings in the CVE-2020-0601 crypto vulnerability
library used by more recent versions of Windows. The flaw, which also goes by the names Chain of Fools and Curveball, allows an attacker to fool Windows into believing that malicious software and websites have been digitally vouched for by one of the root certificate authorities that Windows trusts (including Microsoft itself). More details.
Posted on 23 January 2020 3:30 pm
Hashtag Trending – Jeff Bezos phone hack; Microsoft exposes customer data; New budget iPhone
Today’s top story further proves that data theft can happen to anyone. Amazon CEO Jeff Bezos had his data lifted from his phone. Furthermore, Microsoft exposed 250 million customer service records to the internet. But hey, a budget iPhone is coming soon, so that’s nice, right? Thank you for tuning.... More details.
Posted on 23 January 2020 1:54 pm
Over 2000 WordPress Sites Hit by Malicious Redirects
Posted on 23 January 2020 12:19 pm
Sonos’s tone-deaf legacy product policy angers customers
When you buy a cloud-connected appliance, how long should the vendor support it for with software updates? That’s the question that home audio company Sonos raised this week when it dropped some unwelcome news on its customers. The company has announced that it will discontinue software updates for.... More details.
Posted on 23 January 2020 12:09 pm
FBI issues warning about lucrative fake job scams
What’s the difference between a real job and the horde of fake ones found on the internet? It’s even more basic than the fact that one is fake – fake jobs are suspiciously easy to get interviews for. These hiring scams sound like child’s play. Post fake employment opportunities on legitimate job.... More details.
Posted on 23 January 2020 12:09 pm
#infosec | UN Calls for US Probe into Bezos Phone Hack by Saudis
The bombshell allegations, which broke on Wednesday, suggest that spyware was deployed via an MP4 file sent from a WhatsApp account belonging to the prince. The two had apparently met and exchanged phone numbers a month before the alleged attack on May 1 2018. More details.
Posted on 23 January 2020 9:47 am
How CISOs Can Expand Their Security Duties into Industrial Environments
Digital attacks are a top concern for Industrial Control System (ICS) security professionals. In a survey conducted by Dimensional Research, 88 percent of these personnel told Tripwire that they were concerned about the threat of a digital attack. An even greater percentage (93 percent) attributed.... More details.
Posted on 23 January 2020 9:23 am
EFS Ransomware Attacks Overcome Major Antivirus Tools in Proof-of-Concept Tests
EFS ransomware attacks targeting Windows users could potentially overcome several major signature-based antivirus tools, researchers have discovered. Developed by Microsoft and intended to offer full disk encryption, EFS — otherwise known as Windows Encrypting File System — was put to the test as part of an investigation by SafeBreach Labs . More details.
Posted on 23 January 2020 8:56 am
Coalition improves its cyber insurance and security platform with the acquisition of BinaryEdge
Sorin Mustaca's IT Security news and articles about information security, vulnerabilities, exploits, patches, releases, software, features, hacks, laws, spam, viruses, malware, breaches. Coalition improves its cyber insurance and security platform with the acquisition of BinaryEdge. More details.
Posted on 23 January 2020 7:17 am
IC3 Issues Alert on Employment Scams
Original release date: January 22, 2020 The Internet Crime Complaint Center (IC3) has issued an alert warning consumers of fake jobs and hiring scams targeting applicants’ personally identifiable information (PII). Cyber criminals posing as legitimate employers spoof company websites and post fake job openings to lure victims. More details.
Posted on 23 January 2020 6:18 am
Thousands of WordPress Sites Hacked to Fuel Scam Campaign
Over 2,000 WordPress sites have been hacked according to website security firm Sucuri. Sucuri analysts detected attackers exploiting vulnerabilities in plugins used by many WordPress customers to add additional features to their operations. The analysts detected the vulnerabilities in the third week of January. More details.
Posted on 23 January 2020 6:02 am
Microsoft Exposes 250M Customer Support Records on Leaky Servers
Microsoft recently publicly disclosed a security breach that was a result of a misconfigured internal customer support database. The breach caused the exposure of approximately 250 million customer support and service records, many of which contained personally identifiable information. More details.
Posted on 23 January 2020 6:02 am
Russian hackers targeted Ukrainian company at centre of impeachment storm: cybersecurity firm
WASHINGTON (Reuters) - Russian military hackers tried to steal emails from the Ukrainian energy firm where Hunter Biden, the son of Democratic U.S. presidential contender Joe Biden, had a seat on the board, an American cybersecurity firm said on Monday. More details.
Posted on 23 January 2020 5:58 am
buguroo enhances its bugFraud solution with New Account Fraud prevention capabilities
, the online fraud prevention solutions specialist for the financial sector, unveiled further capabilities that make it easier for banks to identify fraudsters attempting to open new bank accounts. These enhanced New Account Fraud prevention capabilities – included in the latest version of buguroo’s.... More details.
Posted on 23 January 2020 4:17 am
Experts write to government on cyber fixes
Last year, the government said it planned to release a new Cybersecurity Strategy to keep up with the changing nature of technologies, platforms and threats. Technology policy think tanks and digital freedom advocates have written to the National Security Council Secretariat urging stronger encryption requirements. More details.
Posted on 23 January 2020 3:59 am
Google engineers discover security flaws in Apple’s Safari web browser
The Intelligent Tracking Prevention feature on Apple’s Safari web browser, which is meant to block tracking software used by digital advertisers, can be abused to do the exact opposite, according to a paper released Wednesday by Google researchers. Google told Apple about the problem in August, and.... More details.
Posted on 23 January 2020 2:44 am
Jeff Bezos, Amazon Founder & The World’s Richest Man Phone Hacked by Saudi Prince with a WhatsApp Spyware
Amazon CEO Jeff Bezos’s phone was hacked with a WhatsApp message (A malicious video file) that had been sent from the personal account of Saudi Arabia crown prince Mohammed bin Salman. According to the Guardian report , a malicious video file was sent from the Saudi prince Whatsapp account to Bezos’.... More details.
Posted on 23 January 2020 2:30 am
Cisco issues firewall, SD-WAN security warnings
Amongst Cisco’s dump of 27 security advisories today only one was rated as critical – a vulnerability in its Firepower firewall system that could let an attacker bypass authentication and execute arbitrary actions with administrative privileges on a particular device. The Firepower Management Center (FMC) vulnerability – which was rated at 9. More details.
Posted on 23 January 2020 12:23 am
Increased Emotet Malware Activity
The Cybersecurity and Infrastructure Security Agency (CISA) is aware of a recent increase in targeted Emotet malware attacks. Emotet is a sophisticated Trojan that commonly functions as a downloader or dropper of other malware. Emotet primarily spreads via malicious email attachments and attempts to.... More details.
Posted on 23 January 2020 12:20 am
EFF to Supreme Court: Criminal Immigration Statute Threatens Free Speech Online
Addie Wagenknecht is an artist and researcher based between the U.S. and Europe. We met a few years back when she invited me to be part of Deep Lab, a “collaborative group of cyberfeminist researchers, artists, writers, engineers, and cultural producers” that she co-founded in 2014. We’ve shared the stage. More details.
Posted on 22 January 2020 10:45 pm
Glenn Greenwald Speaks: Bolsonaro Is Trying to Silence Me
REUTERS. Famed journalist Glenn Greenwald on Tuesday reacted to the news that the Brazilian government has charged him with “cybercrimes” by railing against President Jair Bolsonaro’s regime and its attempts to silence the press. The New York Times reported on Tuesday morning that Brazilian.... More details.
Posted on 22 January 2020 9:03 pm
Get The CompTIA Certification Training Your IT Career Needs For Under $90 Today
This site may earn affiliate commissions from the links on this page. Check out any list of the best, most sought-after jobs of 2020 and beyond. So…what’s the beating heart of all those data science, front-end engineering and DevOps professional jobs littering all those lists? Sound, well-managed and maintained digital systems. More details.
Posted on 22 January 2020 9:02 pm
Updated FTCODE Ransomware Now Steals Credentials, Passwords
FTCODE, a ransomware strain that has been active since at least 2013, has recently been revamped to include new features, including the ability to steal credentials and passwords from web browsers and email clients, according to two research reports released this week. More details.
Posted on 22 January 2020 8:57 pm
Eight Flaws in MSP Software Highlight Potential …
Eight vulnerabilities in ConnectWise’s software for managed service providers (MSPs) could enable an attacker to connect to and silently execute code on any desktop managed by the software — and they might have been behind the ransomware infections that hit Texas government agencies last August,.... More details.
Posted on 22 January 2020 8:19 pm
Documents Describe US Cyber Command's Campaign to Hack ISIS
U.S. Cyber Command (Photo: Department of Defense) The U.S. Cyber Command's campaign to hack ISIS and disrupt its media operations faced some challenges, including a lack of data storage, but ultimately proved successful, according to government documents from 2016 that were made public Tuesday. More details.
Posted on 22 January 2020 8:14 pm
Closing the cybersecurity skills gap: a guide for the C-suite
For the CEO and chief financial officer (CFO), increased cybersecurity proficiency can correlate directly with eliminating or reducing downtime due to an outage, a lower risk of breach-related revenue loss, and fewer penalties for compliance violations. More details.
Posted on 22 January 2020 7:44 pm
MITRE ATT&CK: Disk structure wipe
Introduction Denying the availability of systems and resources of an attack target is a main objective of many real-world attack campaigns. If you were going to disrupt a target, this denial of availability is probably the only part of the attack that will affect the day-to-day activity of a target endpoint’s user. More details.
Posted on 22 January 2020 7:33 pm
Over 500,000 Telnet Credentials are Exposed
Telnet is a communication service protocol that helps a user in controlling a remotely connected device over the TCP/IP network. Recently, the Telnet credentials for more than 515,000 servers, home routers, and IoT devices were exposed by a threat actor . More details.
Posted on 22 January 2020 7:01 pm
The 9 Best LinkedIn SIEM Groups You Should Join
LinkedIn serves one of the premier platforms for enterprise technology professionals to gather, share ideas, and connect. IT security professionals and decision makers alike seeking insights from the smartest in the industry can find it at LinkedIn. Specifically, you can find these cybersecurity.... More details.
Posted on 22 January 2020 6:46 pm
ActZero Announces Acquisition of IntelliGO to Build Cybersecurity Business of the Future
, a Palo Alto ActZero -based artificial intelligence company, announced today that it has acquired IntelliGO Networks , a leading provider of Managed Detection and Response services. IntelliGO will continue to operate as an independent entity, and will work with ActZero to achieve its vision of.... More details.
Posted on 22 January 2020 6:43 pm
Teenager charged over $50 million SIM-swap cryptocurrency theft
The Home of the Security Bloggers Network. Teenager charged over $50 million SIM-swap cryptocurrency theft Teenager charged over $50 million SIM-swap cryptocurrency theft. Samy Bensaci, an 18-year-old living in Montreal, Canada, has been charged in connection with the theft of over $50 million worth of cryptocurrency in a SIM-swapping scam. More details.
Posted on 22 January 2020 6:00 pm
IntelliGO Acquired by ActZero
Sorin Mustaca's IT Security news and articles about information security, vulnerabilities, exploits, patches, releases, software, features, hacks, laws, spam, viruses, malware, breaches. It’s not often we get to make an announcement quite this exciting: IntelliGO Networks has been acquired by.... More details.
Posted on 22 January 2020 5:55 pm
Academics call for UK's Computer Misuse Act 1990 to be reformed
Report suggests public interest defences for infosec professionals, academics and journalists. Britain's main anti-hacker law, the Computer Misuse Act 1990, is "confused", "outdated" and "ambiguous", according to a group of pro-reform academics. A report launched this morning by the Criminal Law.... More details.
Posted on 22 January 2020 5:33 pm
Everything We Know About the Jeff Bezos Phone Hack
On November 8, 2018, Amazon CEO Jeff Bezos received an unexpected text message from Saudi Arabian leader Mohammed bin Salman. The two had exchanged numbers a few months prior, in April, at a small dinner in Los Angeles, but weren’t in regular contact; Bezos had previously received only a video file.... More details.
Posted on 22 January 2020 5:30 pm
Intezer Raises $15 Million in Series B Funding
Cyber threat detection provider Intezer this week announced it has raised $15 million in a Series B funding round. The New York-based cyber-security company helps organizations detect threats by revealing the “genetic” origins of software code, and also provides context on how to respond to incidents. More details.
Posted on 22 January 2020 4:22 pm
New Citrix Security Warning: Check For Compromise Now
LightRocket via Getty Images. Citrix is alerting customers to a new tool it has released that can be used to check for compromise. Developed in partnership with security company FireEye, Citrix is “strongly recommending” that all customers run this tool as soon as possible and take steps to protect themselves. More details.
Posted on 22 January 2020 3:48 pm
Ubisoft sues DDoS-for-hire operators for ruining game play
Mega-big online gaming company Ubisoft, maker of mega-hit games including Assassin’s Creed, Far Cry, Just Dance and Tom Clancy’s RainbowSix: Siege (R6S), is suing four operators of the DDoS-for-hire sites that have been launched against its RainbowSix servers. More details.
Posted on 22 January 2020 2:47 pm
Saudi Prince Allegedly Hacked World’s Richest Man Jeff Bezos Using WhatsApp
By GIXnews The smartphone of Amazon founder Jeff Bezos, the world’s richest man, was reportedly hacked in May 2018 after receiving a WhatsApp message from the personal account of Saudi crown prince Mohammed bin Salman, the Guardian newspaper revealed today. More details.
Posted on 22 January 2020 2:43 pm
Saudi prince helped hack Amazon boss Bezos' phone? Absurd, says minister
SAN FRANCISCO/CAIRO (Reuters) - Saudi Crown Prince Mohammed bin Salman may have been involved in a plot to hack the phone of Amazon’s billionaire boss Jeff Bezos, United Nations experts said on Wednesday. The U.N. special rapporteurs, Agnes Callamard and David Kaye, said they had information.... More details.
Posted on 22 January 2020 2:43 pm
BT and Vodafone Reportedly Want Huawei 5G Gear
BT engineer (Photo: BT) Britain's two largest telecommunications firms plan to lobby Prime Minister Boris Johnson to not fully ban Huawei hardware from the nation's 5G rollout. See Also: Webinar | Passwords: Here Today, Gone Tomorrow? Be Careful What You Wish For. More details.
Posted on 22 January 2020 2:16 pm
Microsoft Exposed 250 Million Customer Support Records
Nearly 250 million Microsoft Customer Service and Support (CSS) records were found exposed to the Internet in five insecure Elasticsearch databases, Comparitech reports. The records on those servers contained 14 years’ worth of logs of conversations between support agents and customers, all of which.... More details.
Posted on 22 January 2020 1:11 pm
UPS Says Phishing Incident Might Have Exposed Some Customers’ Data
UPS Says Phishing Incident Might Have Exposed Some Customers’ Data. The United Parcel Service (UPS) revealed that a phishing incident might have exposed the information of some of its customers. In its “ Notice of Data Breach ” letter, UPS disclosed that an unauthorized person had used a phishing.... More details.
Posted on 22 January 2020 1:06 pm
EU nations can restrict high-risk vendors under new 5G guidelines: sources
BRUSSELS (Reuters) - EU countries can restrict or exclude high-risk 5G providers from core parts of their telecoms network infrastructure under new guidelines to be issued by the European Commission next week, people familiar with the matter said on Wednesday. More details.
Posted on 22 January 2020 1:03 pm
Download: The State of Security Breach Protection 2020 Survey Results
What are the key considerations security decision-makers should take into account when designing their 2020 breach protection? To answer this, we polled 1,536 cybersecurity professionals in The State of Breach Protection 2020 survey ( Download the full survey here ) to understand the common.... More details.
Posted on 22 January 2020 12:52 pm
Dubai regulator takes the wraps off cyber threat intelligence sharing platform
The DFSA will host the Platform on its infrastructure and will outsource the management and enrichment of the platform to HelpAG, a leading provider of strategic consultancy and tailored information security solutions and services to enterprises and governments across the region. More details.
Posted on 22 January 2020 12:41 pm
What is a buffer overflow? And how hackers exploit these vulnerabilities
Software that writes more data to a memory buffer than it can hold creates vulnerabilities that attackers can exploit. Good software development practices can stop buffer overflows from happening. Buffer overflow definition. A buffer overflow or overrun is a memory safety issue where a program.... More details.
Posted on 22 January 2020 11:42 am
As Britain decides, Europe grapples with Huawei conundrum
BERLIN: Britain's impending decision on whether to allow Huawei to supply equipment for 5G mobile networks comes at a delicate time, with debate raging in European capitals over the security implications of reliance on Chinese technology. In Germany, Chancellor Angela Merkel's preference for.... More details.
Posted on 22 January 2020 11:37 am
Honor 10, Honor View 10 Android 10-based EMUI 10 update rolling out
The Honor 10 new update comes with EMUI software version 10.0.0.156(C00E156R1P4) and is about 4.84GB in size, PiunikaWeb reports. The Honor View 10, on the other hand, is receiving the update with EMUI build version 10.0.0.156. The update also includes performance improvements, bug fixes, and the latest January 2020 security patch. More details.
Posted on 22 January 2020 11:19 am
The Role PCI-DSS Plays in Security
Sorin Mustaca's IT Security news and articles about information security, vulnerabilities, exploits, patches, releases, software, features, hacks, laws, spam, viruses, malware, breaches. If your business accepts credit card payments, then you need to comply with PCI-DSS standards. PCI-DSS stands for Payment Card Industry Data Security Standard. More details.
Posted on 22 January 2020 11:15 am
AA20-020A: Critical Vulnerability in Citrix Application Delivery Controller, Gateway, and SD-WAN WANOP
Original release date: January 20, 2020 | Last revised: January 24, 2020. Summary. Note: As of January 24, 2020, Citrix has released all expected updates in response to CVE-2019-19781.  On January 19, 2020, Citrix released firmware updates for Citrix Application Delivery Controller (ADC) and Citrix Gateway versions 11.1 and 12.0. On January 22, 2020, Citrix released security updates for vulnerable SD-WAN WANOP appliances. On January 23, 2020, Citrix released firmware updates for Citrix ADC and Gateway versions 12.1 and 13.0. On January 24, 2020, Citrix released firmware updates for Citrix ADC and Gateway version 10.5. A remote, unauthenticated attacker could exploit CVE-2019-19781 to perform arbitrary code execution.  This vulnerability has been detected in exploits in the wild.  The Cybersecurity and Infrastructure Agency (CISA) strongly recommends that all users and administrators upgrade their vulnerable appliances as soon as possible. Timeline of Specific Events December 17, 2019 – Citrix released Security Bulletin CTX267027 with mitigations steps. January 8, 2020 – The CERT Coordination Center (CERT/CC) released Vulnerability Note VU#619785: Citrix Application Delivery Controller and Citrix Gateway Web Server Vulnerability,  and CISA releases a Current Activity entry.  January 10, 2020 – The National Security Agency (NSA) released a Cybersecurity Advisory on CVE-2019-19781.  January 11, 2020 – Citrix released blog post on CVE-2019-19781 with timeline for fixes.  January 13, 2020 – CISA released a Current Activity entry describing their utility that enables users and administrators to test whether their Citrix ADC and Citrix Gateway firmware is susceptible to the CVE-2019-19781 vulnerability.  January 16, 2020 – Citrix announced that Citrix SD-WAN WANOP appliance is also vulnerable to CVE-2019-19781... More details.
Posted on 20 January 2020 2:54 pm
AA20-014A: Critical Vulnerabilities in Microsoft Windows Operating Systems
Original release date: January 14, 2020. Summary. New vulnerabilities are continually emerging, but the best defense against attackers exploiting patched vulnerabilities is simple: keep software up to date. Timely patching is one of the most efficient and cost-effective steps an organization can take to minimize its exposure to cybersecurity threats. On January 14, 2020, Microsoft released software fixes to address 49 vulnerabilities as part of their monthly Patch Tuesday announcement. Among the vulnerabilities patched were critical weaknesses in Windows CryptoAPI, Windows Remote Desktop Gateway (RD Gateway), and Windows Remote Desktop Client. An attacker could remotely exploit these vulnerabilities to decrypt, modify, or inject data on user connections: CryptoAPI spoofing vulnerability – CVE-2020-0601: This vulnerability affects all machines running 32- or 64-bit Windows 10 operating systems, including Windows Server versions 2016 and 2019. This vulnerability allows Elliptic Curve Cryptography (ECC) certificate validation to bypass the trust store, enabling unwanted or malicious software to masquerade as authentically signed by a trusted or trustworthy organization. This could deceive users or thwart malware detection methods such as antivirus. Additionally, a maliciously crafted certificate could be issued for a hostname that did not authorize it, and a browser that relies on Windows CryptoAPI would not issue a warning, allowing an attacker to decrypt, modify, or inject data on user connections without detection. Windows RD Gateway and Windows Remote Desktop Client vulnerabilities – CVE-2020-0609, CVE-2020-0610, and CVE-2020-0611: These vulnerabilities affect Windows Server 2012 and newer. In addition, CVE-2020-0611 affects Windows 7 and newer. These vulnerabilities—in the Windows Remote Desktop Client and RD Gateway Server—allow for remote code execution, where arbitrary code could be run freely... More details.
Posted on 14 January 2020 5:46 pm
AA20-010A: Continued Exploitation of Pulse Secure VPN Vulnerability
Original release date: January 10, 2020. Summary. Unpatched Pulse Secure VPN servers continue to be an attractive target for malicious actors. Affected organizations that have not applied the software patch to fix a remote code execution (RCE) vulnerability, known as CVE-2019-11510, can become compromised in an attack.  Although Pulse Secure  disclosed the vulnerability and provided software patches for the various affected products in April 2019, the Cybersecurity and Infrastructure Security Agency (CISA) continues to observe wide exploitation of CVE-2019-11510.    CISA expects to see continued attacks exploiting unpatched Pulse Secure VPN environments and strongly urges users and administrators to upgrade to the corresponding fixes.  Timelines of Specific Events April 24, 2019 – Pulse Secure releases initial advisory and software updates addressing multiple vulnerabilities. May 28, 2019 – Large commercial vendors get reports of vulnerable VPN through HackerOne. July 31, 2019 – Full RCE use of exploit demonstrated using the admin session hash to get complete shell. August 8, 2019 – Meh Chang and Orange Tsai demonstrate the VPN issues across multiple vendors (Pulse Secure) with detailed attack on active VPN exploitation. August 24, 2019 – Bad Packets identifies over 14,500 vulnerable VPN servers globally still unpatched and in need of an upgrade. October 7, 2019 – The National Security Agency (NSA) produces a Cybersecurity Advisory on Pulse Secure and other VPN products being targeted actively by advanced persistent threat actors. October 16, 2019 – The CERT Coordination Center (CERT/CC) releases Vulnerability Note VU#927237: Pulse Secure VPN contains multiple vulnerabilities. January 2020 – Media reports cybercriminals now targeting unpatched Pulse Secure VPN servers to install REvil (Sodinokibi) ransomware. Technical Details... More details.
Posted on 10 January 2020 11:45 am
AA20-006A: Potential for Iranian Cyber Response to U.S. Military Strike in Baghdad
Original release date: January 6, 2020. Summary. The Cybersecurity and Infrastructure Security Agency (CISA) is sharing the following information with the cybersecurity community as a primer for assisting in the protection of our Nation’s critical infrastructure in light of the current tensions between the Islamic Republic of Iran and the United States and Iran’s historic use of cyber offensive activities to retaliate against perceived harm. Foremost, CISA recommends organizations take the following actions: Adopt a state of heightened awareness. This includes minimizing coverage gaps in personnel availability, more consistently consuming relevant threat intelligence, and making sure emergency call trees are up to date. Increase organizational vigilance. Ensure security personnel are monitoring key internal security capabilities and that they know how to identify anomalous behavior. Flag any known Iranian indicators of compromise and tactics, techniques, and procedures (TTPs) for immediate response. Confirm reporting processes. Ensure personnel know how and when to report an incident. The well-being of an organization’s workforce and cyber infrastructure depends on awareness of threat activity. Consider reporting incidents to CISA to help serve as part of CISA’s early warning system (see Contact Information section below). Exercise organizational incident response plans. Ensure personnel are familiar with the key steps they need to take during an incident. Do they have the accesses they need? Do they know the processes? Are your various data sources logging as expected? Ensure personnel are positioned to act in a calm and unified manner. Technical Details. Iranian Cyber Threat Profile Iran has a history of leveraging asymmetric tactics to pursue national interests beyond its conventional capabilities. More recently, its use of offensive cyber operations is an extension of that doctrine... More details.
Posted on 6 January 2020 8:01 pm
AA19-339A: Dridex Malware
Original release date: December 5, 2019 | Last revised: January 2, 2020. Summary. This Alert is the result of recent collaboration between the Department of the Treasury Financial Sector Cyber Information Group (CIG) and the Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) to identify and share information with the financial services sector. Treasury and the Cybersecurity and Infrastructure Security Agency (CISA) are providing this report to inform the sector about the Dridex malware and variants. The report provides an overview of the malware, related activity, and a list of previously unreported indicators of compromise derived from information reported to FinCEN by private sector financial institutions. Because actors using Dridex malware and its derivatives continue to target the financial services sector, including financial institutions and customers, the techniques, tactics, and procedures contained in this report warrant renewed attention. Treasury and CISA encourage network security specialists to incorporate these indicators into existing Dridex-related network defense capabilities and planning. For information regarding the malicious cyber actors responsible for the development and distribution of the Dridex malware, see the Treasury press release, Treasury Sanctions Evil Corp, the Russia-Based Cybercriminal Group Behind Dridex Malware and the FBI press release, Russian National Charged with Decade-Long Series of Hacking and Bank Fraud Offenses Resulting in Tens of Millions in Losses and Second Russian National Charged with Involvement in Deployment of “Bugat” Malware . This Alert does not introduce a new regulatory interpretation, nor impose any new requirements on regulated entities. Except where noted, there is no indication that the actual owner of the email address was involved in the suspicious or malicious activity. If activity related to these indicators of compromise is detected, please notify appropriate law enforcement and the CIG... More details.
Posted on 5 December 2019 2:13 pm
AA19-290A: Microsoft Ending Support for Windows 7 and Windows Server 2008 R2
Original release date: October 17, 2019 | Last revised: October 18, 2019. Summary. Note : This alert does not apply to federally certified voting systems running Windows 7. Microsoft will continue to provide free security updates to those systems through the 2020 election. See Microsoft’s article, Extending free Windows 7 security updates to voting systems , for more information. On January 14, 2020, Microsoft will end extended support for their Windows 7 and Windows Server 2008 R2 operating systems.  After this date, these products will no longer receive free technical support, or software and security updates. Organizations that have regulatory obligations may find that they are unable to satisfy compliance requirements while running Windows 7 and Windows Server 2008 R2. Technical Details. All software products have a lifecycle. “End of support” refers to the date when the software vendor will no longer provide automatic fixes, updates, or online technical assistance.  For more information on end of support for Microsoft products see the Microsoft End of Support FAQ . Systems running Windows 7 and Windows Server 2008 R2 will continue to work at their current capacity even after support ends on January 14, 2020. However, using unsupported software may increase the likelihood of malware and other security threats. Mission and business functions supported by systems running Windows 7 and Windows Server 2008 R2 could experience negative consequences resulting from unpatched vulnerabilities and software bugs. These negative consequences could include the loss of confidentiality, integrity, and availability of data, system resources, and business assets. Mitigations. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and organizations to: Upgrade to a newer operating system. Identify affected devices to determine breadth of the problem and assess risk of not upgrading... More details.
Posted on 17 October 2019 4:36 pm
Mitsubishi Electric Europe B.V. smartRTU and INEA ME-RTU (Update A)
This updated alert is a follow-up to the original alert titled ICS-ALERT-19-225-01 Mitsubishi Electric smartRTU and INEA ME-RTU that was published August 13, 2019, on the ICS webpage on us-cert.gov. CISA is aware of a public report of a proof-of-concept (PoC) exploit code vulnerability affecting Mitsubishi Electric smartRTU devices. According to this report, there are multiple vulnerabilities that could result in remote code execution with root privileges. CISA is issuing this alert to provide early notice of the report. More details.
Posted on 10 September 2019 2:30 pm
CAN Bus Network Implementation in Avionics
CISA is aware of a public report of insecure implementation of CAN bus networks affecting aircraft. According to this report, the CAN bus networks are exploitable when an attacker has unsupervised physical access to the aircraft. CISA is issuing this alert to provide early notice of the report. More details.
Posted on 30 July 2019 1:00 pm
AA19-168A: Microsoft Operating Systems BlueKeep Vulnerability
Original release date: June 17, 2019. Summary. The Cybersecurity and Infrastructure Security Agency (CISA) is issuing this Activity Alert to provide information on a vulnerability, known as “BlueKeep,” that exists in the following Microsoft Windows Operating Systems (OSs), including both 32- and 64-bit versions, as well as all Service Pack versions: Windows 2000 Windows Vista Windows XP Windows 7 Windows Server 2003 Windows Server 2003 R2 Windows Server 2008 Windows Server 2008 R2 An attacker can exploit this vulnerability to take control of an affected system. Technical Details. BlueKeep (CVE-2019-0708) exists within the Remote Desktop Protocol (RDP) used by the Microsoft Windows OSs listed above. An attacker can exploit this vulnerability to perform remote code execution on an unprotected system. According to Microsoft, an attacker can send specially crafted packets to one of these operating systems that has RDP enabled.  After successfully sending the packets, the attacker would have the ability to perform a number of actions: adding accounts with full user rights; viewing, changing, or deleting data; or installing programs. This exploit, which requires no user interaction, must occur before authentication to be successful. BlueKeep is considered “wormable” because malware exploiting this vulnerability on a system could propagate to other vulnerable systems; thus, a BlueKeep exploit would be capable of rapidly spreading in a fashion similar to the WannaCry malware attacks of 2017.  CISA has coordinated with external stakeholders and determined that Windows 2000 is vulnerable to BlueKeep. Mitigations. CISA encourages users and administrators review the Microsoft Security Advisory  and the Microsoft Customer Guidance for CVE-2019-0708  and apply the appropriate mitigation measures as soon as possible: Install available patches... More details.
Posted on 17 June 2019 1:37 pm
DICOM Standard in Medical Devices
NCCIC is aware of a public report of a vulnerability in the DICOM (Digital Imaging and Communications in Medicine) standard with proof-of-concept (PoC) exploit code. The DICOM standard is the international standard to transmit, store, retrieve, print, process, and display medical imaging information. According to this report, the vulnerability is exploitable by embedding executable code into the 128 byte preamble. This report was released without coordination with NCCIC or any known vendor. More details.
Posted on 11 June 2019 4:15 pm
AA19-122A: New Exploits for Unsecure SAP Systems
Original release date: May 2, 2019 | Last revised: May 3, 2019. Summary. The Cybersecurity and Infrastructure Security Agency (CISA) is issuing this activity alert in response to recently disclosed exploits that target unsecure configurations of SAP components. [ 1 ] Technical Details. A presentation at the April 2019 Operation for Community Development and Empowerment (OPCDE) cybersecurity conference describes SAP systems with unsecure configurations exposed to the internet. Typically, SAP systems are not intended to be exposed to the internet as it is an untrusted network. Malicious cyber actors can attack and compromise these unsecure systems with publicly available exploit tools, termed “10KBLAZE.” The presentation details the new exploit tools and reports on systems exposed to the internet. SAP Gateway ACL The SAP Gateway allows non-SAP applications to communicate with SAP applications. If SAP Gateway access control lists (ACLs) are not configured properly (e.g., gw/acl_mode = 0), anonymous users can run operating system (OS) commands.[ 2 ] According to the OPCDE presentation, about 900 U.S. internet-facing systems were detected in this vulnerable condition. SAP Router secinfo The SAP router is a program that helps connect SAP systems with external networks. The default secinfo configuration for a SAP Gateway allows any internal host to run OS commands anonymously. If an attacker can access a misconfigured SAP router, the router can act as an internal host and proxy the attacker’s requests, which may result in remote code execution. According to the OPCDE presentation, 1,181 SAP routers were exposed to the internet. It is unclear if the exposed systems were confirmed to be vulnerable or were simply running the SAP router service. SAP Message Server SAP Message Servers act as brokers between Application Servers (AS). By default, Message Servers listen on a port 39XX and have no authentication. If an attacker can access a Message Server, they can redirect and/or execute legitimate man-in-the-middle (MITM) requests, thereby gaining credentials... More details.
Posted on 2 May 2019 10:54 pm
AA19-024A: DNS Infrastructure Hijacking Campaign
Original release date: January 24, 2019 | Last revised: February 13, 2019. Summary. The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), is aware of a global Domain Name System (DNS) infrastructure hijacking campaign. Using compromised credentials, an attacker can modify the location to which an organization’s domain name resources resolve. This enables the attacker to redirect user traffic to attacker-controlled infrastructure and obtain valid encryption certificates for an organization’s domain names, enabling man-in-the-middle attacks. See the following links for downloadable copies of open-source indicators of compromise (IOCs) from the sources listed in the References section below: IOCs (.csv) IOCs (.stix) Note: these files were last updated February 13, 2019, to remove the following three non-malicious IP addresses: 22.214.171.124 126.96.36.199 188.8.131.52 Technical Details. Using the following techniques, attackers have redirected and intercepted web and mail traffic, and could do so for other networked services. The attacker begins by compromising user credentials, or obtaining them through alternate means, of an account that can make changes to DNS records. Next, the attacker alters DNS records, like Address (A), Mail Exchanger (MX), or Name Server (NS) records, replacing the legitimate address of a service with an address the attacker controls. This enables them to direct user traffic to their own infrastructure for manipulation or inspection before passing it on to the legitimate service, should they choose. This creates a risk that persists beyond the period of traffic redirection. Because the attacker can set DNS record values, they can also obtain valid encryption certificates for an organization’s domain names. This allows the redirected traffic to be decrypted, exposing any user-submitted data... More details.
Posted on 24 January 2019 8:01 pm
AA18-337A: SamSam Ransomware
Original release date: December 3, 2018. Summary. The Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) and the Federal Bureau of Investigation (FBI) are issuing this activity alert to inform computer network defenders about SamSam ransomware, also known as MSIL/Samas.A. Specifically, this product shares analysis of vulnerabilities that cyber actors exploited to deploy this ransomware. In addition, this report provides recommendations for prevention and mitigation. The SamSam actors targeted multiple industries, including some within critical infrastructure. Victims were located predominately in the United States, but also internationally. Network-wide infections against organizations are far more likely to garner large ransom payments than infections of individual systems. Organizations that provide essential functions have a critical need to resume operations quickly and are more likely to pay larger ransoms. The actors exploit Windows servers to gain persistent access to a victim’s network and infect all reachable hosts. According to reporting from victims in early 2016, cyber actors used the JexBoss Exploit Kit to access vulnerable JBoss applications. Since mid-2016, FBI analysis of victims’ machines indicates that cyber actors use Remote Desktop Protocol (RDP) to gain persistent access to victims’ networks. Typically, actors either use brute force attacks or stolen login credentials. Detecting RDP intrusions can be challenging because the malware enters through an approved access point. After gaining access to a particular network, the SamSam actors escalate privileges for administrator rights, drop malware onto the server, and run an executable file, all without victims’ action or authorization. While many ransomware campaigns rely on a victim completing an action, such as opening an email or visiting a compromised website, RDP allows cyber actors to infect victims with minimal detection... More details.
Posted on 3 December 2018 4:18 pm
Meltdown and Spectre Vulnerabilities (Update J)
This updated alert is a follow-up to the updated alert titled ICS-ALERT-18-011-01 Meltdown and Spectre Vulnerabilities (Update I) that was published September 11, 2018, on the NCCIC/ICS-CERT website. More details.
Posted on 11 January 2018 5:51 pm
NCCIC is aware of a public report of an improper authentication vulnerability affecting WAGO PFC200, a Programmable Logic Controller (PLC) device. According to this report, the vulnerability is exploitable by sending a TCP payload on the bound port. This report was released after attempted coordination with WAGO. NCCIC has notified the affected vendor of the report and has asked the vendor to confirm the vulnerability and identify mitigations. NCCIC is issuing this alert to provide notice of the report and identify baseline mitigations for reducing risks to these and other cybersecurity attacks. More details.
Posted on 7 December 2017 9:11 pm
Eaton ELCSoft Vulnerabilities
NCCIC/ICS-CERT is aware of a public report of buffer overflow vulnerabilities affecting Eaton ELCSoft, a PLC programming software for Eaton Logic Control (ELC) controllers. According to the public report, which was coordinated with ICS-CERT prior to its public release, researcher Ariele Caltabiano (kimiya) working with Trend Micro's Zero Day Initiative, identified that an attacker can leverage these vulnerabilities to execute arbitrary code in the context of the process. ICS-CERT has notified the affected vendor, who has reported that they are planning to address the vulnerabilities. No timeline has been provided. ICS-CERT is issuing this alert to provide notice of the report and to identify baseline mitigations for reducing risks to these and other cybersecurity attacks. More details.
Posted on 4 August 2017 7:11 pm
CAN Bus Standard Vulnerability
NCCIC/ICS-CERT is aware of a public report of a vulnerability in the Controller Area Network (CAN) Bus standard with proof-of-concept (PoC) exploit code affecting CAN Bus, a broadcast based network standard. According to the public report, which was coordinated with ICS-CERT prior to its public release, researchers Andrea Palanca, Eric Evenchick, Federico Maggi, and Stefano Zanero identified a vulnerability exploiting a weakness in the CAN protocol that allows an attacker to perform a denial-of-service (DoS) attack. More details.
Posted on 28 July 2017 7:34 pm
CRASHOVERRIDE, aka, Industroyer, is the fourth family of malware publically identified as targeting industrial control systems (ICS). It uses a modular design, with payloads that target several industrial communication protocols and are capable of directly controlling switches and circuit breakers. Additional modules include a data-wiping component and a module capable of causing a denial of service (DoS) to Siemens SIPROTEC devices. More details.
Posted on 25 July 2017 4:45 pm
Petya Malware Variant (Update C)
This updated alert is a follow-up to the updated alert titled ICS-ALERT-17-181-01B Petya Malware Variant that was published July 5, 2017, on the NCCIC/ICS-CERT web site. ICS-CERT is aware of reports of a variant of the Petya malware that is affecting several countries. ICS-CERT is releasing this alert to enhance the awareness of critical infrastructure asset owners/operators about the Petya variant and to identify product vendors that have issued recommendations to mitigate the risk associated with this malware. More details.
Posted on 30 June 2017 9:09 pm
Indicators Associated With WannaCry Ransomware (Update I)
This updated alert is a follow-up to the updated alert titled ICS-ALERT-17-135-01H Indicators Associated With WannaCry Ransomware that was published May 31, 2017, on the NCCIC/ICS-CERT web site. More details.
Posted on 15 May 2017 11:16 pm