You are here

Home » Cybersecurity

Cybersecurity

FBI FLASH: Indicators Associated with Netwalker Ransomware

The FBI has published a (TLP:WHITE) FLASH message providing indicators associated with the Netwalker Ransomware. The FBI states it has received notifications of Netwalker ransomware attacks on U.S. and foreign government organizations and private companies, among other entities, by unidentified cyber actors. It notes Netwalker became widely recognized in March following intrusions into an Australian transportation and logistics company.

CISA Alert AA20-205A – Take it Very Seriously, but Don’t Panic

When the longest‐serving (former) Director of the U.S. Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team (ICS‐CERT) speaks, people listen, or at least they should. The “joint alert from the NSA and CISA about malicious activity targeting operational technology (OT) and critical infrastructure should be taken very seriously. Don’t be fooled — this isn’t a warning about the possibility of attacks. This is a warning that attacks have occurred and are ongoing as we speak,” wrote Marty Edwards in a recent post at Tenable.

Cyber Actors Exploiting Built-in Network Protocols to Carry Out Larger, More Destructive Distributed Denial of Service Attacks

The FBI has published a (TLP:WHITE) Private Industry Notification (PIN) advising that Cyber actors have exploited built-in network protocols, designed to reduce computational overhead of day-to-day system and operational functions, to conduct larger and more destructive distributed denial of service (DDoS) amplification attacks against US networks. As the FBI explains, a DDoS amplification attack occurs when an attacker sends a small number of requests to a server and the server responds with more numerous responses to the victim.

CISA Alert: Potential Legacy Risk from Malware Targeting QNAP NAS Devices

The U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) has published a new alert about the potential vulnerability of Network Attached Storage Devices (NAS) manufactured by the firm QNAP to the QSnatch malware if not updated with the latest security fixes. According to CISA, the malware has infected thousands of devices worldwide with a particularly high number of infections in North America and Europe. Further, once a device has been infected, attackers can prevent administrators from successfully running firmware updates.

Schneider Electric Triconex TriStation and Tricon Communication Module (ICSA-20-205-01)

CISA has published an advisory on cleartext transmission of sensitive information, uncontrolled resource consumption, hidden functionality, and improper access control vulnerabilities in Schneider Electric Triconex TriStation and Tricon Communication Module. Numerous versions of TriStation and Tricon Communication Module are affected. Successful exploitation of these vulnerabilities may allow an attacker to view clear text data on the network, cause a denial-of-service condition, or allow improper access.

CISA Alert: Threat Actor Exploitation of F5 BIG-IP CVE-2020-5902

The U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) has published a new alert in response to recently disclosed exploits that target F5 BIG-IP devices that are vulnerable to CVE-2020-5902. As the alert states, F5 Networks, Inc. (F5) released a patch for CVE-2020-5902 on June 30, 2020. Unpatched F5 BIG-IP devices are an attractive target for malicious actors.

CISA Alert: NSA and CISA Recommend Immediate Actions to Reduce Exposure across Operational Technologies and Systems

The U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) has published a new alert recommending critical infrastructure owners and operators take immediate steps to reduce exposure of operational technology (OT) and control systems. The alert notes that due to the increase in adversary capabilities and activity, the criticality to U.S. national security and way of life, and the vulnerability of OT systems, civilian infrastructure makes attractive targets for foreign powers attempting to do harm to U.S. interests or retaliate for perceived U.S.

When Technology Fails, Phishing Evades Security

It is well-known that phishing is purposefully designed to evade security tools and target humans, so when it does it should come as no surprise. Likewise, when security technology fails humans need to be able to recognize suspicious activity such as phishing emails and report them accordingly. Cybersecurity firm Cofense recently analyzed phishing messages that evaded Proofpoint’s Secure Email Gateway (SEG). The platform/vendor should not be the point, because it happens to (dare I say) every platform.

Pages

Subscribe to Cybersecurity