You are here

Home » Cybersecurity

Cybersecurity

In Annual Threat Report, Microsoft Highlights Risks to Supply Chains

In its just released Security Intelligence Report (SIR), Microsoft points to supply chain attacks as being responsible for numerous high-profile incidents in 2018. These included a massive campaign to deliver the Dofoil Trojan through a peer-to-peer application’s update package. Dofoil carried a cryptocurrency mining payload and exhibited advanced cross-process injection techniques, persistence mechanisms, and evasion techniques.

NSA Releases Ghidra, a Free Tool for Malware Analysts

At the RSA security conference in San Francisco yesterday, the National Security Agency (NSA) released “Ghidra,” a free software reverse engineering tool that the agency had been using internally for well over a decade. The tool is ideal for software engineers but will be especially useful for malware analysts. Ghidra is a free alternative to IDA Pro, a similar reverse engineering tool that's only available under a very expensive commercial license, priced in the range of thousands of U.S. dollars per year.

DHS Cautions on Possible Effects to GPS from April 6 Week Number Rollover Event

The U.S. Department of Homeland Security has issued a memorandum for owners and operators of U.S. critical infrastructure that use Coordinated Universal Time (UTC) from Global Positioning System (GPS) devices. The memorandum is intended to assist owners and operators with preparations for a GPS “Week Number Rollover” that is scheduled to occur on April 6, 2019, as this event may impact the reliability of the reported UTC.

Rockwell Automation RSLinx Classic (ICSA-19-064-01) – Products Used in the Water and Wastewater and Energy Sectors

The NCCIC has released an advisory on a stack-based buffer overflow vulnerability in Rockwell Automation RSLinx Classic. Versions 4.10.00 and prior are affected. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the target device. Rockwell Automation has released patches to address earlier versions of RSLinx Classic including v3.60, v3.70, v3.80, v3.81, v3.90, v4.00.01, v4.10. The NCCIC also advises on a series of measures for mitigating this vulnerability.

Inside Triton, the World’s “Most Murderous” Malware

An article from the MIT Technology Review on Triton malware includes commentary from Julian Gutmanis, a cybersecurity consultant who was hired by a petrochemical plant in Saudi Arabia to assist with the response to a cyber attack on its system by the malware. Triton is unique from other types of malware targeting industrial control systems because it seeks to compromise safety instrumented systems, which keep operations running at safe levels and can shut down systems altogether to prevent life-threatening disasters.

IRS Launches “Dirty Dozen” Campaign on Tax Scams

The Internal Revenue Service (IRS) has launched its annual awareness campaign on the 12 most prevalent tax scams, known as the “Dirty Dozen.” As part of the campaign, IRS will highlight one scam each weekday. The first topic in the campaign focuses on internet phishing scams that lead to tax fraud and identity theft. IRS warns to be on alert for a continuing surge of fake emails, texts, websites, and social media attempts to steal users’ personal information.

PSI GridConnect Telecontrol (ICSA-19-059-01) – Products Used in the Energy Sector

The NCCIC has published an advisory on a cross-site scripting vulnerability in PSI GridConnect Telecontrol. Numerous products and versions of these products are affected. Successful exploitation of this vulnerability could allow an attacker to execute dynamic scripts in the context of the application, which could allow cross-site scripting attacks. PSI recommends users of affected devices update their devices to a version where this vulnerability is patched. The NCCIC also advises on a series of measures for mitigating this vulnerability.

M-Trends 2019 Report Examines APT Actors and Trends, Observes Increase in Retargeted Attacks

FireEye Mandiant has just released M-Trends 2019, its annual report on major trends it observed over the past year. One of the trends noted in the report is the significant increase in governments publicly attributing attacks to threat actors, which are oftentimes other nations. FireEye Mandiant is well known for reporting on malicious cyber activity by advanced persistent threat (APT) actors, many of which it indicates are associated with nations.

Pages

Subscribe to Cybersecurity