Cybersecurity

Director of National Intelligence Dan Coats issued one of the starkest and most explicit warnings to date about China's cyber activities, calling them "unprecedented in scale" and explicitly aimed at undermining U.S. interests. In remarks at The Citadel, Coats said the Chinese government is actively targeting U.S. state and local governments and officials, "trying to exploit any divisions between federal and local levels on policy." He did not name either states or officials, nor did he elaborate on which policies had been targeted.

Apple has released a security update to address multiple vulnerabilities in macOS Mojave 10.14. An attacker could exploit one of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review Apple's security page for macOS Mojave 10.14 and apply the necessary update. NCCIC/US-CERT.

The use of USBs as an essential business tool is declining, but millions of these devices are still produced and distributed annually, with many given away in marketing promotion campaigns and at trade shows and destined for use in homes and businesses. USBs have been exploited by cyber threat actors, most famously by the Stuxnet worm in 2010, and remain a target for cyber threats. Kaspersky Lab data for 2017 shows that every 12 months or so, around one in four users worldwide is affected by a ‘local’ cyber incident.

The NCCIC has released an advisory on a missing authentication for critical function vulnerability in Tec4Data Smart Cooler. All versions prior to firmware 180806 are affected. Successful exploitation of this vulnerability could cause the device to shut down by exploiting missing authentication for a critical function. Tec4Data has released new firmware to address the vulnerability and has distributed the new firmware to affected devices. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities.