You are here

Home » Cybersecurity

Cybersecurity

NCCIC Alert (TA 18-276B): Advanced Persistent Threat Activity Exploiting Managed Service Providers

Then NCCIC has released Technical Alert 18-276B about Advanced Persistent Threat (APT) actors attempted to infiltrate the networks of global managed service providers (MSPs) in order to gain unauthorized access to the networks of their customers. MSPs provide remote management of customer IT and end-user systems, and the number of organizations using MSPs has grown significantly over recent years since these services allow customers to scale and support their networks at lower costs than financing these resources internally.

NCCIC Alert (TA 18-276A): Using Rigorous Credential Control to Mitigate Trusted Network Exploitation

The NCCIC has released Technical Alert 18-276A about Advanced Persistent Threat (APT) actors stealing the access credentials of one organization in order to target another another entity the first organization has a trusted relationship with. Using the stolen credentials, the APT actors can act the part of a legitimate partner to the target organization, which may be a parent company, a connected partner, or a contracted managed service provider.

GE Communicator (ICSA-18-275-02) – Product Used in the Energy Sector

The NCCIC has released an advisory on a heap-based buffer overflow vulnerability in GE Communicator. GE Communicator version 3.15 and prior and Gigasoft, a third-party product, version 5 and prior are affected. Exploitation could allow attackers to execute arbitrary code or create a denial-of-service condition. GE recommends users update to Version 4.0 or the latest available release, to mitigate this vulnerability. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities.

Entes EMG 12 (ICSA-18-275-03) – Product Used in the Energy Sector

The NCCIC has released an advisory on improper authentication and information exposure through query strings in GET request vulnerabilities in Entes EMG 12. EMG Ethernet Modbus Gateway Firmware versions 2.57 and prior are affected. Successful exploitation of these vulnerabilities may allow attackers to gain unauthorized access and could allow the ability to change device configuration and settings. Entes recommends that users update to the latest available firmware version.

Delta Electronics ISPSoft (ICSA-18-275-01)

The NCCIC has released an advisory on a stack-based buffer overflow vulnerability in Delta Electronics ISPSoft. Versions 3.0.5 and prior are affected. Successful exploitation of this vulnerability could allow an attacker to execute code under the context of the application. Delta Electronics recommends affected users update to ISPSoft v3.0.6 or newer. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities. NCCIC/ICS-CERT.

DNSSEC Key Signing Key Rollover

On October 11, 2018, the Internet Corporation for Assigned Names and Numbers (ICANN) will be changing the Root Zone Key Signing Key (KSK) used in the Domain Name System (DNS) Security Extensions (DNSSEC) protocol. DNSSEC is a set of protocol extensions used to digitally sign DNS information, an important part of preventing domain name hijacking. Updating DNSSEC KSK is a crucial security step in ensuring DNSSEC-validating DNS resolvers continue to function after the rollover. While DNSSEC validation is mandatory for federal agencies, it is not required of the private sector.

Security Tip: Protecting against Malicious Code

The NCCIC has just published a new Security Tip regarding how to protect against malicious code, unwanted files or programs that can cause harm to a computer or compromise data stored on a computer. This reference provides background into malicious code, discusses actions for protecting against it, explains the role of antivirus software, and addresses how a victim can recover from an incident of malicious code. NCCIC/US-CERT.

Cyber Actors Increasingly Exploit the Remote Desktop Protocol to Conduct Malicious Activity

The FBI’s Internet Crime Complaint Center (IC3) has released an alert on cyber threat actors maliciously using legitimate remote administration tools, such as Remote Desktop Protocol (RDP). RDP as an attack vector has been on the rise since mid-late 2016 with the rise of dark markets selling RDP Access. Malicious cyber actors have developed methods of identifying and exploiting vulnerable RDP sessions over the Internet to compromise identities, steal login credentials, and ransom other sensitive information.

National Cybersecurity Awareness Month 2018, Week 1 Theme: Cybersecurity at Home

The theme for the first week of National Cybersecurity Awareness Month is Cybersecurity at Home. For this, the National Cyber Security Alliance (NCSA) has published general tips to help you increase your cybersecurity awareness - including whom to contact if you are the victim of cyber crime - and protect your online activities.

Pages

Subscribe to Cybersecurity