Cybersecurity

The National Counterintelligence and Security Center, an entity within the Office of the Director of National Intelligence, has launched a campaign of disseminating videos, brochures, and other informative materials to help organizations guard against growing threats from foreign intelligence entities and other adversaries. One of the categories of materials for this program is “Know the Risk, Raise Your Shield,” which is intended to raise awareness among organizations and equip them with best practices for protecting their data, assets, technologies, and networks.

The NCCIC has published an advisory on a resource management error vulnerability in Yokogawa Vnet/IP Open Communication Driver. Numerous products and versions of these products are affected. Successful exploitation of this vulnerability could allow an attacker to cause Vnet/IP network communications to controlled devices to become unavailable. Yokogawa recommends users of affected devices and versions update to the latest available release. The NCCIC also advises on a series of mitigating measures for this vulnerability.

The FBI has released a FLASH message regarding information it has obtained on activities performed by a group of malicious cyber actors associated with the Chinese government referred to as “APT10.” On December 20, officials from the U.S. Department of Justice and the U.S.

Cryptojacking refers to the practice of attackers harnessing the processing power of computers they don’t own to mine for cryptocurrency, such as Bitcoin or Monero. Cryptojacking’s popularity soared when cryptocurrencies hit their all-time highs in late 2017 and early 2018, and attackers adapted the malware used for these activities to go after mobile devices, cloud infrastrucuture, Internet of Things devices, and even operational technology (OT).