Cybersecurity

The FBI has released a FLASH message regarding information it has obtained on activities performed by a group of malicious cyber actors associated with the Chinese government referred to as “APT10.” On December 20, officials from the U.S. Department of Justice and the U.S.

Cryptojacking refers to the practice of attackers harnessing the processing power of computers they don’t own to mine for cryptocurrency, such as Bitcoin or Monero. Cryptojacking’s popularity soared when cryptocurrencies hit their all-time highs in late 2017 and early 2018, and attackers adapted the malware used for these activities to go after mobile devices, cloud infrastrucuture, Internet of Things devices, and even operational technology (OT).

The partial government shutdown that began on Saturday has resulted in furloughs for nearly 33,000 federal employees from the U.S. Department of Homeland Security (DHS), which represents about 13 percent of the organization’s approximately 245,000 person workforce. DHS’s law enforcement and emergency management functions are largely unaffected by the shutdown, with most employees exempt from furloughs at components like Customs and Border Protection, the Coast Guard, the Transportation Security Administration, and the Federal Emergency Management Agency, among others.

The NCCIC has published an advisory on an improper input validation vulnerability in Horner Automation Cscape. Versions 9.80.75.3 SP3 and prior are affected. Successful exploitation of this vulnerability could crash the device being accessed, allow the attacker to read confidential information, and may allow an attacker to remotely execute arbitrary code. Horner Automation recommends affected users update to the latest version of Cscape (Version 9.80 SP4). The NCCIC also advises on a series of mitigating measures for these vulnerabilities.