enarzh-TWfrdehiitjaes

Member of The Internet Defense League

Search Techlick

TA18-004A: Meltdown and Spectre Side-Channel Vulnerability Guidance

Original release date: January 04, 2018 | Last revised: January 05, 2018 Systems Affected CPU hardware implementations Overview On January 3, 2018, the National Cybersecurity and Communications Integration Center (NCCIC) became aware of a set of security vulnerabilities—known as Meltdown and Spectre — that affect modern computer processors. Exploitation of these vulnerabilities could allow an attacker to obtain access to sensitive informati...
Continue reading
216 Hits

TA17-318B: HIDDEN COBRA – North Korean Trojan: Volgmer

Original release date: November 14, 2017 | Last revised: November 15, 2017 Systems Affected Network systems Overview This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). Working with U.S. government partners, DHS and FBI identified Internet Protocol (IP) addresses and other indicators of compromise (IOCs) associated with a Trojan ma...
Continue reading
223 Hits

TA17-318A: HIDDEN COBRA – North Korean Remote Administration Tool: FALLCHILL

Original release date: November 14, 2017 Systems Affected Network systems Overview This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). Working with U.S. government partners, DHS and FBI identified Internet Protocol (IP) addresses and other indicators of compromise (IOCs) associated with a remote administration tool (RAT) used by th...
Continue reading
208 Hits

TA17-293A: Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors

Original release date: October 20, 2017 Systems Affected Domain ControllersFile ServersEmail Servers Overview This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). This alert provides information on advanced persistent threat (APT) actions targeting government entities and organizations in the energy, nuclear, water, aviation, and cr...
Continue reading
201 Hits

TA17-181A: Petya Ransomware

Original release date: July 01, 2017 | Last revised: July 28, 2017 Systems Affected Microsoft Windows operating systems Overview This Alert has been updated to reflect the National Cybersecurity and Communications Integration Center's (NCCIC) analysis of the "NotPetya" malware variant. The scope of this Alert’s analysis is limited to the newest Petya malware variant that surfaced on June 27, 2017. This malware is referred to as “NotPetya” t...
Continue reading
269 Hits

TA17-181A: Petya Ransomware

Original release date: July 01, 2017 Systems Affected Microsoft Windows operating systems Overview On June 27, 2017, NCCIC was notified of Petya ransomware events occurring in multiple countries and affecting multiple sectors. Petya ransomware encrypts the master boot records of infected Windows computers, making affected machines unusable. The NCCIC Code Analysis Team produced a Malware Initial Findings Report (MIFR) to provide in-depth te...
Continue reading
333 Hits

TA17-164A: HIDDEN COBRA – North Korea’s DDoS Botnet Infrastructure

Original release date: June 13, 2017 Systems Affected Networked Systems Overview This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). This alert provides technical details on the tools and infrastructure used by cyber actors of the North Korean government to target the media, aerospace, financial, and critical infrastructure sectors...
Continue reading
419 Hits

TA17-163A: CrashOverride Malware

Original release date: June 12, 2017 | Last revised: July 27, 2017 Systems Affected Industrial Control Systems Overview The National Cybersecurity and Communications Integration Center (NCCIC) is aware of public reports from ESET and Dragos outlining a new, highly capable Industrial Controls Systems (ICS) attack platform that was reportedly used in 2016 against critical infrastructure in Ukraine. As reported by ESET and Dragos , the CrashOv...
Continue reading
261 Hits

TA17-163A: CrashOverride Malware

Original release date: June 12, 2017 | Last revised: June 14, 2017 Systems Affected Industrial Control Systems Overview The National Cybersecurity and Communications Integration Center (NCCIC) is aware of public reports from ESET and Dragos outlining a new, highly capable Industrial Controls Systems (ICS) attack platform that was reportedly used in 2016 against critical infrastructure in Ukraine. As reported by ESET and Dragos , the CrashOv...
Continue reading
299 Hits

TA17-156A: Reducing the Risk of SNMP Abuse

Original release date: June 05, 2017 Systems Affected SNMP enabled devices Overview The Simple Network Management Protocol (SNMP) may be abused to gain unauthorized access to network devices. SNMP provides a standardized framework for a common language that is used for monitoring and managing devices in a network. This Alert provides information on SNMP best practices, along with prevention and mitigation recommendations. Description SNMP d...
Continue reading
250 Hits

TA17-156A: Reducing the Risk of SNMP Abuse

Original release date: June 05, 2017 Systems Affected SNMP enabled devices Overview The Simple Network Management Protocol (SNMP) may be abused to gain unauthorized access to network devices. SNMP provides a standardized framework for a common language that is used for monitoring and managing devices in a network. This Alert provides information on SNMP best practices, along with prevention and mitigation recommendations. Description SNMP d...
Continue reading
323 Hits

TA17-132A: Indicators Associated With WannaCry Ransomware

Original release date: May 12, 2017 | Last revised: May 19, 2017 Systems Affected Microsoft Windows operating systems Overview According to numerous open-source reports, a widespread ransomware campaign is affecting various organizations with reports of tens of thousands of infections in over 150 countries, including the United States, United Kingdom, Spain, Russia, Taiwan, France, and Japan. The software can run in as many as 27 different ...
Continue reading
252 Hits

TA17-132A: Indicators Associated With WannaCry Ransomware

Original release date: May 12, 2017 | Last revised: May 13, 2017 Systems Affected Microsoft Windows operating systems Overview According to numerous open-source reports, a widespread ransomware campaign is affecting various organizations with reports of tens of thousands of infections in as many as 74 countries, including the United States, United Kingdom, Spain, Russia, Taiwan, France, and Japan. The software can run in as many as 27 diffe...
Continue reading
338 Hits

TA17-117A: Intrusions Affecting Multiple Victims Across Multiple Sectors

Original release date: April 27, 2017 | Last revised: May 14, 2017 Systems Affected Networked Systems Overview The National Cybersecurity and Communications Integration Center (NCCIC) has become aware of an emerging sophisticated campaign, occurring since at least May 2016, that uses multiple malware implants. Initial victims have been identified in several sectors, including Information Technology, Energy, Healthcare and Public Health, Com...
Continue reading
221 Hits

TA17-117A: Intrusions Affecting Multiple Victims Across Multiple Sectors

Original release date: April 27, 2017 | Last revised: April 28, 2017 Systems Affected Networked Systems Overview The National Cybersecurity and Communications Integration Center (NCCIC) has become aware of an emerging sophisticated campaign, occurring since at least May 2016, that uses multiple malware implants. Initial victims have been identified in several sectors, including Information Technology, Energy, Healthcare and Public Health, C...
Continue reading
Tags:
323 Hits