enfrdeitjaes

TA17-181A: Petya Ransomware

Original release date: July 01, 2017 Systems Affected Microsoft Windows operating systems Overview On June 27, 2017, NCCIC was notified of Petya ransomware events occurring in multiple countries and affecting multiple sectors. Petya ransomware encrypts the master boot records of infected Windows computers, making affected machines unusable. The NCCIC Code Analysis Team produced a Malware Initial Findings Report (MIFR) to provide in-depth te...
Continue reading
208 Hits

TA17-164A: HIDDEN COBRA – North Korea’s DDoS Botnet Infrastructure

Original release date: June 13, 2017 Systems Affected Networked Systems Overview This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). This alert provides technical details on the tools and infrastructure used by cyber actors of the North Korean government to target the media, aerospace, financial, and critical infrastructure sectors...
Continue reading
232 Hits

TA17-163A: CrashOverride Malware

Original release date: June 12, 2017 | Last revised: June 14, 2017 Systems Affected Industrial Control Systems Overview The National Cybersecurity and Communications Integration Center (NCCIC) is aware of public reports from ESET and Dragos outlining a new, highly capable Industrial Controls Systems (ICS) attack platform that was reportedly used in 2016 against critical infrastructure in Ukraine. As reported by ESET and Dragos , the CrashOv...
Continue reading
164 Hits

TA17-156A: Reducing the Risk of SNMP Abuse

Original release date: June 05, 2017 Systems Affected SNMP enabled devices Overview The Simple Network Management Protocol (SNMP) may be abused to gain unauthorized access to network devices. SNMP provides a standardized framework for a common language that is used for monitoring and managing devices in a network. This Alert provides information on SNMP best practices, along with prevention and mitigation recommendations. Description SNMP d...
Continue reading
206 Hits

TA17-132A: Indicators Associated With WannaCry Ransomware

Original release date: May 12, 2017 | Last revised: May 13, 2017 Systems Affected Microsoft Windows operating systems Overview According to numerous open-source reports, a widespread ransomware campaign is affecting various organizations with reports of tens of thousands of infections in as many as 74 countries, including the United States, United Kingdom, Spain, Russia, Taiwan, France, and Japan. The software can run in as many as 27 diffe...
Continue reading
223 Hits

TA17-117A: Intrusions Affecting Multiple Victims Across Multiple Sectors

Original release date: April 27, 2017 | Last revised: April 28, 2017 Systems Affected Networked Systems Overview The National Cybersecurity and Communications Integration Center (NCCIC) has become aware of an emerging sophisticated campaign, occurring since at least May 2016, that uses multiple malware implants. Initial victims have been identified in several sectors, including Information Technology, Energy, Healthcare and Public Health, C...
Continue reading
Tags:
204 Hits

TA17-075A: HTTPS Interception Weakens TLS Security

Original release date: March 16, 2017 Systems Affected All systems behind a hypertext transfer protocol secure (HTTPS) interception product are potentially affected. Overview Many organizations use HTTPS interception products for several purposes, including detecting malware that uses HTTPS connections to malicious servers. The CERT Coordination Center (CERT/CC) explored the tradeoffs of using HTTPS interception in a blog post called The Ri...
Continue reading
293 Hits

TA16-336A: Avalanche (crimeware-as-a-service infrastructure)

Original release date: December 01, 2016 Systems Affected Microsoft Windows Overview “Avalanche” refers to a large global network hosting infrastructure used by cyber criminals to conduct phishing and malware distribution campaigns and money mule schemes. The United States Department of Homeland Security (DHS), in collaboration with the Federal Bureau of Investigation (FBI), is releasing this Technical Alert to provide further i...
Continue reading
401 Hits

TA16-288A: Heightened DDoS Threat Posed by Mirai and Other Botnets

Original release date: October 14, 2016 Systems Affected Internet of Things (IoT)—an emerging network of devices (e.g., printers, routers, video cameras, smart TVs) that connect to one another via the Internet, often automatically sending and receiving data Overview Recently, IoT devices have been used to create large-scale botnets—networks of devices infected with self-propagating malware—that can execute crippling distri...
Continue reading
450 Hits

TA16-250A: The Increasing Threat to Network Infrastructure Devices and Recommended Mitigations

Original release date: September 06, 2016 | Last revised: September 20, 2016 Systems Affected Network Infrastructure Devices   Overview The advancing capabilities of organized hacker groups and cyber adversaries create an increasing global threat to information systems. The rising threat levels place more demands on security personnel and network administrators to protect information systems. Protecting the network infrastructure is cr...
Continue reading
416 Hits

TA16-250A: The Increasing Threat to Network Infrastructure Devices and Recommended Mitigations

Original release date: September 06, 2016 | Last revised: September 13, 2016 Systems Affected Network Infrastructure Devices   Overview The advancing capabilities of organized hacker groups and cyber adversaries create an increasing global threat to information systems. The rising threat levels place more demands on security personnel and network administrators to protect information systems. Protecting the network infrastructure is cr...
Continue reading
399 Hits

TA16-187A: Symantec and Norton Security Products Contain Critical Vulnerabilities

Original release date: July 05, 2016 Systems Affected All Symantec and Norton branded antivirus products Overview Symantec and Norton branded antivirus products contain multiple vulnerabilities. Some of these products are in widespread use throughout government and industry. Exploitation of these vulnerabilities could allow a remote attacker to take control of an affected system. Description The vulnerabilities are listed below: CVE-2016-22...
Continue reading
380 Hits

TA16-187A: Symantec and Norton Security Products Contain Critical Vulnerabilities

Original release date: July 05, 2016 Systems Affected All Symantec and Norton branded antivirus products Overview Symantec and Norton branded antivirus products contain multiple vulnerabilities. Some of these products are in widespread use throughout government and industry. Exploitation of these vulnerabilities could allow a remote attacker to take control of an affected system. Description The vulnerabilities are listed below: CVE-2016-22...
Continue reading
397 Hits

TA16-144A: WPAD Name Collision Vulnerability

Original release date: May 23, 2016 | Last revised: June 01, 2016 Systems Affected Windows, OS X, Linux systems, and web browsers with WPAD enabledNetworks using unregistered or unreserved TLDs Overview Web Proxy Auto-Discovery (WPAD) Domain Name System (DNS) queries that are intended for resolution on private or enterprise DNS servers have been observed reaching public DNS servers [ 1 ]. In combination with the new generic top level domain...
Continue reading
431 Hits

TA16-144A: WPAD Name Collision Vulnerability

Original release date: May 23, 2016 Systems Affected Windows, OS X, Linux systems, and web browsers with WPAD enabled Overview Web Proxy Auto-Discovery (WPAD) Domain Name System (DNS) queries that are intended for resolution on private or enterprise DNS servers have been observed reaching public DNS servers [ 1 ]. In combination with the New generic Top Level Domain (gTLD) program’s incorporation of previously undelegated gTLDs for public r...
Continue reading
476 Hits

TA16-132A: Exploitation of SAP Business Applications

Original release date: May 11, 2016 Systems Affected Outdated or misconfigured SAP systems Overview At least 36 organizations worldwide are affected by an SAP vulnerability [1] . Security researchers from Onapsis discovered indicators of exploitation against these organizations’ SAP business applications. The observed indicators relate to the abuse of the Invoker Servlet, a built-in functionality in SAP NetWeaver Application Server Ja...
Continue reading
349 Hits

TA16-132A: Exploitation of SAP Business Applications

Original release date: May 11, 2016 Systems Affected Outdated or misconfigured SAP systems Overview At least 36 organizations worldwide are affected by an SAP vulnerability [1] . Security researchers from Onapsis discovered indicators of exploitation against these organizations’ SAP business applications. The observed indicators relate to the abuse of the Invoker Servlet, a built-in functionality in SAP NetWeaver Application Server Java sys...
Continue reading
364 Hits

TA15-119A: Top 30 Targeted High Risk Vulnerabilities

Systems Affected Systems running unpatched software from Adobe, Microsoft, Oracle, or OpenSSL.  Overview Cyber threat actors continue to exploit unpatched software to conduct attacks against critical infrastructure organizations. As many as 85 percent of targeted attacks are preventable [1] (link is external) . This Alert provides information on the 30 most commonly exploited vulnerabilities used in these attacks, along with prevention...
Continue reading
504 Hits

TA15-314A: Compromised Web Servers and Web Shells - Threat Awareness and Guidance

Original release date: November 10, 2015 | Last revised: November 13, 2015 Systems Affected Compromised web servers with malicious web shells installed Overview This alert describes the frequent use of web shells as an exploitation vector. Web shells can be used to obtain unauthorized access and can lead to wider network compromise. This alert outlines the threat and provides prevention, detection, and mitigation strategies. Consistent use ...
Continue reading
487 Hits

TA16-105A: Apple Ends Support for QuickTime for Windows; New Vulnerabilities Announced

Original release date: April 14, 2016 | Last revised: September 29, 2016 Systems Affected Microsoft Windows with Apple QuickTime installed Overview According to Trend Micro, Apple will no longer be providing security updates for QuickTime for Windows, leaving this software vulnerable to exploitation. [1] Description All software products have a lifecycle. Apple will no longer be providing security updates for QuickTime for Windows. [1] The ...
Continue reading
280 Hits

TA16-105A: Apple Ends Support for QuickTime for Windows; New Vulnerabilities Announced

Original release date: April 14, 2016 Systems Affected Microsoft Windows with Apple QuickTime installed Overview According to Trend Micro, Apple will no longer be providing security updates for QuickTime for Windows, leaving this software vulnerable to exploitation. [1] Description All software products have a lifecycle. Apple will no longer be providing security updates for QuickTime for Windows. [1] The Zero Day Initiative has issued advi...
Continue reading
483 Hits

TA16-091A: Ransomware and Recent Variants

Original release date: March 31, 2016 | Last revised: September 29, 2016 Systems Affected Networked Systems Overview In early 2016, destructive ransomware variants such as Locky and Samas were observed infecting computers belonging to individuals and businesses, which included healthcare facilities and hospitals worldwide. Ransomware is a type of malicious software that infects a computer and restricts users’ access to it until a rans...
Continue reading
248 Hits

TA16-091A: Ransomware and Recent Variants

Original release date: March 31, 2016 Systems Affected Networked Systems Overview In early 2016, destructive ransomware variants such as Locky and Samas were observed infecting computers belonging to individuals and businesses, which included healthcare facilities and hospitals worldwide. Ransomware is a type of malicious software that infects a computer and restricts users’ access to it until a ransom is paid to unlock it. The United State...
Continue reading
399 Hits

TA15-337A: Dorkbot

Original release date: December 03, 2015 | Last revised: September 29, 2016 Systems Affected Microsoft Windows Overview Dorkbot is a botnet used to steal online payment, participate in distributed denial-of-service (DDoS) attacks, and deliver other types of malware to victims’ computers. According to Microsoft, the family of malware used in this botnet “has infected more than one million personal computers in over 190 countries ...
Continue reading
236 Hits

TA15-337A: Dorkbot

Original release date: December 03, 2015 Systems Affected Microsoft Windows Overview Dorkbot is a botnet used to steal online payment, participate in distributed denial-of-service (DDoS) attacks, and deliver other types of malware to victims’ computers. According to Microsoft, the family of malware used in this botnet “has infected more than one million personal computers in over 190 countries over the course of the past year.” The United S...
Continue reading
361 Hits