enfrdeitjaes

TA17-132A: Indicators Associated With WannaCry Ransomware

Original release date: May 12, 2017 | Last revised: May 13, 2017 Systems Affected Microsoft Windows operating systems Overview According to numerous open-source reports, a widespread ransomware campaign is affecting various organizations with reports of tens of thousands of infections in as many as 74 countries, including the United States, United Kingdom, Spain, Russia, Taiwan, France, and Japan. The software can run in as many as 27 diffe...
Continue reading
168 Hits

TA17-117A: Intrusions Affecting Multiple Victims Across Multiple Sectors

Original release date: April 27, 2017 | Last revised: April 28, 2017 Systems Affected Networked Systems Overview The National Cybersecurity and Communications Integration Center (NCCIC) has become aware of an emerging sophisticated campaign, occurring since at least May 2016, that uses multiple malware implants. Initial victims have been identified in several sectors, including Information Technology, Energy, Healthcare and Public Health, C...
Continue reading
Tags:
157 Hits

TA17-075A: HTTPS Interception Weakens TLS Security

Original release date: March 16, 2017 Systems Affected All systems behind a hypertext transfer protocol secure (HTTPS) interception product are potentially affected. Overview Many organizations use HTTPS interception products for several purposes, including detecting malware that uses HTTPS connections to malicious servers. The CERT Coordination Center (CERT/CC) explored the tradeoffs of using HTTPS interception in a blog post called The Ri...
Continue reading
229 Hits

TA16-336A: Avalanche (crimeware-as-a-service infrastructure)

Original release date: December 01, 2016 Systems Affected Microsoft Windows Overview “Avalanche” refers to a large global network hosting infrastructure used by cyber criminals to conduct phishing and malware distribution campaigns and money mule schemes. The United States Department of Homeland Security (DHS), in collaboration with the Federal Bureau of Investigation (FBI), is releasing this Technical Alert to provide further i...
Continue reading
340 Hits

TA16-288A: Heightened DDoS Threat Posed by Mirai and Other Botnets

Original release date: October 14, 2016 Systems Affected Internet of Things (IoT)—an emerging network of devices (e.g., printers, routers, video cameras, smart TVs) that connect to one another via the Internet, often automatically sending and receiving data Overview Recently, IoT devices have been used to create large-scale botnets—networks of devices infected with self-propagating malware—that can execute crippling distri...
Continue reading
403 Hits

TA16-250A: The Increasing Threat to Network Infrastructure Devices and Recommended Mitigations

Original release date: September 06, 2016 | Last revised: September 20, 2016 Systems Affected Network Infrastructure Devices   Overview The advancing capabilities of organized hacker groups and cyber adversaries create an increasing global threat to information systems. The rising threat levels place more demands on security personnel and network administrators to protect information systems. Protecting the network infrastructure is cr...
Continue reading
376 Hits

TA16-250A: The Increasing Threat to Network Infrastructure Devices and Recommended Mitigations

Original release date: September 06, 2016 | Last revised: September 13, 2016 Systems Affected Network Infrastructure Devices   Overview The advancing capabilities of organized hacker groups and cyber adversaries create an increasing global threat to information systems. The rising threat levels place more demands on security personnel and network administrators to protect information systems. Protecting the network infrastructure is cr...
Continue reading
355 Hits

TA16-187A: Symantec and Norton Security Products Contain Critical Vulnerabilities

Original release date: July 05, 2016 Systems Affected All Symantec and Norton branded antivirus products Overview Symantec and Norton branded antivirus products contain multiple vulnerabilities. Some of these products are in widespread use throughout government and industry. Exploitation of these vulnerabilities could allow a remote attacker to take control of an affected system. Description The vulnerabilities are listed below: CVE-2016-22...
Continue reading
340 Hits

TA16-187A: Symantec and Norton Security Products Contain Critical Vulnerabilities

Original release date: July 05, 2016 Systems Affected All Symantec and Norton branded antivirus products Overview Symantec and Norton branded antivirus products contain multiple vulnerabilities. Some of these products are in widespread use throughout government and industry. Exploitation of these vulnerabilities could allow a remote attacker to take control of an affected system. Description The vulnerabilities are listed below: CVE-2016-22...
Continue reading
352 Hits

TA16-144A: WPAD Name Collision Vulnerability

Original release date: May 23, 2016 | Last revised: June 01, 2016 Systems Affected Windows, OS X, Linux systems, and web browsers with WPAD enabledNetworks using unregistered or unreserved TLDs Overview Web Proxy Auto-Discovery (WPAD) Domain Name System (DNS) queries that are intended for resolution on private or enterprise DNS servers have been observed reaching public DNS servers [ 1 ]. In combination with the new generic top level domain...
Continue reading
379 Hits

TA16-144A: WPAD Name Collision Vulnerability

Original release date: May 23, 2016 Systems Affected Windows, OS X, Linux systems, and web browsers with WPAD enabled Overview Web Proxy Auto-Discovery (WPAD) Domain Name System (DNS) queries that are intended for resolution on private or enterprise DNS servers have been observed reaching public DNS servers [ 1 ]. In combination with the New generic Top Level Domain (gTLD) program’s incorporation of previously undelegated gTLDs for public r...
Continue reading
442 Hits

TA16-132A: Exploitation of SAP Business Applications

Original release date: May 11, 2016 Systems Affected Outdated or misconfigured SAP systems Overview At least 36 organizations worldwide are affected by an SAP vulnerability [1] . Security researchers from Onapsis discovered indicators of exploitation against these organizations’ SAP business applications. The observed indicators relate to the abuse of the Invoker Servlet, a built-in functionality in SAP NetWeaver Application Server Ja...
Continue reading
305 Hits

TA16-132A: Exploitation of SAP Business Applications

Original release date: May 11, 2016 Systems Affected Outdated or misconfigured SAP systems Overview At least 36 organizations worldwide are affected by an SAP vulnerability [1] . Security researchers from Onapsis discovered indicators of exploitation against these organizations’ SAP business applications. The observed indicators relate to the abuse of the Invoker Servlet, a built-in functionality in SAP NetWeaver Application Server Java sys...
Continue reading
322 Hits

TA15-119A: Top 30 Targeted High Risk Vulnerabilities

Systems Affected Systems running unpatched software from Adobe, Microsoft, Oracle, or OpenSSL.  Overview Cyber threat actors continue to exploit unpatched software to conduct attacks against critical infrastructure organizations. As many as 85 percent of targeted attacks are preventable [1] (link is external) . This Alert provides information on the 30 most commonly exploited vulnerabilities used in these attacks, along with prevention...
Continue reading
456 Hits

TA15-314A: Compromised Web Servers and Web Shells - Threat Awareness and Guidance

Original release date: November 10, 2015 | Last revised: November 13, 2015 Systems Affected Compromised web servers with malicious web shells installed Overview This alert describes the frequent use of web shells as an exploitation vector. Web shells can be used to obtain unauthorized access and can lead to wider network compromise. This alert outlines the threat and provides prevention, detection, and mitigation strategies. Consistent use ...
Continue reading
448 Hits

TA16-105A: Apple Ends Support for QuickTime for Windows; New Vulnerabilities Announced

Original release date: April 14, 2016 | Last revised: September 29, 2016 Systems Affected Microsoft Windows with Apple QuickTime installed Overview According to Trend Micro, Apple will no longer be providing security updates for QuickTime for Windows, leaving this software vulnerable to exploitation. [1] Description All software products have a lifecycle. Apple will no longer be providing security updates for QuickTime for Windows. [1] The ...
Continue reading
243 Hits

TA16-105A: Apple Ends Support for QuickTime for Windows; New Vulnerabilities Announced

Original release date: April 14, 2016 Systems Affected Microsoft Windows with Apple QuickTime installed Overview According to Trend Micro, Apple will no longer be providing security updates for QuickTime for Windows, leaving this software vulnerable to exploitation. [1] Description All software products have a lifecycle. Apple will no longer be providing security updates for QuickTime for Windows. [1] The Zero Day Initiative has issued advi...
Continue reading
436 Hits

TA16-091A: Ransomware and Recent Variants

Original release date: March 31, 2016 | Last revised: September 29, 2016 Systems Affected Networked Systems Overview In early 2016, destructive ransomware variants such as Locky and Samas were observed infecting computers belonging to individuals and businesses, which included healthcare facilities and hospitals worldwide. Ransomware is a type of malicious software that infects a computer and restricts users’ access to it until a rans...
Continue reading
203 Hits

TA16-091A: Ransomware and Recent Variants

Original release date: March 31, 2016 Systems Affected Networked Systems Overview In early 2016, destructive ransomware variants such as Locky and Samas were observed infecting computers belonging to individuals and businesses, which included healthcare facilities and hospitals worldwide. Ransomware is a type of malicious software that infects a computer and restricts users’ access to it until a ransom is paid to unlock it. The United State...
Continue reading
363 Hits

TA15-337A: Dorkbot

Original release date: December 03, 2015 | Last revised: September 29, 2016 Systems Affected Microsoft Windows Overview Dorkbot is a botnet used to steal online payment, participate in distributed denial-of-service (DDoS) attacks, and deliver other types of malware to victims’ computers. According to Microsoft, the family of malware used in this botnet “has infected more than one million personal computers in over 190 countries ...
Continue reading
202 Hits

TA15-337A: Dorkbot

Original release date: December 03, 2015 Systems Affected Microsoft Windows Overview Dorkbot is a botnet used to steal online payment, participate in distributed denial-of-service (DDoS) attacks, and deliver other types of malware to victims’ computers. According to Microsoft, the family of malware used in this botnet “has infected more than one million personal computers in over 190 countries over the course of the past year.” The United S...
Continue reading
321 Hits

TA15-314A: Compromised Web Servers and Web Shells - Threat Awareness and Guidance

Original release date: November 10, 2015 | Last revised: September 29, 2016 Systems Affected Compromised web servers with malicious web shells installed Overview This alert describes the frequent use of web shells as an exploitation vector. Web shells can be used to obtain unauthorized access and can lead to wider network compromise. This alert outlines the threat and provides prevention, detection, and mitigation strategies. Consistent use...
Continue reading
202 Hits

TA15-314A: Compromised Web Servers and Web Shells - Threat Awareness and Guidance

Original release date: November 10, 2015 | Last revised: November 13, 2015 Systems Affected Compromised web servers with malicious web shells installed Overview This alert describes the frequent use of web shells as an exploitation vector. Web shells can be used to obtain unauthorized access and can lead to wider network compromise. This alert outlines the threat and provides prevention, detection, and mitigation strategies. Consistent use ...
Continue reading
449 Hits

TA15-286A: Dridex P2P Malware

Original release date: October 13, 2015 | Last revised: September 29, 2016 Systems Affected Microsoft Windows Overview Dridex, a peer-to-peer (P2P) bank credential-stealing malware, uses a decentralized network infrastructure of compromised personal computers and web servers to execute command-and-control (C2). The United States Department of Homeland Security (DHS), in collaboration with the Federal Bureau of Investigation (FBI) and the De...
Continue reading
205 Hits

TA15-286A: Dridex P2P Malware

Original release date: October 13, 2015 | Last revised: October 15, 2015 Systems Affected Microsoft Windows Overview Dridex, a peer-to-peer (P2P) bank credential-stealing malware, uses a decentralized network infrastructure of compromised personal computers and web servers to execute command-and-control (C2). The United States Department of Homeland Security (DHS), in collaboration with the Federal Bureau of Investigation (FBI) and the Depa...
Continue reading
350 Hits