/ Government Security Alerts /

Summary The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), is aware of a global Domain Name System (DNS) infrastructure hijacking campaign. Using compromised credentials, an attacker can modify the location to which an organization’s domain name resources resolve. This enables the attacker to redirect user traffic …

Network infrastructure devices are ideal targets for malicious cyber actors. Most or all organizational and customer traffic must traverse these critical devices. An attacker with presence on an organization’s gateway router can monitor, modify, and deny traffic to and from the organization. An attacker with presence on an organization’s internal routing and switching infrastructure can …

Telnet Review network device logs and netflow data for indications of TCP Telnet-protocol traffic directed at port 23 on all network device hosts. Although Telnet may be directed at other ports (e.g., port 80, HTTP), port 23 is the primary target. Inspect any indication of Telnet sessions (or attempts). Because Telnet is an unencrypted protocol, …

Since at least March 2016, Russian government cyber actors—hereafter referred to as “threat actors”—targeted government entities and multiple U.S. critical infrastructure sectors, including the energy, nuclear, commercial facilities, water, aviation, and critical manufacturing sectors. Analysis by DHS and FBI, resulted in the identification of distinct indicators and behaviors related to this activity. Of note, the …

/ Security News /

Security researchers have uncovered another nasty piece of malware designed specifically to target industrial control systems (ICS) with a potential to cause health and life-threatening accidents. Dubbed Triton, also known as Trisis, the ICS malware has been designed to target Triconex Safety Instrumented System (SIS) controllers made by Schneider Electric—an autonomous control system that independently …

Since at least May 2017, threat actors have targeted government entities and the energy, water, aviation, nuclear, and critical manufacturing sectors, and, in some cases, have leveraged their capabilities to compromise victims’ networks. Historically, cyber threat actors have targeted the energy sector with various results, ranging from cyber espionage to the ability to disrupt energy …

/ Security News /

Video: Researchers predict large-scale cyberattack against US infrastructure in the next two years – TechRepublic Video: Researchers predict large-scale cyberattack against US infrastructure in the next two years Only 26% of respondents in a study published by Black Hat Research were confident that the US government, under president Trump, would be able to react correctly …

/ Security News /

A “major breach” of the US government’s critical infrastructure is coming, sometime in the next two years, and defense agencies won’t be able to stop it. That startling prediction was made by 60% of cybersecurity professionals, surveyed by Black Hat for its Portrait of an Imminent Cyber Threat report, published on Thursday. For the report, …

/ Security News /

In an interview at this week’s Global Cybersecurity Summit in Kiev, Ukraine, former deputy national security advisor and deputy secretary of state Tony Blinken told TechRepublic’s Dan Patterson that the threat posed by cyberattacks to human infrastructure, meaning what we think and believe, is as important as the threat to physical infrastructure The best defense …

/ Government Security Alerts /

Since 2009, HIDDEN COBRA actors have leveraged their capabilities to target and compromise a range of victims; some intrusions have resulted in the exfiltration of data while others have been disruptive in nature. Commercial reporting has referred to this activity as Lazarus Group[1] and Guardians of Peace.[2] DHS and FBI assess that HIDDEN COBRA actors …