November 2019 Volume 14 Issue 11
From the desk of Thomas F. Duffy, MS-ISAC Chair
It’s that time of year again, holiday shopping has begun! Everyone is looking for those unique gifts, hot toys and cool electronics. Whether it is a hard-to-find toy for kids or the latest 4K smart TV. Black Friday sales seldom fail to pique the interests of even the most casual shoppers. Yet even after the chaos of Black Friday lies both Small Business Saturday and Cyber Monday. While it’s clear that businesses are after your dollars during the holidays, you should be aware that cyber-criminals are on the lookout, too.
When it comes to holiday shopping, you need to be careful that you don’t fall prey to these criminals. Here are some tips to following for your holiday shopping: read more…
The FBI Cyber Task Force recently issued a Private Industry Notice on how businesses can deal with vulnerabilities tied to token and phone-based multi-factor authentication methods.
Original release date: October 21, 2019
The National Security Agency (NSA) and the United Kingdom National Cyber Security Centre (NCSC) have released a joint advisory on advanced persistent threat (APT) group Turla—widely reported to be Russian. The advisory provides an update to NCSC’s January 2018 report on Turla’s use of the malicious Neuron, Nautilus, and Snake tools to steal sensitive data. Additionally, the advisory states that Turla has compromised—and is currently leveraging—an Iranian APT group’s infrastructure and resources, which include the Neuron and Nautilus tools.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following resources for more information:
• NSA Advisory Turla Group Exploits Iranian APT To Expand Coverage Of Victims
• UK NCSC Advisory Turla group exploits Iranian APT to expand coverage of victims
• January 2018 UK NCSC Report Turla Group Malware
In 1921, radio ruled the airwaves and TV was a distant dream no one could turn into reality. Enter a scarily smart teenage sharecropper named Philo Farnsworth. (5:14)
Microsoft publicly released information revealing an uptick in cyberattacks globally targeting anti-doping authorities and sporting organizations. The Microsoft Threat Intelligence Center (MSTIC) routinely tracks malicious activity originating from the Russian advanced persistent threat (APT) group 28, also known as Fancy Bear, STRONTIUM, Swallowtail, Sofacy, Sednit, and Zebrocy. According to Microsoft, APT28 is targeting sporting and anti-doping organizations using spearphishing, password spraying (a brute force technique), fake Microsoft internet domains, as well as open-source and custom malware to exploit internet-connected devices.
Original release date: October 30, 2019
The Multi-State Information Sharing & Analysis Center (MS-ISAC) has released an advisory on multiple Hypertext Preprocessor (PHP) vulnerabilities. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review MS-ISAC Advisory 2019-116 and the PHP Downloads page and apply the necessary updates.