Alerts

Kubernetes Flaw is a “Huge Deal,” Lays Open Cloud Deployments

Hackers can steal data, sabotage cloud deployments and more.


Adobe Patches Zero-Day Vulnerability in Flash Player

The vulnerability could lead to arbitrary code execution.


Google Chrome 71 Touts 43 Fixes, Fights Ad Abuse

The browser comes with a new set of protections to block pop-ups that could lead to ‘abusive experiences.’


FTC Issues Alert on Recent Marriott Breach

Original release date: December 04, 2018 The Federal Trade Commission (FTC) has released an alert to provide affected users with recommended precautions against identity theft after the recent breach of the Marriott International Starwood guest reservation database. NCCIC encourages users and administrators to review the FTC Alert and the NCCIC Tip on Preventing and Responding to Identity Theft. If you believe you are a victim of identity theft, visit the FTC’s identity theft website to make a report. This product …
Read More »


Google Patches 11 Critical RCE Android Vulnerabilities

Google’s December Android Security Bulletin tackles 53 unique flaws.


Magecart Group Ups Ante: Now Goes After Admin Credentials

The group’s skimmer has added some capabilities that steals credentials from admins.


SamSam Ransomware

Original release date: December 03, 2018 The Department of Homeland Security and the Federal Bureau of Investigation have identified cyber threat actors using SamSam ransomware—also known as MSIL/SAMAS.A—to target industries in the United States and worldwide. NCCIC encourages users and administrators to review Alert AA18-337A: SamSam Ransomware and Malware Analysis Reports AR18-337A, AR18-337B, AR18-337C, and AR18-337D for more information. This product is provided subject to this Notification and this Privacy & Use policy.


AA18-337A: SamSam Ransomware

Original release date: December 03, 2018 Summary The Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) and the Federal Bureau of Investigation (FBI) are issuing this activity alert to inform computer network defenders about SamSam ransomware, also known as MSIL/Samas.A. Specifically, this product shares analysis of vulnerabilities that cyber actors exploited to deploy this ransomware. In addition, this report provides recommendations for prevention and mitigation. The SamSam actors targeted multiple industries, including some within critical infrastructure. …
Read More »


SB18-337: Vulnerability Summary for the Week of November 26, 2018

Original release date: December 03, 2018 The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information. The vulnerabilities …
Read More »


Lenovo Ordered to Pay $7.3M in Superfish Fiasco

The laptop giant will settle a 32-state class-action lawsuit stemming from pre-installing vulnerable ad-targeting software.