Old Malware Gives Criminals Tricky New Choice: Ransomware or Mining

The Rakhni Trojan is now giving bad actors the ability to infect victims either with a ransomware cryptor or a miner.

CIS Releases 2017 Year in Review

Original release date: July 06, 2018 The Center for Internet Security (CIS) has released its 2017 Year in Review. CIS is home to the Multi-State Information Sharing and Analysis Center (MS-ISAC), an NCCIC partner focused on cyber threat prevention, protection, response, and recovery for U.S. state, local, tribal, and territorial government entities. The review highlights CIS’s role in improving cyber defense and MS-ISAC’s advances in membership, monitoring, cyber education, and information sharing with partners. This product is provided subject to …
Read More »

Apple Releases Security Update for Boot Camp

Original release date: July 06, 2018 Apple has released a security update to address vulnerabilities in Wi-Fi for Boot Camp 6.4.0. An attacker could exploit these vulnerabilities to obtain access to sensitive information. NCCIC encourages users and administrators to review Apple’s security page for Wi-Fi Update for Boot Camp 6.4.0 and apply the necessary update. This product is provided subject to this Notification and this Privacy & Use policy.

Year-Old Critical Vulnerabilities Patched in ISP Broadband Gear

Broadband gear made by Advanced Digital Broadcast is being patched to fix three vulnerabilities rated critical.

ThreatList: Biggest Cybercrime Developments in 2018, So Far

A look at the underground cybercrime landscape in 2018 shows a dynamic and quick-reacting community in the face of a successful crackdowns by law enforcement.

Malware Creator Sentenced

The developer of a malicious piece of software called NanoCore RAT—which allowed hackers to steal sensitive information and even access the webcams of infected computers—will be spending time behind bars.

WebAssembly Changes Could Ruin Meltdown and Spectre Browser Patches

The planned threading in shared memory update gives bad actors a way around the timer mitigations released by browser vendors.

Rowhammer Variant ‘RAMpage’ Targets Android Devices All Over Again

The attack allows malicious applications to break out of their sandbox and access the entire operating system, giving an adversary complete control of the targeted device.

ThreatList: Exploit Kits Still a Top Web-based Threat

Here is a look at what exploit kits, CVEs and other web-based threats are keeping security professionals working overtime in 2018.

Navigating an Uncharted Future, Bug Bounty Hunters Seek Safe Harbors

More companies are looking to adopt “safe harbor” language in their bug bounty programs to build trust with participants.