Alerts

Oracle Releases April 2018 Security Bulletin

Original release date: April 17, 2018 Oracle has released its Critical Patch Update for April 2018 to address 254 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review the Oracle April 2018 Critical Patch Update and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.


Russian Malicious Cyber Activity

Original release date: April 16, 2018 The Department of Homeland Security (DHS), Federal Bureau of Investigation (FBI), and the United Kingdom’s (UK) National Cyber Security Centre (NCSC) released a joint Technical Alert (TA) about malicious cyber activity carried out by the Russian Government. The U.S. Government refers to malicious cyber activity by the Russian government as GRIZZLY STEPPE. NCCIC encourages users and administrators to review the GRIZZLY STEPPE – Russian Malicious Cyber Activity page, which links to TA18-106A – Russian …
Read More »


TA18-106A: Russian State-Sponsored Cyber Actors Targeting Network Infrastructure Devices

Original release date: April 16, 2018 Systems Affected Generic Routing Encapsulation (GRE) Enabled Devices Cisco Smart Install (SMI) Enabled Devices Simple Network Management Protocol (SNMP) Enabled Network Devices Overview This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS), the Federal Bureau of Investigation (FBI), and the United Kingdom’s National Cyber Security Centre (NCSC). This TA provides information on the worldwide cyber exploitation of network infrastructure devices (e.g., router, switch, firewall, Network-based …
Read More »


Outlook Bug Allowed Hackers to Use .RTF Files To Steal Windows Passwords

Microsoft patched a bug that allowed attackers to steal a target’s Windows account password via previewed Outlook message.


New ‘Early Bird’ Code Injection Technique Helps APT33 Evade Detection

Researchers have identified what they are calling an Early Bird code injection technique used by the Iranian group APT33 to burrow the TurnedUp malware inside infected systems while evading anti-malware tools.


AMD Rolls Out Spectre Fixes

AMD notified users about new available Spectre CPU firmware and Windows 10 patches.


Microsoft Releases April 2018 Security Updates

Original release date: April 10, 2018 Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review Microsoft’s April 2018 Security Update Summary and Deployment Information and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.


Microsoft Fixes 66 Bugs in April Patch Tuesday Release

Microsoft’s April Patch Tuesday release includes fixes for 66 bugs, 24 of which are rated critical.


Vulnerability in San Francisco’s Public Safety Warning Sirens Fixed

A patched vulnerability in San Francisco’s public safety warning siren system suggests other radio-based platforms could also be hacked.


Ransomware Dominates Verizon DBIR

Verizon pegged ransomware as the most prevalent malware in its 2018 Data Breach Investigations Report.