Singapore ISP Leaves 1,000 Routers Open to Attack

Telcom firm leaves port open on customer routers after maintenance update exposing hundreds of customers to possible attack.

SB18-148: Vulnerability Summary for the Week of May 21, 2018

Original release date: May 28, 2018 The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information. The vulnerabilities …
Read More »

Millions of IoT Devices Vulnerable to Z-Wave Downgrade Attacks, Researchers Claim

Millions of IoT devices based on the Z-Wave wireless protocol are vulnerable to a downgrade attack during pairing sessions.

TA18-145A: Cyber Actors Target Home and Office Routers and Networked Devices Worldwide

Original release date: May 25, 2018 Systems Affected Small office/home office (SOHO) routers Networked devices Network-attached storage (NAS) devices Overview Cybersecurity researchers have identified that foreign cyber actors have compromised hundreds of thousands of home and office routers and other networked devices worldwide [1] [2]. The actors used VPNFilter malware to target small office/home office (SOHO) routers. VPNFilter malware uses modular functionality to collect intelligence, exploit local area network (LAN) devices, and block actor-configurable network traffic. Specific characteristics of VPNFilter have …
Read More »

Securing Mobile Devices During Summer Travel

Original release date: May 25, 2018 As summer begins, many people will travel with their mobile devices. Although these devices—such as smart phones, tablets, and laptops—offer a range of conveniences, users should be mindful of potential threats and vulnerabilities while traveling with them. NCCIC encourages users to review the NCCIC Tips on Holiday Traveling with Personal Internet-Enabled Devices,  Cybersecurity for Electronic Devices, and International Mobile Safety. The suggested security practices in these Tips will help travelers secure their portable devices …
Read More »

IRS Warns Tax Professionals of Phishing Scam

Original release date: May 24, 2018 The Internal Revenue Service (IRS) has issued a news release warning tax professionals to beware of a new phishing email scam. Cyber criminals posing as state accounting and professional associations have been sending emails to entice their targets to reveal login credentials. Tax practitioners should be wary of unsolicited emails and forward email phishing attempts related to this scam to NCCIC encourages users and administrators to review the IRS news release and NCCIC’s …
Read More »

Intel’s ‘Virtual Fences’ Spectre Fix Won’t Protect Against Variant 4

The new hardware-based protections Intel announced earlier in March it was embedding into new chips will only protect against Spectre and Meltdown – but not the newly disclosed Variant 4, sources said.

Schneider Electric Patches XXE Vulnerability In Software

Schneider Electric on Tuesday issued fixes for a vulnerability its SoMachine Basic software that could result in disclosure and retrieval of arbitrary data.

FBI Releases Article on Building a Digital Defense with Credit Reports

Original release date: May 23, 2018 FBI has released an article on using credit reports to build a digital defense against identify theft. FBI explains how identity theft can deal a devastating blow to consumers’ credit history. However, regularly checking the accuracy of credit reports can help consumers minimize risk. NCCIC encourages consumers to review the FBI Article and NCCIC’s Tip on Preventing and Responding to Identity Theft. This product is provided subject to this Notification and this Privacy & …
Read More »

Comcast Patches Router Bug That Leaked Some Wi-Fi Passwords

A bug in Comcast’s activation website for its Xfinity routers leaked sensitive customer data.