A pen-tester has found five vulnerabilities in Dell EMC RecoverPoint devices, including a critical RCE that could allow total system compromise.
Yet another speculative execution side channel flaw has been disclosed in processors – and security experts warn that more may be out there.
Original release date: May 23, 2018 NCCIC is aware of a sophisticated modular malware system known as VPNFilter. Devices known to be affected by VPNFilter include Linksys, MikroTik, NETGEAR, and TP-Link networking equipment, as well as QNAP network-attached storage (NAS) devices. Devices compromised by VPNFilter may be vulnerable to the collection of network traffic (including website credentials), as well as the monitoring of Modbus supervisory control and data acquisition (SCADA) protocols. VPNFilter has a destructive capability that can make the …
Read More »
Intel on Monday acknowledged that its processors are vulnerable to another Spectre-like speculative execution side channel flaw that could allow attackers to access information.
Original release date: May 21, 2018 In the wake of the recent Texas school shooting, NCCIC advises users to watch out for possible malicious cyber activity seeking to capitalize on this tragic event. Users should exercise caution in handling emails related to the shooting, even if they appear to originate from trusted sources. Fraudulent emails often contain links or attachments that direct users to phishing or malware-infected websites. Emails requesting donations from duplicitous charitable organizations are also common after tragic …
Read More »
Original release date: May 21, 2018 Systems Affected CPU hardware implementations Overview On May 21, 2018, new variants—known as Spectre 3A and 4—of the side-channel central processing unit (CPU) hardware vulnerability were publically disclosed. These variants can allow an attacker to obtain access to sensitive information on affected systems. Description CPU hardware implementations—known as Spectre and Meltdown—are vulnerable to side-channel attacks. Meltdown is a bug that “melts” the security boundaries normally enforced by the hardware, affecting desktops, laptops, and cloud …
Read More »
Original release date: May 21, 2018 The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information. The vulnerabilities …
Read More »
The code is integrated with at least three exploits that target unpatched IoT devices, including closed-circuit cameras and Netgear routers.
Original release date: May 18, 2018 The Internet Systems Consortium (ISC) has released updates that address vulnerabilities in versions of ISC Berkeley Internet Name Domain (BIND). A remote attacker could exploit these vulnerabilities to cause a denial-of-service condition. NCCIC encourages users and administrators to review ISC Knowledge Base Articles AA-01602 and AA-01606 and apply the necessary updates or workarounds. This product is provided subject to this Notification and this Privacy & Use policy.
A type of card-not-present fraud is spreading throughout the Latin American underground, uniting groups of malefactors in a communal effort to perpetrate it as widely as possible.